Page 1 of 44 12311 ... LastLast
Results 1 to 10 of 433

Thread: NAND programming- Low Level Brick recovery without bootmii

  1. #1
    New Member erikie's Avatar
    Join Date
    Oct 2009
    Location
    Netherlands
    Posts
    524
    Thanks
    8
    Thanked 170 Times in 141 Posts
    Blog Entries
    2

    NAND programming- Low Level Brick recovery without bootmii

    If you have a low level brick and bootmii is not installed and already tried the GC method (holding down all 4 directional buttons when controller is in port 4 during startup) and pre-loader is not there too then you are basically screwed.
    However there is a possibility to recover this Wii using the infectus modchip.
    This chip can function as a nand programmer and with this you can try to inject a new boot2 with bootmii installed already.
    First you need to buy the infectus : :: InFeCtuS ::
    then you need to install the infectus on your Wii, this is the hardest part
    Install the chip like this: http://www.infectus.biz/diagrams/Nand_Flash_Wii.jpg
    Download the software you need for putting the infectus into nand programming mode (Infectus Programmer): :: InFeCtuS :: (this is the top download)
    Make sure you program the infectus into Nand mode. Select NAND out of the menu (search for it) and then click Program at the bottom of the same menu. Don't forget to have the chip connected on the USB port first

    Download this software found here for programming the nand: Download Infectus NAND Flasher 1.03.rar from Sendspace.com - send big files the easy way
    more info about the program can be found in this thread:
    Infectus NAND Flasher 1.03 (Amoxiflash Dot Net for Windows) - Wii, XBOX360, PS3

    To have the software working you will also need to install this program:
    Browse libusb-win32 Files on SourceForge.net

    If you have all the wires on the nand then it is time to see if you can read the nand file:
    switch on the Wii (so the green light is on)
    then connect the infectus to the USB port.
    Open the nand programmer software and select the correct driver out of the list. Then click connect. If all is well you will see the memory chip listed in the screen. Otherwise check your wiring again or reprogram the infectus into nand mode again.

    Dump the nand, you can to the whole nand but we are really interested in the first block. This contains boot1. If boot1 is vulnerable then we can inject bootmii otherwise we can quit here and pray that another bug will be found in the newer boot1 versions anyday. So you can also dump from 0 to 135168(decimal) which will dump block 0 of the nand chip.

    Compare the results of these blocks in a hex editor with other dumps from working Wiis with bootmii installed to see if you have one that matches the boot1 block. Basically check if the first 200 - 400 bytes are the same. If so
    clean up your nand (working one) dump using Wiinand (download here: http://www.tehskeen.com/forums/showt...threadid=15078) to clean up your nand dump for infectus programmer. This will only remove the last 1024 bytes (the keys) so you can also do this using a hex editor

    now program the nand for this range 0 to 1081344 (decimal). This will flash boot1 and boot2 into the nand (blocks 0 - 7)
    After this make sure you have an SD card in it with bootmii on it to boot into bootmii.

    If you programmed the nand and the wii does not boot:
    a) you did not use the correct boot2 version so try another one
    b) also the composite output could be broken (happened a lot to me, turned out that the wii was not even bricked, more later about this if and when I have a fix for this)


    If it worked you will need the attached program to format your nand and install basic files again to get it working.
    Just copy all the files in the file to the root of your Sd card, start bootmii, go to the SD icon and start formatter.elf. The rest should go automatically. Another option is to use signcheck to see what is installed on the Wii and install the missing piece to unbrick it. There are many guides as sticky you can use for that

    The formatter is specific for European wiis. If the program worked correctly open a disc in the disc channel with a firmware upgrade on it to get the channels back, I used Wii Play and I have 3.1E on the Wii. I am going to use Mario Kart to get to 3.3E but it is up to you what to use


    Hope this is clear and will help a lot of others too!

    Edit:
    I uploaded the formatter tool file and you can download it here: RapidShare: 1-CLICK Web hosting - Easy Filehosting

    Identifying if a board can be injected with bootmii:
    If you need to flash bootmii into the nand then you need to know if boot1b is in the wii. To my knowledge only rev 01 boards have boot1b in it. So if you have a higher rev board then you need the a full nand backup to save it. You can find the rev number right of the SD slot
    Assuming you have a rev 01 board your datecode on the Hollywood chip should not be higher than 0830 (this number is at the last row the 4 first digits on the CPU) I know that 0811 is still fixable and 0830 is not anymore. So any number in between please post to this topic and I can modify this information. Still need to find out the cut off point for it.
    Last edited by erikie; 04-15-2010 at 05:53 AM. Reason: More info


  2. #2
    Senior Member
    DA KINE WiiHacker
    mauifrog's Avatar
    Join Date
    May 2009
    Posts
    9,188
    Thanks
    307
    Thanked 9,584 Times in 2,974 Posts
    Blog Entries
    15
    Nice write up. Flashing bootmii will only work on wii's supported by boot2 bootmii, correct? Also, is it possible to flash a nand backup created by bootmii, from a bootmii ios installation?

    Someone needs to make a nand clip for the infectus.

    Upload the files to mediafire and rapidshare, then post the links here.
    Ipsa scientia potestas est.


    Warning: Piracy is NOT supported. Word your questions carefully.

  3. #3
    New Member erikie's Avatar
    Join Date
    Oct 2009
    Location
    Netherlands
    Posts
    524
    Thanks
    8
    Thanked 170 Times in 141 Posts
    Blog Entries
    2
    Yes it will only work if you have the boot1 with the strcmp bug in it. The new boot1 are not compatible with bootmii and this will not work. Therefore you have to check with a hexeditor to see if you have the same version of boot1.

    Bootmii as IOS is no good as you cannot start the wii with it and it is encrypted with the console specific key ...

    I will see where I can upload the files and post the link asap in this thread!

  4. 2 Users Say Thank You to erikie For This Useful Post


  5. #4
    Junior Member
    Join Date
    Nov 2009
    Posts
    3
    Thanks
    3
    Thanked 0 Times in 0 Posts
    So from your knowledge if someone were to have a bricked wii (system ios currupt), a boot1 without the strcmp bug (and obviously no boot2/bootmii) and no AES/HMAC keys, the system would not be fixable even with a NAND programmer?

    I know its a long list, and hell my Wii is working just fine, Im just curious...

  6. #5
    Junior Member
    Join Date
    Dec 2009
    Location
    Russia, Krasnodar.
    Posts
    11
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Told me please, if I have a fully bricked Wii (black screen on start) with the corrupted system (unlucky offline update from 2.1E to 4.0E) and with the LU64, would this manual help me?

  7. #6
    New Member erikie's Avatar
    Join Date
    Oct 2009
    Location
    Netherlands
    Posts
    524
    Thanks
    8
    Thanked 170 Times in 141 Posts
    Blog Entries
    2
    This method will only work if it is possible to install bootmii on the wii.
    So you need the compatible boot1 on it.
    If you have no nand backup and all the other rescue methods do not work. Go for this method. I don't say it will work for all but at least you have a last chance
    So always make a nand backup of your wii if you have bootmii installed either as IOS or boot2. If you have a nand backup and no way of getting into the wii anymore then you can also flash the nand with the infectus ...

  8. 1 User Says Thank You erikie For This Useful Post


  9. #7
    New Member erikie's Avatar
    Join Date
    Oct 2009
    Location
    Netherlands
    Posts
    524
    Thanks
    8
    Thanked 170 Times in 141 Posts
    Blog Entries
    2
    Formatter tool uploaded, you can load it here: RapidShare: 1-CLICK Web hosting - Easy Filehosting
    Have fun with it!

  10. 2 Users Say Thank You to erikie For This Useful Post


  11. #8
    Junior Member DUZLA+'s Avatar
    Join Date
    Dec 2009
    Location
    UK
    Posts
    69
    Thanks
    13
    Thanked 4 Times in 4 Posts
    45mb big file for such a small white box lol, cheerz

  12. #9
    Junior Member
    Join Date
    Dec 2009
    Location
    Russia, Krasnodar.
    Posts
    11
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Question

    As I understand, with Infectus 2, I can create an image of bricked NAND and make it working with the help of the working NAND image from the other Wii?

  13. #10
    Junior Member
    Join Date
    Nov 2009
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Um the WiiNand, i cant seem to access the clean dump option... its not accessible? thanks. Using windows 7.

Page 1 of 44 12311 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •