HackMii

Notes from inside your Wii

HackMii header image 2

Wii Recovery Dongle

September 4th, 2008 by marcan · 30 Comments

Apparently tehskeen took a month-old video, coupled it with a paragraph of reality and a paragraph of rampant speculation and nonsense, and made it into a news story. This is undoubtedly going to spread around as these things do, so I’m going to stop it dead in its tracks.

It’s not a pandora battery. It won’t help custom firmwares. It has nothing to do with upgrading or downgrading IOS. It has limitations. It only helps with certain very specific cases.

I’ll post details about it when the time comes, since it’s certainly useful to fix certain types of bricks, but for now don’t believe any random nonsense that you hear about it.

ED: tehskeen now replaced the second paragraph.
ED2: great, now it hit Engadget. Good job brakken.

Addendum:
Some specifics on what kinds of bricks this might fix (we have not tested all of these yet):
– If you can autoboot ANY disc and your problem is not a bad system menu (that is, reinstalling the system menu won’t fix it) then this probably won’t help. If your problem can be fixed (which it probably can), you won’t need this at all.
– This SHOULD let you fix the worst banner bricks (where you screw up the main arc and get a freeze on the warning screen, not after it), but ONLY if you have 3.2 or earlier, or 3.3 and the Twilight Hack (beta1) already installed, and in both cases you’ll need a modchip.
– This SHOULD let you fix any semibricks-turned-bricks (Opera 404 error on boot) but you’ll have to wait until a retail game comes out with a newer version if you don’t have a modchip or if you have 3.3 or newer.
– In general, IF you can see anything on the screen, AND you have a system menu earlier than 3.3, AND your system menu main binary (dol) and IOS are (mostly) fine (system menu data corruption is okay), AND you have a modchip, AND your hardware is fine, THEN you can probably fix it with this.

We haven’t tested these specifically, so please don’t take them as final.

ED3: To clarify, this won’t actually fix anything. It just lets you fix it, using homebrew tools and/or newer retail games, depending on what exactly you need to fix.

Tags: Wii

30 responses so far ↓

  • 1 theorbtwo // Sep 4, 2008 at 5:01 am

    Er, any word on what type of bricks this can fix? Specifically, would it be good for invalid-banner bricks?

  • 2 WiiCrazy // Sep 4, 2008 at 5:37 am

    Could you be more specific as to what kinds of bricks can be solved with this?

    I’ve bricked my wii (chipped with d2ckey) recently, it’s on 3.2 us system menu and it displays the health and warning screen yet autoboots nothing and just displays “… system files corrupted…”

    Only autobooting thing is freeloader and it’s of course not much of an help.

    Will I qualify for the above hack?

  • 3 NavadeHo // Sep 4, 2008 at 7:52 am

    The option to ubrick Wii’s is far enough! ;)

  • 4 linkinworm-c98 // Sep 4, 2008 at 8:58 am

    lol, you know i just saw that story and was thinking my self, WTF, this is old stuff, and what they was saying was just speculation lol, maybe they should have looked at the post date on the video.

  • 5 SageChaozu // Sep 4, 2008 at 9:49 am

    Do you by chance have their original second paragraph? I am curious to see what they had to rephrase.

  • 6 Wraggster // Sep 4, 2008 at 10:30 am

    Im glad to see a newspost that corrects the overdramatic sites that are embracing anything that brings piracy into the Wii Scene, the Wii homebrew scene is progressing great without the need for sites and sadly homebrew and even tech sites embracing the ability to play backups, remember what damage happened to the Dreamcast. I do wish that those sites who embrace piracy would leave homebrew totally so that homebrew is never classed the same as piracy

  • 7 marcan // Sep 4, 2008 at 12:10 pm

    @SageChaozu
    Unfortunately, I haven’t been able to find a cached copy. However, it mentioned the pandora battery, custom firmwares, and up/downgrading IOS, and how this could help or enable some of those things, which is totally false.

  • 8 WiiCrazy // Sep 4, 2008 at 12:37 pm

    For the last paragraph….
    Yes I see the warning screen AND I have a system menu 3.2 AND my system menu binary and IOS are fine (I assume that since I wasn’t able to install (B+2 keys at the same time didn’t work) StarFall, if something messed it up then it should probably be that, yet the system menu was working before I installed my custom wad) AND I have a modchip AND my hardware is fine (I assume this also)

    THEN it seems it can probably work for me.

    But the above definition is a little bit ambigious..

    Actually my wii doesn’t freeze (programmatically of course) at all, after pressing A in the health and warning screen system menu displays an error and wiimotes still work in that phase, I can power off the wii using the power button on the wiimote.

    And I can’t autoboot anything except freeloader which I guess it smashes the stack of the system menu to load.

    So with those in hand I don’t qualify to use this hack as to above paragraphs 1 and 2.

    I guess I’m doomed to use the infectus chip… still with yawnd dump and my keys in my hand it’s just more a probability rather than a solution.

  • 9 marcan // Sep 4, 2008 at 1:04 pm

    @WiiCrazy
    If your warning screen shows up and runs, then debug (autoboot) discs should work. If for some strange reason they DON’T work then this MIGHT help, but we’d have to figure out the root cause of your inability to use autoboot discs (modchip problem?) and see if it affects this backdoor.

    By the way, have you ever _had_ 3.3 (even if you downgraded)?

  • 10 WiiCrazy // Sep 4, 2008 at 1:49 pm

    Well I never installed 3.3. Trucha signed disks were working ok.

    The only unnormal thing in my configuration is once I used Anyregion changer to make my wii’s region pal, country europe and video mode pal to play the c64 games correctly. In this setup I only played the c64 games, once I booted Wiifit, opened already installed pal wiifit channel (it was not working before I changed the region). After 2 days reverted to the original settings only left the video mode as PAL. There were no anomalies till I incorrectly packed the 0.app of an injected wad and installed.

    I never tested autoboot discs before the brick so I don’t know if it’s a new problem. Maybe they never did work, I don’t know. I plan to take my wii to a modder to replace the drive and test if it’s a modchip problem.

    What do I need to build your hack? A gc memory card and? My soldering skills sucks so probably if you release the schematics I need to bring it to an electronics store and hack the thing there.

    In the meantime I’m analyzing the freeloader disc since it’s the only thing that works now. I don’t know if that can be called autobooting though, It doesn’t have a proper main.dol in it.

  • 11 lavers // Sep 4, 2008 at 1:50 pm

    I’m with a brick that freezes on health warning, from a badly packed 0.app i suspect, which took me by surprise as i always test banners in an ISO first before installing. Maybe something was missed when i fixed the headers, not sure. Anyhow I will be eager to see if it can be unbricked. :)

  • 12 marcan // Sep 4, 2008 at 1:54 pm

    @lavers:
    That’s the kind of thing that this will let you fix, but only if you’ve never had the 3.3 update installed.

    @WiiCrazy:
    That’s pretty strange but it could be related to your region change. In any case, if freeloader works (I assume you see the screen effect?), then you can definitely fix your wii even without this device, since freeloader is running code at that stage. You might need to do some special stuff though, but I urge you to try “normal” autoboot discs again, maybe tweaking the regions, and see if you get anything to run. They SHOULD work.

  • 13 lavers // Sep 4, 2008 at 2:00 pm

    Nice to hear :) only ever had 3.2e update installed

  • 14 WiiCrazy // Sep 4, 2008 at 2:49 pm

    By the way last settings with the anyregion changer was actually

    language : english
    region : ntsc
    country : us
    video mode : pal (this one just different from the original)

    And it was booting fine, here is what I already burned and tested.

    1. Zelda TP game (ntsc) patched as autoboot
    2. Bushing’s semi-brick fix disc (ntsc) patched as autoboot (I know it won’t help my problem, just to test if it boots)
    3. Wad manager autoboot iso (original pal, and region changed ntsc)
    4. Wiifit disc (ntsc) patched as autoboot
    5. Wad manager autoboot iso (changed the disc id to 1, 4 and tested)

    Now I’ll test region patching zelda to pal and updating the first partition of zelda with the freeloader’s first partition.

    “You might need to do some special stuff though”, do you mean changing the code in the freeloader disk to make a system call to uninstall the offending wad?

    In that there is an 256 byte main.dol file… maybe I need to take on learning power pc assembly :)

  • 15 marcan // Sep 4, 2008 at 3:59 pm

    Freeloader doesn’t use a main.dol. 256 bytes is the size of the DOL header with no data. Freeloader instead patches the system menu from the apploader, which is why you never have to actually run it on the channel screen to get it to work.

  • 16 WiiCrazy // Sep 4, 2008 at 4:44 pm

    Well I injected freeloader into the first partition of Zelda TP game. Disc loaded with screen shuffle thing and then a different error displayed “An error has occurred. Press the Eject Button and remove the disc, then turn the Wii console off and refer to the Wii Operations Manual for troubleshooting”

    So then autoboot is not needed actually if apploader from freeloader patched to uninstall a title. Of course if the brick caused by a bad title right?

    Disc Id of freeloader is R, hence it actually does not do an autoboot.

    Could it be hard to write a patcher to modify the apploader so that along with the patching of system menu it uninstalls a user configured title?

    Of course that would be both very useful and also dangerous application.

  • 17 a // Sep 4, 2008 at 7:59 pm

    I have a semi related question, but are you still working on that recovery menu? If so, what would you say the progress on it is, and could this somehow be related to it? Thanks in advance for answers to these questions, and for all the fine work that you do!

  • 18 lavers // Sep 5, 2008 at 1:49 am

    just need am ‘add to trolley and checkout button now ;) and id happilly grab one

  • 19 Wii recovery Dongle and other Updates » Restart // Sep 5, 2008 at 4:35 am

    […] a time has brought about a lot of things on the scene. The most important of them being the recent recovery dongle for the […]

  • 20 WiiCrazy // Sep 5, 2008 at 11:59 am

    Most probably either my chip doesn’t do autoboot or I f****d something up in my wii.

    Today tested the open source apploader using iso template (padded with zeroes to 1gb), it doesn’t work too (pal, ntsc both)

    I hope it’s a drivechip issue I’ll try to experiment with a replaced drive in a repair shop… I have around 15-20 coasters around to try.

  • 21 wowfunhappy // Sep 6, 2008 at 11:05 am

    “That’s the kind of thing that this will let you fix, but only if you’ve never had the 3.3 update installed.”

    Because I’m curious, why would it matter, as long as you’ve downgraded. Doesn’t downgrading reverse all the effects of upgrading? If not… what exactly ISN’T reversed that doesn’t allow this dongle to fix the problem?

  • 22 marcan // Sep 6, 2008 at 11:11 am

    What matters is the updated IOS30, which comes with System Menu 3.3. The System Menu doesn’t matter, at all. It has nothing to do with the fakesigning fix. The IOS30 update just happened to come alongside the 3.3 update, so it’s the easiest way of knowing whether you can run fakesigned discs or not, assuming you haven’t done anything strange. You could downgrade to 3.2 and it wouldn’t help. You could downgrade IOS30 to the old version and then fakesigned discs will start working, even if you have System Menu 3.3.

    If you haven’t done anything strange, then 3.2 vs. 3.3 works to tell whether fakesigned discs will work. If you’ve screwed with your system (downgrades or whatever), then you should know whether you’re using the new IOS30 or the old IOS30, and that’s what matters.

  • 23 WiiCrazy // Sep 6, 2008 at 12:09 pm

    There were no possibilities to test my wii with another drive. Yet I saw the actual chip sitting in my wii, it was not a d2ckey but a clone one…
    here this one
    http://www.alibaba.com/product-tp/101180653/D2c_Pro_Gw601_Mod_Chip_31.html

    Can anyone confirm that this chip actually doesn’t support autoboot?

  • 24 gamefreakfatty // Sep 8, 2008 at 8:07 am

    I’ve been looking at Wii homebrew and came across this last Thursday. I’ve just recently been able to do Wii homebrew (haven’t been able to get Twilight Princess until Saturday.) I have some questions about this.

    1) (With an unchipped Wii) Do you have to use pressed autoboot disks to make this work, or can it used burned autoboot disks as well?
    2) If it can used burned autoboot disks (without a drivechip) would it work with your Open-Source Apploader ISO Template? For example: to boot the HBC installer.
    3) Do you have plans to release how you did this? Maybe a guide or tutorial on how to make it? Maybe schematics or something?

    If it doesn’t require a drivechip to work, then it could be a great alternative to getting homebrew working on my friends’ Wiis without having to worry about scratching Twilight Princess. That way I could just burn a disk with the HBC installer with it set to autoboot and use that instead.

  • 25 marcan // Sep 8, 2008 at 8:15 am

    Without a modchip you’ll need pressed autoboot discs. Since those currently don’t exist (for us), you won’t be able to boot any code without a modchip. However, it will install updates from retail games (although it won’t boot them), so you can still use it to fix wrong system menu bricks if you wait until a new version is released with a game.

    Twilight Princess is still the only way of running homebrew for unchipped users.

  • 26 IBNobody // Sep 8, 2008 at 7:05 pm

    I’m less interested in the recovery mode as I am the actual device.

    Is the device a modified memory card, or is it something else?

    How does the device put the Wii into recovery mode?

    How did you find it?

    Do you believe that this is the factory tool that is used with a factory disk to recover dead Wii’s sent in via warranty claims? (Like the previous factory blog posts, I am curious as to how they repair RMA’d or yield defects.)

  • 27 bushing // Sep 8, 2008 at 10:27 pm

    @IBNobody: Marcan’s working on a proper writeup of the device, and I’m working on a proper writeup of how it works from a software perspective, but the short version is:

    1) It’s a hand-made device that plugs into the memory-card slot (closer to a USBGecko than to a memory card, but much simpler)

    2) The system menu queries the EXI ID of any devices present in the memory card slot upon bootup, at the end of main(). If it detects the right ID, it runs BS2BootIRD(); otherwise, it executes BS2Entry() (which then calls mainmenu(), which then calls ipl::System::init and ipl::System:run).

    3) disassembly of the system menu.

    4) Likely. We’ve concentrated on looking for a lower-level tool that would explain how they were doing the initial NAND flash programming, etc, so I initially overlooked the significance of this.

    If the bootup sequence goes something like this:
    * boot0
    * boot1
    * boot2
    * mount NAND filesystem
    * load System Menu
    * load IOS30
    * Run system menu
    * main()
    * load settings.txt and SYSCONF from NAND (?)
    * check for dongle
    * load resources from NAND (including HTML resources)
    * load list of channels, including all banners
    * display “channel screen”

    … you’ll see that this will only make a difference if the boot process gets all the way from boot0 to the dongle check. Thus, if the system menu dies during those last three steps, you can use an appropriately created disk to fix the problem.

    In this case, “appropriately created” means “a valid Wii disc with a valid signature that has a valid system update on it, or passes BS2IsDiagDisc(), or both”.

  • 28 FGOD // Sep 11, 2008 at 10:17 am

    hmmm is there any thought if this might help my banner brick?

    i have 3.3 with tp hack(at least i hope so, can’t remember deleting it from my system)

    it just stops after the warning screen, leaving a black screen and menu music and the mote keep connected.

    Now i know i would still need to buy a chip. but are there any chips that can autoboot without the starfall or without the dongle?

    and if not, when will you guys show how you made this so people can be helped out with this?

  • 29 WiiCrazy // Sep 11, 2008 at 3:50 pm

    I’m working on the freeloader disassembly and stuck in a few places and got some questions.

    Here is the thread about my exploration…
    http://forum.wiibrew.org/read.php?8,1693

    I really need a few concrete menu patches and some advice. Hope I get some.

  • 30 SaveMii (Wii Recovery Dongle) - Console Scene Forums // Sep 21, 2008 at 2:00 pm

    […] (Wii Recovery Dongle) The Wii Recovery Dongle news has been our for some time now. I have recently recieved some of these to play around with […]

You must log in to post a comment.