HackMii

Notes from inside your Wii

HackMii header image 2

BootMii and the new boot1

February 18th, 2009 by marcan · 54 Comments

From the checker statistics, we’re seeing about 10% of Wiis with the new boot1 (all newer ones). What will happen to those new Wiis that have it?

At first, BootMii will not be compatible with those Wiis. A modified boot2 will not run on them, period. However, there is a way of accomplishing some of BootMii’s goals on those Wiis, by installing BootMii as the System Menu’s IOS, or as an entirely separate IOS, for example. There are pros and cons to these options, and they’re not as good as installing BootMii as boot2, but they are possibilities worth exploring. We won’t support them when BootMii first comes out (lest we delay it even further), but one or more of them might come in the future.

Since people seem to love to compare Preloader to BootMii, I’m going to throw it in the comparison as well. Here’s a table comparing the following attributes of the four solutions:

  • Brick resistance: chances of it helping you if you brick your Wii
  • Update resistance: chances of surviving a Nintendo update
  • Update safety: chances of causing a brick when the Wii is updated in the future
  • Code execution: what kinds of code you can actually run with it
  • Complexity: how many things can go wrong while using it
  • Low-level install: how easy it is to install using a hardware programmer
  • Compatible with return: does “Return to Wii Menu” run it?

Note that the metrics on the table are mostly relative to one another. “Low” doesn’t mean crap, it means lower than “Medium” or “High”.

  BootMii
as boot2
BootMii as
SysMenu IOS
Preloader BootMii
as IOS
Brick resistance High Medium Low None
Update resistance High Low Low Medium
Update safety Full Medium Low Full
Code execution ARM, PPC ARM, PPC PPC ARM, PPC
Complexity Low Medium High N/A
Low-level install Easy Hard Hard Hard
Compatible with return No Yes Yes No

BootMii as (separate) IOS is a special case. It would be useful for people who want to use software designed to run under BootMii (that is, using custom ARM code, not IOS) starting from code under IOS, without regard for having it run on boot or brick-safety. This is basically a completely safe option, but also the least powerful one.

Brick resistance: BootMii as boot2 has high brick resistance because it _only_ relies on boot1 and boot2, which are in a reserved area of NAND. BootMii-boot2 will run even if your entire NAND Filesystem is hosed, and only requires the first megabyte or so of NAND to be intact (containing boot1 and boot2). BootMii as IOS does quite a bit worse, because it does require a sane NAND Filesystem, and also a sane enough structure that the original boot2 won’t choke on it. However, it doesn’t require any PPC code to run, nor does it run any additional drivers (for example, WC24), so some failure modes related to system files are eliminated. Preloader also depends on the System Menu IOS and runs on the PPC side, so it only saves you from brick problems that affect the System Menu (although these are pretty popular, so it’s still significant) – it won’t help for anything affecting IOS. Of note is that BootMii-boot2 doesn’t require anything on NAND that is dependent on your NAND keys, so the parts of NAND that are required are exactly the same (at least among Wiis with the same boot1 version).

Update resistance: BootMii as boot2 is likely to survive updates, because it’ll only be overwritten if boot2 is updated. Nintendo has never done that so far. BootMii as IOS would be overwritten with a System Menu IOS update, and Preloader would be overwritten with a System Menu update, both of which happen often and are pretty likely. Interestingly, BootMii as a regular IOS is more likely to survive, simply because it would be installed alongside existing software and won’t be overwritten by any update. None of the options will survive a targeted attack – this is just a measure of how likely a “normal” update will remove them.

Update safety: BootMii as boot2 is essentially 100% safe. This is because boot1 can’t be changed, so the only thing that will affect it is a boot2 update. This would remove it, but that wouldn’t cause a brick. The only way an update could brick a Wii with BootMii as boot2 would be due to a deliberate sabotage attempt by Nintendo (“if we detect bootmii, deliberately brick that Wii”), which won’t happen because they would likely be held legally liable for the damage. BootMii as an IOS, on the other hand, could cause a bad brick if boot2 is updated to check the signature of the installed System Menu IOS. Boot2 hasn’t been updated yet, so this gives BootMii as SysMenu IOS a slightly better chance than Preloader, which would suffer from the same issue if either the System Menu IOS or boot2 are updated to perform this check. Since BootMii as a separate IOS doesn’t participate in the boot process, it is obviously 100% safe (unless Nintendo does something stupid like crash if any unsigned software is found, but that’s not going to happen because it would cause legal trouble as well).

Code execution: This is pretty simple. BootMii lets you run ARM (Starlet) code, which gives you full control (including the possibility of running PPC code). Preloader just lets you run PPC code under IOS.

Complexity: BootMii-boot2 is very simple. It only depends (obviously) on boot1 and on the SD card and FAT drivers. The code is very small and straightforward, and there’s also a very low level bypass mode that will make BootMii boot boot2 directly, bypassing everything. There is very little that can go wrong with BootMii-boot2. Once you move to BootMii as the System Menu IOS, you’re depending on boot2 itself (fairly big and complex). Preloader adds to that a normal IOS. I’m not scoring BootMii as an IOS here, because it mostly depends on what you use to run it in the first place. You could consider it the most complex of all, though.

Low-level install: Because boot2 is the same across all consoles, and boot1 is the same across a large group of consoles, you can just flash BootMii-boot2 onto any console using a dumb NAND programmer. The other options require tinkering with the filesystem and access to the NAND keys, which is a lot harder to do.

Compatible with return: This is an interesting one: what happens when you “return to the Wii Menu” in a game? If you’re using a hypothetical System Menu replacement, you’d want it to return there. BootMii-boot2 won’t do this, because “return to Wii Menu” boots the System Menu directly, not via boot2, so you’ll just get the standard menu. BootMii as the System Menu IOS and Preloader will work – it’ll return to them. BootMii as any random IOS obviously won’t. Note that in general having this option is never a bad idea, because you could always configure whatever code BootMii loads to default to the System Menu if relaunched from a game, if that’s what you want.

As you can see, there’s an option for BootMii for those with new consoles, but you lose out on a lot of the benefits. Are there possibilities other than those listed here? Another bug could be found in boot1 (although I think that isn’t very likely). It’s also possible that SHA-1 will be broken badly enough for us to be able to replace boot1 – this is unlikely, but you never know what our cryptologist friends will come up with next. There’s one solution that could exist now though: using a hardware NAND “modbios” chip to run BootMii on boot, either as boot2 or as the System Menu IOS. This is an ideal solution, especially for those who want homebrew and Nintendo updates to coexist, as it would be 100% brick-proof and 100% update-proof and update-compatible, and also undetectable by Nintendo software if done right. The downside is having to solder up to 16 wires to your NAND chip. If it existed, I’d definitely go for it myself, though. Maybe someday it might. One catch: if you have the new boot1, you’ll need to extract your keys beforehand using some sort of homebrew exploit anyway.

It may sound like I’m specifically writing this article to be pro-BootMii and anti-preloader. However, the preloader comparison was added because people keep comparing it to BootMii, even though it’s quite unrelated. I’m not claiming that either tool is better, just that BootMii was designed with the explicit goal of brick protection. Preloader wasn’t designed for brick prevention – that’s just a side effect (crediar told me to mention this). I’m specifically comparing BootMii and Preloader on the points that relate to BootMii’s design goals, and I won’t hide that fact. Consider that both tools can be used together: you could boot a (possibly slightly modified) preloader binary using BootMii, and get the best features of both. Crediar reviewed this post before I published it.

Tags: Wii

54 responses so far ↓

  • 1 Look-Familiar // Feb 18, 2009 at 5:35 pm

    Oh no…That’s a real bummer for the people with a new boot1 (If I read and understood that all correctly).

  • 2 war6763 // Feb 18, 2009 at 6:45 pm

    Great to see developers cooperating with each other!! Looking forward to BootMii!!

  • 3 Look-Familiar // Feb 18, 2009 at 7:05 pm

    Also, and I wrong or is the boot speed supposed to be in the table and is not?

  • 4 bilygile // Feb 18, 2009 at 7:06 pm

    Great! I’ll be sure to install BootMii as boot2. This really removed any doubt and nervousness from me. Thanks, I can’t wait.

  • 5 WiiLee // Feb 18, 2009 at 7:15 pm

    yay!

    Q?

    1. Will installer work with 3.4
    2. Is it compatible with Preloader
    3. Will bootmii contain any anti piracy code (for the real pirates)

    all these questions were asked by my friend Christian who’s wii I just soft-modded, exept question 1 I just wanted to know

  • 6 shadowth // Feb 18, 2009 at 7:24 pm

    “Low” doesn’t mean crap, it means lower than “Medium” or “High” – lol

    Excellent work. Already ran the app and sent my wii info.

    Can’t wait for bootmii.

  • 7 djdynamite123 // Feb 18, 2009 at 7:28 pm

    Superb, at least BootMii can run along side Preloader, iv’e never compared either one to each other…why would I.
    My idea of BootMii: is advance control.
    Preloader: Control of small booting methods.
    I can’t fault Preloader, i think it’s great…but will I install BootMii when it’s released, most likely.
    Best of Both Worlds.
    Good day and good look. :)

  • 8 Cathryne // Feb 18, 2009 at 7:39 pm

    Glad to hear that things are progressing and that you’re getting good data. I still need to run the checker on my Wii, so this may be a dumb question, but will it tell me if I have the new boot1 or not? For what it’s worth, I got my Wii for Christmas 2008, so I’m guessing it does.

  • 9 linkinworm-c98 // Feb 18, 2009 at 7:50 pm

    Only the uber n00bs compared pre-loader to bootmii, even tho in the readmii it said its nothing like bootmii, i cant wait for this to come out, mainly because iv bricked my wii so many times with changing something to test waninkokos betas its getting stupid. having a 100% failsafe will ease my mind. o marcan, any idea on calibrating the wii DVD drive spindle(the thing that spins lol) cheers

  • 10 abraxo // Feb 18, 2009 at 8:07 pm

    I’m intrigued by this idea of a hardware “modbios” option. Would I be correct in thinking that, since the boot sequence lives somewhere low down in the flash, you would only need to hijack some of the address lines?

  • 11 Remadon // Feb 18, 2009 at 8:19 pm

    So if what im reading is right, we have to flash it to the NAND with a NAND programmer?

  • 12 pii // Feb 18, 2009 at 8:26 pm

    First of all.. great work guys! As I’m thinking of buying a Wii myself, I’ve got some questions.

    Am I right that the boot1 of all currently sold Wii’s don’t allow your fakesigning hack anymore? And if so, since about when did Nintendo fix their boot1?

    Roughly how likely is it to ‘create a SHA1 collision with an earlier boot1′ as caitsith2 mentioned recently?

    BTW, can the console ID only be found by looking in the address book, or is it also printed on some sticker?

    Thanks guys!

  • 13 mikezila // Feb 18, 2009 at 10:06 pm

    How can I check my boot1 version on menu 3.4u? I wanna know if I’m going to be able to use this.

  • 14 Ibrahim Awwal // Feb 18, 2009 at 11:00 pm

    Cool, thanks for the info/update. It’s starting to sound like BootMii is getting wrapped up, which is pretty good. Will be anxiously waiting until then.

    By the way, once we have BootMii installed, will it be safe to install any updates once we know for certain that they don’t overwrite boot2? Especially with the impending SD card update, this would be a nice thing to know.

  • 15 WiiLee // Feb 18, 2009 at 11:06 pm

    @ Remadon

    the answer is yes and here is a quote from the article above “you can just flash BootMii-boot2 onto any console using a dumb NAND programmer”

  • 16 caitsith2 // Feb 18, 2009 at 11:12 pm

    @Remadon: Actually, a NAND programmer is only required in cases of rare FULL bricking cases, or in case of doing the madbios mod. Team Twiizers will be doing an Installer that will work on System Menu 3.4.

    @mikezila: Short of downgrading, which Team Twiizers doesn’t wish for you to do, checking is out of the question.

    @pii: sha1 collision? Not likely at the moment. Console ID does not seem to be printed on any stickers. Just the serial number is. Now, if the console ID can be co-related to the serial number, that could help. Not certain if there is some formula for figuring that out though.

  • 17 jacklaidlaw // Feb 19, 2009 at 3:28 am

    cant wait for bootmii i have a new boot1 so that sucks please make the boot mii as ios compatible with preloader so i have brick protection cheers

    Jack

  • 18 FRanatic // Feb 19, 2009 at 3:49 am

    Nice read, thanks for the info.
    Seems to me a release is in the works, don’t rush it though.
    The ability to install BootMii relies on the bug in boot1 right ?
    So if Nintendo decides to update boot2, it will still be possible to re-install BootMii right ?

    If a boot2 update blocker is implemented, it won’t be neccesary for the survival of BootMii in the future, but just as a handy tool to avoid the re-installation of BootMii once it has been removed by update.
    Am I correct ?

  • 19 bushing // Feb 19, 2009 at 4:05 am

    Actually, we do have enough data to draw some conclusions.

    You can get your ConsoleID (aka “NG ID”) by copying a savegame from your Wii to SD, then copying it to your computer and looking at it with a hex editor. All the way at the end, you’ll see something like

    001dec0: 526f 6f74 2d43 4130 3030 3030 3030 312d  Root-CA00000001-
    001ded0: 4d53 3030 3030 3030 3032 2d4e 4730 3431  MS00000002-NG041
    001dee0: 3462 3665 3300 0000 0000 0000 0000 0000  4b6e3...........
    001def0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
    

    In this case, the console ID is 0414B6E3.

    If you sort the data we have received, a clear pattern emerges:

    0201xxxx ... 021Dxxxx: boot2v2, boot1v1 (38 units)
    021Exxxx ... 04A6xxxx: boot2v2 or boot2v3 (cutover at 043Cxxxx), boot1v2 (740 units)
    0600xxxx ... 071Dxxxx: boot2v3, boot1v3 (89 units)
    071Fxxxx, 0723xxxx: boot2v4, boot1v3 (2 units)
    

    I’ll do up an article with graphs to illustrate this more clearly, and explain the difference between the different versions of boot1 and boot2, but in brief:

    boot1v1 and v2 are almost identical; I’m still trying to find exactly what changed. boot1v3 contains the fakesign fix first seen in IOS37.

    boot2v2 and boot2v3 are very similar; a small amount of code was added to send some extra commands to the DDR3 RAM chip upon startup. We’re still trying to get ahold of a copy of boot2v4.

  • 20 RobotMenace // Feb 19, 2009 at 6:02 am

    Luckily I have an original boot1, but I’m very happy to hear it will work in some way on “incompatible” wiis. I’m hoping it will be possible to port things like ftpii and run them without bootstrapping broadway. This could also make a port of the hurd to wii a very interesting idea. Thanks for the constant updates over the last few days too, being patient and avoiding pestering you all about this has being hard work.

  • 21 pii // Feb 19, 2009 at 7:15 am

    @caitsith2: Yeh, I agree. Would be nice if it could be added to for instance wiitracker.nintendo-scene.com.

    @bushing: Do you know of a relation between this 8 digit hex ‘NG ID’ and the 16 digit decimal ‘console’s Wii Number’ (in Wii’s address book)?

    That is, what is the ‘minimal information’ to ask for to figure out if the specific second-hand Wii console has a bootmii-compatible boot1?

    Cheers!

  • 22 Michael Holmes // Feb 19, 2009 at 7:18 am

    @pii: the chance of a sha1 collision is estimated to be 263 to 1, and the chance of it being the right hash are probably about 2632 to one, or about 1.1755×10-38 if my maths is up to scratch. So it’s very remote unless their SHA1 implementation is as buggy as their ES code.

  • 23 Michael Holmes // Feb 19, 2009 at 7:19 am

    sorry, those should be 2 to the power of 63, 2 to the power of 63 to 2. and 10 to the power of -38. Looks like wordpress stripped my superscript tags.

  • 24 pii // Feb 19, 2009 at 7:47 am

    @Michael Holmes: Thanks for your quantitative insight. Let’s hope for a buggy SHA implementation than.. : )

    Although I don’t know how likely a boot0 fix will be, i.e. how likely is it that Nintendo would go so far as to fix their chip masks? Pretty costly, right!

  • 25 mikezila // Feb 19, 2009 at 9:03 am

    Goddamnit. I have new boot1.

  • 26 ChuckBartowski // Feb 19, 2009 at 4:44 pm

    @ mikezila lol

    So I can jsut use any old hex editor to find my bbot 1 info correct? if so, cool! Ive been realy wanting to see what boot 1 and 2 i have. Thanx for the updates bushing. U guys just keep doin what your doin ; )

  • 27 ChuckBartowski // Feb 19, 2009 at 5:07 pm

    OK so i opened up my hex editor and then opened up a save file. I looked at my console id and it doesn’t match any of the ones that you have shown as a map to which boot version i have. I have a 033dxxxx id number. Am I supposed to somehow convert the id number to something else? Sorry if i sound nOObish asking this. I’m just really not that used to working with code. I also used two hex editors and two saves and the both came up with the same thing.

  • 28 Fennec // Feb 19, 2009 at 7:20 pm

    If nintendo did try to update boot 2 , is it possible that bootmii can block this?

  • 29 caitsith2 // Feb 20, 2009 at 4:29 am

    @ChuckBartowski: You very likely have boot1 version 2 and boot2 version 3, given the console ID you gave.

  • 30 metroid maniac // Feb 20, 2009 at 6:47 am

    if bootmii was as a normal ios would that make it like patchmii, but with arm code execution stuck on?

  • 31 metroid maniac // Feb 20, 2009 at 7:08 am

    sorry for double posting but my data.bin for SSBB says my ID is 02a30ce5

  • 32 ChuckBartowski // Feb 20, 2009 at 4:31 pm

    @caitsith2

    Would this be a bootmii compatible system still? The combination of the 2 isnt listed in bushings post.

  • 33 bushing // Feb 21, 2009 at 6:02 am

    :(

  • 34 pii // Feb 21, 2009 at 6:30 am

    Both the Wii’s of ChuckBartowski and metroid maniac are boot1v2 – boot2v2 Wii’s, right? So both < boot1v3, so compatible with BootMii, right? That is, it should be independent of the version of boot2, I’d say. Or can boot2v4 still complicate matters?

    Anybody some idea about my ‘minimal information’ question? Thanks!

  • 35 pii // Feb 21, 2009 at 6:41 am

    Sorry, I meant >=boot2v4.

  • 36 ChuckBartowski // Feb 21, 2009 at 1:21 pm

    @ pii So i think your saying that mine and metroid maniacs are both compatible rite? Oh well if not well all just have to wait and see when bootmii comes out. Its already looking pretty promising that it will be soon with all the talk about it so im just gonna wait and see! : )

  • 37 bushing // Feb 21, 2009 at 9:34 pm

    @ChuckBartowski: If your consoleID begins with 02, 03 or 04 (over 90% of the Wiis out there), you have boot1v1 or boot1v2. This means your Wii will work with the “real” BootMii. The version of boot2 doesn’t really affect this, but is interesting information for us to know (since we’re modifying boot2 to make BootMii).

    @pii: I haven’t finished examining boot2v4, but I don’t think it has any meaningful differences. No, there is no relationship between the Wii ID and the console ID — the Wii ID is randomly assigned. The “minimal information” is most likely the “purchase date” of the Wii. That purchase case is probably related to both the console ID of the Wii, as well as the serial number printed on the outside of the Wii. Someone could probably make a site like that one for the Wii drive chipset that linked serial numbers to boot1 versions (or console IDs), but it would not be nearly as simple as translating from consoleID to boot1 version.

    @Fennec: There’s no way to directly block an update of boot2. Nintendo has never updated boot2 before on existing consoles, so we have not put much energy into doing this. There are things we can do, but they’re not pretty :/

  • 38 Remadon // Feb 21, 2009 at 10:56 pm

    “There are things we can do, but they’re not pretty :/”

    Now im just curious, What are they?

  • 39 ChuckBartowski // Feb 21, 2009 at 11:25 pm

    @ bushing: Hey thanx for the info! thats all i wanted to know.

  • 40 pii // Feb 22, 2009 at 10:25 am

    @bushing: I agree, but I think it still can be handy to be able to deduce the bootloader versions by merely looking at the serial number, e.g. when buying second-hand Wii’s. Anyway, I mentioned it to the guys behind WiiTracker, so maybe they’re interested.

    Slightly off-topic, but one other question. If not absolutely necessary for playing the latest games, is there any good reason why to perform Nintendo firmware updates? Any improvement in performance? Or is it best to stick to the original firmware and not perform updates whatsoever?

  • 41 marcoo624 // Feb 23, 2009 at 8:28 am

    I understand Nintendo can detect and patch Boot2 which means they probably could check if you have it installed when trying to get online. If they decided to ban those consoles from getting online is there anything in progress to try and spoof this detection (probably have to wait and see what they try to do first) or has it been considered?

  • 42 Hells_Guardian // Feb 23, 2009 at 5:22 pm

    Well I mainly hope for a great cryptologist to break the SHA – 1 Encryption and allow for the replacement of boot1. For the time being I don’t forsee this happening but It would be a gold advancement in all of this. I myself have a compatible wii as is but I know a few people that aren’t so lucky. I hope the nand dump of the system with the new boot 2 version 4 I supplied will be helpful to you and the rest of the team.

  • 43 Sven // Feb 24, 2009 at 3:56 am

    @pii: There is no advantage in updating your console if you just want to play games and run homebrew. Nintendo pretty much fails at giving us a reason to update to a newer System menu/IOS versions. All their updates contain are minor fixes to random stuff and “fixes” for homebrew. Most games will still run if you just don’t update and remove the update partition from the discs. This can either be done by using hardware modifications or by patching the system menu like starfall does. All in all, there is no real to update. This might of course change in the future once Nintendo starts to actually release useful features :-)

    @Hells_Guardin
    You can forget about attacks on SHA-1 being useful for us. MD5 was “broken” given that you can make an certificate authority sign a message from you. We cannot do this for boot1 and would therefore need a so-called preimage attack on SHA-1. It is *very* unlikely that such kind of attacks are going to be found. But you never know… ;)
    I’m just saying that an attack similar to the well-known attack on MD5 would not help here. A hardware solution would be ideal for said Wiis since we can still modify the System Menu’s IOS because even boot2v3 and probably boot2v4 don’t even care about its signature. You need hardware here because each system menu update will overwrite your patches though… :/

  • 44 Hells_Guardian // Feb 24, 2009 at 7:16 pm

    Indeed. We will know soon enough about the added features in boot 2 v4. I have sent the files to Marcan for him to review and hopefully he has good news regarding the boot 2 v4. None the less If there is a security flaw there that can be manipulated to allow one to change the boot 1 then I’m certain that you guys are the ones that will find it. Either way glad that there is so much effort going into this great project. I’m certain it will be a great benefit to all wii users. :)

  • 45 smf // Feb 25, 2009 at 1:53 am

    @sven

    md5 was broken years ago, you can easily change a message but retain the original hash.
    The recent hack on the browser certificate authority relies on md5 being broken, not the other way round.

    If the wii used md5 then today you could change boot1, but retain it’s signature by changing some unused areas.

    So far it appears that to do this for sha1 would need a brute force attack of 2^35(34359738368) itterations. It would suit a distributed attack though, as we only need to get the old boot1 to have the same hash as a new boot1. It may happen in our life time, http://boinc.iaik.tugraz.at/ but putting all that computer power to allow wii’s to run a bit of software is unlikely.

  • 46 Muzer // Mar 1, 2009 at 1:47 pm

    Out of interest, I know this isn’t likely to happen since you are always so careful, but if you were to install BootMii on a Wii with a fixed boot1, I assume the Wii would brick?

  • 47 pii // Mar 2, 2009 at 2:12 am

    BTW, the BootMii compatibility checker is not compatible with the latest firmware, right? And I assume that currently sold Wii’s have this new firmware version pre-installed. So the current part of incompatible Wii’s will probably be >>10%, right?

  • 48 chuckthetekkie // Mar 3, 2009 at 10:12 pm

    How exactly is BootMii installed?

  • 49 WiiBlaster // Mar 13, 2009 at 11:54 pm

    Well I owned a Wii that contained the New Boot1 so i went on e-bay and bought 2 Wiis and was lucky enough they both contain the Old Boot1 , So really lookin forward to the release
    Thanks

  • 50 Schafskaese // Apr 15, 2009 at 12:50 am

    Hi!
    i bricked my Wii (4.0e) by uninstalling IOS9, 11, 12,13,14,15,17,20,21,22,28,30,31,33,34,35,36 and IOS 60 wich belongs to the Systemmenu. (Don’t ask why i uninstalled it^^)
    Is there any chance to rescue my Wii by using Bootmii or any other Programs? Preloader won’t work. I also tried a Modchip but i think the rescue menu is also destroyed because it’s integrated in the systemmenu. When starting my Wii i don’t see anything, no signal on TV.
    Greetz Schafskaese

  • 51 pececito // Apr 16, 2009 at 2:33 am

    hi i bricked my wii jeje so i need to install bootmii by Low-level install. when the program are done, i can supose that you do a Tutorial to install using a hardware programmer?
    thanks very nice

  • 52 pood // Apr 23, 2009 at 9:47 am

    Can you uninstall bootmii? incase nintendo have some update that bricks your wii, and makes you pay 220 euros for it!

  • 53 salehhamadeh // May 24, 2009 at 10:18 am

    I want to install BootMii on my wii but I have a problem. Before going to the menu, it says boot1 prevents installation of boot2, what does this mean and wii I be able to install it?

  • 54 svosin // Jan 18, 2013 at 9:33 am

    Allow me to share some suggestions.
    There’s many news about SHA1 is pwned(collisions).
    As I know, boot1 stored inside the NAND, and boot0 check its SHA1 hash before load it.
    If hash mismatches, boot0 will not load boot1.
    I think, may be possible to use SHA1 collision to bypass that check, and write old or custom boot1 that allows write to boot2.

You must log in to post a comment.