Notes from inside your Wii

HackMii header image 2

Wii Menu 4.2: a lack of imagination

September 29th, 2009 by bushing · 58 Comments

As you can see in the latest Wiimpersonator log, Nintendo has released an update for the Wii software — “Wii Menu 4.2″.

Nintendo’s release notes state, rather blandly,

September 28, 2009

Wii Menu 4.2

Unauthorized Modifications

Because unauthorized channels or firmware may impair game play or the Wii console, updating to Wii Menu version 4.2 will check for and automatically remove such unauthorized files. In addition, there are some behind the scenes enhancements that do not affect any prominently-used features or menus but will improve system performance.

That’s the best they could come up with? Seriously? This is almost as bad as the first update (3.3) they did to (try to) kill the Twilight Hack, which they justified with “an enhanced Mii channel”. Don’t update. Seriously.

For those of you that have already done so, or have pets, friends or siblings that updated your Wii behind your back, or just don’t like listening to good advice, you have the following to look forward to:

  • Enhanced system menu — now with a new iplESMisc.cpp::DeleteTicketsForce function that runs after verifySavedataZD, upon every boot of the system. In addition to looking for the Twilight Hack and deleting it if found, it will now look for title-IDs DVDX and HAXX (the latter being the Homebrew Channel) and delete them if found.
  • Updated boot2 — All Wiis that shipped with boot2v2 or boot2v3 (the first 30 million or so) will have boot2v4 installed. There’s no behavioral difference, here, but it will wipe out BootMii if it is installed as boot2.
  • Updated IOSes — updated versions of IOS9, IOS12, IOS13, IOS14, IOS15, IOS17, IOS21, IOS22, IOS28, IOS31, IOS33, IOS34, IOS35, IOS36, IOS37, IOS38, IOS53, IOS55, IOS56, IOS57, IOS60, and IOS61. A new IOS70 is installed for the new System Menu to use. I haven’t looked at the changes in any depth, but they seemed to have fixed the IOS exploit we were using in the most recent HackMii Installer.
  • Updated BC, MIOS and IOS254– I’m not really sure what the point of this was, but they probably just rebuilt everything to be safe. They could have used the opportunity to try to overwrite BootMii/IOS, but they didn’t (the version number is lower than that used by BootMii, so it won’t install).
  • New stub IOSes installed as IOS222, IOS223, IOS249, and IOS250. This seems to be the only effort made to remove “unauthorized firmware” from the Wii. This may or may not actually work, depending on the version number used in the TMD of the already-installed version of IOS.
  • Updated shop channel — this was probably just a routine update of the shop channel, and they probably stopped allowing the older (4.1) version of the shop channel to connect. This is the only actual “carrot” to entice you to update.

I’m surprised that they took the bold move of pushing an updated boot2 — I guess all of the cool kids are doing it these days. Their boot2-updating code (ES_ImportBoot) is not well-tested; they’ve never updated boot2 on retail consoles before, and in our testing we discovered that it often fails to write out ECC data for the new version of boot2 that it writes. We should expect to see some number of bricked Wiis from this; the code is so buggy that we decided to write our own for the HackMii installer. If you had BootMii/boot2 installed, it will be overwritten with the normal, stock boot2, but there should be no other harmful effects.

I’d advise everyone against updating; no good can come of it. I also do not suggest you use any “updaters”. We are currently testing an updated version of the HackMii Installer, which will be able to reinstall the Homebrew Channel, DVDX and BootMii (just as before). Indiana Pwns should still work; I’d imagine a new version of Smash Stack will still work. Bannerbomb does not seem to work in its current form, but it remains to be seen how it was blocked and whether it can be made to work again.

Tags: Wii

58 responses so far ↓

  • 1 SquidMan // Sep 29, 2009 at 5:38 pm

    Nice little replay of events.
    Hope that new installer comes out soon (although I don’t plan on updating from 4.0 anyways)
    Good work guys :3

  • 2 marcan // Sep 29, 2009 at 5:43 pm

    I would like to double-remind people that blindly patching/installing/updating stuff is stupid and that messing with HBC to get it to (re) install after an official update is stupid (and distributing those modifications is not allowed).

    If you need the Wii Shop, find an installer that will install the new shop + its IOS only, with no modifications or patches. If you’ve already updated, wait a day or two until the fixed installer comes out.

    Rushing stuff out at this stage is a recipe for disaster, as much as some people like to do so.

    This update isn’t a “homebrew killer” by any stretch of the imagination. Don’t overreact.

  • 3 Sotomura // Sep 29, 2009 at 5:46 pm

    So you guys have a new(er) exploit to work off now?

  • 4 marcan // Sep 29, 2009 at 5:47 pm

    There have been 3 or 4 “newer exploits” for months now.

  • 5 Sotomura // Sep 29, 2009 at 5:54 pm

    That raises a question then; is Nintendo working on fixing each exploit AFTER it spreads to the masses, given that you guys still have these to work with? Has there been one update that ever broke exploits before anyone’s had the chance to use them?

  • 6 aaron44126 // Sep 29, 2009 at 6:09 pm

    Judging from their previous responses to things like this (i.e. purely reactionary), they probably don’t even know about the exploits before anyone’s had the chance to use them…

  • 7 ChuckBartowski // Sep 29, 2009 at 6:19 pm

    id think that updating the GC part would be to overwrite cMIOS. Just a theory.

  • 8 marcan // Sep 29, 2009 at 6:20 pm


    They almost did, once, but they failed. Part of the original exploit used to work around the Oct 23 update was fixed beforehand on higher IOS forks, but they neglected to backport the fix to lower IOSes. It was a really, really obvious exploit, so they probably found it independently. Basically, they fail at life.

  • 9 SnoFox // Sep 29, 2009 at 6:29 pm

    And for those of you that did not take good advice,

    Mindlessly updated my Wii thinking nothing would happen to me, like the last few updates… Oops. πŸ˜›

    Keep up the great work you guys! I can’t thank you enough, really. I don’t know what I’d do without homebrew on my Wii… Other then sell the thing… :)

  • 10 comex // Sep 29, 2009 at 7:14 pm

    the “fix” for bannerbomb is retarded, new version tomorrow hopefully

  • 11 marcan // Sep 29, 2009 at 7:25 pm

    I’d also like to point out to all the people hexediting HBC’s title ID that: 1) it’s stupid, 2) it’s unsupported, 3) will get you dupes/scamscreens/other issues, 4) we’ve already come up with a new Title ID and are building a proper update, 5) ours is much funnier than yours πŸ˜›

  • 12 me.yahoo.com/nande_kudas… // Sep 29, 2009 at 7:30 pm

    i think is obvious that this aint the end of the world (homebrew either)….
    in fact before this fix was released there where already at least 2 exploits (indiana and smash) so…
    but! what’s intresting is that nintendo actually took a very direct action against homebrew.

    personally i think they should start to think on how much the scene is doing them a favor by making good software for free.

  • 13 marcan // Sep 29, 2009 at 7:32 pm


  • 14 ifish // Sep 29, 2009 at 7:48 pm

    great work guys almostu udated wii but had a power failiur and it turned it off luckly it still works but good job guys marcan the title was HAXX before right bannerbomb is the best explots so far no need to rent games to run homebrew

    lots of love and respect you guys rock

  • 15 Grayda // Sep 29, 2009 at 7:57 pm

    I’m lucky I have a fiance who is as tech-savvy as me, so she knows that if Nintendo offers to update anything, to see me first.

    With that said, I’ve hex-edited the binary, patched my system menu so that it depends heavily upon a string that changes every update, modified the NAND using Microsoft Word, panicked, ran to GBATemp and wrote a patcher that not only insults Team Twiizers, but turns your Wii into a MySpace layout-esque mess and sold HBC as my own product. I’M READY TO UPDATE NOW!

  • 16 IBNobody // Sep 29, 2009 at 8:02 pm

    So what does the new error message “Error: 003″ that Nintendo mentions in their release notes refer to?

  • 17 Toad King // Sep 29, 2009 at 8:03 pm

    @Grayda: MySpace layout for the Wii? I’d pay money for that!

    Does you guys have any info on what this new “Error:003″ thing is, and if it’s homebrew or piracy related?

  • 18 s3phir0th115 // Sep 29, 2009 at 8:24 pm

    I mean no disrespect, but I was able to hex edit a portion of System Menu 4.2, a 4 byte fix, and stop all of the homebrew deletion functions.

    I’m aware you guys don’t advise it, I’m aware it’s dangerous, but I thought I’d let you know that not all of us hate you or believe your methods for solving problems are ignorant or stupid.

    Although I, like any other person, don’t appreciate being insulted for altering my Wii’s files at times (or for anything), or for having my methods insulted.

  • 19 pm_41 // Sep 29, 2009 at 9:01 pm

    Great to know that a updated HackMii/Bannerbomb is in the works!

    But one thing still makes me think:

    You guys mentioned a while back that in order to apply anything to boot2, you needed a security key to bypass boot1. Does the 4.2 update files contain that key? πŸ˜‰

  • 20 marcan // Sep 29, 2009 at 9:42 pm

    Nintendo can always update boot2, since they have the private key. We’ll never be able to get that. It’s the way public-key crypto works.

    We’ll always be able to change boot2 on older Wiis, and never on newer ones (unless a magical boot1 exploit shows up). Nintendo will always be able to change boot2 on both.

  • 21 angelXwind // Sep 29, 2009 at 9:52 pm

    Installing just SystemMenuv481.wad (from NUSD) and a copy of IOS70 (also from NUSD) will result in a Homebrew-enabled Wii, including HackMii. (though THBC is still removed)

    Funniset thing is that when I was returning from WAD Manager, THBC was apparently still there. It launched. When you reboot your Wii, it magically dissappears.

    I just don’t see the point in updating. At all. (I reverted back to 4.1U via BootMii)

  • 22 gothicpinku // Sep 29, 2009 at 11:20 pm

    Will bootmii be able to be installed in boot2 again? o.o if so that’s impressive… then if that’s true will there be a chance to restore the NAND that I previously had with firm 4.1 if I updated to 4.2?

  • 23 marcan // Sep 29, 2009 at 11:26 pm


    Yes and, theoretically, yes. The magic of BootMii ;). The one thing you can’t do is downgrade boot2 back to the old version, but you can install BootMii on the new one, as long as your boot1 was compatible beforehand of course. Note that BootMii NAND restores don’t restore the boot2 area.

    I recommend that you back up your current 4.2 to a separate file beforehand, in case the 4.1 restore doesn’t work. It should work, but it obviously hasn’t been tested.

  • 24 http://maikelsteneker.blogspot.com/ // Sep 29, 2009 at 11:31 pm

    I was also really surprised that they updated boot2.. All in all, this is an interesting update; I’d say the best one (in terms of defeating homebrew and piracy) yet. The most important programs suddenly become unusable.

    I’m eager to see the fixes you have found for this. Keep up the good work!

  • 25 master5o1 // Sep 29, 2009 at 11:47 pm


    Pesonally, I think any method distributed to other people should be as safe as possible. I’m fine with someone hex-editing their own Wii, it’s their own property.

  • 26 gothicpinku // Sep 29, 2009 at 11:49 pm

    Well I will backup it again when I can install BootMii again… I already have like 4 NAND backups in my pc, each one different firmwares xD.

    Sooo I first laughed when my hbc died from System Menu, I tried to use bannerbomb and I got scared cause it didn’t work xD after I tried to see the disc “tray” flashes that BootMii does if nothing is inserted into SD slot and I was like “omg they killed it!”… but now I see it was like a joke ._. cause It didn’t harm anything really…

  • 27 Mike // Sep 30, 2009 at 12:01 am

    thanks for updating us on the situation guys! this is awesome, i am glad you are all soo supportive! Hackmii rocks! TEAM TWIIZERS for life

  • 28 someone // Sep 30, 2009 at 12:58 am

    It looks like they decided that the cost of bricked Wiis would outweigh the cost of piracy. This might have been true if they had the final solution, but they obviously don’t.

    We now have three slightly different copies of boot2 (v2, v3, and v4), we know what the contents are, and the contents aren’t very big either. Does this make an @home project to work out the private key any easier? (he asked ignorantly)

  • 29 cactusjack901 // Sep 30, 2009 at 1:46 am

    Well this is awesome. I haven’t updated yet, but I have a feeling I’d be able to revert to 4.1 considering I have an older wii, but boot2v4 (and it looks like Nintendo used their shoddy code for that to update mine back at their HQ, I have an ECC Failure or 2 on my NAND backups) so my boot2 won’t need to be updated any further

  • 30 tech3475 // Sep 30, 2009 at 2:23 am

    Nintendo are either getting paranoid or really stupid. Updating the bootloader using dodgy code, that’s riskier than installing bootmii in the first place!

    Can anyone who wants to run any future IOS 70 games just install ios 70? Or have nintendo included code to detect homebrew/older system menu?

  • 31 emailtoid.net/i/0424948e/… // Sep 30, 2009 at 2:28 am

    Jus joined so i can thank you guys for what you are doing, I was so angry with myself that i had updated, But thankfully I have a bootmii backup on a card…

    many thanks

  • 32 Mokong // Sep 30, 2009 at 3:47 am

    I would assume for those of us still on 4.1 with the HBC currently installed, we need only need to wait for an update to the HBC to be downloadable that would then not be removed if updating to 4.2?

  • 33 Alex_Finlay // Sep 30, 2009 at 4:43 am

    Signed in to post a theory of mine, Because of how Dumbass nintendo are in the first place: Technicaly if you made a backup of your wii with BootMii, then update, Then put your wii back to that BootMii state, Wouldn’t you be technicaly downgrading your IOS’s meaning the boot2v4 is a bit retarded on Old wiis.
    Thanks, PS Love your work.

  • 34 alpha tauri // Sep 30, 2009 at 5:35 am

    I must confess that this update made me get worried about HBC. All homebrew websites had desperate words and comments but, your post put me back to a calm and confident mood. I’m looking forward to good news from you mates.

  • 35 ryo357 // Sep 30, 2009 at 5:57 am

    maybe a little off topic but i want to tanks all the guys here at hackmii for their work! you all are great and also very funny!
    Tanks a lot πŸ˜€

  • 36 Scaevola // Sep 30, 2009 at 6:00 am

    Currently in TI calculator community, there is a hot discussion about obtaining the signing keys for apps and OSes so that any homebrew can be installed without hassle.


    The keys were obtained using a distributed computing project. Wii hacking community is much larger than TI calculator community and these efforts make me wonder if it would be possible to do a similar project to obtain the necessary keys for wii software installs or is it more complicated than that?

  • 37 Sychophantom // Sep 30, 2009 at 6:21 am

    Thanks for all your work.

  • 38 lincruste // Sep 30, 2009 at 7:01 am

    It looks like unlucky ill advised users are already experiencing Nintendo sense of priorities:

  • 39 marcan // Sep 30, 2009 at 7:41 am

    And Nintendo is deleting posts that (rightly) blame their poor quality control and focus on blocking homebrew for no good reason.

    I smell a shitstorm coming.

  • 40 ryo357 // Sep 30, 2009 at 8:04 am

    maybe nintendo can hire hackmii guys to get rid of the bricked console πŸ˜€ (just joking)

  • 41 pbsds // Sep 30, 2009 at 8:11 am

    how did nintendo fix the bannerbomb exploit?
    did they just check for its titleid and block it when loading the sdcard’s channels? or did they fix the exploit by making the animation reading part better?

  • 42 marcan // Sep 30, 2009 at 8:22 am

    They checked the banner size and rejected ones that were too large, I think. Comex knows the details.

    I mean, seriously. FAIL.

  • 43 marcan // Sep 30, 2009 at 8:27 am


    (they had already deleted a more insightful post before that capture was taken)



  • 44 Wack0 // Sep 30, 2009 at 9:51 am

    So I post another nice and insightful post .. it gets deleted a few mins later. So I c/p it (taking it from cache) .. they either account ban or IP ban me. Dunno which. Lucky I have a dynamic IP :)

  • 45 bushing // Sep 30, 2009 at 11:04 am

    @Scaevola: The TI calculator key recovery was possible because TI uses (used?) 512-bit RSA keys, which have been considered insecure for quite a while.

    Wikipedia (my favorite source of facts) says that “RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030.”

    The Wii uses 2048 and 4096-bit keys.

  • 46 GideonB234 // Sep 30, 2009 at 11:54 am

    As soon as I saw this, I called my mate to make sure that he knew that the new update could be dangerous. He was pissed off, no wonder. But awesome about the new hackmii installer, nintendo can shove it up their arse tbh. Oh well at least Nintendo are dumb enough just to look for one title ID for each thing. Cat and Mouse games aside, it’s dumb how they think they can block the updates. Homebrew will always win against Nintendo. And the deleting posts thing on Nintendo, there censoring it completely as well. If anyone mentions anything to do with homebrew or that it’s nintendo’s fault nintendo censors it. It’s horrible.

  • 47 Cyberdemon // Oct 1, 2009 at 5:11 am

    Can someone please explain, what exactly makes the boot2 update process so buggy ?
    I’m interested in details of the buggy behavior.
    I think, we all agree that Nintendo is to blame when users brick their wii as a cause of a normal update procedure but if the updatefunction was already investigated, shouldn’t we post a little topic on the Nintendoboard, describing a technique to safely upgrade (or warn if it can’t be done with certain wiis), after all it should be deterministic ?

  • 48 tompccs // Oct 1, 2009 at 9:46 am

    What amuses me is how much easier and cheaper it would be for Nintendo just to give up on patching and updating, throw the Wii to the hackers and ‘casual gamers’, and start working on a console that acts its age.

  • 49 SpyroDragon // Oct 1, 2009 at 12:31 pm

    You should consider donating your own boot2 update code to Nintendo.

    It would at least be safe then. πŸ˜‰

  • 50 Alex_Finlay // Oct 1, 2009 at 3:41 pm

    @ SpyroDragon why help the guys trying to stop us, Easy way to stop someone else updating is just to put parent controls on. They can’t update without them.
    Saves SOOOO much hastle, Or even better Just put some apps on so you can’t upgrade etr etr.
    Also It took Nintendo how long to make this fail update? and it took you lot just 1 and a half days to do a fix lawl.
    They get paid for it and all there work was in the shitter, I recon personaly the main point of this “Update” was just to put boot2v4 on people silly enough to Update before thinking, (Homebrewers) and maybe perpusly brick people.
    Sorry for the spelling mistakes.
    But the fact that they are deleting all posts about bricking because of the update is just downright Ridiculous.

  • 51 Alex_Finlay // Oct 1, 2009 at 3:45 pm

    Just to add i think this update is a idiotic one.
    Seen as i bought 2 Internet channels 1 for a mate and 1 for my own console, Basicly they are forcing me to update to get my 1k of credits.

  • 52 juju798 // Oct 2, 2009 at 2:40 am

    Is there a way to store photos, messages and game times of the Wii Menu on SD Card or something to reinject them later ? Cause I need to backup my nand and i’ll lose all of them :/

  • 53 teaguecl // Oct 2, 2009 at 11:07 am

    Since N’s boot2 update code is buggy and dangerous to use, is there any chance we could use bootmii’s safer boot2 flashing code to upgrade from boot2v2 to boot2v4?
    I’d like to update, but I don’t want to risk a bad flash.

  • 54 me.yahoo.com/a/v0GiNkUsu… // Oct 2, 2009 at 11:34 am

    There’s no advantage in having boot2v4. If you want to access the Wii shop there are workarounds, look on wiibrew.

  • 55 teaguecl // Oct 2, 2009 at 1:44 pm

    There are advantages to having boot2v4 installed. Namely, once it’s in there safely then the console is not at risk of bricking when it updates boot2 itself – which will happen when one of my roommates updates the software to play a new game. The way I see it my console is going to get boot2v4 one way or another unless I go through extreme effort to keep it off. Since I don’t lose any functionality by upgrading, I’d like to just get it over with. However, I’d prefer to do it safely rather than play roulette with N’s bootcode updater.

  • 56 ultimatechaoslen // Oct 12, 2009 at 10:48 pm

    Lol they can’t stop you no matter what they do. Right?

  • 57 teethkicker // Oct 16, 2009 at 7:13 pm

    im sure someone already thought of this but would it be possible/helpful to randomize the Title IDs (maybe off a timestamp) in the install process or is there a reason they need to be all the same/have a meaningful name.

  • 58 Dudeman Kabot // Jul 6, 2010 at 5:31 am

    (I know that 4.3 is out, but what I say started in 4.2. Also, sorry for the CAPS, it was for emphasis.)

    Wait… Nintendo bricks consoles that have been region-changed.
    Okay, but then they CAN’T go BUY any more games and GIVE NINTENDO MORE MONEY!
    Yet, the error 003 was because they hacked the console, but that didn’t STOP BOUGHT GAMES FROM WORKING!
    Basically, Nintendo lost income!

You must log in to post a comment.