ChipD has done a lot of work lately with the actual, physical NAND Flash chip on the Wii, and he just told me about his latest feat — two chips installed in one Wii, with a switch to toggle between them. More pictures and info after the break.
The goal: mount two full NAND Flash chips at the same time inside a Wii, so that you can switch back and forth between them.
This isn’t exactly self-explanatory, so let me explain what’s going on here. He’s found some extra chips (see below) that are the same as the ones inside a Wii — he then desoldered his System-Menu 3.1U Wii’s flash chip from the Wii, and cloned it onto the two extra chips using an Infectus chip and amoxiflash. This way, if anything goes wrong, he can always desolder this hack from his Wii and go back to the normal one. (All of this soldering and desoldering is difficult and risky, but hey — you do what you gotta do. Carefully.)
NAND flash uses an 8-bit data bus and 7 control lines. One of those is Chip Enable (CE) — if Chip Enable is deselected, then the chip almost acts as if it’s not connected it all (all input and outputs go to tristate). Therefore, if we can make sure that only one of those two chips will have its CE pin active at any given time, we can just solder the rest of everything together. Then, to switch between the two chips, you just write up a 2-way switch. In one position, CE of one chip is connected back to CE from the Wii board. In the other position, the other CE is connected.
A schematic may make this clearer:
Now, let me be perfectly clear here — this is a neat hardware hack, but this is not something most people will be able to pull off, nor is it something most people will find useful. It will not help you fix a broken Wii, or downgrade a Wii, or anything of the sort.
In order to make use of this, you will need:
- 1 or 2 extra NAND flash chips. You can take these from a dead Wii, or certain (very specific) flash-based devices. (Think USB flash sticks, CompactFlash cards, shitty MP3 players.)
- A complete and intact image of your encrypted NAND chip — either done via software or hardware
- A NAND programmer of some sort — perhaps an Infectus — to use to write your NAND flash image to your blank chips. You will also probably want this so that you can reprogram one or both of the chips when you fuck them up– which is, after all, the only point of this endeavor.
- Excellent soldering skills, patience, etc
- Something clever to try out with this. This allows you to try making changes to your flash, and then have a way to recover if they don’t work. However, you only get one shot at that, and then you have to go use a hardware programmer to fix it.