Notes from inside your Wii

HackMii header image 2

updates and bricking

November 1st, 2009 by bushing · 28 Comments

I keep getting questions along the lines of “should I update to 4.2? Are you guys going to make a ‘safe boot2 updater’?”   (The answer is ‘no’, but keep reading.)

Somewhere in the noise about this most recent update the point I was trying to make got lost.  Let me recap the facts:

  • The most recent system update was the largest update ever done — 32 titles were added or updated, and each system downloaded approximately 50MB of data.
  • A certain firmware graybeard tells me that, on average, 1 in 1000 updates (of any software, on any system) will fail.
  • The Wii performs updates atomically on a per-title basis.  What this means is that the system menu downloads each title from the Nintendo Update Server and feeds the data directly to IOS/ES.  As each chunk of data for a given title is downloaded, IOS writes it into /import, and then once the entire title has finished downloading, it renames the files in /import to overwrite the older version of the title (in one step, “atomically”).  That rename step probably only takes a second or two for each title.
  • Contrary to Nintendo’s claims, an update will not start over from the beginning if interrupted.  Rather, the updates will be downloaded and installed in this order: boot2, IOS of the new system menu, a new system menu, and then everything else.  If the update is interrupted after (for example) the IOS is installed but before the System Menu has finished downloading, the partially downloaded System Menu will be deleted upon the next reboot.  You will still be told “an update is available”, and it will restart the update — but since it won’t reinstall the same version of something that’s already there, it will skip over boot2 and the IOS and restart downloading the system menu.
  • Any failed update on three of those pieces (boot2, system menu, IOS) will cause the system to irreparably brick.
  • Any failed update on another part of the system (for example, another IOS) could either cause strange behavior (certain games won’t launch) or could cause the system to brick (if it damaged the filesystem in NAND).

As far as updating boot2 goes:

  • The 1-in-1000 number applies to boot2, although there are some protection mechanisms in place to try to mitigate that risk.   There are two separate copies of boot2 stored in flash, and if one is corrupted, it will try to boot the other — this is the only real “safety mechanism” in the entire device.
  • The boot2 update code is completely separate from any other update code, and has never been used before on any retail Wiis.  That does not mean it’s necessarily broken or buggy, just that it has been nearly as well-tested as any of the other updater code.
  • During the development of BootMii/the HackMii Installer, I ran into a bug where the ECC data was not always written when writing boot2.  Let me be clear here — this is not a huge bug.  It only applies to the boot2-area blockmap page, and when it happens, the effect is generally harmless — if there is a bit error in that page, it will not be detected or corrected, but there are three copies of that data in that page and boot1 will choose the best 2 out of 3.  (The only real indication you will see of this is if you find the message “Ninty forgot to write spare data for page xxx” in your installer.log file after installing BootMii/boot2.)  I don’t really think this will cause a system to get bricked, but it’s evidence that the code has not been thoroughly tested.
  • Our boot2 updater code presumably carries the same 1-in-1000 risk of failure, but a failure there will still allow at least one of the two old copies of boot2 to work.  (We do something mildly clever there to avoid overwriting each copy, and to prevent problems with BC/MIOS.)
  • There is no benefit or pitfall to installing boot2v4, other than the fact that if you don’t install it, it will keep trying to install it whenever you update, and if you had BootMii/boot2 installed, it will overwrite it.

Various employees of Nintendo — from lowly tech support staff and forum moderators to executives — have made the claim that “most of the bricked systems were a result of other modifications to the system.”  This is a lie, and I’m disappointed in Nintendo for trying to make this claim.  It’s not supported by evidence — how could they possibly get that kind of statistic?   (There hasn’t been time for them to get bricked units back and do much analysis, and even in the case where they do have a bricked console in their hands, there’s nothing they can do to see whether it was modified or not.)  It’s not supported by logic, either — the reason why this update “kills homebrew” is because it overwrites EVERYTHING, but the same is true for unmodified Wiis.   It’s not even supported anecdotally — there were comments on Nintendo’s official Tech Forums from people who had bought a new Wii that day and had it brick the first time they did their connection test and system update.

If we were to write a boot2 installer, there’s no guarantee that it would be any safer than Nintendo’s.  We sincerely believe it to be safe — we’ve tested it as much as we possibly can, we have an unreasonable number of safety checks in there, and I have yet to hear of a single case of bricking in somewhere between 10-20,000 installs — but then again, I’m sure Nintendo feels the same way about their code.

The distinction here is a more subtle than “whose code is buggier”.  When you run the HackMii installer and install anything we’ve written, you are taking some risk.  The difference here is that

  • For the (say) 20,000 people that run the HackMii installer, each one of them has done so deliberately and with some goal in mind — tinkering with their system, playing homebrew games, whatever.  In the case of BootMii/boot2, we even give you a strong defense against bricking your console through updates (oh, the irony).  If you run into problems, you can be mad at us, you can be mad at yourselves, but at the end of the day, you took a calculated risk.
  • For the 55 million people who own Wiis but did not run the HackMii Installer — yet are forced to update anyway — they run the risk of bricking with no tangible benefit to them whatsoever, and no choice in the matter.

If we take this 1-in-1000 statistic of failed updates, and say that 1-in-100 of those failed updates will result in a bricked system, and then extrapolate that over the top two groups — you end up with maybe one or two homebrew-running people with bricked Wiis, and 550 unmodified, bricked Wiis.  If you have one of those, go to Nintendo and ask them to fix it for free.   If you haven’t updated, there’s no good reason to — other than to stop it nagging at you to update.   If you do feel compelled to update, your chances of running into problems are no better and no worse than anyone else’s,  and they wouldn’t be much different if we wrote the update code instead of Nintendo.

This is the reason why it’s a big deal when anyone releases a bootloader update — it’s inherently risky, and for most people, it’s not worth the risk.

Tags: Wii

28 responses so far ↓

  • 1 Retal // Nov 1, 2009 at 3:15 am

    If there was any misconception as to the reliability of Nintendo’s update code, it was created by yourselves in the first place, so I hope you’ve learned to be more careful what you write, in order to avoid having to write another 20-paragraph amendment in future.

  • 2 Suigintou // Nov 1, 2009 at 4:26 am

    Good article, very informative.

  • 3 diegoisawesome // Nov 1, 2009 at 5:57 am

    This is why I’m still at 4.0.

  • 4 DCX2 // Nov 1, 2009 at 9:09 am

    I don’t see the misconception. Nintendo created a console that cannot safely update the bootloader, and with no way to re-flash a bricked NAND in-system. Perhaps the only misconception was that BootMii’s updater was more reliable.

    If I understand correctly, BootMii only updates 1 of the boot2 images, and Nintendo updates all three?

  • 5 Sephiroth // Nov 1, 2009 at 9:47 am


    yes i think you got that right.

    but then again, why does bushing claim that there is a small risk of bricking a wii with the hackmii installer? i mean even with the 1 in a 1000 cases chance to mess up 1 copy of boot2, the console would not be bricked and the system will just use one of the other copies of boot2.

    so why is there still a chance to brick a wii with the hackmii installer??? O.o

  • 6 Phelps // Nov 1, 2009 at 9:52 am

    The post discussing the 4.2 update gave the impression that the risks were much greater. Quote:

    “in our testing we discovered that it often fails to write out ECC data for the new version of boot2 that it writes. We should expect to see some number of bricked Wiis from this”

    It’s not incorrect, just a poor choice of words for a 1:100000 chance of bricking.

    Anyway, not a big deal, at least now I won’t be scared to update to 4.2 when a game requires me to.

  • 7 Sephiroth // Nov 1, 2009 at 10:15 am

    @ Phelps :

    still i wouldnt underestimate the risk…at my forum we have a number of bricked wiis caused by the 4.2 update…

  • 8 Phelps // Nov 1, 2009 at 11:22 am

    Without modchips? I browsed several popular forums in my country and all I saw were a ton of “Error 003” posts.

    Anyway, unless you don’t play games on your Wii (I do) or you accept relying on 3rd party updateres (I don’t), you’ll eventually be forced to make this update.

  • 9 SifJar // Nov 1, 2009 at 11:36 am

    @Phelps: Not necessarily. You can avoid updates by updating IOS by hand using Gecko OS or WUFE and wadimport, and patching your System Menu to ignore disk updates using preloader or StartPatch. Or you can just run the games through Gecko OS. Anyway, you can update manually using NUSD and wadimport, negating the need to do an official update, thus skipping the boot2 update. But from the look of this article, the boot2 update isn’t too big a deal anyway.

    I’d say the Error 003 is more of an issue, as anyone with a region changed Korean Wii will “brick” with this. However, I believe from some research that patching IOS60v6147 to install to the IOS70 slot, then installing 4.2 will bypass the Error 003.

  • 10 someone // Nov 1, 2009 at 11:38 am

    As the boot2 update code is a special case, presumably the code which checks boot2’s version is also a special case.

    If TT isn’t willing to write a boot2 updater or modify the HackMii installer to give you the option of downloading and installing latest version of boot2 off NUS and overwriting just one of the copies of boot2 instead of all (either because it’s impossible because of keys, because you don’t want to be responsible for possible bricks, or some legal issue)…

    Would TT write something which patches the System Menu so that the boot2 version check is skipped when updating from disk or Internet or modifies a config file in the NAND which contains boot2’s version (if such a file exists)?

  • 11 Phelps // Nov 1, 2009 at 11:49 am

    I think it’s more likely I’ll break something doing that than taking my chances with the system update.

  • 12 SifJar // Nov 1, 2009 at 1:05 pm

    @Phelps: True, but if someone has already got Error 003 and can run homebrew, that is a possible solution. Also, future updates will most likely still include this check, so this method could be used then, when there is reason to upgrade.

  • 13 Darkmystery // Nov 1, 2009 at 1:48 pm

    Highly informative, as always.

  • 14 bushing // Nov 1, 2009 at 5:53 pm

    @someone: Pretty much spot-on on all counts. We don’t want to write a boot2 updater because there’s no guarantee it would be safer, and we don’t want to be responsible for any bricks it causes. The difference between us installing BootMii/boot2 vs us installing boot2v4 is that you gain a considerable amount of brick protection if you install BootMii/boot2 — and I think that far outweighs the risk there. The same can not be said about boot2v4.

    It would be fairly easy to patch out the boot2 update code from the System Menu, but I’m still hesitant to make persistent changes to the System Menu on NAND. It’s possible — but technically difficult — for BootMii/boot2 to patch the System Menu in memory when booting, and that’s something we’re considering — but it has not yet been necessary, and putting the necessary technology in place to do that would considerably escalate this “arms race”. (It also would not do anything for those who don’t have BootMii/boot2 installed.

    If anyone wants to go the route of patching the System Menu in NAND, there’s already a program on Wiibrew that does this — http://wiibrew.org/wiki/StartPatch. I have never used this program and cannot recommend its use — but it has the ability to patch the system menu binary to disable updates entirely, and if there’s a need for it I could contribute a patch to it to do that just for boot2.

  • 15 HackMii.com: bushing hat viel zu sagen - Wii Forum - Wii // Nov 2, 2009 at 10:20 am

    […] […]

  • 16 JohnH // Nov 2, 2009 at 8:05 pm

    Interesting. I would actually like to update my Wii in order to use the Shop Channel (not wanting to pirate anything), but have not used third party updating tools pretty much because you guys have always recommended against it. Is that recommendation void now? I don’t even really know which tool to use; they all look like they want to custom-patch one thing or another, and all I want is unmodified Wii system file updates.

    Is there a guide out there for updating the other components of 4.2, all except for boot2, without patching? I am fine with updates so long as they carry no risk of bricking my Wii, but I really don’t like the idea of BootMii boot2, which I installed specifically as a brick prevention measure, getting bricked by Nintendo’s own update.

  • 17 tech3475 // Nov 3, 2009 at 8:32 am

    There is honestly no point in updating, everything new (besides the system menu) can be installed via wiiSCU.

    The only thing 4.2 adds is (already beaten) homebrew “protection”.

    There are methods none the less, one is a manual wad install, the second anyregion changer and the third is a special updater (google it) but you still have to reinstall CIOS, install an old IOS wad and reinstall the homebrew channel because its upside down. I did the latter and ended up downgrading via a bootmii backup to 4.1 because I like having the old non-mothballed IOS just in case.

    Just wondering, does that code for preloader which supposedly “blocks online updates” work? I installed it as a form of update protection but is it reliable?

  • 18 JohnH // Nov 4, 2009 at 5:04 am

    Ah, thanks for the info tech3475!

  • 19 Shonty // Nov 4, 2009 at 10:59 am

    I remember in case of the beginning of bootmii the view of an boot2 Emu. I think its time for it 🙂

  • 20 SifJar // Nov 4, 2009 at 1:53 pm

    @tech3475: AnyRegion Changer will install System Menu 3.2, it will not update you. “Special updaters” are generally fail, as they install what there creator thinks is best. The exception is dop-IOS MOD which lets you manually update whatever you want (IOS, System Menu, Channels), patching IOS id you so desire, or not if you dont want to.

    Also, the best form of update protection is : dont click update. The Wii can not update without you pressing update. There is no real need for a preloader code.

  • 21 tech3475 // Nov 4, 2009 at 3:24 pm

    I know that but its in case someone else does it without me knowing…..a precaution basically.

  • 22 promoherb // Nov 6, 2009 at 11:34 am

    “I’d say the Error 003 is more of an issue, as anyone with a region changed Korean Wii will “brick” with this. However, I believe from some research that patching IOS60v6147 to install to the IOS70 slot, then installing 4.2 will bypass the Error 003”

    Is this tested? You mean, installing 4.2 from Nintendo?

    Can you please give more reference on that?

  • 23 bushing // Nov 8, 2009 at 3:54 am

    It’s a choice between three ugly solutions — to circumvent the 003 bullshit, you can either patch the system menu, patch the system menu’s IOS (70), or erase the Korean key from SEEPROM. I have no recommendation there, all of them are sketchy.

    As for my recommendations on updating — I don’t really know what to say beyond what I’ve already written. At this point, the only update that Nintendo has made in the past year that actually added functionality was the SD-card stuff in 4.0. Other than that, you have nothing to gain from updating your Wii.

    Well, there is one thing you gain — you don’t have to worry about “accidentally” updating or being forced to update — at least until the next update. There is something to be said for that, I suppose, especially if your warranty is still intact and you can return your Wii to Nintendo if it breaks. Personally, I sat there and held my breath a little and hit “Update” — then again, I sort of had to to continue working on the HackMii Installer.

    Nintendo’s update is probably safer for your system than any “homebrew update” — which the possible exception of something like WiiSCU which will let you only install e.g. the new shop channel. That is really the kind of thing I had in mind when releasing patchmii-core.

  • 24 bootlegger // Nov 17, 2009 at 6:31 am

    Just putting this out there as I have just read about it on the XBOX 360, but is there no hardware switch on the chip that holds the boot2 code that could be fitted to stop overwriting of the boot2 code in the future – would this also stop all other updates such as FW4.2 being installed or is that held on a different chip?


  • 25 me.yahoo.com/a/v0GiNkUsu… // Nov 17, 2009 at 10:26 am

    No, because it’s on the same chip that is used for storing savegames.

  • 26 bushing // Nov 18, 2009 at 5:03 am

    The Wii uses the same flash chip for everything — all of the software, channels, savegames, etc. The system won’t even boot if you write-protect the chip, because it writes some temporary files in the process of booting. There is no way to selectively write-protect part of the chip, either.

  • 27 Doug // Dec 15, 2009 at 12:10 pm

    bushing… could you do me a favor and answer what exactly the major problem with the “stubbing” of IOS’ really is? I fear that I don’t grasp the meaning of stubbing in this sense, nor the reason why one just can’t “reinstall” say IOS 249 for instance.

    Thanks for any response (unless you say I’m dumb. I wouldn’t appreciate that much). You’re helping the community greatly imho.

  • 28 sam // Feb 23, 2010 at 8:40 pm

    Ok check this out. I had Homebrew installed and the kids got NEW SUPER MARIO BROS for christmas, so I uninstalled Homebrew. Worried about bricking. Everything was good. Then we rented SUPER SMASH BRO BRAWL and after a few times of playing even after updating to 4.1 the wii would say “unable to read disk” . So ifound on the Wii site that if you had an issue palying this game to send in for fix. Now i just received and E-Mail form nintendo saying the Wii was tampered with by installing Homebrew and would not fix and recommened to replace. What can I do? I have yet to receive the Wii back from nintendo?

You must log in to post a comment.