Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

BootMii Wii: Difference between revisions

From GameBrew
m (HydeWing moved page Bootmii Wii to BootMii Wii without leaving a redirect)
(No difference)

Revision as of 07:27, 3 February 2023

BootMii
File:Bootmiiwii.jpg
General
Authorfail0verflow
TypeLoader
Version1.5
LicenseMixed
Last Updated2017/01/30
Links
Download
Website
Source

BootMii is a system designed by Team Twiizers to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any IOS has been loaded and before the NAND filesystem has been read.

BootMii-boot2 runs on every boot. However, BootMii-IOS can be launched from the Homebrew Channel Wii from the menu that pops up when the HOME Button is pressed.

BootMii with Related Software

BootMii comes in a group of four pieces of software:

  • Hackmii Installer Wii -- This is a simple ELF file which may be run using your favorite method (HBC, str2hax, or any other exploit which can load standard executables). It checks your Wii to make sure it can safely be modified, saves some vital data for disaster recovery, and installs the rest of the components.
  • BootMii -- This is a small bit of ARM code which is injected into boot2 or IOS254, replacing Nintendo's internal ELF loader. When run, it looks to see if an SD card is inserted. If so, it tries to load and execute /bootmii/armboot.bin instead of boot2. Otherwise, it will fall back to loading boot2.
  • Wii mini -- This is a rudimentary replacement for IOS that is best suited for low-level recovery functions. Source code is available under GPLv2 here.
  • CEIL1NG_CAT (or bootmii-ppc) -- When mini runs, it looks for a file named /bootmii/ppcboot.elf on the SD card. If it exists, mini loads this executable into memory, boots up the Broadway (ppc) and executes that binary in parallel with mini. Source code is available under GPLv2 at (tbd).

Both mini and CEIL1NG_CAT must be present in order to draw a user interface, because the Starlet cannot directly access the Video Interface.

Benefits

BootMii allows anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the Homebrew Channel Wii. For example, if you have corrupted the System Menu, you can use DOP-Mii to reinstall the System Menu. Unfortunately, all homebrew currently require an IOS, because libogc requires one. However, there is mini (a homebrew IOS-like software), which can be modified specifically for the program, ie, for better communication to the Linux kernel.

How it works

BootMii-boot2 is a modified version of boot2's ELF loader, which is loaded by boot1, which is loaded by boot0. boot0 is part of Hollywood and read-only. boot1, although stored on the NAND, is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. boot2, however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the boot process before the normal boot2 is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to brick, and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting boot2. Along with the 4.2 update, Nintendo released a new version of boot2 (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.

The space normally allocated for the ELF loader is split into two sections itself for technical reasons; the first section is a custom ELF loader that loads the second section. The second section checks to see if an SD card is inserted; if so, it loads /bootmii/armboot.bin and executed it. Otherwise, it loads the real boot2, which remains intact when BootMii-boot2 is installed.

BootMii also only installs into the first copy of boot2. There are two major advantages to this: first, if the installation is interrupted, the second copy will still function normally to boot; second, when boot2 is loaded by BC, an updated version of BC will reject BootMii due to an invalid signature, but the second copy can still be loaded fine. For versions of BC with fakesigning, Wii mini includes code to go directly to boot2 to ensure MIOS loads fine.

Compatibility

BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS

Required hardware

BootMii will not require any special hardware. However, special hardware might help accomplish things that BootMii by itself cannot, such as hardware NAND write protection and isolation from the Nintendo software stack. No such hardware exists yet though.

The new boot1

Consoles made after some point in 2008 (no concrete date is known) have a new version of boot1 that patches the vulnerability which allows the console to boot a modified boot2. The Hackmii Installer will detect this situation and refuse to modify boot2 (see more at Hackmii). Since boot1 cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new boot1, however, this percentage is now higher, as BootMii Checker was distributed shortly after boot1c was released.

Media

Changelog

v1.5

  • Changelog not released
  • Open sourced in August 2022

v1.4

  • Fixed integer overflow when calculating SD card free space
  • Changed IOS TMD version to 65281 to prevent it from being repeatedly erased.

Beta 5 (v1.2)

  • Compatible with more SD cards.

Beta 3 (v1.0)

  • Improved the SD card compatibility

Beta 2 (v0.9)

  • SD card performance has been improved, decreasing the boot and the NAND backup / restore time

Beta 1

  • First Public Release

External links

Advertising: