BootMii Wii: Difference between revisions

From GameBrew
No edit summary
No edit summary
Line 1: Line 1:
{{#seo:
|title=Wii Homebrew Loaders
(Loader) - GameBrew
|title_mode=append
|image=bootmiiwii.jpg
|image_alt=BootMii
}}
{{Infobox Wii Homebrews
{{Infobox Wii Homebrews
|title=BootMii
|title=BootMii
Line 14: Line 7:
|type=Loader
|type=Loader
|version=1.5
|version=1.5
|license=Mixed
|license=Apache-2.0
|download=https://bootmii.org/download/
|download=https://bootmii.org/download/
|website=https://bootmii.org/
|website=https://bootmii.org/
|source=http://gitweb.bootmii.org
|source=https://github.com/fail0verflow
}}
}}
'''BootMii''' is a system designed by Team Twiizers to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any IOS has been loaded and before the NAND filesystem has been read.
BootMii is a system designed by Team Twiizers to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any IOS has been loaded and before the NAND filesystem has been read. It that can backup and restore your Wii’s NAND storage, and if installed in boot2, provides brick protection.


BootMii-boot2 runs on every boot. However, BootMii-IOS can be launched from the [[Homebrew Channel Wii]] from the menu that pops up when the HOME Button is pressed.
BootMii-boot2 runs on every boot. However, BootMii-IOS can be launched from the [[Homebrew Channel Wii|Homebrew Channel]] from the menu that pops up when the Home button is pressed.


== BootMii with Related Software ==
==Installation==
BootMii comes in a group of four pieces of software:
You have two options to install BootMii. Each carries its pros and cons, and not all options are available for all Wiis. Specifically:
* '''[[HackMii Installer Wii]]''' -- This is a simple ELF file which may be run using your favorite method (HBC, str2hax, or any other exploit which can load standard executables). It checks your Wii to make sure it can safely be modified, saves some vital data for disaster recovery, and installs the rest of the components.
* '''BootMii''' -- This is a small bit of ARM code which is injected into boot2 or IOS254, replacing Nintendo's internal ELF loader. When run, it looks to see if an SD card is inserted. If so, it tries to load and execute /bootmii/armboot.bin instead of boot2. Otherwise, it will fall back to loading boot2.
* '''Wii mini''' -- This is a rudimentary replacement for IOS that is best suited for low-level recovery functions. Source code is available under GPLv2 [https://github.com/fail0verflow/mini here].
* '''CEIL1NG_CAT''' (or bootmii-ppc) -- When mini runs, it looks for a file named /bootmii/ppcboot.elf on the SD card. If it exists, mini loads this executable into memory, boots up the Broadway (ppc) and executes that binary in parallel with mini. Source code is available under GPLv2 at (tbd).


Both mini and CEIL1NG_CAT must be present in order to draw a user interface, because the Starlet cannot directly access the Video Interface.
===BootMii/boot2===
This mode will install BootMii into 2 blank blocks in the boot2 area of your Wii. It will take over the function of the normal boot2.  If no SD card is detected or armboot.bin is not found on the SD card, the drive slot LED will flash briefly and the normal system menu will boot.


== Benefits ==
*Pros - Independent of system menu and the rest of NAND flash. Can boot even if the rest of the system is completely corrupted. Allows for safe backup / restore of NAND flash from SD card. Allows direct boot of The Homebrew Channel, or other programs.
BootMii allows anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the [[Homebrew Channel Wii]]. For example, if you have corrupted the System Menu, you can use [[Dop Mii Wiibrew Edition Wii|DOP-Mii]] to reinstall the System Menu. Unfortunately, all homebrew currently require an IOS, because libogc requires one. However, there is mini (a homebrew IOS-like software), which can be modified specifically for the program, ie, for better communication to the Linux kernel.
*Cons - Relies on a vulnerability in boot1 that was fixed mid-2008; if your Wii is newer than this, the [[HackMii Installer Wii|HackMii Installer]] will not allow you to install this form of BootMii. Installation is complicated and slightly risky; it has been tested by the development team and believe it to be safe, but a power failure at the wrong time during installation could leave your system unusable.


== How it works ==
===BootMii/IOS===
BootMii-boot2 is a modified version of boot2's ELF loader, which is loaded by boot1, which is loaded by boot0. boot0 is part of Hollywood and read-only. boot1, although stored on the NAND, is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. boot2, however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the boot process before the normal boot2 is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to brick, and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting boot2. Along with the 4.2 update, Nintendo released a new version of boot2 (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.
This mode will install BootMii into your NAND filesystem as an IOS (IOS254). It behaves identically to BootMii/boot2, but you must launch it from a special program (The Homebrew Channel, or your own code.)


The space normally allocated for the ELF loader is split into two sections itself for technical reasons; the first section is a custom ELF loader that loads the second section. The second section checks to see if an SD card is inserted; if so, it loads <code>/bootmii/armboot.bin</code> and executed it. Otherwise, it loads the real boot2, which remains intact when BootMii-boot2 is installed.
*Pros - Universal compatibility with all Wiis.  Allows booting arbitrary code on ARM / PPC. Supports speedy backup of NAND to SD.  Very safe to install.
*Cons - Easily deletable or overwritten by a system update.  NAND restore is technically possible, but not safe because you cannot boot to BootMii/IOS in case the contents of your NAND flash are corrupted.


BootMii also only installs into the first copy of boot2. There are two major advantages to this: first, if the installation is interrupted, the second copy will still function normally to boot; second, when boot2 is loaded by BC, an updated version of BC will reject BootMii due to an invalid signature, but the second copy can still be loaded fine. For versions of BC with fakesigning, Wii mini includes code to go directly to boot2 to ensure MIOS loads fine.
It is recommended launching the BootMii Installer through the [[Homebrew Channel Wii|Homebrew Channel]] if you are already capable of running homebrew. For those who don't have the Homebrew Channel on theirs Wii yet can launch the installer via an exploit, read the respective documentation for more information.


== Compatibility ==
When installing BootMii, these files will be created on your SD card:
BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS
*/bootmii
*/bootmii/armboot.bin - Starlet-resident code (MINI) - this loads ppcboot.elf.
*/bootmii/ppcboot.elf - BootMii shell - this is the GUI that is displayed when BootMii runs.
*/bootmii/ - BootMii shell configuration file.  See below.
 
===Useful links===
*[https://bootmii.org/install/ BootMii official website].
*[https://wiibrew.org/wiki/BootMii More on BootMii], [https://wiibrew.org/wiki/MINI MINI], [https://wiibrew.org/wiki/CEIL1NG_CAT UI/recovery tool] and [https://wiibrew.org/wiki/HackMii_Installer HackMii Installer].
*[https://wiibrew.org/wiki/Homebrew_setup Homebrew setup guide] (+guide to restore a corrupt NAND with an IOS BootMii).
*[https://wii.guide/hbc.html BootMii install guide on Wii Guide].
 
==User guide==
===Interface/Options===
*Normal boot to System Menu.
*Boot directly to [[Homebrew Channel Wii|Homebrew Channel]].
*Autoboot to System Menu or HBC.
*Boot any software that uses mini from the SD card.
*Back up NAND using [https://wiibrew.org/wiki/BackupMii BackupMii].
*Restore NAND backup using [https://wiibrew.org/wiki/RestoreMii RestoreMii].
 
===NAND Backup/Restore===
====BackupMii====
BackupMii can be accessed by selecting the gears on the home screen of BootMii, then selecting the leftmost icon.
 
While BackupMii is running, a chart of all blocks can be seen; there will always be a block highlighted to indicate that it is currently being worked on. As that square moves forward, blocks will be marked as backed up or bad, as they are backed up. There is also an optional step of checking to make sure the backup is valid; this is recommended to be safe.
 
====RestoreMii====
RestoreMii can be accessed by selecting the gears on the home screen of BootMii, then selecting the icon second from the left.
 
====Notes====
The NAND Backup option will create the file /nand.bin on your SD card. The NAND Restore option will restore /nand.bin. Both options take some shortcuts to
improve backup and restore speed. 
 
Upon backup, if your card is not "properly formatted", then you will be prompted for permission to reformat the card. It will be reformatted as FAT32 and given the volume "backupmii", and a nand.bin file will be created in the root directory of the card. It is suggested that you make a backup of your Wii's NAND Flash, label the SD card and store it in a safe place in case you ever need to recover from it.
 
===Configuration file===
BootMii will look for a configuration file at /bootmii/bootmii.ini. It expects to see a file in the following form:
VIDEO=NTSC (or PAL50/PAL60/PROGRESSIVE)
AUTOBOOT=HBC (or SYSMENU)
BOOTDELAY=5 (or any other number)
 
===BootMii Utils===
A USBGecko-powered executable loader is available at https://github.com/fail0verflow/bootmii-utils. While BootMii is running, you can upload a new armboot.bin or ppcboot.elf file
without restarting your system. BootMii will also output diagnostic messages to the USBGecko as it boots.


== Required hardware ==
You can invoke the client as "bootmii -a armboot.bin" to load code to the ARM (e.g. a modified version of MINI), or "bootmii -p ppcboot.elf" to load code to the PPC.  Please note that the ARM code will generally reload the PPC code from SD, so if you want to load code to both processors, load the ARM code first, followed by the PPC code.
BootMii will not require any special hardware. However, special hardware might help accomplish things that BootMii by itself cannot, such as hardware NAND write protection and isolation from the Nintendo software stack. No such hardware exists yet though.


== The new boot1 ==
===SD Menu===
Consoles made after some point in 2008 (no concrete date is known) have a new version of boot1 that patches the vulnerability which allows the console to boot a modified boot2. The Hackmii Installer will detect this situation and refuse to modify boot2 (see more at [http://hackmii.com/2009/02/bootmii-and-the-new-boot1/ Hackmii]). Since boot1 cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new boot1, however, this percentage is now higher, as BootMii Checker was distributed shortly after boot1c was released.
A simple launcher for PPC ELF files on the SD card is included.  Please note that any binary that gets loaded will be running under mini, not under IOS.


==Media==
==Media==
'''BootMii''' ([https://www.youtube.com/watch?v=HFfBfQrwFqQ wiiare.in]) <br>
<youtube>3UQ-jCgHevU</youtube>
<youtube>3UQ-jCgHevU</youtube>
== Compatibility ==
BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS.
[https://wiibrew.org/wiki/BootMii/SD_Card_Compatibility_List SD Card Compatibility List].


== Changelog ==
== Changelog ==
''' v1.5 '''
''' v1.5 '''
* Changelog not released
* Changelog not released.
* Open sourced in August 2022
* Open sourced in August 2022.


''' v1.4 '''
''' v1.4 '''
* Fixed integer overflow when calculating SD card free space
* Fixed integer overflow when calculating SD card free space.
* Changed IOS TMD version to 65281 to prevent it from being repeatedly erased.
* Changed IOS TMD version to 65281 to prevent it from being repeatedly erased.


''' Beta 5 (v1.2) '''
''' v1.2 (Beta 5) '''
*Compatible with more SD cards.
*Compatible with more SD cards.


''' Beta 3 (v1.0) '''
''' v1.0 (Beta 3) '''
* Improved the SD card compatibility
* Improved the SD card compatibility.


''' Beta 2 (v0.9) '''
''' v0.9 (Beta 2) '''
* SD card performance has been improved, decreasing the boot and the NAND backup / restore time
* SD card performance has been improved, decreasing the boot and the NAND backup / restore time.


''' Beta 1 '''
''' Beta 1 '''
* First Public Release
* First Public Release.
 
==Credits==
*bLAStY - UI Code, SD Loader, webpage.
*bushing - reversing, lowlevel NAND code, backup, restore, installer.
*dhewg - gecko loader, toolchain, installer.
*drmr - artwork.
*John_K - UI, support code.
*marcan - reversing, BootMii stub, mini, installer.
*mha - hosting.
*segher - reversing, peanut gallery.
*svpe - mini, sdhc, reversing, installer.
*tmbinc - original boot2 replacement.
*comex - usermode IOS exploit.
 
And thanks to all our betatesters.


== External links ==
== External links ==
* Hackmii - https://hackmii.com/
* HackMii - https://hackmii.com/
* Bootmii - https://bootmii.org/
* BootMii - https://bootmii.org/
* Wiibrew - https://wiibrew.org/wiki/BootMii
* GitHub - https://github.com/fail0verflow/
* WiiBrew - https://wiibrew.org/wiki/BootMii
* WiiBrew - https://wiibrew.org/wiki/MINI
* WiiBrew - https://wiibrew.org/wiki/CEIL1NG_CAT
* WiiBrew - https://wiibrew.org/wiki/HackMii_Installer

Revision as of 05:55, 19 February 2023

BootMii
File:Bootmiiwii.jpg
General
Authorfail0verflow
TypeLoader
Version1.5
LicenseApache-2.0
Last Updated2017/01/30
Links
Download
Website
Source

BootMii is a system designed by Team Twiizers to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any IOS has been loaded and before the NAND filesystem has been read. It that can backup and restore your Wii’s NAND storage, and if installed in boot2, provides brick protection.

BootMii-boot2 runs on every boot. However, BootMii-IOS can be launched from the Homebrew Channel from the menu that pops up when the Home button is pressed.

Installation

You have two options to install BootMii. Each carries its pros and cons, and not all options are available for all Wiis. Specifically:

BootMii/boot2

This mode will install BootMii into 2 blank blocks in the boot2 area of your Wii. It will take over the function of the normal boot2. If no SD card is detected or armboot.bin is not found on the SD card, the drive slot LED will flash briefly and the normal system menu will boot.

  • Pros - Independent of system menu and the rest of NAND flash. Can boot even if the rest of the system is completely corrupted. Allows for safe backup / restore of NAND flash from SD card. Allows direct boot of The Homebrew Channel, or other programs.
  • Cons - Relies on a vulnerability in boot1 that was fixed mid-2008; if your Wii is newer than this, the HackMii Installer will not allow you to install this form of BootMii. Installation is complicated and slightly risky; it has been tested by the development team and believe it to be safe, but a power failure at the wrong time during installation could leave your system unusable.

BootMii/IOS

This mode will install BootMii into your NAND filesystem as an IOS (IOS254). It behaves identically to BootMii/boot2, but you must launch it from a special program (The Homebrew Channel, or your own code.)

  • Pros - Universal compatibility with all Wiis. Allows booting arbitrary code on ARM / PPC. Supports speedy backup of NAND to SD. Very safe to install.
  • Cons - Easily deletable or overwritten by a system update. NAND restore is technically possible, but not safe because you cannot boot to BootMii/IOS in case the contents of your NAND flash are corrupted.

It is recommended launching the BootMii Installer through the Homebrew Channel if you are already capable of running homebrew. For those who don't have the Homebrew Channel on theirs Wii yet can launch the installer via an exploit, read the respective documentation for more information.

When installing BootMii, these files will be created on your SD card:

  • /bootmii
  • /bootmii/armboot.bin - Starlet-resident code (MINI) - this loads ppcboot.elf.
  • /bootmii/ppcboot.elf - BootMii shell - this is the GUI that is displayed when BootMii runs.
  • /bootmii/ - BootMii shell configuration file. See below.

Useful links

User guide

Interface/Options

  • Normal boot to System Menu.
  • Boot directly to Homebrew Channel.
  • Autoboot to System Menu or HBC.
  • Boot any software that uses mini from the SD card.
  • Back up NAND using BackupMii.
  • Restore NAND backup using RestoreMii.

NAND Backup/Restore

BackupMii

BackupMii can be accessed by selecting the gears on the home screen of BootMii, then selecting the leftmost icon.

While BackupMii is running, a chart of all blocks can be seen; there will always be a block highlighted to indicate that it is currently being worked on. As that square moves forward, blocks will be marked as backed up or bad, as they are backed up. There is also an optional step of checking to make sure the backup is valid; this is recommended to be safe.

RestoreMii

RestoreMii can be accessed by selecting the gears on the home screen of BootMii, then selecting the icon second from the left.

Notes

The NAND Backup option will create the file /nand.bin on your SD card. The NAND Restore option will restore /nand.bin. Both options take some shortcuts to improve backup and restore speed.

Upon backup, if your card is not "properly formatted", then you will be prompted for permission to reformat the card. It will be reformatted as FAT32 and given the volume "backupmii", and a nand.bin file will be created in the root directory of the card. It is suggested that you make a backup of your Wii's NAND Flash, label the SD card and store it in a safe place in case you ever need to recover from it.

Configuration file

BootMii will look for a configuration file at /bootmii/bootmii.ini. It expects to see a file in the following form: 

VIDEO=NTSC (or PAL50/PAL60/PROGRESSIVE)
AUTOBOOT=HBC (or SYSMENU)
BOOTDELAY=5 (or any other number)

BootMii Utils

A USBGecko-powered executable loader is available at https://github.com/fail0verflow/bootmii-utils. While BootMii is running, you can upload a new armboot.bin or ppcboot.elf file without restarting your system. BootMii will also output diagnostic messages to the USBGecko as it boots.

You can invoke the client as "bootmii -a armboot.bin" to load code to the ARM (e.g. a modified version of MINI), or "bootmii -p ppcboot.elf" to load code to the PPC. Please note that the ARM code will generally reload the PPC code from SD, so if you want to load code to both processors, load the ARM code first, followed by the PPC code.

SD Menu

A simple launcher for PPC ELF files on the SD card is included. Please note that any binary that gets loaded will be running under mini, not under IOS.

Media

BootMii (wiiare.in)

Compatibility

BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS.

SD Card Compatibility List.

Changelog

v1.5

  • Changelog not released.
  • Open sourced in August 2022.

v1.4

  • Fixed integer overflow when calculating SD card free space.
  • Changed IOS TMD version to 65281 to prevent it from being repeatedly erased.

v1.2 (Beta 5)

  • Compatible with more SD cards.

v1.0 (Beta 3)

  • Improved the SD card compatibility.

v0.9 (Beta 2)

  • SD card performance has been improved, decreasing the boot and the NAND backup / restore time.

Beta 1

  • First Public Release.

Credits

  • bLAStY - UI Code, SD Loader, webpage.
  • bushing - reversing, lowlevel NAND code, backup, restore, installer.
  • dhewg - gecko loader, toolchain, installer.
  • drmr - artwork.
  • John_K - UI, support code.
  • marcan - reversing, BootMii stub, mini, installer.
  • mha - hosting.
  • segher - reversing, peanut gallery.
  • svpe - mini, sdhc, reversing, installer.
  • tmbinc - original boot2 replacement.
  • comex - usermode IOS exploit.

And thanks to all our betatesters.

External links

Retrieved from ‘https://www.gamebrew.org/index.php?title=BootMii_Wii&oldid=113105

Advertising: