Hackmii Installer V1.2 Download

See also: mini

Wii Hackmii

Update: HackMii Installer v1.2 with The Homebrew Channel v1.1.2 now available, see below. Another year, another console, another Hackmii Installer! Despite all of the anti-reverse-engineering tricks we put into our last installment of the HackMii Installer, Nintendo managed to find the IOS exploit we used to install The Homebrew Channel and fix it sometime within the last two years. Alternative links for hackmii installer. Discussion in 'Wii U. Is broken, do you guys have a reliable source to download HackMii Installer v1.2.

General
BootMii
Author(s)	Team Twiizers
Version	1.5
Links
Download
Source
Peripherals

Warning!

This homebrew makes permanent changes to your Wii's flash memory (NAND) and should be used with caution.

BootMii is a system designed by Team Twiizers to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any IOS has been loaded and before the NAND filesystem has been read. BootMii can be launched from the Homebrew Channel from the menu that pops up when the home button is pressed.

10History

Controls

Family Trainer Pad	Action
minus	Previous Option
Blue Down	Next option
Orange Square	Select option

Architecture

BootMii is comprised by four pieces of software:

Installer -- This is a simple ELF file which may be run using your favorite method (HBC, Twilight Hack, or any other exploit which can load standard executables). It checks your Wii to make sure it can safely be modified, saves some vital data for disaster recovery, and installs the rest of the components.
Loader stub -- This is a small bit of ARM code which is injected into boot2, replacing Nintendo's internal ELF loader. When run, it looks to see if an SD card is inserted. If so, it tries to load and execute /bootmii/armboot.bin instead of boot2. Otherwise, it will fall back to loading boot2.
mini -- This is a rudimentary replacement for IOS that is best suited for low-level recovery functions. Source code is available under GPLv2 here.
BootMii (or bootmii-ppc) -- When mini runs, it looks for a file named /bootmii/ppcboot.elf on the SD card. If it exists, mini loads this executable into memory, boots up the Broadway (ppc) and executes that binary in parallel with mini. Source code is available under GPLv2 at (tbd).

Both mini and bootmii-ppc must be present in order to draw a user interface, because the Starlet cannot directly access the Video Interface.

Benefits

BootMii allows anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the Homebrew Channel. For example, if you have corrupted the System Menu, you can use DOP-Mii to reinstall the System Menu. Unfortunately, all homebrew currently require an IOS, because libogc requires one. However, there is Mini (a homebrew IOS-like software), which can be modified specifically for the program, ie, for better communication to the Linux kernel.

How it works

BootMii is a modified version of boot2, which is loaded by boot1, which is loaded by boot0. boot0 is part of Hollywood and read-only. boot1, although stored on the NAND, is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. boot2, however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the boot process before the normal boot2 is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to brick, and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting boot2. Along with the System Menu 4.2 update, Nintendo released a new version of boot2 (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.

Compatibility

BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS

For an SD card compatibility list, See SD Card Compatibility List.

Required hardware

BootMii will not require any special hardware. However, special hardware might help accomplish things that BootMii by itself cannot, such as hardware NAND write protection and isolation from the Nintendo software stack. No such hardware exists yet though.

The new boot1

Consoles made after some point in 2008 (no concrete date is known) have a new version of boot1 that patches the vulnerability which allows the console to boot a modified boot2. The Hackmii Installer will detect this situation and refuse to modify boot2(see more at Hackmii). Since boot1 cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new boot1.

Console Keys and keys.bin

Instead of using WiiND, you can retrieve your console keys from the keys.bin file that BootMii v3+ produces when backing up the NAND. To view them, open keys.bin with a hex editor.
Here are the offsets for each key:

For a full description of the purpose of each key, see this writeup on HackMii.

Media

Screenshot. Click for larger image.

Video source: Marcan's early BootMii demo. The hardware mod in the video is unrelated to BootMii.

History

v1.4

Stopped the 'queueing' of the eject button press when confirming dangerous operations
Fixed integer overflow when calculating SD card free space

Beta 6 (v1.3)

Fixed the freeze when using the autoboot feature to load System Menu with a delay of zero.
The NAND backup no longer crashes when stumbling on uncorrectable pages.
A couple of fixes to the integrated SD browser.
The autoboot feature is ignored when launching the IOS version of BootMii.

Beta 5 (v1.2)

Compatible with more SD cards.
New font, borrowed from the deceased Twilight Hack.
The button combination when restoring a NAND backup with only BootMii/IOS was impossible to perform with some pads. It has been changed to the Konami Code.

Beta 4 (v1.1)

Properly write the keys to nand.bin :
- This fixes the “NAND dump is from another Wii” issue on restoring beta 3 backups. If you don’t know how to fix those dumps, you have to backup the NAND again. Dumps from all other versions are not affected.

Beta 3 (v1.0)

Improved the SD card compability
Increased the backup/restore speed for some SD cards, but decreased it for others :P
Fix GPIO input for all Wiis
Wavebird support
Fixed a silly bug where NAND backups were left as 0 byte files
Keys are now saved to SD as /bootmii/keys.bin too

Beta 2 (v0.9)

SD card performance has been improved, decreasing the boot and the NAND backup / restore time
backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.
Introduced the INI variable “BOOTDELAY” to set the timeout for the auto boot feature

Beta 1

First Public Release

External links

Retrieved from 'https://wiibrew.org/w/index.php?title=BootMii&oldid=105684'

Posted by5 years ago

Archived

For right now, I'm going to guess you are already hacked and have HBC installed(I'll go over unmodded Wii's near the end)

1)Go to http://bootmii.org/download/ and Download HackMii Installer v1.2.

2)Place the HackMii folder in your apps folder you use for HBC Ex: SD Rootappshackmii folder here..

3)Go to HBC and there should be an app without a logo, just blank, but when you go to open it, it should be titled HackMii.

4)As soon as you open it, an image should pop up stating 'THIS SOFTWARE MUST NOT BE SOLD' blah blah blah, some more scammed mumbo jumbo. It will stay on this screen for a good 20 seconds, just be patient. After some time, on the bottom, it'll state: 'Press 1 to continue'

5)You will be taken to some text saying ' The test results are in:' and 'The Homebrew Channel: Can be installed', 'BootMii: Can be installed'. Here you just wanna press continue.

6)You will be at the Main Menu(you can tell by the yellow letters at the top), go to 'BootMii..'

7)There are a lot of options here so listen(or read) carefully:

The next set of text is taken from an excerpt from the README-BootMii.txt.

BootMii/boot2: This mode will install BootMii into 2 blank blocks in the boot2 area of your Wii. It will take over the function of the normal boot2. If no SD card is detected or armboot.bin is not found on the SD card, the drive slot LED will flash briefly and the normal system menu will boot.

Pros: Independant of system menu and the rest of NAND flash. Can boot even if the rest of the system is completely corrupted. Allows for safe backup / restore of NAND flash from SD card. Allows direct boot of The Homebrew Channel, or other programs.

Cons: Relies on a vulnerability in boot1 that was fixed mid-2008; if your Wii is newer than this, the HackMii Installer will not allow you to install this form of BootMii. Installation is complicated and slightly risky; we have tested it and believe it to be safe, but a power failure at the wrong time during installation could leave your system unusable.

BootMii/IOS: This mode will install BootMii into your NAND filesystem as an IOS (IOS254). It behaves identically to BootMii/boot2, but you must launch it from a special program (The Homebrew Channel, or your own code.)

Pros: Universal compatibility with all Wiis. Allows booting arbitrary code on ARM / PPC. Supports speedy backup of NAND to SD. Very safe to install.

Cons: Easily deletable or overwritten by a system update. NAND restore is technically possible, but not safe because you cannot boot to BootMii/IOS in case the contents of your NAND flash are corrupted.

In Short:

-BootMii/boot2: uses some files to skip from your SD card to skip into the special loader from when you start your wii where you can use your gamecube controller to navigate into the HBC(where you can also use your GameCube controller in case you didn't know).

-BootMii/iso: you need to be in your HBC channel to activate.. you need to go through the original system menu, so duhhh.. not what we are trying to get done, it's counterintuitive.

8)You are going to choose 'Install BootMii as boot2'

9)Some menacing runtime warnings will show up about violating your SD card, assuming it's in your Wii, click on 'Yes, continue'

10)It'll write some files onto your SD card and ask you if you want to install BootMii/boot2 now, click on 'Yes, continue' once more.

*The files installed are in a folder on the root of your SD card under: SD Rootbootmii

*The bootmii folder is transferable, so you can put it in other SD's for your mods, so they as well can bypass system menu.

11)Some CMD prompts will show on screen writing and attacking those filthy NAND blocks 3 & 4, once it's done 'SUCCESS' should pop up, and click continue.

I have gone as far as completely trying this and the only thing that I could achieve was to upgrade Firefox on the download computer. Foxfire setup download installer setup free.

12)Hit 'Return to the main menu'

13)Hit 'Exit'

14)After reaching the HBC, turn off your Wii and turn it back on

15)The BootMii menu will pop up, going from left to right there are four options 1 Most Left-Boot original Wii system menu. 2 Mid Left-Boot up to the HBC. 3 Mid Right-Load .dol from SD. 4 Most Right-BootMii settings.

Unmodded Wii's: When following whatever guide you are reading to mod your Wii, when you are prompted to install HBC, install BootMii as well, so you have it from the Get-go. You can load HackMii using Smashstacks as well, but sadly I never used Smashstacks so I have no experience there.

As some added bonuses, if the bootmii folder necessary to load the menu isn't found or does not work in any way, the disc drive's LED will flash once and the original system menu will load. Also, this extra menu doesn't replace the old one so it gives you a recovery option, technically making your wii unbrickable.

The next set of text is taken from an excerpt directly from http://wiibrew.org/wiki/Bootmii#Benefits to cite the second bonus above.

Wii Hackmii

3 comments