June 21st, 2008, 20:02 Posted By: wraggster
Some missed news while i was away from bushing:
I didn’t think that I had to explicitly say this, but I see the same things come up over and over again, so I’m hoping I can clear this up for people.
The Wii is not a PSP, or an Xbox, or any other console system. Stop making guesses about the Wii based on your experience with other consoles. It Doesn’t Work Like That.
(Warning: I don’t own either of those systems; most of what I know came from TyRaNiD’s excellent presentation about the Pandora Battery at 24c3, my conversations with him afterwards, and a little bit of Google searching.)
I see a lot of talk (questions, ideas) about “downgrading the firmware” of a Wii. As far as I can tell, this comes mostly from the PSP world, where there was once a firmware which contained no signature checks whatsoever (1.0) and a firmware which contained an easily-defeatable check (1.5). Later firmwares fixed these bugs, so it was desirable to take a PSP with a new version of the firmware and downgrade it to an old version.
This is meaningless in the Wii world. First, there is no such thing as a “firmware version” on the Wii — the Wii stores a copy of every firmware (IOS) that has been released, and new firmwares for new games are just added to the collection. You also have the System Menu, which has the only visible version number — 3.1E, etc — but it tells you nothing about the firmware. The System Menu is responsible for launching most code (from disc or NAND), but it’s the IOS firmware which does the security checks.
Even the IOS version numbers don’t really matter so much. Any program on the Wii can switch to a different IOS version while it’s running with one simple function call — it’s not really a hack, but more like how the system was designed.
From a homebrew point of view, there is almost no difference whatsoever between any of the IOS versions. With one famous exception, there are no security holes that have been fixed between versions of IOS — it’s all a game-compatibility thing. The one exception — IOS37 — is still harmless because it’s never used; a future system menu will probably use it, but even that could be bypassed by using something like the Twilight Hack with Gecko Region Free. (Remember, you can easily switch back and forth between IOS versions in the middle of any program!)
For more info about the IOS system, see Wii System Software: a guided tour and On firmware patching, risk and responsibility.
This came up most recently in discussion about Waninkoko’s “Downgrader” video. In his defense, he never said this was useful to do, but people jumped on it because of the title. This is not a solution to any currently existing problem. If a problem develops, this would be the wrong solution; a better solution would be patching the System Menu TMD to use a different version of IOS. It’s possible for Nintendo to go back and patch all of the versions of IOS to fix the signing bug, which would prevent that from working; the best solution would eventually be to patch IOS37 to disable the fix. Which brings me to…
Dark Alex is consistently mentioned in the same breath as “custom firmware”. It looks like he’s done some quality work — as far as I can tell, it’s mostly
Ability to use different versions of the firmware for better game compatibility without losing the exploits
Warez issues (enhanced versions of built-in isoloader code?)
Of those three things, the first is completely irrelevant — we can already switch firmware versions all we want. If Nintendo only patches IOS without patching boot2, we can just go an patch them back. The second is of no interest to me, and probably much harder on the Wii anyway. The third is much more interesting, and is something I’m working on for boot2. And speaking of recovery,
The PSP has a much smaller NAND Flash chip (32MB vs 512MB), and when it becomes corrupted, the unit becomes bricked — much like a Wii. Originally, the recovery method available involved reflashing this chip with a dump from someone else’s unit — not possible on the Wii, because each NAND Flash is uniquely encrypted per console. The second, nicer method (and the main subject of TyRaNid’s talk) involves a battery and a memory stick, and to plagiarize from his presentation:
The Pre-IPL was not very large, less than 4KBytes
Based on a hardware register the Pre-IPL would either:
Read IPL from Flash
Read IPL from Memory Stick
This tied in with the leaked information about the service mode
The Pre-IPL is the equivalent of our boot0. We have no such ability to read code from another source. There will never be a “Pandora Battery” equivalent.
Both Sony and Microsoft are known for banning people from their various online services, particularly Xbox Live! Nintendo’s online services are not nearly so sophisticated — I’d even go as far as to call them primitive — and they seem to have no intention of banning people for anything. If people start cheating in online games, that may change, but until then I don’t think it’s an issue. If the Nintendo Channel uploads your playtime log, and that includes the Homebrew Channel, then … then … nothing. They don’t care. Really.
For more information and downloads, click here!
There are 10 comments - Join In and Discuss Here