YoYoBallz
L4YoY0s
Posts: 6,057.4567
Threads: 644
Joined: 3rd Mar 2007
Reputation: 15.01961
E-Pigs: 13327.7533
|
Sending your Nintendo Wii in for repairs?
In the past I have read of many people with softmodding there Nintendo Wii's then having to send them back to Nintendo for repair, many success stories , some just got sent back not touched and with a crappy letter.. The latest HackMii blog post from genius Wii hacker bushing goes into how Nintendo now has a "Pre-Repair Disc" (much like the pink fish disc that gave us IOS16) for checking Wii NAND memory for altered/modified files and fakesigned tickets and IOS's. Even if you don't understand the Wii hacking scene this is still a very good read, bushing is a super smart dude and I love reading about of his posts.
bushing of HackMii.com Wrote:faithful HackMii reader spent some time with AnyTitle Deleter and tried to clean everything odd off his Wii, and used the HackMii Installer to uninstall the HBC and BootMii/boot2. He then sent his Wii into Nintendo (of America) to try to get them to repair a noisy drive; the warranty had expired, and he just wanted to pay them to repair the drive.
After they received the Wii, they wrote him back and said that because he had unauthorized software installed (something they could not fix themselves — but more on this later), it would cost $200 for them to do any repair. He had them just send him back the Wii, and then reinstalled BootMii/boot2 and dumped the NAND and sent it to us to figure out what he had missed and anything else wee could gain from the image.
I have a few theories as to what they detected, based on what things he did not manage to delete — and for a while, that’s all wee had to go on, and it wasn’t going to make for a very interesting article. However, several hours with 0xED and grep and xxd paid off, and I found some traces of the disc they ran to detect “Illegal software”. Unfortunately, I was only able to find part of the data section of the main DOL of the disc, and not the code, so I don’t have actual screenshots to share — you’ll have to use your imagination this time. (If anyone has sent a Wii in to Nintendo for repair in the past few months, and received the same Wii back — no refurbs! — I’d love to see a NAND dump, especially if you took one right after you received it back. I may be able to reconstruct the rest of the disc.)
Here is the raw output of ’strings’ on the relevant part of the data section:
I (YoYo) but this output in a spoiler because it is kinda huge
busing of HackMii.com Wrote:Wee have to do some reading between the lines here, but what wee have is a disc with a fairly simple text-based UI (much like the “Wii Backup Disc” wee looked at a couple of years ago) — but at least this time they’ve added colors (the BL, YE, RD tags presumably change the color of text displayed on the screen). There are a few different menus / screens you can traverse through, but the long and short of it is that they are looking for:
* Save data — they are looking to delete data from “SetPersonalData.wad” (?!) and from “DigicamPrintChannel” (which you might have if you had messed around with the regions on your Wii. They then run a check for “unauthorized rewittern data”, which seems to reuse the same old CheckSavedataZD function from the System Menu, after authenticating as RZDE/J/P.
* “Illegal Channel(s)/Firmware” — as far as I can tell, this isn’t some specific check for HBC / DVDX / whatever. This is a bit more clever — they seem to be enumerating all tickets and all TMDs on the system, and looking to see if any of them are fakesigned. This will catch pretty much anything that is, as they say, “unauthorized” that you have installed.
* “Use of Copy Disc” — I think this actually refers to their own Wii Backup Disc. It’s not entirely clear to me why they care about this. This check seems to be done by looking for the existence of /shared2/succession/shop.log. (In this context, “succession” seems to refer to the transfer of some identity info from one (presumably broken) Wii to another.)
Once they’ve done this scan, they can then do several things — most common is probably to generate a log file on an SD card. They can also launch any of the “Illegal Channels” they find, and output any of the TMD info to SD. They even have the option of deleting all of this stuff — but it seems that they’ve been told not to do this (remember, they claimed they can’t, and in fact, they didn’t before our friend got his Wii back).
In this case, what did they detect, and how? It continues to surprise me that Nintendo seems to not use any sort of special “hacked IOS” to make their lives easier — sure, the “Wii Backup Disc” came with its own (infamous) IOS16, but there wasn’t really anything special about it and wee were never quite clear why they bothered. The disc runs as 1-2 and judging by its error messages, as group 0 — this means they can read and write most files in the filesystem directly, but they seem to use ES calls to do most of the work.
As for what they found — this Wii was bought second-hand, and it looks like there was a lot of “poo poo” on it at one point. Purely by looking for fakesigned tickets and TMDs, I found one each for 1-250 (IOS250) and 1-0 (“IOS0″ — this is a bogus ticket used to gain group 0 access, Waninkoko’s old FS dumper used this and I think that AnyTitle Deleter may as well). Something that I found that Nintendo didn’t was a bunch of poo poo left over from a Preloader install — extra files in 1-2’s data directory, as well as some extra files in /shared2.
- Source: [HackMii.com]
<Myth0s> i love boys
-------------------------------------------------------------------
I Go To Earth When Mars Is Boring.
-------------------------------------------------------------------
¿ʞɔпɟ əɥʇ ʇɐɥʍ I was first EPerson to have upside down title.
-------------------------------------------------------------------
(This post was last modified: 25/04/2010 10:49 AM by YoYoBallz.)
|
|
Link 1
Void
Downloads
Find teh crap
List of Pplz
Don't Click me
![[Image: toocool.png]](http://i230.photobucket.com/albums/ee271/lurker87/toocool.png)
![[Image: righthook.png]](http://img48.imageshack.us/img48/5871/righthook.png)