Hacking Ohneswanzenegger Not Working?

[drfsupercenter]

So I had read that guide about how to do a complete reset of your Wii and thought I would try it. After transferring all my channels to the Wii U, all I was left with was the free stuff anyway, so I figured I mayaswell wipe it out and start from scratch, since I've had quite a lot of cIOS-type hacks over the years.

So I took a working BootMii NAND dump, opened it up and formatted it, then installed 4.1u. I followed this guide here exactly:
http://www.hacksden.com/showthread.php/5574-Format-Wii-Nand-Using-ohneswanzenegger-Guide

I also appended the keys.bin and restored it. But the few times I've tried it, I am left with a bricked Wii. As in, I take the SD card out (so it bypasses bootmii), turn it on and it's just a black screen. I've left it on for 10 minutes and nothing.

I'm able to restore my good NAND dump just fine, but does anyone know why I can't get this Ohneswanzenegger to work? It sounded like a really useful idea. (I've got one of the first-model Wiis from early 2007 with a vulnerable boot2 and BootMii installed, FYI)

 

[drfsupercenter]

Bump... come on, surely SOMEONE here knows how to use that program?

 

[mauifrog]

load bootmii and make a new nand backup. Use that with ohneswanzenegger to make a new nand.bin. Format it, install 4.1u, then restore to wii. It is also a good idea to check the new nand.bin for errors with nandbincheck before restoring.

 

[drfsupercenter]

That's exactly what I did.

I took my nand.bin from bootmii, loaded it in Ohneswanzenegger, formatted it and put 4.1u. Appended the keys.bin, restored to Wii and got greeted by a black screen.

 

[Krestent]

Did you remember to install IOS60 (the older, non-stubbed version)?

 

[drfsupercenter]

Uh, what?

I literally typed "4.1u" in the box, hit "Get It" and that was it. After formatting.

Are you saying I have to install IOS60 *as well*?

 

[Luigi2012SM64DS]

i belive it should do that automaticly. did you wait for all the titles to download?

 

[drfsupercenter]

Yes I did. Here's doing it again from the cached downloads:

Here's the full log...

Set path to nand as C:/Users/Danny/Desktop/ohneswanzenegger_r85/nand.bin
 
Formatting nand...
 
Done!
 
Received a completed download from NUS
Installed title 0000000100000002 v449 to nand
 
Received a completed download from NUS
Installed title 0000000100000004 v65280 to nand
 
Received a completed download from NUS
Installed title 0000000100000009 v521 to nand
 
Received a completed download from NUS
Installed title 000000010000000a v768 to nand
 
Received a completed download from NUS
Installed title 000000010000000b v256 to nand
 
Received a completed download from NUS
Installed title 000000010000000c v12 to nand
 
Received a completed download from NUS
Installed title 000000010000000d v16 to nand
 
Received a completed download from NUS
Installed title 000000010000000e v263 to nand
 
Received a completed download from NUS
Installed title 000000010000000f v266 to nand
 
Received a completed download from NUS
Installed title 0000000100000010 v512 to nand
 
Received a completed download from NUS
Installed title 0000000100000011 v518 to nand
 
Received a completed download from NUS
Installed title 0000000100000014 v256 to nand
 
Received a completed download from NUS
Installed title 0000000100000015 v525 to nand
 
Received a completed download from NUS
Installed title 0000000100000016 v780 to nand
 
Received a completed download from NUS
Installed title 000000010000001c v1293 to nand
 
Received a completed download from NUS
Installed title 000000010000001e v2816 to nand
 
Received a completed download from NUS
Installed title 000000010000001f v3092 to nand
 
Received a completed download from NUS
Installed title 0000000100000021 v2834 to nand
 
Received a completed download from NUS
Installed title 0000000100000022 v3091 to nand
 
Received a completed download from NUS
Installed title 0000000100000023 v3092 to nand
 
Received a completed download from NUS
Installed title 0000000100000024 v3094 to nand
 
Received a completed download from NUS
Installed title 0000000100000025 v3612 to nand
 
Received a completed download from NUS
Installed title 0000000100000026 v3610 to nand
 
Received a completed download from NUS
Installed title 0000000100000032 v5120 to nand
 
Received a completed download from NUS
Installed title 0000000100000033 v4864 to nand
 
Received a completed download from NUS
Installed title 0000000100000035 v5149 to nand
 
Received a completed download from NUS
Installed title 0000000100000037 v5149 to nand
 
Received a completed download from NUS
Installed title 000000010000003c v6174 to nand
 
Received a completed download from NUS
Installed title 000000010000003d v4890 to nand
 
Received a completed download from NUS
Installed title 00000001000000fe v3 to nand
 
Received a completed download from NUS
Installed title 0000000100000100 v5 to nand
 
Received a completed download from NUS
Installed title 0000000100000101 v9 to nand
 
Received a completed download from NUS
Installed title 0001000248414141 v2 to nand
 
Received a completed download from NUS
Installed title 0001000248414241 v16 to nand
 
Received a completed download from NUS
Installed title 0001000248414341 v6 to nand
 
Received a completed download from NUS
Installed title 0001000248414641 v3 to nand
 
Received a completed download from NUS
Installed title 0001000248414645 v7 to nand
 
Received a completed download from NUS
Installed title 0001000248414741 v3 to nand
 
Received a completed download from NUS
Installed title 0001000248414745 v7 to nand
 
Received a completed download from NUS
Installed title 0001000248415941 v3 to nand
 
Received a completed download from NUS
Installed title 0001000848414b45 v2 to nand
 
Received a completed download from NUS
Installed title 0001000848414c45 v2 to nand
 
NUS object is done working

 

[mauifrog]

Backup sd:/nand.bin and key.bin, then delete them from sd card.
Load bootmii, make a new nand backup
Copy nand.bin and key.bin to folder with ohneswanzenegger
Open nand.bin with ohneswanzenegger, format nand.bin
type 4.1u and get it
Enter wii serial number into setting.txt
close ohneswanzenegger
open command prompt shell
Check nand.bin with nandbincheck

nandbincheck nand.bin -all -v

Copy nand.bin and key.bin back to sd card
Load bootmii and restore nand

That is it, nothing more or less.
http://www.mediafire.com/download/9778sgmybexww1o/giantpune's+Nand+Tools.zip

 

[drfsupercenter]

C:\Users\Danny\Desktop\giantpunes Nand Tools>nandBinCheck.exe nand.bin -all -v
** nandBinCheck : Wii nand info tool **
  from giantpune
  built: Jan 29 2011 03:36:05
checking boot1 & 2...
Boot1 B (vulnerable)
found 3 copies of boot2
"blocks 1 & 2: Marked as bad blocks; Content Sha1 matches TMD; TMD officially si
gned; Ticket officially signed; Version 4"
"blocks 3 & 4: Used for booting; Content Sha1 matches TMD; TMD is fakesigned; Ti
cket officially signed; BootMii (Unk)"
"blocks 7 & 6: Backup copy; Content Sha1 matches TMD; TMD officially signed; Tic
ket officially signed; Version 4"
checking uid.sys...
checking content.map...
checking "/shared1/00000000.app" ...
checking "/shared1/00000001.app" ...
checking "/shared1/00000002.app" ...
checking "/shared1/00000003.app" ...
checking "/shared1/00000004.app" ...
checking "/shared1/00000005.app" ...
checking "/shared1/00000006.app" ...
checking "/shared1/00000007.app" ...
checking "/shared1/00000008.app" ...
checking "/shared1/00000009.app" ...
checking "/shared1/0000000a.app" ...
checking "/shared1/0000000b.app" ...
checking "/shared1/0000000c.app" ...
checking "/shared1/0000000d.app" ...
checking "/shared1/0000000e.app" ...
checking "/shared1/0000000f.app" ...
checking "/shared1/00000010.app" ...
checking "/shared1/00000011.app" ...
checking "/shared1/00000012.app" ...
checking "/shared1/00000013.app" ...
checking "/shared1/00000014.app" ...
checking "/shared1/00000015.app" ...
checking "/shared1/00000016.app" ...
checking "/shared1/00000017.app" ...
checking "/shared1/00000018.app" ...
checking "/shared1/00000019.app" ...
checking "/shared1/0000001a.app" ...
checking "/shared1/0000001b.app" ...
checking "/shared1/0000001c.app" ...
checking "/shared1/0000001d.app" ...
checking "/shared1/0000001e.app" ...
checking "/shared1/0000001f.app" ...
checking "/shared1/00000020.app" ...
checking "/shared1/00000021.app" ...
checking "/shared1/00000022.app" ...
checking "/shared1/00000023.app" ...
checking "/shared1/00000024.app" ...
checking "/shared1/00000025.app" ...
checking "/shared1/00000026.app" ...
checking "/shared1/00000027.app" ...
checking "/shared1/00000028.app" ...
checking "/shared1/00000029.app" ...
checking "/shared1/0000002a.app" ...
checking "/shared1/0000002b.app" ...
checking "/shared1/0000002c.app" ...
checking "/shared1/0000002d.app" ...
checking "/shared1/0000002e.app" ...
checking "/shared1/0000002f.app" ...
checking "/shared1/00000030.app" ...
checking "/shared1/00000031.app" ...
checking "/shared1/00000032.app" ...
checking "/shared1/00000033.app" ...
checking "/shared1/00000034.app" ...
checking "/shared1/00000035.app" ...
checking "/shared1/00000036.app" ...
checking "/shared1/00000037.app" ...
checking "/shared1/00000038.app" ...
checking "/shared1/00000039.app" ...
checking "/shared1/0000003a.app" ...
checking "/shared1/0000003b.app" ...
checking "/shared1/0000003c.app" ...
checking "/shared1/0000003d.app" ...
checking "/shared1/0000003e.app" ...
checking "/shared1/0000003f.app" ...
found 42 titles installed
 
Checking 00000001-00000009 ...
        version: 2.9        521        hex: 209
 
Checking 00000001-0000000c ...
        version: 0.12      12        hex: c
 
Checking 00000001-0000000d ...
        version: 0.16      16        hex: 10
 
Checking 00000001-0000000e ...
        version: 1.7        263        hex: 107
 
Checking 00000001-0000000f ...
        version: 1.10      266        hex: 10a
 
Checking 00000001-00000011 ...
        version: 2.6        518        hex: 206
 
Checking 00000001-00000015 ...
        version: 2.13      525        hex: 20d
 
Checking 00000001-00000016 ...
        version: 3.12      780        hex: 30c
 
Checking 00000001-0000001c ...
        version: 5.13      1293      hex: 50d
 
Checking 00000001-0000001f ...
        version: 12.20      3092      hex: c14
 
Checking 00000001-00000021 ...
        version: 11.18      2834      hex: b12
 
Checking 00000001-00000022 ...
        version: 12.19      3091      hex: c13
 
Checking 00000001-00000023 ...
        version: 12.20      3092      hex: c14
 
Checking 00000001-00000024 ...
        version: 12.22      3094      hex: c16
 
Checking 00000001-00000025 ...
        version: 14.28      3612      hex: e1c
 
Checking 00000001-00000026 ...
        version: 14.26      3610      hex: e1a
 
Checking 00000001-00000035 ...
        version: 20.29      5149      hex: 141d
 
Checking 00000001-00000037 ...
        version: 20.29      5149      hex: 141d
 
Checking 00000001-0000003c ...
        version: 24.30      6174      hex: 181e
 
Checking 00000001-0000003d ...
        version: 19.26      4890      hex: 131a
 
Checking 00000001-000000fe ...
        version: 0.3        3          hex: 3
found 21 bootable IOS
 
Checking 00000001-00000002 ...
        version: 1.193      449        hex: 1c1
 
Checking 00000001-00000004 ...
        version: 255.0      65280      hex: ff00
 
Checking 00000001-0000000a ...
        version: 3.0        768        hex: 300
 
Checking 00000001-0000000b ...
        version: 1.0        256        hex: 100
 
Checking 00000001-00000010 ...
        version: 2.0        512        hex: 200
 
Checking 00000001-00000014 ...
        version: 1.0        256        hex: 100
 
Checking 00000001-0000001e ...
        version: 11.0      2816      hex: b00
 
Checking 00000001-00000032 ...
        version: 20.0      5120      hex: 1400
 
Checking 00000001-00000033 ...
        version: 19.0      4864      hex: 1300
 
Checking 00000001-00000100 ...
        version: 0.5        5          hex: 5
 
Checking 00000001-00000101 ...
        version: 0.9        9          hex: 9
 
Checking 00010002-48414141 (HAAA) ...
        version: 0.2        2          hex: 2
 
Checking 00010002-48414241 (HABA) ...
        version: 0.16      16        hex: 10
 
Checking 00010002-48414341 (HACA) ...
        version: 0.6        6          hex: 6
 
Checking 00010002-48414641 (HAFA) ...
        version: 0.3        3          hex: 3
 
Checking 00010002-48414645 (HAFE) ...
        version: 0.7        7          hex: 7
 
Checking 00010002-48414741 (HAGA) ...
        version: 0.3        3          hex: 3
 
Checking 00010002-48414745 (HAGE) ...
        version: 0.7        7          hex: 7
 
Checking 00010002-48415941 (HAYA) ...
        version: 0.3        3          hex: 3
 
Checking 00010008-48414b45 (HAKE) ...
        version: 0.2        2          hex: 2
 
Checking 00010008-48414c45 (HALE) ...
        version: 0.2        2          hex: 2
Checking for 003 error ...
Checking setting.txt stuff...
system menu resource matches setting.txt AREA setting.
 
00000000  41524541 3d555341 0d0a4d4f 44454c3d  AREA=USA..MODEL=
00000010  52564c2d 30303128 55534129 0d0a4456  RVL-001(USA)..DV
00000020  443d300d 0a4d5043 483d3078 37464645  D=0..MPCH=0x7FFE
00000030  0d0a434f 44453d4c 550d0a53 45524e4f  ..CODE=LU..SERNO
00000040  3d----------------------- 56494445  =[removed]..VIDE
00000050  4f3d4e54 53430d0a 47414d45 3d55530d  O=NTSC..GAME=US.
00000060  0a000000 00000000 00000000 00000000  ................
00000070  00000000 00000000 00000000 00000000  ................
00000080  00000000 00000000 00000000 00000000  ................
00000090  00000000 00000000 00000000 00000000  ................
000000a0  00000000 00000000 00000000 00000000  ................
000000b0  00000000 00000000 00000000 00000000  ................
000000c0  00000000 00000000 00000000 00000000  ................
000000d0  00000000 00000000 00000000 00000000  ................
000000e0  00000000 00000000 00000000 00000000  ................
000000f0  00000000 00000000 00000000 00000000  ................
AREA=USA
MODEL=RVL-001(USA)
DVD=0
MPCH=0x7FFE
CODE=LU
SERNO=[removed]
VIDEO=NTSC
GAME=US
 
Comparing uid.sys against the filesystem...
        00010000-3132334a (123J) was installed at the factory and is now missing
 
        00010000-0000dead (....) was installed at the factory and is now missing
 
        00010000-3132314a (121J) was installed at the factory and is now missing
 
        00010000-31323245 (122E) was installed at the factory and is now missing
 
        00010000-30303032 (0002) was installed at the factory and is now missing
 
47 titles were installed before any user intervention
checking for lost clusters...
total used clusters 1ae1 of 0x8000
found 0 lost clusters
UNK ( 0xffff ) 19 (2644, 2645, 2646, 2647, 2d77, 630c, 630d, 630e, 630f, 6568, 6
569, 656a, 656b, 656c, 656d, 656e, 656f, 6898, 6899, 689a, 689b, 689c, 689d, 689
e, 689f)
free            5cbb
verifying ecc...
2 out of 577856 pages had incorrect ecc.
they were spread through 2 clusters in 2 blocks:
(2, 6)
0 of those clusters are non-special (they belong to the fs)
verifying hmac...
verifying hmac for 246 files
0 files had bad HMAC data
checking HMAC for superclusters...
0 superClusters had bad HMAC data
 
C:\Users\Danny\Desktop\giantpunes Nand Tools>

Does this mean anything to you? I don't really know what I'm looking at.
Not sure what it means by "installed at the factory and is now missing".

 

[drfsupercenter]

Come on guys, don't leave me hanging

 

[mauifrog]

Your nandbincheck looks perfectly normal. Restore your new nand.bin to the wii. If the wii does not work, make a new nand dump and check it with nandbincheck. Compare both nandbinchecks together and look for any changes.

 

[Antidote]

C:\Users\Danny\Desktop\giantpunes Nand Tools>nandBinCheck.exe nand.bin -all -v
00000000  41524541 3d555341 0d0a4d4f 44454c3d  AREA=USA..MODEL=
00000010  52564c2d 30303128 55534129 0d0a4456  RVL-001(USA)..DV
00000020  443d300d 0a4d5043 483d3078 37464645  D=0..MPCH=0x7FFE
00000030  0d0a434f 44453d4c 550d0a53 45524e4f  ..CODE=LU..SERNO
00000040  3d----------------------- 56494445  =[removed]..VIDE
00000050  4f3d4e54 53430d0a 47414d45 3d55530d  O=NTSC..GAME=US.

Does this mean anything to you? I don't really know what I'm looking at.
Not sure what it means by "installed at the factory and is now missing".

You might want to replace your hex section with mine.

 

[drfsupercenter]

Whoops, totally forgot to remove the hex data, thanks for pointing that out.

OK so. I flashed that exact same nand.bin that I showed above using BootMii - since I appended the keys, I didn't have any errors and it restored fine. As expected, it bricked and left me with a black screen.
So I re-dumped the NAND, and now I get this huge red-text error:

C:\Users\Danny\Desktop\giantpunes Nand Tools>nandBinCheck.exe nand.bin -all -v
** nandBinCheck : Wii nand info tool **
from giantpune
built: Jan 29 2011 03:36:05
checking boot1 & 2...
Boot1 B (vulnerable)
found 3 copies of boot2
"blocks 1 & 2: Marked as bad blocks; Content Sha1 matches TMD; TMD officially si
gned; Ticket officially signed; Version 4"
"blocks 3 & 4: Used for booting; Content Sha1 matches TMD; TMD is fakesigned; Ti
cket officially signed; BootMii (Unk)"
"blocks 7 & 6: Backup copy; Content Sha1 matches TMD; TMD officially signed; Tic
ket officially signed; Version 4"
checking uid.sys...
NandBin::ItemFromPath ->item not found "/sys/uid.sys"
"No uid map found in the nand"

C:\Users\Danny\Desktop\giantpunes Nand Tools>

What the heck does that mean? Is it not flashing properly? I would expect it to be the same contents before/after, since all I did was restore that NAND, try to return to the Wii Menu from BootMii (which gave me a black screen), rebooted the Wii to a black screen *again* and then dumped the NAND.

Also, ironically enough, the keys.bin file has different contents each time. I'm not sure why, since technically can't NAND keys not change?

 

[Antidote]

http://wiibrew.org/wiki//sys/uid.sys

uid.sys just contains the titles registered to that particular wii, It's also stored remotely on Nintendo's servers

I missread that, uid.sys, if i read this correctly, contains a list of user id's for each title (users being the games) I'm not entirely certain, Giantpune, tuidj, and a few others should be able to provide a better answer.

As for the keys.bin thing, yeah that's a problem, I don't know what's going on there.

 

[drfsupercenter]

Yeah, basically Ohneswanzenegger isn't generating a valid uid.sys for me, or something.

Or wait... maybe it is... but why is it not working when I flash it back, don't know.

 

[mauifrog]

After you make the nand.bin, just restore it in bootmii. Try not appending any keys. I think your killing the nand.bin at this step in your process. You could also nandbincheck after you append the keys.

I never append my keys to my nand.bin, works fine everytime. I think that is only needed on older bootmii installs.

Also the keys never change, so there is an issue there. Possibly your appending the wrong keys to the nand.bin.

 

[drfsupercenter]

Hm, well it could also be that the program appending the keys is reading my keys.bin wrong.

Though the funny thing is, last night when I did it, I *didn't* append the keys. I took that nand.bin file that I displayed info on, and put it right on my SD and restored it. BootMii didn't even complain about the keys being different. Weird.

I will try this, since I am assuming this is the safest process:

-Restore a working NAND backup (I keep about 10 of them on my PC)
-Verify that the Wii boots and everything's proper
-Dump the NAND again for my sanity's sake
-Take that nand.bin and format it in Ohneswanzenegger
-Type 4.1u, hit Get It and let it work
-Enter my serial in the info screen, hit OK, and immediately copy the nand.bin back onto my SD
-Restore

Do I need the keys.bin at all since I'm not appending the keys?

 

[drfsupercenter]

Sigh, no dice.

Again, here is the exact steps I did.

• Restore a known working backup to my Wii
• Erase SD card (except BootMii), restart Wii and make a NAND backup
• Take nand.bin, copy it to Ohneswanzenegger folder
• Open Ohneswanzenegger, select NAND, copy my serial from setting.txt
• Format NAND
• Type 4.1u, hit Get it
• Paste serial in box and click OK
• Close Ohneswanzenegger, copy to SD card (replacing the other one)
• Turn on Wii, restore using BootMii
• Immediately get black screen after restoring when selecting Wii menu or Homebrew Channel
• Take SD card out, still black screen
• Erase SD card yet again (except BootMii), make a new NAND backup
• Gives the missing uid.sys error seen above

It's worth noting that if I take the nand.bin from Ohneswanzenegger's folder, it checks out just fine in giantpunes Nand Tools, similar to my pasted code segment above.

So as you can see I didn't touch the keys, append them, or anything. I just left keys.bin where it was on the root of the SD.

Something is clearly being corrupted when restoring the NAND, either that or my Wii rejects it and just wipes it after it's been restored. I really don't know what else to do, this is driving me nuts. I'd be happy to upload my nand.bin and keys.bin somewhere if someone wants to open it up and poke around...

 

[mauifrog]

Try again
Put the nand tools on your sd card
Load bootmii make new nand bin
Format nand.bin from sd card, etc
Do nandbincheck from sd card
Load bootmii and restore.

No copy, move, etc.

Do nandbincheck again on sd card, no changes?
Make new nand bin again and do nandbincheck, still no UID?

What version of bootmii?
Perhaps load current hackmii installer from bootmii sd loader via bootmini.elf, update bootmii and update bootmii sd files.
If you do load the hackmii installer, remove sd card and format, then install bootmii and prepare sd card.