Hacking RealWnD - Wii Mini Edition

nitr8 · Nov 30, 2019

Here comes the Wii Mini NAND dumper.

R-E-A-D C-A-R-E-F-U-L-L-Y

It's straight forward: Run it from within HBC.

It dumps directly to an attached USB drive with ECC data included.

No inputs required.

In order to accomplish the dumping process, you need these prerequisites:

https://gbatemp.net/threads/simpleiospatcher-wii-mini-edition.553353/

IF you have all the above prerequisites, the app does the following:

1.) Reloads into IOS236
2.) Disables AHBPROT automatically
3.) Disables MEMPROT automatically
4.) Patches IOS for gaining access back to /dev/flash (will be patched until the console is turned off)
5.) (Ab)uses IOS and mounts /dev/flash
6.) (Ab)uses IOS and dumps to usb:/WiiFlash_n_ECC.img (encrypted NAND binary)
7.) (Ab)uses IOS and dumps to usb:/WFD_XXX_YY.img ("Error" data - which is not really neccessary)
8.) Creates LOGFILE usb:/WiiFlash.log

??? - What's missing: The NAND key. You can obtain it using @DarkMatterCore's modified version of @bushing's Xyzzy.

Have phun.

Info for the new release:

- no longer needs YOU to dump and patch the AHBPROT bit within the IOS TMD

The NEW release is right here: http://www.mediafire.com/file/a1dzg9b6ahkdj06/RealWnD_Mini.zip/file

FancyNintendoGamer567 · Nov 30, 2019

uwu? But anyways, nice.

nitr8 · Mar 13, 2020

Updated because:

- way easier for the end user (just simply dump your Wii Mini NAND by running it)

! CAUTION: You need to have at least YOUR Wii Mini's IOS36 patched to a custom IOS into slot 236 !
(See first post in this thread on how to do this)

Vila_ · Mar 16, 2020

Nice!

asper · May 1, 2020

Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?

Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:

Thank you !

DarkKnight_TJ · May 20, 2020

i used both attached file and mediafire link, in both apps i get AHBPROT is not disabled error and then exits. i have installed "simpleiospatcher" with no errors. any idea?. thanks!

DarkKnight_TJ · May 20, 2020

well, i had to do "simpleiospatcher" manually to patch "AHBPROT", then i was able to dump wii mini nand. Is there any nand writer available for mini?

DarkKnight_TJ · May 20, 2020

is there any way to get a "normal" dump instead of an ".ecc" one? just for testing purposes (trying to make a "full dump" using a "normal" wii dump and encrypting using wii mini keys, would be nice to have full sytem capabilities back in wii mini xD). (i own a hardware programmer)

tech_land · Jun 5, 2020

asper said:
Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:
Thank you !

is there a tool? is there a guide line to edit the dump with hex editor?

asper · Jun 5, 2020

tech_land said:
is there a tool? is there a guide line to edit the dump with hex editor?

Just add the bootmii 1024 bytes at the end of the nand dump using the hexeditor you prefere.

felixsrg · Dec 1, 2020

Hi there, thank you so much for this, it is nice to have the Wii Mini's NAND available and safe.

asper said:
Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?

Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:

Thank you !

Hi there, maybe this is a stupid question, but may I ask how you got your console specific 1024-bytes? Thanks in advance.

asper · Dec 2, 2020

felixsrg said:
Hi there, thank you so much for this, it is nice to have the Wii Mini's NAND available and safe.

Hi there, maybe this is a stupid question, but may I ask how you got your console specific 1024-bytes? Thanks in advance.

The 1024 bytes contains the OTP dump. You can obtain it using various tools, I used the latest Xyzzxy-mod (it is able to dump directly to a file and you just can copy-past the 1024 bytes at the end of the nand image). More info here, unfortunately not in english).

felixsrg · Dec 2, 2020

asper said:
The 1024 bytes are the OTP dump. You can obtain it using various tools, I used the latest Xyzzxy-mod (it is able to dump directly to a file and you just can copy-past the 1024 bytes at the end of the nand image). More info here, unfortunately not in english).

I was able to create my BootMii NAND with your instructions and the website you linked, thank you very much!

Zane_Julien · Apr 5, 2024

After using the simple Ios Patcher and then starting RealWnD on my Wii mini, it first shows some information about the tool and then just a blackscreen, is that normal?

Hacking RealWnD - Wii Mini Edition

Well-Known Member

Attachments

Well-Known Member

Well-Known Member

Spanish code for Spanisher codecs

Well-Known Member

Member

Member

Member

Member

Well-Known Member

Temp's Ghost

Well-Known Member

Temp's Ghost

Well-Known Member

Similar threads

Popular threads in this forum