IOS255

From WiiBrew
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
IOS255
WiiDrawing.png
Technical details
Latest Versionv31337
TypeTemporary IOS


IOS255 is a temporary IOS, created by older versions of "xyzzy", that sometimes remains in the NAND. It can be safely deleted.

How it works

The reason for the IOS being there, becomes clear when you look at how "xyzzy" used to work. The following is taken from hackmii.com:

  • Download IOS11 from the Nintendo Update Server
  • Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
  • Patch it to allow it to delete itself later using ES_DeleteTitle()
  • Find an unused IOS slot (counting downward from IOS255)
  • Install the hacked IOS11 there
  • Reboot into the hacked IOS
  • Copy the private key structure from the IOS address space into MEM1
  • Reboot back into a sane IOS
  • Delete the temporary, hacked IOS
  • Display the keys on screen
  • Try to write them to a file on the SD card — keys.txt
  • Pause for 60 seconds to allow you to copy the keys down using pen and paper,if necessary
Version Signing bug? STM Release Exploit? Notes
v31337 Yes Yes Temporary IOS, created by old versions of xyzzy.