Difference between revisions of "Talk:BC"

From WiiBrew
Jump to navigation Jump to search
Line 15: Line 15:
 
  }
 
  }
 
:::::[[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 06:53, 2 May 2021 (CEST)
 
:::::[[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 06:53, 2 May 2021 (CEST)
 +
:::::Also, [https://hackmii.com/2008/06/genie-into-bottle-mios/ bushing said] that BC got its signature check fixed. [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 07:12, 2 May 2021 (CEST)

Revision as of 07:12, 2 May 2021

BootMii as boot2

Does installing BootMii as boot2 prevent the launching of GC games because BC has the signature bug fixed? I have a boot1-vulnerable Wii but no GC discs. Hallowizer (talk) 21:16, 28 April 2021 (CEST)

No, it works fine on my Wii with BootMii as boot2 and no custom MIOS or BC. --Pokechu22 (talk) 01:48, 30 April 2021 (CEST)
Weird, I wonder if the HackMii installer automatically replaces BC? Hallowizer (talk) 03:49, 30 April 2021 (CEST)
Nope, seems to be the exact same (based on a bootmii dump imported in dolphin, title/00000001/00000100/content/00000008.app has a sha-1 of 22b7c2ba3583fcca24134cca707fd339236afcc5, same as BC v6 obtained from NUS).
Possibly BC doesn't actually check the signature on boot2; it does seem to interact with NAND, the AES engine, and the SHA-1 engine though. I also checked and it writes things to the debug port which may match with the info on boot1 (but I'm not 100% sure; the code is really confusing and I don't want to spend too much time investigating it). It definitely checks *something* (one function uses Hardware/NAND, Hardware/AES Engine, and Hardware/SHA-1 Engine, and uses strings related to certificates ("Root", "CA", "-", "CP", "XS"), and is also responsible for writing to the debug port), but I don't know if it's actually boot2 that it's checking or something else (there are basically no other strings to look at for context).
(As for the debug port, it writes a value, and then inverts all of the bits and writes that value, in a loop waiting 1000000 units each time (it seems to be a busy loop for waiting so I don't know the units). It also always writes 0xbc to the debug port at startup, which might be where the name came from since I don't see any other text that gives it a name, unless I'm forgetting something in the system menu.) --Pokechu22 (talk) 08:06, 30 April 2021 (CEST)
Oh, one more thing: I confirmed that bootmii doesn't start when launching a GC game, but it does launch when pressing the power button while a GC game is running. I think this means that BC does not launch boot2, but MIOS will launch boot2 to turn off the Wii (note that on selecting the System Menu from bootmii, it loads as normal, i.e. the shutdown doesn't actually go through. But if no SD card is inserted, then it will eventually shutdown after the disc drive does a thing.) This could be confirmed by seeing if BC needs to be patched when modifying MIOS. --Pokechu22 (talk) 06:40, 2 May 2021 (CEST)
The reason I thought it launched boot2 is because mini has a bit of code to detect GC compat mode:
if (read32(0x0d800190) & 2) {
	gecko_printf("GameCube compatibility mode detected...\n");
	vector = boot2_run(1, 0x101);
	goto shutdown;
}
Hallowizer (talk) 06:53, 2 May 2021 (CEST)
Also, bushing said that BC got its signature check fixed. Hallowizer (talk) 07:12, 2 May 2021 (CEST)