Talk:BC

From WiiBrew
Jump to navigation Jump to search

BootMii as boot2

Does installing BootMii as boot2 prevent the launching of GC games because BC has the signature bug fixed? I have a boot1-vulnerable Wii but no GC discs. Hallowizer (talk) 21:16, 28 April 2021 (CEST)

No, it works fine on my Wii with BootMii as boot2 and no custom MIOS or BC. --Pokechu22 (talk) 01:48, 30 April 2021 (CEST)
Weird, I wonder if the HackMii installer automatically replaces BC? Hallowizer (talk) 03:49, 30 April 2021 (CEST)
Nope, seems to be the exact same (based on a bootmii dump imported in dolphin, title/00000001/00000100/content/00000008.app has a sha-1 of 22b7c2ba3583fcca24134cca707fd339236afcc5, same as BC v6 obtained from NUS).
Possibly BC doesn't actually check the signature on boot2; it does seem to interact with NAND, the AES engine, and the SHA-1 engine though. I also checked and it writes things to the debug port which may match with the info on boot1 (but I'm not 100% sure; the code is really confusing and I don't want to spend too much time investigating it). It definitely checks *something* (one function uses Hardware/NAND, Hardware/AES Engine, and Hardware/SHA-1 Engine, and uses strings related to certificates ("Root", "CA", "-", "CP", "XS"), and is also responsible for writing to the debug port), but I don't know if it's actually boot2 that it's checking or something else (there are basically no other strings to look at for context).
(As for the debug port, it writes a value, and then inverts all of the bits and writes that value, in a loop waiting 1000000 units each time (it seems to be a busy loop for waiting so I don't know the units). It also always writes 0xbc to the debug port at startup, which might be where the name came from since I don't see any other text that gives it a name, unless I'm forgetting something in the system menu.) --Pokechu22 (talk) 08:06, 30 April 2021 (CEST)