Results 1 to 1 of 1

Thread:
Betwiin Guide Low-Level (Full Brick) Repair

  1. #1
    HacksDen Staff
    Administrator
    streamlinehd's Avatar
    Join Date
    Mar 2011
    Location
    New England, USA
    Posts
    1,332
    Thanked: 383
    Blog Entries
    1
    Mentioned
    0 Post(s)

    Betwiin Guide Low-Level (Full Brick) Repair

    Betwiin Guide - This Is An Advanced Tutorial If you don't understand everything here, I recommend you do not proceed as this is advanced brick repair and is not a suitable option for most bricks. Please consider ALL other options before continuing with this method.

    I wrote this guide to help people wanting to use Betwiin to recover their bricked Wii but don't know where to begin. If you try searching for a guide on Betwiin you will quickly find that there just aren't any so I hope everyone appreciates me posting this info as it took a lot of hard work to figure this all out. If you have any questions, please post them in this thread and I will be happy to answer to the best of my ability.

    NOTICE: IF YOU DON'T HAVE THE KEYS.BIN FILE OR AT LEAST KNOW THE KEYS FROM YOUR BRICKED WII THIS METHOD WILL NOT WORK AND YOU CAN NOT CONTINUE!!!

    Betwiin (Summary)

    Betwiin is program written by Bushing that can be used to make a Wii nand dump compatible with a different Wii console. This is done by using the keys from a bricked console to encrypt a nand dump from a donor console. The reason the donor nand needs to be encrypted with the bricked Wii's keys is because each Wii has its own specific keys used to encrypt and decrypt local data. For more information on how Wii security and encryption works see this thread. Betwiin can be used as a last resort to completely restore any software brick so long as you have a compatible donor nand dump, keys from bricked/target Wii, and an Infectus modchip or similar programmer.


    Step 1 – Extract Keys & Compare With Donor Nand


    Prerequisites

    1. Bricked Wii
    2. Donor nand dump with same version of boot1 as bricked Wii.
    3. Donor nand dump with equal version or greater of boot2
    4. Infectus or Infectus2 Modchip and Programmer
    5. Hex Editor
    6. Xavbox Programmer v1.0.0.7
    7. Wiinand v0.2
    8. Wii_FlashToolz_v0.3.exe


    First you will have to complete a full nand dump from the bricked/target Wii. This can be completed with Xavbox Programmer and an Infectus modchip. If you don’t know how to do this you should first download and install the Xavbox software in this thread and then take a look at The Infectus NAND Flashing Guide. Once the target nand is extracted you will have to compare it with the donor nand to make sure they both have the same version of boot1. To do this you will have to look at the first block of both dumps with a hex editor. The first block of the nand contains the boot1 information that we need to evaluate. To evaluate the nand dump open it using a hex editor, the boot1 block starts at offset 0 and ends at offset 00021a5f. Take a look specifically at the first 400 bytes or so of data and make sure they match (see img below). If the first 400-bytes from both nand dumps don’t match then you will have to find a different donor. You can also use Wiinand to find out what version of boot1 you have however, sometimes it comes up as unknown therefore comparing with a hex editor is the more accurate way to check if they're the same. Also make sure that the donor nand you will be using has boot2 v4 as this will ensure you won't run into any boot2 compatibility issues.





    Step 2 – Save and Remove Keys From Donor Nand & Bricked/Target Nand


    Option #1 - Use Simple Nand Converter You must already have a file from Bootmii named keys.bin from both Bootmii nand dumps to use this option (if you have your keys, skip this part for now and move on to step 3 - Preparing your donor nand). If you don't have your keys then see option #2 below on how to extract them.

    Option # 2 - Alternate Extraction Methods If you don't have a keys.bin file and only have a nand.bin from your Bootmii backup, chances are that your keys are attached to the nand.bin file. To manually extract these keys you can open the nand.bin in a hex editor and select the last 1024-bytes of data. If your keys are attached you should see 42, 61, 63, 6b, 75 as the first five selected bytes and your last byte should a 0 which comes after a ton of other 0's. You will also notice to the right of the hex editor program a readable line that says BackupMii v1 followed by a console ID. If you see all this then your nand does indeed have the keys attached to it. Now that you have the keys selected, copy and past them into a blank hex file by selecting File -> New File in your hex editor. Save this file and name it keys.bin, then put it in a safe spot as you will need to extract the keys from this file later.

    Advanced Note on Reading keys (this part can be skipped) - To manually read the keys with a hex editor locate the keys.bin file and open it in the editor. The hmac key starts at offset 00000144 and is 20-bytes in size and the nand key starts at offset 00000158 and is 16-bytes in size. The keys attached to the nand.bin start at offset 21000000 and end at offset 210003ff. Just use the hex editor to copy them over to Betwiin accordingly (donor keys to input folder and target keys to output folder).


    Step 3 – Preparing the Donor Nand


    Depending on what type of dump you received from Bootmii you may have to remove the keys from the nand.bin. These keys are located in the last 1024-bytes of data in the nand dump and need to be deleted if they are included in the dump. The best way to do this is by using Wiinand to clean the donor dump. This option can be found under the extra tab in Wiinand v0.2 simply select the infectus radio button and then choose clean. You can also manually delete the keys using a hex editor to select the last 1024-bytes and deleting them. Once the donor nand is cleaned you need to move it to the input folder for Betwiin and rename it to flash.bin








    Step 4 – Setting Up Betwiin


    Option #1 Windows GUI Method - (skip everything in option #2 below)

    DOWNLOAD: Simple Nand Converter Mod - Includes Betwiin for Windows

    If you have your keys.bin file for both your donor and target Wiis you can use this method as it's much easier than running Betwiin using Python. (BIG THANKS to bad_Ad84 for suggesting this.)

    1. Start Simple Nand Converter Mod
    2. Load keys.bin from donor Wii
    3. Load keys.bin from bricked/target Wii
    4. Move donor nand.bin to Betwiin -> input folder and rename it to flash.bin
    5. Click on convert button and accept or decline all warnings
    6. Betwiin GUI will start and should take 20 - 45 minutes to complete depending on PC speed





    Option #2 Python Method - (the listed modules are required)


    Prerequisites

    1. Betwiin
    2. Python Interface
    3. Numpy Module
    4. Pycrypto Module

    To run Betwiin on a PC you will need to download and install Python for Windows. You will also need Python modules Numpy and Pycrypto installed to be able to run the Betwiin code. Once you have all this installed you will need to locate and setup the input and output folders in the Betwiin archive (this is located wherever you chose to unzip Betwiin on your computer.) Add the donor nand.bin (renamed to flash.bin), hmac-key and nand-key to the input folder and the target hmac-key and nand-key to the output folder.

    Next you will need to start Python, then open the betwiin.py module and choose to run the module. If everything was setup correctly, Betwiin will automatically start decrypting the donor nand and encrypting it with the output keys from the target Wii. This will take around 20-45 minutes to complete. Once completed, you will get an output file in the output folder called flash.bin. Simply rename this file to nand.bin and use the Infectus chip to complete the dump into the bricked/target Wii.


    Step 5 - Preparing the output flash.bin


    If everything was done correctly, you should end up with a file in the output folder named flash.bin. Simply rename this file to nand.bin and it's now ready to be installed into the bricked/target Wii. You will need your Infectus modchip and Xavbox software to complete this installation. If it doesn’t work it may be because the donor nand doesn't have the same boot1 or has an older version of boot2 than the bricked/target nand. To fix this, you will have to upgrade the donor nand (You should use a donor nand with the same boot1 and boot2 v4 to avoid this issue). You can also copy and paste the boot1/boot2 data from the original bricked/target nand to the Betwiin output to maintain the same boot1/boot2 versions. As mentioned by Bushing, this tool is a last resort to revive your system and can be a very tedious process that sometimes requires a lot of tweeking to get it right.







    2011 Streamlinehd - You may not copy this material without prior written consent.
    Attached Images Attached Images



  2. The Following 2 Users Say Thank You to streamlinehd For This Useful Post:


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •