Dolphin, the GameCube and Wii emulator - Forums

Full Version: [Howto] NAND Dumping - A Comprehensive Guide
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
When trying to dump and extract the NAND on my Wii, I ran into a number of issues that made the process much harder than it should have been. As a result, I'd like to present this guide to the tools I used, in the hopes that many more people can successfully dump their NAND for testing. (It really enables a lot of stuff.)
EDIT by Daco : added the method for bootmii backups Smile

Requirements:

For Method 1
1 fakesigning-enabled Wii with the HBC installed (no SD card needed*)
1 router that your Wii is connected to
1 PC running Windows (I don't think the version matters, I dumped it on Windows 7 Beta)
1 FTP client on Windows. I use FileZilla, but the flavor shouldn't matter.
1 Hex Editor for Windows

For Method 2 : BootMii Backup
1 wii which has bootmii installed
1 SD with at least 520MB space left
The Tools which are in the attachment of this post (look at the bottom of this post)



Instructions Method 1: ftpii


(1) Use the homebrew application FTPii on your fakesigning enabled Wii. I had to install cIOS to do this, you can do so legally using tona's version. FTPii will start up, wait for a network connection, and then listen for FTP connections. Note the IP address of your Wii in the first few lines.

(2) Using an FTP client on windows, connect (anonymously, no user/pass) to your Wii's IP address, as noted by FTPii. In the root directory, you should see three folders: sd, nand**, and isfs.



(3) Browse to the nand folder, and there are two files:wii_nand_with_ecc.img, and wii_nand_without_ecc.img. The tool we're using can't handle the extra ecc information, so "transfer" the "wii_nand_without_eec.img" to your PC somewhere. FTPii will dump the entire contents of your NAND (all 512MB) and transfer it to your PC. This will take a good 10-15 minutes.

(4) Provided that all went well, you now have an encrypted dump of your NAND's contents. Now we need to decrypt them, so you need your Wii's keys. Run the program xyzzy on your Wii, which will display your keys. The one you need here is your NAND AES key, which should be 16 bytes of hex code. Copy that down in your favorite hex editor, being careful to ensure accuracy and completeness. ***

(5) *Important* Save your 16 byte NAND AES key as a file called "nand-key.bin" in "C:\keys" or the extraction program won't be able to find it. So that full path is C:\keys\nand-key.bin

(6) Finally, we need to extract the contents of our Dump. You'll need a windows version of the program "zestig" written by Segher. You could compile his source, but there's a pre-compiled windows version (and wrapper) in WiiND, so just use that. Inside WiiND, look in "Nand Extractor" and run the program Extract.exe. Open the dump of your nand, and after about 20 seconds one of two things will happen.

(a) If a console window pops up, a lot of text scrolls by, and you end up with 8 new folders in the Nand Extractor directory, congrats on a successful NAND dump

(b) If a console window pops up briefly and then crashes, something went wrong. Sadly, zestig is not terribly user friendly and won't tell you what exactly. In my case, it was a bad NAND dump, which I've found can happen if you're using the WiiND extractor. It will also crash if it doesn't see your nand-key.bin, or if the key is incorrect. You might want to ensure that you copied the right key down if you're sure it's there.

(7) Once you have a NAND dump, you need to put it somewhere that Dolphin can access it. In the Dolphin folder, paste the 8 folders from your Nand dump in [Dolphin]\User\Wii. However, do *not* overwrite the SYSCONF file that's already there. If you do, Dolphin won't load the settings correctly, and you'll disable Wiimotes for some odd reason, so you need to make sure you keep the SYSCONF that Dolphin originally had. Everything else you are safe to paste over.

Congrats if you managed to get this far. If you streamline this process, this is the easiest way to get all of your save files and Mii characters into Dolphin for testing. I also found that in many cases, games that failed to save without a NAND dump would save with one, notably MK Wii was able to save. Having a NAND dump should also allow you to boot into the WiiOS, although for that you'll need to get it into .wad format.

Mods and other users, feel free to suggest corrections, improvements, etc. I just feel that I shouldn't be the only one to have gone through this, and I want to try to make it easy on others doing the same.

Oh, I've made a point of doing this using only legal tools, specifically I'm trying to avoid Waninkoko's stuff since it's so often used for non-legal stuff. However, feel free to call me out if I missed something. Do note that it's quite illegal to use someone else's NAND dump, since it contains a lot of copyrighted title content written by Nintendo. You'll need to dump your own if you want to test with one.

-gamefreak

*If you have no SD card, you'll need to transfer these applications to your Wii using the TCP loader, which beams it over through your router. Note that you need the HBC open for this to work.

**If you cannot see the NAND folder, it means that your Wii does not have fakesigning enabled. If you have cIOS, you might be able to run the IOS downgrader and re-enable your fakesigning, but I won't go into that here.

*** If you have an SD card, xyzzy will save the NAND key and many other keys to a file called "keys.txt" at the root of the SD card. This is useful to ensure accuracy.


Instructions Method 2: creating and extracting bootmii dump (with pictures!


This is the easiest way to get a nand dump . in this method we will create a backup bin from bootmii and extract all data from it. for that we will need to make a backup, extract the aes key from, decrypt the bin , and extract it
sounds hard? dont worry! its really easy! Wink
ok, ready? ready?!
LETS GO!

(1) startup bootmii. if you have bootmii as boot2 installed then just place the bootmii files on SD and bootmii should start (or so i was told)
if you dont have bootmii as boot2 then just start it from the homebrew channel by pressing home and choosing bootmii (also having the bootmii files on SD)
important note: and this time (r4012) it seems nand dumps which have preloader or bootmii as boot2 can't boot system menu in dolphin cause it jumps in before system menu and then launches external code (the wii menu). if you want to have the menu launch in dolphin i'd recommend to remove preloader before making a backup by installing the system menu again
(2) once in bootmii use a gc controller or something to press the right button (configuration). you'll get 3 new buttons and a back button. choose the first option with the green arrow
[Image: attachment.php?aid=1092]
(3) you should get a new screen with a green background saying to insert the SD you want to backup to. do what the screen tells you then Tongue (if it was already inserted, just press start Tongue )
it should say its ready to dump to /nand.bin ; so what are we waiting for? batman to do the dump for you? press A!
it should now be checking your wii's nand and doing a backup. get some coffee cause this could take a while
[Image: attachment.php?aid=1091]
(4) once done press Start/A to finish it and get your SD to your PC and you should see the following file somewhere in the root of the SD:
[Image: attachment.php?aid=1093]
copy it somewhere where you know you have enough space together with the other tools (AND THE CMD.LNK!) you got from the bottom of this post
since the latest bootmii it also writes a key.bin. copy this file as well if you have it!!!!
(5)run nand-aes-dump.exe and it should extract your AES key from your nand.bin into a file called nand-key.bin . proceed by opening the cmd.lnk and a command prompt should pop up
...
...
...
stop panicing dude! im here to help!
(6)type "NAND-bin2raw.exe nand.bin nand_dec.bin" (without the quotes thank you!) and press enter
it should start the decrypting process and you should now have 2 bin files: and encrypted and decrypted nand bump.
now comes to final part : extracting all data from bin!
now type in that command prompt (stop sweating, its only 1 line to type!) "zestig.exe nand-key.bin nand_dec.bin nand " (again, without quotes) and press enter. it should have decrypted everything and placed it into a new folder called nand.
now you have your nand backup ready for dolphin!
go into the nand folder, all the folders you see there should be placed in User\Wii of dolphin. however, do NOT replace sysconf in shared2/sys!!

have fun!
Very great guide, I'll probably dump it sometime in the near future... will check back here.
Is it alright if I include a section for converting your fresh-ripped titles from your NAND to .wads so Dolphin can load them? That process certainly isn't piracy, but those created wads are technically capable of being installed on any Wii since they're fakesigned... It sort of falls under the same "you ripped your game, are you going to play it on dolphin or put it on the net?" category, my created wads that I'm using to test are perfectly legal since I ripped and converted them myself, but some people would still look at me funny.

Thoughts? It's not hard to find the tools to do it of course with some searching, but still, I want to be sure before I put it in.

-gamefreak
Wouldn't it be easier to use Wii FileSystem Dumper by Waninkoko?
It might, I've never heard of it though. I'll definitely take a look.
That's an OK topic I think.
Thanks for the guide, it's pretty useful and easy to understand!
A question, does Dolphin support all versions of the wii menu now? (I've heard so) I have PAL version3.3 nr2 (October 23rd) and when I press A after the health and safety screen it freezes...
I've got the NTSC of the same menu version, but I had to do hack a bit on my NAND before I was able to dump it properly. The menu itself shouldn't care about the other things, but I don't know if Dolphin emulates the IOS properly or not. 3.3U post Oct23 is booting alright for me. Still doesn't *do* anything of course besides show an empty disc screen, although I can get into the settings for the GC Memory card and effectively have a graphical memory card manager. Nothing else on it works.

xlilcasper

Can't you just browse to the isfs folder in ftpii and download that instead of downloading the .bin file and decrypting it?
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20