Changes

Please note that our information on this topic is limited. It is mostly based on information from old HackMii articles, assumptions, [[uid.sys]] dumps, and the few pieces of the process ([[RVL_DIAG]], [[RVL_UJI_DIAG]], & [[Data Check & Log Check]]) that have leaked publicly. Since most pieces of this process are not publicly available, we can only piece together how the entire process works from the information which is available, so this may not be a perfect description of the process.  

*During hardware manufacturing, [[boot0]] is imprinted into the Mask ROM inside the [[Hollywood]]/[[Bollywood]].

* During hardware manufacturing, [[boot0]] is imprinted into the Mask ROM inside the [[Starlet]].

*At the packaging plant, the Wii is powered on for the first time with SD card number 1 inserted. This SD card contains an image with various [[BroadOn]]-format [[WAD]]<nowiki/>s; sd_boot will load one of these WADs, an installer program which installs the other WADs to NAND. These WADs typically include a System Menu, IOS4, and IOS9.

* During initial programming of the NAND chip, unknown versions of [[boot1]] and [[boot2]] are flashed to NAND provisionally, along with an unknown (likely [[NDEV Menu|NDEV]]) System Menu and a corresponding [[IOS]] version.

*Once the System Menu is installed, the "123J" disc is inserted. It is unknown what the actual title of this disc is, however it possibly serves the purpose of encrypting the NAND filesystem, updating [[boot1]], and setting the console's [[EFuse|eFuses]]. This disc seems to contain a partition with the title ID "0000dead", which may contain the program which encrypts the NAND filesystem.

* Setup begins by inserting a disc with the game ID of "123J". This disc most likely generates the console-unique NAND keys and other console-unique data, and writes them to the [[OTP]] chip along with encrypting the NAND with said keys. It may also update boot1, since this can only be done before the NAND keys are written to OTP.

*Another disc known as [[RVL_UJI_DIAG]] (or 121J) is inserted, along with another SD card ("#1.5"). This disc runs test programs on the system to validate the operation of the hardware, writing logs to [[testlog.txt]] in the process; it then registers the console's serial number (over [[Waikiki]]), generates the system's [[Setting.txt]], and other actions to prepare for the next step of the process.  

* Another disc is ran. This disc is known as "0000dead" or "DE AD" in hex as it appears in [[uid.sys]]. This disc's TMD content index matches that of [[RVL_DIAG]] as dumped from an [[RVT-H Reader]]; while the development version of RVL_DIAG uses the IDs "100J" and "0000", it is likely to be the same as the retail 0000dead disc. This disc runs a variety of stress tests known as "aging tests" on the system, and registers the system's serial number over a [[Waikiki]] using PC software.

*The final disc, known as 122E, is then inserted; this disc installs a WAD called "DataChk.wad" from the SD card, which contains [[Data Check and Log Check]].

*Data Check and Log Check (0002) verifies the results of 121J, to ensure that the logs and product info data on the system are correct.

* Another disc known as [[RVL_UJI_DIAG]] (or 121J) is inserted. It is unknown what role this disc serves during the manufacturing process exactly, as the publicly available version sourced from an [[RVT-H Reader]] is similar to the aforementioned 100J, but with a few more test programs and newer software. 121J includes programs which perform tests on the system and write the results to [[testlog.txt]] in addition to checking this file, so it can be assumed that it is at this phase of the setup process where these tests are executed.

*The contents of 122E's update partition are then installed, containing the standard set of channels for retail along with the production [[Wii System Menu]].

*Some [[Bollywood]] Wiis have a disc ID of "0003" in their [[uid.sys]] as well. It's currently unknown what it does, but it is generally found immediately after 122E and right before any signs of retail usage (typically seen as the 00010000-00555045 of a disc's UPDATE partition.)

 

 

* Some [[LU64+]] Wiis have a disc ID of "0003" in their [[uid.sys]] as well. It's currently unknown what it does, but it is generally found immediately after 122E and right before any signs of retail usage (typically seen as the 00010000-00555045 of a disc's UPDATE partition.)  

__TOC__

__TOC__

== Preloading ==

==Preloading==

Every Wii is preloaded at the hardware level with a couple pieces of software; these are already present on the Wii and will run when the Wii is powered on at the factory. The first of these pieces of software is boot0, the first piece of code ran on the Wii after power-on (which will stay the same from when it is physically programmed onto the chip to after factory setup, since it cannot physically be modified), which will check the Wii's OTP (one-time programmable) memory chip, and seeing that it is blank (as it is written to later in the process, using up its one opportunity to program it), determines that it is in the factory and continues with boot by loading boot1 from the NAND; after factory setup, there are keys present within this area, which boot0 uses to verify your copy of boot1, but during first factory boot this is neither possible nor needed, so boot0 skips it.  Next, boot1 loads from the NAND. Boot1 works as usual by verifying the signature of the boot2 on the NAND, then loading it; this process is identical as long as the console has a properly signed boot2, so there's no special factory behavior that boot1 has here.

Every Wii is preloaded at the hardware level with a couple pieces of software; these are already present on the Wii and will run when the Wii is powered on at the factory. The first of these pieces of software is boot0, the first piece of code ran on the Wii after power-on (which will stay the same from when it is physically programmed onto the chip to after factory setup, since it cannot physically be modified), which will check the Wii's OTP (one-time programmable) memory chip, and seeing that it is blank (as it is written to later in the process, using up its one opportunity to program it), determines that it is in the factory and continues with boot by loading boot1 from the NAND; after factory setup, there are keys present within this area, which boot0 uses to verify your copy of boot1, but during first factory boot this is neither possible nor needed, so boot0 skips it.  Next, boot1 loads from the NAND. Boot1 works as usual by verifying the signature of the boot2 on the NAND, then loading it; this process is identical as long as the console has a properly signed boot2, so there's no special factory behavior that boot1 has here.

Next, [[boot2]] loads; the version of boot2 installed on a Wii once it comes out of the factory can only handle an encrypted NAND filesystem; the problem with that in the factory is that at this point the OTP has not been programmed, and since the OTP contains the console-unique NAND keys, it is impossible to have the NAND encrypted at this point. As such, the NAND is unencrypted, which the production version of boot2 cannot handle; presumably, a special factory version of boot2 (possibly boot2v0) is programmed on Wiis at this point, which can boot from unencrypted NAND filesystems and as such will continue boot as normal. The next thing to be loaded is the System Menu. While it isn't clear what exactly this System Menu is, it is most likely a version of the [[NDEV Menu]]. It's unknown what version of the NDEV menu is used or what IOS is associated with it; it is possible that this changed over the Wii's lifespan with updates to the menu and its associated IOS.

Next, [[boot2]] loads; the version of boot2 installed on a Wii once it comes out of the factory can only handle an encrypted NAND filesystem; the problem with that in the factory is that at this point the OTP has not been programmed, and since the OTP contains the console-unique NAND keys, it is impossible to have the NAND encrypted at this point. As such, the NAND is unencrypted, which the production version of boot2 cannot handle; presumably, a special factory version of boot2 (possibly boot2v0) is programmed on Wiis at this point, which can boot from unencrypted NAND filesystems and as such will continue boot as normal. The next thing to be loaded is the System Menu. While it isn't clear what exactly this System Menu is, it is most likely a version of the [[NDEV Menu]]. It's unknown what version of the NDEV menu is used or what IOS is associated with it; it is possible that this changed over the Wii's lifespan with updates to the menu and its associated IOS.

== Setup ==

==Setup==

At this point, a disc would be inserted to begin the process of setting up the system. While this disc presumably has an official name which is currently unknown, it will be referred to as "123J", as 123J is the [[GameID]] of the disc (as evidenced by its presence in the [[uid.sys]] logs of all Wiis, as well as other NAND remnants). This disc most likely runs on IOS4 or IOS9 (it is possible that this changed over the Wii's lifecycle as well with updates to the disc), and, as far as we are aware, serves one main purpose; writing to the OTP chip and encrypting the NAND filesystem. However, there is one other possible task that 123J may have performed, which is updating boot1. As Nintendo issued various updates to boot1 throughout the Wii's lifecycle (most infamously the update that fixed the trucha bug within it, aka disabling bootmii/boot2 on newer Wiis), the most logical way to issue these updates would be by implementing a function to update boot1 within 123J before writing to the OTP area (since the OTP area contains the hash of boot1, if you want to update boot1, you have to update it before writing the hash). Nintendo also could have simply updated the boot1 version in their pre-prepared set of files programmed onto the system physically before it even hits the factory stations, although doing this through 123J seems more logical.

At this point, a disc would be inserted to begin the process of setting up the system. While this disc presumably has an official name which is currently unknown, it will be referred to as "123J", as 123J is the [[GameID]] of the disc (as evidenced by its presence in the [[uid.sys]] logs of all Wiis, as well as other NAND remnants). This disc most likely runs on IOS4 or IOS9 (it is possible that this changed over the Wii's lifecycle as well with updates to the disc), and, as far as we are aware, serves one main purpose; writing to the OTP chip and encrypting the NAND filesystem. However, there is one other possible task that 123J may have performed, which is updating boot1. As Nintendo issued various updates to boot1 throughout the Wii's lifecycle (most infamously the update that fixed the trucha bug within it, aka disabling bootmii/boot2 on newer Wiis), the most logical way to issue these updates would be by implementing a function to update boot1 within 123J before writing to the OTP area (since the OTP area contains the hash of boot1, if you want to update boot1, you have to update it before writing the hash). Nintendo also could have simply updated the boot1 version in their pre-prepared set of files programmed onto the system physically before it even hits the factory stations, although doing this through 123J seems more logical.

The next disc inserted is the aforementioned [[RVL_UJI_DIAG]], with [[GameID]] 121J. The copy of this disc obtained from an RVT-H Reader includes several testing programs which could be used to ensure the integrity of a unit's hardware, as well as programs that run pre-defined tests, the results of which are then written to [[testlog.txt]]. It also contains [[serNoReg]], the program which registers the console's serial number using a mentioned but unseen piece of PC software. The retail version of 121J appears to include an additional step not present in the RVT-H version, as it installs a WAD titled 'DataChk.wad' to the NAND via a second partition with the ID '0002'. While this title is normally deleted from NAND after it is used, it is left behind on some Wiis for unknown reasons, and as such it has been obtained publicly and its behavior is detailed below.

The next disc inserted is the aforementioned [[RVL_UJI_DIAG]], with [[GameID]] 121J. The copy of this disc obtained from an RVT-H Reader includes several testing programs which could be used to ensure the integrity of a unit's hardware, as well as programs that run pre-defined tests, the results of which are then written to [[testlog.txt]]. It also contains [[serNoReg]], the program which registers the console's serial number using a mentioned but unseen piece of PC software. The retail version of 121J appears to include an additional step not present in the RVT-H version, as it installs a WAD titled 'DataChk.wad' to the NAND via a second partition with the ID '0002'. While this title is normally deleted from NAND after it is used, it is left behind on some Wiis for unknown reasons, and as such it has been obtained publicly and its behavior is detailed below.

== Data Check and Log Check's role ==  

==Data Check and Log Check's role==  

[[File:0002-2.png|thumb|PUSH SD CARD, THEN REMOVE IT]]

[[File:0002-2.png|thumb|PUSH SD CARD, THEN REMOVE IT]]

[[File:0002-3.png|thumb|PUSH RESET BUTTON]]

[[File:0002-3.png|thumb|PUSH RESET BUTTON]]

0002's exact purpose is unknown; it appears to verify the results of 121J by checking files on NAND as well as files from an SD card, in particular [[all.ini]]. all.ini is a list of tests near-identical to that which is present in 121J under the filename "master.dat"; it is unknown why 0002 requests this file, or why it was copied to NAND and therefore able to be retrieved from a retail Wii system.

0002's exact purpose is unknown; it appears to verify the results of 121J by checking files on NAND as well as files from an SD card, in particular [[all.ini]]. all.ini is a list of tests near-identical to that which is present in 121J under the filename "master.dat"; it is unknown why 0002 requests this file, or why it was copied to NAND and therefore able to be retrieved from a retail Wii system.

== 122E ==

==122E==

The final step is to install the System Menu, IOSes, and channels. This process is akin to a standard disc update, where a disc is inserted, the contents of it are read, and WAD files are installed from those contents. The disc that handles this is known as 122E. This disc appears to simply be an update partition, as the [[main.dol]] file which it leaves behind in the [[cache.dat]] of a system after it is inserted is a non-functional DOL file similar to those which are found in the update partitions of retail Wii discs. It can be presumed that Nintendo may have pressed several versions of this disc to keep the Wii's preinstalled software updated throughout its production run; however, none have been found publicly, nor is it known what the actual name or appearance of the disc is.

The final step is to install the System Menu, IOSes, and channels. This process is akin to a standard disc update, where a disc is inserted, the contents of it are read, and WAD files are installed from those contents. The disc that handles this is known as 122E. This disc appears to simply be an update partition, as the [[main.dol]] file which it leaves behind in the [[cache.dat]] of a system after it is inserted is a non-functional DOL file similar to those which are found in the update partitions of retail Wii discs. It can be presumed that Nintendo may have pressed several versions of this disc to keep the Wii's preinstalled software updated throughout its production run; however, none have been found publicly, nor is it known what the actual name or appearance of the disc is.