My Dev Notes

My Personal notes about anything but mainly wiiflow. Putting them here as they might be useful to someone else. maybe i'll move them somewhere more appropriate.

AHBProt

AHBProt stands for Advanced Hardware Bus Protection. AHB is what connects all the Hardware Devices of the Wii to the PPC. Its protected to keep hackers from easily gaining access to these devices. But there's an easy way to enable access to the AHB by setting bit 0 of the access rights field (offset 0x1DB) in the TMD. The HBC and other channels/forwarders do this by setting offset 0x1DB of their TMD to 0x03. They also set offset 0x18B to 0x3A (58) to use IOS58.

Some people say you need to enable AHBProt. Yes you are setting a bit to Enable access rights to the AHB but you need to Disable or Patch the Protection in order to use AHB. In WiiFlow Fix94 refers to it as 'AHBProt patched out' and USBLGX Cyan refers to it as 'AHBProt Disabled'

All homebrew loaded via the HBC will have the AHBProt disabled IF the app includes a meta.xml with either the <no_ios_reload/> tag or the <ahb_access/> tag. <no_ios_reload/> was replaced by <ahb_access/> in HBC v1.1.0 but it still works as an alias for <ahb_access/>. WiiFlow and USBLGX have AHBProt disabled via their forwarder channels. To disable AHBProt in a channel you need a wad of the channel and you need to extract the contents of that wad which will give you the TMD file. Load the TMD file in a Hex Editor and set offset 0x1DB to 0x03 and save it. now repack the wad and install it on your wii. That's it.

If I understand correctly, the ES is what checks the access rights field and will set 0xcd800064 to 0xFFFFFFFF if this bit is set. by checking if address 0xcd800064 is set to 0xFFFFFFFF is how WiiFlow and USBLGX can tell if AHBProt is disabled. A IOS reload will re-enable AHBProt but both USB loaders and other apps simply patch ES before IOS Reload to keep it disabled.