Hacking Zelda Skyward Sword Data Updater vWii Hack?

Status
Not open for further replies.
CJB100

CJB100

Programmer, Media Producer, Hardware Repair
OP
Member
Level 4
Joined
May 8, 2016
Messages
491
Trophies
0
Age
31
Location
USA
XP
448
Country
United States
I have been suffering from a kidney stone all day, so instead of doing coding on my current vWii project, I've been trying to see if there are any places of potential vulnerability in the vWii System Menu so that maybe we can hack the vWii without a game (silly, I know, since it seems IOSU is right around the corner). I found a Zelda Skyward Sword Save Data Updater in the Wii Shop for free, seems like a ripe candidate. Does anyone have Zelda Skyword Sword save data, and if so, can you pm me it? Also, devs, does this seem possible, and if so could someone give me a few pointers either here or over pm on possible ways to attempt to find an entry point for running code? Obviously I'm not saying do the work for me, but it appears that there is a set of custom code that is run from other save data in hack files for the various exploitable games, and I've not the first clue what it is or how to decypher it from a save file.
 
  • Like
Reactions: dronesplitter
EstPC13

EstPC13

Well-Known Member
Member
Level 3
Joined
Jan 3, 2016
Messages
415
Trophies
0
Location
In your mind
XP
322
Country
Dominican Republic
CJB100 said:
I have been suffering from a kidney stone all day, so instead of doing coding on my current vWii project, I've been trying to see if there are any places of potential vulnerability in the vWii System Menu so that maybe we can hack the vWii without a game (silly, I know, since it seems IOSU is right around the corner). I found a Zelda Skyward Sword Save Data Updater in the Wii Shop for free, seems like a ripe candidate. Does anyone have Zelda Skyword Sword save data, and if so, can you pm me it? Also, devs, does this seem possible, and if so could someone give me a few pointers either here or over pm on possible ways to attempt to find an entry point for running code? Obviously I'm not saying do the work for me, but it appears that there is a set of custom code that is run from other save data in hack files for the various exploitable games, and I've not the first clue what it is or how to decypher it from a save file.
Click to expand...
Amazing that some people try to contribute, adn Twilight Hack and Smash Stack were a thing, this could be one as well (of course I'm just spitballing here, I'm not sure)
 
TotalInsanity4

TotalInsanity4

GBAtemp Supreme Overlord
Member
Level 20
Joined
Dec 1, 2014
Messages
10,800
Trophies
0
Location
Under a rock
XP
9,814
Country
United States
V1Cammy

V1Cammy

Member
Newcomer
Level 1
Joined
Jun 24, 2016
Messages
21
Trophies
0
Age
41
XP
59
Country
Canada
CJB100 said:
I have been suffering from a kidney stone all day, so instead of doing coding on my current vWii project, I've been trying to see if there are any places of potential vulnerability in the vWii System Menu so that maybe we can hack the vWii without a game (silly, I know, since it seems IOSU is right around the corner). I found a Zelda Skyward Sword Save Data Updater in the Wii Shop for free, seems like a ripe candidate. Does anyone have Zelda Skyword Sword save data, and if so, can you pm me it? Also, devs, does this seem possible, and if so could someone give me a few pointers either here or over pm on possible ways to attempt to find an entry point for running code? Obviously I'm not saying do the work for me, but it appears that there is a set of custom code that is run from other save data in hack files for the various exploitable games, and I've not the first clue what it is or how to decypher it from a save file.
Click to expand...


sure you can but your gonna want to use thread structs in memory to map your functions akin to the entrypoint u plan to use.

--------------------- MERGED ---------------------------

all ill say is svchax is your friend here especially for multi threading look at the twighlight hack git repo and you'll c what i mean
 
Last edited by V1Cammy,
FaTaL_ErRoR

FaTaL_ErRoR

AKA ŦƕƎ ƠṀƐƝ
Member
Level 4
Joined
Mar 9, 2014
Messages
491
Trophies
0
XP
443
Country
United States
Everything is on wiibrew.
But if you dont have the game thus getting the save on a non modded console isnt possible. How do you plan on modding anything and getting it to load on a non modded console? Dont you have to play the game then move the save from sd to vwii? now the updater should be able to be opened by a program on pc. You may be able to modify the updater enough to run code but its still gonna require a save thus require the game in the first place. But dont let that get you down. More games that can push hbc the better.
 
  • Like
Reactions: dronesplitter and V1Cammy
V1Cammy

V1Cammy

Member
Newcomer
Level 1
Joined
Jun 24, 2016
Messages
21
Trophies
0
Age
41
XP
59
Country
Canada
Start Somewhere Around Here.
ROM:00000000 AREA ROM, CODE, READWRITE, ALIGN=0
ROM:00000000 CODE32
ROM:00000000 RSCLS R10, R5, #0x348000
ROM:00000004 STRLTB R12, [R5,R3,LSR#14]!
ROM:00000008 LDRVST R6, [R1],#-0xAFC
ROM:0000000C ADCEQS R11, SP, #0xA8000
ROM:00000010 TSTLE R0, R9,LSL R11
ROM:00000014 BLHI 0xFFC22D50
ROM:00000018 TEQGE R4, #0x4C0000

--------------------- MERGED ---------------------------

Again a Lot of this is mostly already documented but understanding base hacks used back in wii days helps, it also serves as boilerplate code for setting up possible entrypoints

--------------------- MERGED ---------------------------

just chuck the bin in ida and disassemble accordingly
believe me you will have much fun. :)
 
  • Like
Reactions: FaTaL_ErRoR and CJB100
CJB100

CJB100

Programmer, Media Producer, Hardware Repair
OP
Member
Level 4
Joined
May 8, 2016
Messages
491
Trophies
0
Age
31
Location
USA
XP
448
Country
United States
FaTaL_ErRoR said:
Everything is on wiibrew.
But if you dont have the game thus getting the save on a non modded console isnt possible. How do you plan on modding anything and getting it to load on a non modded console? Dont you have to play the game then move the save from sd to vwii? now the updater should be able to be opened by a program on pc. You may be able to modify the updater enough to run code but its still gonna require a save thus require the game in the first place. But dont let that get you down. More games that can push hbc the better.
Click to expand...

Does it require the game? Obviously, some games like the exploitable ones allow you to copy over save data onto the Wii system from SD assuming you set up the folders in the correct way on the SD card. The Zelda Updater I am referencing in the original post doesn't appear to be picky about what save it patches, it just needs a save from LoZ Skyward Sword so that it can patch the save data with Nintendo's fix. Since the Zelda updater is free on the Wii store, I would think it could launch the code possibly, rather than the actual LoZ Skyward Sword game itself. Thus you could theoretically have a vWii exploit without needing a game, just download free software from the Wii Store and then replace some files on an SD card. If it works, this could theoretically do away with the non-SDHC issue that lots of people experience with current exploits. All theory, of course, I haven't had time to really poke around at anything yet.
 
  • Like
Reactions: Supster131
V1Cammy

V1Cammy

Member
Newcomer
Level 1
Joined
Jun 24, 2016
Messages
21
Trophies
0
Age
41
XP
59
Country
Canada
CJB100 said:
Does it require the game? Obviously, some games like the exploitable ones allow you to copy over save data onto the Wii system from SD assuming you set up the folders in the correct way on the SD card. The Zelda Updater I am referencing in the original post doesn't appear to be picky about what save it patches, it just needs a save from LoZ Skyward Sword so that it can patch the save data with Nintendo's fix. Since the Zelda updater is free on the Wii store, I would think it could launch the code possibly, rather than the actual LoZ Skyward Sword game itself. Thus you could theoretically have a vWii exploit without needing a game, just download free software from the Wii Store and then replace some files on an SD card. If it works, this could theoretically do away with the non-SDHC issue that lots of people experience with current exploits. All theory, of course, I haven't had time to really poke around at anything yet.
Click to expand...
what you are asking is not silly at all
the furthest thing from it as a matter of fact
nintendo... how must i put it... their bugs are not...afaik "bugs"
more so they are bugs of other "bugs"
resulting in poor implementations crypto/drm
or they're too stupid to think. A better answer,
they dont "think ahead" they save time and money to "implement"..
 
  • Like
Reactions: TotalInsanity4
FaTaL_ErRoR

FaTaL_ErRoR

AKA ŦƕƎ ƠṀƐƝ
Member
Level 4
Joined
Mar 9, 2014
Messages
491
Trophies
0
XP
443
Country
United States
CJB100 said:
Does it require the game? Obviously, some games like the exploitable ones allow you to copy over save data onto the Wii system from SD assuming you set up the folders in the correct way on the SD card. The Zelda Updater I am referencing in the original post doesn't appear to be picky about what save it patches, it just needs a save from LoZ Skyward Sword so that it can patch the save data with Nintendo's fix. Since the Zelda updater is free on the Wii store, I would think it could launch the code possibly, rather than the actual LoZ Skyward Sword game itself. Thus you could theoretically have a vWii exploit without needing a game, just download free software from the Wii Store and then replace some files on an SD card. If it works, this could theoretically do away with the non-SDHC issue that lots of people experience with current exploits. All theory, of course, I haven't had time to really poke around at anything yet.
Click to expand...
I dont see how it would. But im not looking into it. You are. Really depends. The save itself doesnt launch the exploit. The game loading the save launches it. If the updater reads or loads the save it could be possible for a launch without a game. You'll have to load that updater up in a pc program and see if any exploitable vectors pop. Hope you find something. Some people are having a difficult time finding games that can load and exploit.
 
CJB100

CJB100

Programmer, Media Producer, Hardware Repair
OP
Member
Level 4
Joined
May 8, 2016
Messages
491
Trophies
0
Age
31
Location
USA
XP
448
Country
United States
FaTaL_ErRoR said:
I dont see how it would. But im not looking into it. You are. Really depends. The save itself doesnt launch the exploit. The game loading the save launches it. If the updater reads or loads the save it could be possible for a launch without a game. You'll have to load that updater up in a pc program and see if any exploitable vectors pop. Hope you find something. Some people are having a difficult time finding games that can load and exploit.
Click to expand...

It will certainly be oodles of fun I'm sure lol. I'm not going to lie, I'll be diving into the deep end with a lead vest. All while dealing with my evil kidney stone slicing up my insides.. X) The things you live for lol.
 
  • Like
Reactions: Erikku
V1Cammy

V1Cammy

Member
Newcomer
Level 1
Joined
Jun 24, 2016
Messages
21
Trophies
0
Age
41
XP
59
Country
Canada
CJB100 said:
It will certainly be oodles of fun I'm sure lol. I'm not going to lie, I'll be diving into the deep end with a lead vest. All while dealing with my evil kidney stone slicing up my insides.. X) The things you live for lol.
Click to expand...
asm...isnt even a sweat you'll go deep,Deep in the DEEP END lol
on a more productive note, you mess with assembly long enough
exploit code jus becomes exploit code...
you begin to see things more clear. then you are able to turn
src code into your biggest weapon.take it from me , im very new here and
with 3dbrew and wii-u brew filled to the brim
was about 1-2 hrs on the Wii-U and 3DS studying documentation and it Jus clicked.
 
  • Like
Reactions: CJB100
dronesplitter

dronesplitter

Well-Known Member
Member
Level 4
Joined
Sep 30, 2007
Messages
595
Trophies
0
XP
421
Country
United States
I wish you lots of luck. I've been wanting a way to get vWii hacked for a while now and not really interested in buying one of the current games needed. I know, they're cheap...but I have a regular hacked wii already so it's not something I've broken down on yet.
 
N

NexoCube

Well-Known Member
Member
Level 8
Joined
Nov 3, 2015
Messages
1,222
Trophies
0
Age
29
Location
France
XP
1,340
Country
France
Save hacks are most of them buffer overflow. Twilight Hack/oot3dhax ; The game is not verifying Link name length soo just set the name length bigger than the buffer (That is 16 or 20) then set the buffer adress to your code.
 
FIX94

FIX94

Former Staff
Former Staff
Level 21
Joined
Dec 3, 2009
Messages
7,284
Trophies
0
Age
29
Location
???
XP
11,238
Country
Germany
CJB100 said:
Since the Zelda updater is free on the Wii store, I would think it could launch the code possibly, rather than the actual LoZ Skyward Sword game itself.
Click to expand...
you can only install saves if the game was played on the actual console at least once in the past so this wont work. also the updater doesnt really do a whole lot if I recall correctly, what I do know though is that the game itself can be crashed on startup by messing with the map/room string in the save, from what I saw though the crash did not look exploitable but in all honesty I didnt look for very long so who knows, maybe you find something, would be neat.
 
  • Like
Reactions: CJB100
CJB100

CJB100

Programmer, Media Producer, Hardware Repair
OP
Member
Level 4
Joined
May 8, 2016
Messages
491
Trophies
0
Age
31
Location
USA
XP
448
Country
United States
FIX94 said:
you can only install saves if the game was played on the actual console at least once in the past so this wont work.
Click to expand...

Then how do you install saves for the currently LEGO game exploits? Or do you mean that you can't install saves via the LoZ Updater?
 
CJB100

CJB100

Programmer, Media Producer, Hardware Repair
OP
Member
Level 4
Joined
May 8, 2016
Messages
491
Trophies
0
Age
31
Location
USA
XP
448
Country
United States
TotalInsanity4 said:
You have to play the game at least once on the console, and then you can move the save over from an SD card
Click to expand...

Never did that when I hacked my vWii. The saves just copied on over. Does having the disc in the disc slot count? I may have stuck the game in, but I never played until after I copied the saves to the SD Card.
 
  • Like
Reactions: 7Robins
7Robins

7Robins

Bob is watching you.
Member
Level 3
Joined
Jun 20, 2016
Messages
561
Trophies
0
Location
Tennessee
XP
372
Country
United States
When I hacked my vWii a couple days ago, I hadn't played Lego Star Wars before doing it. I just copied the save over and it worked.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

A really, REALLY old browser exploit (for 5.3.2)?

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Homebrew  Huevo's Vault | Wii U Themes

Watch videos on Wii U, offline, saved on SD?

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Can you hack your wii u with something other than sd card

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Crowbar?