PoC - Boot NeoGamma via Disc Channel!

Discussion in 'Wii - Hacking' started by damysteryman, Feb 18, 2012.

Feb 18, 2012
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    UPDATE - r4 has Wii Gamertag support! Supports both Wiinnertag and DUTag! Also, autocheat improved. Also, should have support for new wm+ wiimote models.


    Hello gbatemp!

    Here I have to show you is a way to boot NeoGamma (or any channel really) via the Disc Channel!

    Here is a video of it in action: (VID IS OUT OF DATE)
    Volume in video is low, so you may need to increase yours.

    WARNING! My voiceover in this video is horrible and absolutely EVIL. (I do not actually sound like that IRL lol) When I watched this video after filming, I almost went insane. Almost went insane while filming towards the end too! Watch this video at your own risk... if you start uncontrollably laughing, get nightmares, or go insane after watching it all then it is your own fault.


    This is achieved by using a priiloader hack to tell the disc channel to load... another channel instead of a disc. There are 4 versions I have made, one that loads a specified channel every time, and another that loads a different channel depending on whether you try to boot a Wii or GC disc, one that loads a channel only when a Wii disc is loaded, and one that loads a channel only when a GC disc is loaded.
    So far, the hack has only been made for 4.3E ATM, but I will port to 4.3, 4.3U, and 4.3K soon (then to 4.1 and 4.2, and MAYBE 3.xx versions). (But not right now though... after I post this thread, I need to go straight to sleep!)
    UPDATE - I have ported the 4 hacks to all regions of 4.1, 4.2 and 4.3!

    First version - Single Channel priiloader hack:
    4.1:
    WARNING! Spoilers inside!

    4.2:
    WARNING! Spoilers inside!

    4.3:
    WARNING! Spoilers inside!

    This one makes the disc channel boot a channel instead of the disc. By default, it boots title 00010008-484E4341 [Hidden Channel - TitleID HNCA] ("NeoCORP") via the disc channel every time you try to boot a disc. In the video example, this channel contains an Autoboot NeoGamma app.

    Second version - Dual Channel priiloader hack: (too wide for forum post box, so had to split it onto 2 lines... be sure to rejoin them when manually adding to a hacks.ini)
    4.1:
    WARNING! Spoilers inside!

    4.2:
    WARNING! Spoilers inside!

    4.3:
    WARNING! Spoilers inside!

    This one can boot 2 channels, one for Wii discs, and one for GC discs. By default, it boots title 00010008-484E4341 [Hidden Channel - TitleID HNCA] ("NeoCORP") when you try to load a Wii disc, and title 00010008-48434C41 [Hidden title - TitleID HCLA] ("CFG Loader") when you try to load a GC disc. In the video example, HNCA contains an AutoBoot NeoGamma, and HCLA contains CFG USB Loader MOD r12. This hack can be useful if you want to boot a different app for GC discs than for Wii discs.

    Third version - Single Channel, but Wii discs ONLY:
    4.1:
    WARNING! Spoilers inside!

    4.2:
    WARNING! Spoilers inside!

    4.3:
    WARNING! Spoilers inside!

    This version boots a channel, but ONLY when you try to load a Wii disc. By default, it boots title 00010008-484E4341 [Hidden Channel - TitleID HNCA] ("NeoCORP"). GC discs are unaffected by this version of the hack, and just boot normally.

    Fourth version - Single Channel, but GC discs ONLY:
    4.1:
    WARNING! Spoilers inside!

    4.2:
    WARNING! Spoilers inside!

    4.3:
    WARNING! Spoilers inside!

    This version boots a channel, but ONLY when you try to load a GC disc. By default, it boots title 00010008-484E4341 [Hidden Channel - TitleID HNCA] ("NeoCORP"). Wii discs are unaffected by this version of the hack, and just boot normally.

    Basic hack description:
    It works by patching the part where the System Menu checks to see the IOS a disc wants, and then loads that IOS's Title ID. Instead of getting the Title ID for an IOS, the hack gives it a Title ID at it specifies. Normally, the sysmenu only uses 2 ASM commands to get the IOS's ID, but for a full channel Title ID, the hack had to use 4 ASM commands. So instead of just patching over the top of the existing 2 commands, the hack puts the 4 commands (plus a blr to return back) in an empty (value is all "00") part of the dol, then branch to that offset. And then for the GC part, the value had to be patch a few times, so I had to use a few more patches to copy the loaded Title ID over to those few areas too.

    So, like I said, by default, those are the 2 channels that the hacks boot, but you can change them to any full Title ID you have installed on your Wii, and the Disc Channel will boot it.

    Here is an example pack containing:
    - the 2 example hidden channel Wads (both made with HideandSeek v0.9)
    - a hacks.ini with the 4 hacks for 4.1, 4.2, and 4.3 (all regions) already put into it (plus the regular hacks for those sysmenus)
    - and a modified priiloader 0.8 beta 2 (this version does seems to run stable under IOS249 unlike v0.7 and lower, allowing for backups to be loaded)
    NeoGamma via Disc Channel PoC Pack r4 <- LINK UPDATED. Supports Wii Gamertags now. (HCLA wad has also been removed)

    Extra links:
    A modified hacks.ini by AbdallahTerro - with support for patched System Menu versions v54449 (patched 4.1U) and v54450 (patched 4.1E) for anyone who may need it.
    Source for modified apps to comply with GPL:
    NeoGamma R9 b56 Autoboot MOD r4 source <- Updated to MOD r4
    priiloader v0.8 beta 2 MOD source <- Link has been updated! (fixes a silly bug in the "System Menu Hacks" menu)

    Now to get this working on your own Wii. :D

    Required items:
    1. System Menu version 4.1, 4.2 or 4.3 installed
    2. Ability to run homebrew (HBC installed) from SD card
    3. Ability to install fakesigned wads
    4. The above PoC pack
    5. (optional) cIOS249 to load backups

    How to:
    1. grab the PoC pack linked to above, and extract it to the root of your SD card.
    2. load up your favorite wad managing app, and use it to install the example sd:\wad\HNCA.wad (and optionally HCLA.wad if you want to test out the Dual Channel hack)
    3. if you have priiloader already, then you can skip this step if you do not want to overwrite the version you currently have. Load up the "priiloader v0.8b2" installer, and use it to install priiloader v0.8 beta 2. The installer should also copy the hacks.ini over to your Wii too.
    4. Now boot into priiloader by resetting or switching on the wii, but while holding down RESET button as you boot it up, to access priiloader menu. When in the menu, go to "Settings", and then set "Use Classic hacks.ini" to "on". Save settings. If you are using certain versions of priiloader (v0.6 and v0.7 AFAIK), it might not find the hacks.ini on sd root. To get these versions of priiloader to read it, move it from sd:\hacks.ini to sd:\apps\priiliader\hacks.ini
    5. Now go back to priiloader's main menu, and select "System Menu Hacks". Enable hacks you may like (such as region free everything, and block disc updates), then enable ONE of the Disc Channel hacks that you wish to test out. Save settings. NOTE: NEVER enable more than one of these Disc Channel hacks at a time! If you wish to try out another one, you must first disable the currently enabled one.

    This will now allow the Disc Channel to load HNCA (NeoGamma autoboot, which I dubbed "NeoCORP" :P) when you boot a disc (or HNCA for WIi discs and HCLA (CFG USB Loader MOD with DML support) for GC discs if you are testing out the Dual Channel hack). HCLA wad no longer included.

    6. (optional step - Only do this if you are using specifically the above linked priiloader v0.8beta2 MOD! Using any other version priiloader and doing this will make priiloader lock up!)
    - Load up priiloader once more, and go to Settings. Change the "Use System Menu IOS" to "off", then change "IOS to use for SM:" to "249". Save settings. This little extra, combined with loading the hidden autoboot NeoGamma HNCA channel, will allow you to load backup discs via the Disc Channel without cIOSCORP/DARKCORP! So it is not just retail games that benefit from this hack, backups can be loaded with this too.
    7. (optional step - for use with the Autoboot NeoGamma HNCA channel)
    - if you want to use Ocarina cheat codes in games via HNCA channel, just copy your .gct files to sd:\codes\, and then load up a game! Ocarina Cheat Codes Autocheat feature is enabled by holding A button when loading a disc.

    Also, if you want, you can "like" this on FaceBook:
    http://www.facebook....387949817885756


    ...OK! I think that explains most of it for you guys. :) now I am going to get some sleep!

    And I have a question (more like a request) now:
    is anybody interested in maybe adding a few extra modifications to the above linked NeoGamma autoboot source (such as Wiinnertag/DUTag support <- DONE., or saving config to NAND instead of relying on a SD card)? I believe these features would be very nice to use via Disc Channel, but I do not know how to add these features myself...

    Goodnight gbatemp!
    And as usual... Enjoy!
    gburgue, VatoLoco and SifJar like this.


    • Member

    DJPlace BREAKING NEWS!! i don't give a ****!!

    Member Since:
    Apr 16, 2008
    Message Count:
    4,037
    Country:
    United States
    i'm going stick to the darkcorps and the only reason why is so i can still play my RB/GH/JD music through my sd card. but this still looks good. if i did have a different wii i would try this.
    • Member

    AbdallahTerro da KiNG

    Member Since:
    Jan 14, 2012
    Message Count:
    3,593
    Location:
    Ideas factory :)
    Country:
    Lebanon
    can't wait to test this on my 4.1 PAL v54450 Wii
    Nice stuff :)
    • Member

    SifJar Not a pirate

    Member Since:
    Apr 4, 2009
    Message Count:
    6,022
    Country:
    United Kingdom
    In case someone else wants to port, and wants to save a little time, here's what I got for the original values at each offset:


    WARNING! Spoilers inside!


    Sadly without ASM knowledge I can't do anything more than that, not sure which offset is the branch command or where the BC stuff is overwritten.

    Hopefully this is a little use to someone though, if anyone else capable of porting the hacks comes online before damysteryman ports and posts the hack for other SMs/regions.
    • Member

    XFlak Considering Wii-tirement...

    Member Since:
    Sep 12, 2009
    Message Count:
    9,093
    Location:
    Ontario
    Country:
    Canada
    I found your voiceover as interesting as the hack itself :P

    great job!
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    4.3K port:
    Single Channel
    Code:
    [Disc Channel -> NeoGamma! (HNCA)]
    version=518
    offset=0x81667E80,0x81667E84,0x81667E88,0x81667E8C,0x81667E90,0x8137B9A8,0x8137B9AC,0x8137B9F8,0x8137B9FC,0x8137BA48,0x8137BA4C,0x8137B2AC,0x8137B998
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x482ECBD5,0x482EC4E9
    Dual Channel
    Code:
    [Disc Channel:  Wii -> HNCA  GC -> HCLA]
    version=518
    offset=0x81667E80,0x81667E84,0x81667E88,0x81667E8C,0x81667E90,0x81667E94,0x81667E98,0x81667E9c,0x81667EA0,0x81667EA4,
    0x8137B9A8,0x8137B9AC,0x8137B9F8,0x8137B9FC,0x8137BA48,0x8137BA4C,0x8137B2AC,0x8137B998
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x3F200001,0x3B390008,0x3F004843,0x3B184C41,0x4E800020,
    0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x482ECBD5,0x482EC4FD
    4.3U port:
    Single Channel
    Code:
    [Disc Channel -> NeoGamma! (HNCA)]
    version=513
    offset=0x81693820,0x81693824,0x81693828,0x8169382C,0x81693830,0x8137C614,0x8137C618,0x8137C664,0x8137C668,0x8137C6B4,0x8137C6B8,0x8137BF18,0x8137C604
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x48317909,0x4831721D
    Dual Channel
    Code:
    [Disc Channel:  Wii -> HNCA  GC -> HCLA]
    version=513
    offset=0x81693820,0x81693824,0x81693828,0x8169382C,0x81693830,0x81693834,0x81693838,0x8169383C,0x81693840,0x81693844,
    0x8137C614,0x8137C618,0x8137C664,0x8137C668,0x8137C6B4,0x8137C6B8,0x8137BF18,0x8137C604
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x3F200001,0x3B390008,0x3F004843,0x3B184C41,0x4E800020,
    0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x48317909,0x48317231
    4.3J port:
    Single Channel
    Code:
    [Disc Channel -> NeoGamma! (HNCA)]
    version=512
    offset=0x816C2F28,0x816C2F2C,0x816C2F30,0x816C2F34,0x816C2F38,0x8137BAC8,0x8137BACC,0x8137BB18,0x8137BB1C,0x8137BB68,0x8137BB6C,0x8137B3CC,0x8137BAB8
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x48347B5D,0x48347471
    Dual Channel
    Code:
    [Disc Channel:  Wii -> HNCA  GC -> HCLA]
    version=512
    offset=0x816C2F28,0x816C2F2C,0x816C2F30,0x816C2F34,0x816C2F38,0x816C2F3C,0x816C2F40,0x816C2F44,0x816C2F48,0x816C2F4C,
    0x8137BAC8,0x8137BACC,0x8137BB18,0x8137BB1C,0x8137BB68,0x8137BB6C,0x8137B3CC,0x8137BAB8
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x3F200001,0x3B390008,0x3F004843,0x3B184C41,0x4E800020,
    0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x7F04C378,0x7F23CB78,0x48347B5D,0x48347485
    • Newcomer

    leo.uff New Member

    Member Since:
    Sep 23, 2010
    Message Count:
    31
    Country:
    Brazil
    How can it be ported to hacks_hash.ini file?
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    Well, porting it to hacks_hash.ini can be done, but there are some values in the hack which are different for every System Menu, meaning the "One patch fits all" approach that hacks_hash.ini is designed for will not work for it, so there is not real need to port it to hacks_hash.ini at this time. I have also not had much experience with porting to hacks_hash.ini, so I am sticking with classic hacks.ini porting for now... possibly in the future I could try porting it, but no clue when.

    Also everyone, first post has been updated with full 4.3 support! (all 4 regions of 4.3 that is)
    4.2 support is coming next, then 4.1.
    • Newcomer

    leo.uff New Member

    Member Since:
    Sep 23, 2010
    Message Count:
    31
    Country:
    Brazil
    When I use single channel version It loads neogamma for WII and GC games. There is a way to use neogamma for WII games but disc channel for GC games? I have GC discs that cannot be played.

    *sorry for my engish*
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    Well, I can edit the hack to do that... when I am finished porting the 2 existing hacks, I will be able to make a Wii only one and a GC only one after that.

    Which system menu version are you currently using?
    • Newcomer

    leo.uff New Member

    Member Since:
    Sep 23, 2010
    Message Count:
    31
    Country:
    Brazil
    Neogamma is unnecessary for GC games, so I think its will be the best option. I would be grateful for this option. You're doing a good job.
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    Well not necessarily... playing import GC games may require video mode patching to load, just like Wii games, and ocarina cheat support for GC discs can be useful too.

    Also, I edited my previous post for you.
    • Newcomer

    leo.uff New Member

    Member Since:
    Sep 23, 2010
    Message Count:
    31
    Country:
    Brazil
    4.3 U
    • Member

    DJPlace BREAKING NEWS!! i don't give a ****!!

    Member Since:
    Apr 16, 2008
    Message Count:
    4,037
    Country:
    United States
    i wonder if this will be safer then darkcorp?
    • Newcomer

    leo.uff New Member

    Member Since:
    Sep 23, 2010
    Message Count:
    31
    Country:
    Brazil
    I forgot that neogamma can play GC with some special settings. I´m not using the SD card with "neogamma" folder settings, maybe that's why the GC games didn't work.
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    Yes. Using this, along with using priiloader to load the sysmenu under IOS249 (use the v0.8b2 that I posted to prevent lockups), and you can load backup discs via Disc Channel, without the need for heaps of cIOS.
    • Member

    DJPlace BREAKING NEWS!! i don't give a ****!!

    Member Since:
    Apr 16, 2008
    Message Count:
    4,037
    Country:
    United States
    ok i'm going ask this and i said it earlier in my first post on this topic. is there going be a way to be able to play DLC music through this. like GH/RB/JD or do you think it's not possbile?
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    Try this one:
    Code:
    [Disc Channel -> HNCA (Wii disc ONLY)]
    version=513
    offset=0x81693820,0x81693824,0x81693828,0x8169382C,0x81693830,0x8137BF18
    value=0x3F200001,0x3B390008,0x3F00484E,0x3B184341,0x4E800020,0x48317909
    Is NeoGamma / USB loaders incompatible with those games' DLC?
    I would have to find out how that DLC stuff works before I can try to get it working. I believe there was a program floating around somewhere that could reencrypt the music DLC to be compatible with cIOS249 and loaders... but that is all I know about the music DLC stuff ATM...
    • Newcomer

    leo.uff New Member

    Member Since:
    Sep 23, 2010
    Message Count:
    31
    Country:
    Brazil

    Worked! Thanks man!
    • Member

    damysteryman I am too busy IRL these days...

    Member Since:
    Oct 4, 2007
    Message Count:
    1,177
    Country:
    Antarctica
    No problem :)

    And also... everyone... BIG UPDATE!
    Hack porting is complete! The first post has been updated with hacks for 4.1, 4.2, and 4.3 for all 4 regions!
    2 more hack variations have been added too!
    Be sure to redownload the PoC pack with the updated hacks.ini!

Share This Page