# Hot: Wii Homebrew Loader!



## Costello (Feb 19, 2008)

*Hot: Wii Homebrew Loader!*
ELF Loader by Team Twiizers
              Remember the news that was broken just a few days ago? Well, that's it! *Team Twiizers* have just released the very first ELF Loader for Wii, exploiting the Zelda savegame hack.
You can even download a homebrew Tetris game to run from your SD card!



			
				Explanation on the Zelda savegame hack @  Wiibrew.org said:
			
		

> The Twilight Hack works by employing a lengthly character name for the horse in the game ('Epona') in order to facilitate a stack smash. This gets triggered when talking to the man next to you when you start the savegame as he loads the name to use it in his dialog or upon entering the next zone when the game loads the horse for you to ride.


Well what can we say? Congratulations to Team Twiizers for their amazing work, and let's hope some nice Wii homebrew will pop up in a near future!
Stay tuned on GBAtemp.net as we will do our best to cover *Wii homebrew news*!







 Check the Wiki page on Wiibrew.org for details and downloads





 Click here for discussion & comments!

Thanks to maikelsteneker for the tip. Digg this article!


----------



## fischju (Feb 19, 2008)

Is this a "soft" hack? IE, do you need a chip?


----------



## ganons (Feb 19, 2008)

no chip needed


----------



## hergipotter (Feb 19, 2008)

Very nice, let's hope for great homebrew in the next weeks =]


----------



## fischju (Feb 19, 2008)

VERY awesome then. The Wii has a massive base, hopefully in the next few months we see emulators, media players, and maybe even backup loaders!


----------



## Salamantis (Feb 19, 2008)

Woah, huge progress. Can't wait for more!


----------



## Vater Unser (Feb 19, 2008)

QUOTE(offtopic84 @ Feb 19 2008 said:


> Is this a "soft" hack? IE, do you need a chip?


All you need is an SD gecko or similar adapter for your SD card to fit into the gamecube memory card slot...
I'll wait until they find a way to access the built-in SD card reader..

I hope this will lead to a full Wii hack eventually...until then a semi-brick remover and dual-channel-remover would be much appreciated  
	

	
	
		
		

		
		
	


	




PS: what happened to the other Wii hack from the "backdoor eins" guy? IIRC it'd allow you to decode Wii ISOs and re-sign them...that way it should be possible to create a homebrew loader disc that doesn't need any savegame trickery...


----------



## Rock Raiyu (Feb 19, 2008)

This is awesome. Step closer to some awesome Wii Homebrew.


----------



## Lumstar (Feb 19, 2008)

One word is needed for this to reach epic win status: MAMEWii


----------



## martin88 (Feb 19, 2008)

That's great news. Hopefully softmod will be out soon.


----------



## mcj (Feb 19, 2008)

I don't want to sound negative ... but I seriously doubt there will be a MAMEWii anytime soon. Softmod in the future maybe, but most of you are really having high hopes.  It's not as simple as OMG EXPLOIT UNSIGNED CODE now we have SOFTMODS and WII Media Center!!1

Again, not trying to be an ass. But you all need to be a bit realistic here.


----------



## Dylaan (Feb 19, 2008)

QUOTE said:
			
		

> Load the supplied demo.elf file onto the SD card, starting at sector 2048; in other words, the 1 MB mark.Â On a Unix system (Linux, Mac OS X, FreeBSD, etc), you can accomplish this with a command such as 'dd if=demo.elf of=/dev/diskname bs=512 seek=2048'.


Ok then, how exactly does one go about this using Windows? 
	

	
	
		
		

		
		
	


	




 Excuse my ignorance, but I'd like to give it a try! Will it work with other ELF files or only tetris?


----------



## Vater Unser (Feb 19, 2008)

QUOTE(theclaw @ Feb 19 2008 said:


> One word is needed for this to reach epic win status: MAMEWii


Yeah, MAME definitely lacks some decent console ports...especially now that MAME32 is dead  
	

	
	
		
		

		
		
	


	




Personally I'm more looking forward to emulators with "lightgun" support (Nyko Perfect Shot + calibration option = fuck yeah), but I guess that'll take at least another year to happen, if at all (but seeing how there even were emulators with actual lightgun support on the XBox, why not?)...playing games like Mario Paint or Cannon Fodder with the Wiimote should be fun...
Needless to say, a ScummVM port would be kick-ass 

But also consider the possibilities of homebrew games...headtracking on the Wii might finally become reality  
	

	
	
		
		

		
		
	


	



Maybe some ambitioned homebrew devs might even take their time to create games (or demos) that demonstrate the Wiimote's true potential (think about games with controls similar to Jurassic Park: Trespasser's or  Die by the Sword's, only in 3D thanks to the Wiimote [click links for descriptions of the controls])
Of course, that's a bit much to ask for from homebrew developers, but who knows, if someone creates some demo game with 3D controls that _work_, it might inspire a commercial developer to adapt these controls in their games (which I was expecting from the Wii controls in the first place 
	

	
	
		
		

		
		
	


	




 )


----------



## TaMs (Feb 19, 2008)

Nice loading from sd card. No need to waste dvd's for tetris or something like that


----------



## bobrules (Feb 19, 2008)

sounds good, hopefully they will make the wii play backups.


----------



## HaloBenish (Feb 19, 2008)

a port of the GC dvd player app would be nice


----------



## Twiffles (Feb 19, 2008)

It soon gets exploited so much people can run back-ups with this alone. >_>
I'll go try it on both my Wiis now.


----------



## xJonny (Feb 19, 2008)

It's a step in the right direction, even if some things aren't possible yet.


----------



## modshroom128 (Feb 19, 2008)

H0T NEWEZ


----------



## triassic911 (Feb 19, 2008)

I just want a back up loader.... My friends don't want modchips lol.


----------



## Brouhaha (Feb 19, 2008)

Excellent news! Is there a homebrew SDK effort started or shaping up to?


----------



## jalaneme (Feb 19, 2008)

soon enough it will be blocked by nintendo with a new firmware update, thats why i'm not too excited about it.


----------



## dualscreenman (Feb 19, 2008)

How are you going to patch a game executable on a non-rewritable disk?

I'd be more worried about them making a new version that doesn't have this exploit.


----------



## Rayder (Feb 19, 2008)

QUOTE(jalaneme @ Feb 19 2008 said:


> soon enough it will be blocked by nintendo with a new firmware update, thats why i'm not too excited about it.



I was just about to say the same thing.

Backups would be the only thing I'd be interested in, not so much for homebrew.  While there has been some decent homebrew on the DS (for example) I consider most of it crap. I'm guessing the same will go for Wii homebrew.

If someone could find a way to run backups without a MOD chip, and make it where Ninty couldn't stop it from happening, then I might actually consider buying a Wii myself.


----------



## JPH (Feb 19, 2008)

Holy shit...maybe I shouldn't have got the Wiikey 
	

	
	
		
		

		
			





Great news, Team Twiizers is awesome!


----------



## jalaneme (Feb 19, 2008)

QUOTE(dualscreenman @ Feb 19 2008 said:


> How are you going to patch a game executable on a non-rewritable disk?
> 
> I'd be more worried about them making a new version that doesn't have this exploit.



they wouldn't need to change the code on the disc itself, they will change how the gamesaves are loaded and saved, also they can change how the Wii system works, nintendo were fast enough to block the freeloaders and action replays on the Wii, so there is no question as what nintendo can do, just don't keep your hopes up yet.


----------



## fischju (Feb 19, 2008)

QUOTE(Rayder @ Feb 19 2008 said:


> QUOTE(jalaneme @ Feb 19 2008 said:
> 
> 
> > soon enough it will be blocked by nintendo with a new firmware update, thats why i'm not too excited about it.
> ...



And this will turn the Wii into the Dreamcast. $10 for an SD adapter and get unlimited free games.


----------



## dualscreenman (Feb 20, 2008)

QUOTE(jalaneme @ Feb 19 2008 said:


> QUOTE(dualscreenman @ Feb 19 2008 said:
> 
> 
> > How are you going to patch a game executable on a non-rewritable disk?
> ...


Yeah, except for the code that loads gamesaves is on the disc itself. 
	

	
	
		
		

		
		
	


	




Also, a blacklist such as the one used for Datel products isn't that much of a technological feat, and wouldn't work in this case without banning Zelda entirely.


----------



## asher (Feb 20, 2008)

QUOTE said:
			
		

> This is awesome. Step closer to some awesome Wii Homebrew.



but there is wii homebrew already...

now where´s the nes emulator?


----------



## DrKupo (Feb 20, 2008)

The only wii homebrew that virtually anyone will run is the backup loader.


----------



## DarkCamui (Feb 20, 2008)

Would be nice if this would allow us to play any Virtual Console game ripped from a Wii which has Virtual Console games.


----------



## turtleman (Feb 20, 2008)

What are the chances of there being a patch that lets you load via the built in SD Slot?


----------



## Foie (Feb 20, 2008)

YES!  
	

	
	
		
		

		
		
	


	










Let's hope this is the start to a great Wii homebrew scene!  
	

	
	
		
		

		
		
	


	




BTW, in the shoutbox, I guessed that the first homebrew would be a point and click game, but I *almost* guessed a tetris game.  Too bad...


----------



## Heran Bago (Feb 20, 2008)

QUOTE(jalaneme @ Feb 19 2008 said:


> QUOTE(dualscreenman @ Feb 19 2008 said:
> 
> 
> > How are you going to patch a game executable on a non-rewritable disk?
> ...


Saving and loading functions are on the disc which can't be patched. It would be quite a hassle if teh game had to refer to the bios every time it wanted to read data from a save file, no?

It is still possible to get around this of course. Nintendo could make an update that won't boot old copies of TP and send out free replacement discs. Not likely, but technically possible.


I've never seen jalaneme post in a topic without trying to crap all over it. I know you like being as negative as possible, but think before you type.


----------



## Alastair (Feb 20, 2008)

QUOTE(Heran Bago @ Feb 19 2008 said:


> QUOTE(jalaneme @ Feb 19 2008 said:
> 
> 
> > QUOTE(dualscreenman @ Feb 19 2008 said:
> ...



They could force the Wii to scan Zelda (or all) save files to search for modification before booting the game. They could cripple this one method by only scanning a Zelda save to see if Epona's name is appropriate but I'm sure they'd be able to come up with something, a way to encrypt saves so that modification could be detected perhaps? Maybe not for all games but disabling this exploit is totally within Nintendo's power! 
	

	
	
		
		

		
		
	


	




I'm not trying to "crap all over" the thread either - I thought before I typed.


----------



## Heran Bago (Feb 20, 2008)

QUOTE(Alastair @ Feb 19 2008 said:


> QUOTE(Heran Bago @ Feb 19 2008 said:
> 
> 
> > QUOTE(jalaneme @ Feb 19 2008 said:
> ...



Ah, I hadn't thought of that cat-and-mouse game between finding overflows (other names in zelda) and checking them through system. It's always possible, but I doubt it's Nintendo's bag. Plus now that discs are editable (to the same extent save files are; still not to the general public) who's to say folks can't create or embed their own overflows?

Also, I wasn't saying you were crapping, I was talking about jalaneme. (...Unless you're an alternate account...) That girl's head can be in the right place but her heart just can't.


----------



## Tripp (Feb 20, 2008)

Fricking great news, bring on the homebrew...


----------



## _mrshl_ (Feb 20, 2008)

QUOTE(Vater Unser @ Feb 19 2008 said:


> PS: what happened to the other Wii hack from the "backdoor eins" guy? IIRC it'd allow you to decode Wii ISOs and re-sign them...that way it should be possible to create a homebrew loader disc that doesn't need any savegame trickery...



I think your "backdoor eins"-guy is *tmbinc*. And well Team Twiizers consists (as far as I know) of tmbinc, Segher and Bushing 
	

	
	
		
		

		
		
	


	




.


----------



## tjas (Feb 20, 2008)

I spoke to segher he said he didn't have to put any anti-piracy tweeks in it, because it already did it out itself... so he said it won't be possible to create boot loader... damn


----------



## bluebright (Feb 20, 2008)

This is so clever. I love how the community can come up with these things. Makes me feel dumb though.


----------



## adamrgolf (Feb 20, 2008)

Epona is a trojan horse!


----------



## jalaneme (Feb 20, 2008)

QUOTE(dualscreenman @ Feb 20 2008 said:


> Yeah, except for the code that loads gamesaves is on the disc itself.
> 
> 
> 
> ...



i'm not trying to be negative at all, i'm just saying don't get too excited yet because nintendo could block this exploit.


----------



## dualscreenman (Feb 20, 2008)

QUOTE(Alastair @ Feb 19 2008 said:


> QUOTE(Heran Bago @ Feb 19 2008 said:
> 
> 
> > QUOTE(jalaneme @ Feb 19 2008 said:
> ...



Well, a save file is going to be different every time you save, so searching for any sort of modification wouldn't work.
Searching for changes to Epona's name every time the Wii is booted may be the only way that NIntendo could stop the hack, though tbh, I just get this feeling that they won't do that (I know, neither logical nor debate material.) 
Encryption wouldn't work since you can't patch the game, and the game wouldn't be expecting encryption.

@jalaneme
The savefile carries some bad data that triggers faulty loading code on the disc. That's the best way to think of it.


----------



## MaHe (Feb 20, 2008)

While the exploit might be patchable, they can't do it until you manually update the firmware ...


----------



## arctic_flame (Feb 20, 2008)

QUOTE(gth44331 @ Feb 19 2008 said:


> QUOTE said:
> 
> 
> 
> ...



Not really. You have to copy the game save from the SD card to the Wii. Just block the exploit's signature then. done.


----------



## Bob Loblaw (Feb 20, 2008)

Yep not to mention this already doesn't work on every copy of zelda tp.


Side note: I wonder how many people went out and bought zelda twilight princess and an SD gecko so they could play tetris..


----------



## Shuny (Feb 20, 2008)

QUOTE(dualscreenman @ Feb 19 2008 said:


> How are you going to patch a game executable on a non-rewritable disk?
> 
> I'd be more worried about them making a new version that doesn't have this exploit.


Just download an old TLOZ TP Iso


----------



## dualscreenman (Feb 20, 2008)

@arctic_flame
Change the Epona string to something different, then.Since the hack requires a longer-than-normal string of characters, there are a near infinite number strings that would crash the game. As such, there would be near infinite save file signatures that would have to be blocked for that to work.


----------



## Keylogger (Feb 20, 2008)

You can use this tool to convert any DOL file to an ELF file.

GCOS and EMUs should work I think


----------



## Sinkhead (Feb 20, 2008)

QUOTE(dualscreenman @ Feb 20 2008 said:


> @arctic_flame
> Change the Epona string to something different, then.Since the hack requires a longer-than-normal string of characters, there are a near infinite number strings that would crash the game. As such, there would be near infinite save file signatures that would have to be blocked for that to work.


Can't they just check if the name is longer than a certain number of characters?


----------



## jpxdude (Feb 20, 2008)

i'm trying to put the tetris.elf (renamed to demo.elf) on the SD card using the dd command in Terminal (OS X) 

I have the elf file on the OS X desktop, and mounted my SD card called 'poo'  When I try to put the DD command as specified in the README file of the hack, it won't work, either spits a 'Permission Denied' or 'Is a directory' error..

Can anyone help out please?


----------



## dualscreenman (Feb 20, 2008)

@sinkhead
Yeah, I already conceded that this is probably the only possible way that the hack could be patched.

But, as I said in my previous post, I don't really think that the big N will take such measures to prevent a hack that poses no piracy threat (as of yet, heh heh). Something tells me that they just wouldn't go to the bother of modifying the SD  Wii copying mechanism to check for a particular malformed save file. I believe they'd just be more likely to fix the exploit in newer versions of TP.

Eh, I don't know. I suppose we'll see what comes of this. Even if they do patch the copying mechanism, this will only stop us if we update. Also, all that is needed is for another exploit to be found. A few trifling firmware patches never stopped PSP homebrew! >:3

So in conclusion, long live Wii homebrew!


----------



## webjedi (Feb 20, 2008)

So to do this Wii hack I need to find a horse and talk to some man?!?!  Number one - will any horse do?  Any special breed?  And must it be a "man" or will a young boy do?

Thanks for any insight.


----------



## dualscreenman (Feb 20, 2008)

The exploit/savefile will put you right where you need to be.


----------



## KirbyPink (Feb 20, 2008)

I don´t get it? What does this actually do?  
	

	
	
		
		

		
		
	


	



I read it 5 times and i still don´t get it.  Anyone mind explain it?


----------



## imgod22222 (Feb 20, 2008)

So how did they write the tetris (i havent tested it yet) did they use the leaked wii SDK or do they have their own library or are they using the PPC library thats out for GC?


----------



## superrob (Feb 21, 2008)

Time to get myself a Gamecube SD card reader


----------



## cubin' (Feb 21, 2008)

So does this mean we'll be seeing a fair bit of homebrew? Or are their eXtreme restrictions?


----------



## superrob (Feb 21, 2008)

Well max file size of 8MB


----------



## jpxdude (Feb 21, 2008)

QUOTE(jpxdude @ Feb 20 2008 said:


> i'm trying to put the tetris.elf (renamed to demo.elf) on the SD card using the dd command in Terminal (OS X)
> 
> I have the elf file on the OS X desktop, and mounted my SD card called 'poo'  When I try to put the DD command as specified in the README file of the hack, it won't work, either spits a 'Permission Denied' or 'Is a directory' error..
> 
> Can anyone help out please?



Has anyone actually tried to run the Tetris, or even the demo elf?  I'm attempting to do so as per the instructions in the README, but I can't get the file (tetris.elf/demo.elf) dumped onto the SD card.  I've tried using Terminal with the DD command.  Anyone else had any success/words of wisdom they'd like to share?

-Edit: I have a Zelda working with the hack itself, and an SD Gecko.  Just need to know how to DD the file to the SD card.  Thanks in advance for any help!

-+Edit: Nevermind! I got it working using DD for windows eventually, the tetris.elf works brilliantly 
	

	
	
		
		

		
		
	


	




  This is the real deal!  I can't wait to see what else comes next


----------



## quadomatic (Feb 22, 2008)

QUOTE(Bob Loblaw @ Feb 20 2008 said:


> Yep not to mention this already doesn't work on every copy of zelda tp.
> 
> 
> Side note: I wonder how many people went out and bought zelda twilight princess and an SD gecko so they could play tetris..



How do you know which one's do? Will it work if the copy of it you have was bought in December of 06?


----------



## pubjoe (Mar 2, 2008)

Works for me.


----------

