# Introducing: LetterBomb (the letter from heaven)



## TLSS_N (Aug 9, 2011)

Up until now the only way to liberate your Wii console and enable the use of homebrew with System Menu 4.3 was to use a gamedisc based exploit such as “BatHaxx”, “Return of the Jodi” and others.

Today we are announcing a project that changes this completely and removes the requirement for an exploitable game.

In memory of *BannerBomb*, we present you with LetterBomb , a brand new System Menu exploit that will allow you to enable homebrew with the push of an envelope  (no stamp licking involved)

This exploit reuses (and abuses) some of some Nintendo’s Wii Messageboard functionality. 

You will need:

A Wii running System Menu 4.3 (E/U/J/K)
A SD(HC) card with some free space
Your Wii’s WiFi MAC Address (available from your Wii’s system settings). This is needed because the Wii will only accept messages addressed to its specific MAC address.
A few minutes of your time
For this very special occasion we have created an easy-peasy webpage that takes away some of the pain that is usually involved with getting homebrew onto your system:

http://please.hackmii.com


This webpage will ask you for some necessary information (such as your System Menu region and MAC address), and  will then return a nicely packaged ZIP file that is ready for extraction to the root of your SD card. Simple eh?

All that is missing from that point is a boot.elf/boot.dol file (that you will need to place in the root of your card), and you should be good to go. For your convenience we have an option to prepackage and bundle the HackMii Installer boot.elf (this is enabled by default).

*So, how do I do this*?

Simple…. once you’ve unzipped the file to your SD card (and inserted it) just navigate to the “messageboard” on your Wii and in the default view you should browse to “yesterday” (the place where you usually see yesterday’s messages) – sometimes this may be “today” or “two days ago” (this depends on the timezone you are in).

From this view you will be presented with a small envelope (that should obviously stand out against the rest of your plain old boring ones), click it, kick back, twiddle your thumbs (the Brits among you, go and make a cup of tea) cross your fingers and hope it worked. 

*DISCLAIMER*: We are aware of a similar exploit by giantpune (good work!), but as of today this has not been released. In anticipation of its release we decided to reverse engineer, hack and implement something ourselves. [/p]

source

nice...


----------



## TheDreamLord (Aug 9, 2011)

EPIC THANKS SO MUCH


----------



## chyyran (Aug 9, 2011)

This is great, but I wonder how this will affect giantpune's release..


----------



## SamAsh07 (Aug 9, 2011)

Hackers love exploiting the Wii don't they? It's at the end of its life and the poor thing still didn't find the light at the end of this tunnel.

We can safely assume, the Wii will be...._Hacked till Death_ Or worse, even _after_ death.


----------



## _Chaz_ (Aug 9, 2011)

So we no longer need a copy of a certain game disc? Nice.


----------



## Slyakin (Aug 9, 2011)

Man, this reminds me of the Bannerbomb from quite a while ago; I would have hated to need a game to hack my Wii.


----------



## Deleted member 473940 (Aug 9, 2011)

_Chaz_ said:
			
		

> So we no longer need a copy of a certain game disc? Nice.


Looks like it.
Thats pretty coooooool!
now, people wont be ripping you off by selling Lego Indiana Jones for £50+


----------



## Midna (Aug 9, 2011)

Bah, I just used SmashStack to hack someone's Wii yesterday. I had to transfer off 40 custom stages.


----------



## VashTS (Aug 9, 2011)

I hope pune approved this...if not hes gonna be mad


----------



## cwstjdenobs (Aug 9, 2011)

VashTS said:
			
		

> I hope pune approved this...if not hes gonna be mad
> 
> QUOTEDISCLAIMER: We are aware of a similar exploit by giantpune (good work!), but as of today this has not been released. In anticipation of its release we decided to reverse engineer, hack and implement something ourselves.


----------



## Midna (Aug 9, 2011)

inb4 system menu 4.4 comes out next week, with "security upgrades".


----------



## cwstjdenobs (Aug 9, 2011)

Midna said:
			
		

> inb4 system menu 4.4 comes out next week, with *"behind the scenes performance improvements"*.



Fix'd, lol. So behind the scenes they slow the systems bootup down.


----------



## woffi63 (Aug 9, 2011)

I think, it is no good idea to enter my Wii MAC-adress on any websites!!!


----------



## Midna (Aug 9, 2011)

woffi63 said:
			
		

> I think, it is no good idea to enter my Wii MAC-adress on any websites!!!


It's hackmii, man. They could have screwed you a hundred times over with the Twilight hack, HBC and all their other stuff. If you don't trust them, I'd wipe the HBC from your Wii stat. it could be doing anything.


----------



## Devin (Aug 9, 2011)

Sweet. USB _*Backup*_ Loading here I come.


----------



## Tonitonichopchop (Aug 9, 2011)

A lot of people I know will be happy to use this.


----------



## Bladexdsl (Aug 9, 2011)

Midna said:
			
		

> inb4 system menu 4.4 comes out next week, with "security upgrades".


i think the wiis updates days are over


----------



## Nujui (Aug 9, 2011)

It's just like BannerBomb, nice.

4.4 incoming.


----------



## NoOneDies (Aug 9, 2011)

Impressive! I'm not too sure whether to say at 4.2 or upgrade to 4.3 and test it.


----------



## JoostinOnline (Aug 9, 2011)

Slyakin said:
			
		

> Man, this reminds me of the Bannerbomb from quite a while ago; I would have hated to need a game to hack my Wii.


Lol, I feel old.  I used the twilight hack before the HBC was released.


----------



## Hydreigon (Aug 9, 2011)

Awesome! I wanted to hack my Wii for quite some time. (wonder why I didn't though, lol.)


----------



## Satangel (Aug 9, 2011)

It just gets easier by the day doesn't it? Amazing stuff, thanks so much to everybody involved. This must be one of the easiest consoles to hack ever made.


----------



## arogance1 (Aug 9, 2011)

Coming Soon - System Menu 4.4 that allows you to play backup games off USB and Backup Disc, whilst also enabling DVD filem playback natively so that the hackers have nothing left to do


----------



## Wizerzak (Aug 9, 2011)

They wanted grannies playing on the Wiis? They've now got grannies modding their Wiis!


----------



## Snailface (Aug 9, 2011)

NoOneDies said:
			
		

> Impressive! I'm not too sure whether to say at 4.2 or upgrade to 4.3 and test it.


I just did this for the fun of it since my wii's already hacked.

It's incredibly easy. (and fun) 
	

	
	
		
		

		
		
	


	




You shouldn't worry so much -- you're wii's in good hands with Team Twizzers!


----------



## g4jek8j54 (Aug 9, 2011)

JoostinOnline said:
			
		

> Slyakin said:
> 
> 
> 
> ...



Same here.  I remember the hassle of having to boot up Twilight Princess to try things like the Genesis Plus and SNES9X emulators.  I remember that the first version of SNES9X that I tried could only play one game at a time.  Hard to believe how far the Wii hacking scene has come.

Nowadays, on the rare occasion that I actually use the Wii, I just use BootMii as boot2 to boot directly into the Homebrew Channel.


----------



## metamaster (Aug 9, 2011)

Team Twiizers never ceases to amaze. And they've even put the time to make a nice webpage. This is the easiest hack since jaibreakme.


----------



## hanibel (Aug 9, 2011)

So they have time to "reverse engineer, hack and implement" this hack and couldn't get a simple fix for the network init function of the hbc done in nearly a year? Give me a break, this team is as ridiculous as they're user data-hungry. A simple pc tool for self-signing the binary would have been perfectly fine. As if that were not enough, the exploit only works on this useless 4.3 system menu.


----------



## impizkit (Aug 9, 2011)

hanibel said:
			
		

> So they have time to "reverse engineer, hack and implement" this hack and couldn't get a simple fix for the network init function of the hbc done in nearly a year? Give me a break, this team is as ridiculous as they're user data-hungry. A simple pc tool for self-signing the binary would have been perfectly fine. As if that were not enough, the exploit only works on this useless 4.3 system menu.



Somebody created an account to bitch!


----------



## hanibel (Aug 9, 2011)

Yes I did. Somebody had to speak the truth rather than join the TT ass kissing majority.


----------



## JoostinOnline (Aug 9, 2011)

hanibel said:
			
		

> As if that were not enough, the exploit only works on this useless 4.3 system menu.


ROFL, you are such an idiot.  4.3 is the only System Menu without an exploit that didn't require a disc, with the exception of 2.x which came on launch Wii's and can't use the SD card for storing channels.


----------



## Snailface (Aug 9, 2011)

hanibel said:
			
		

> Yes I did. Somebody had to speak the truth rather than join the TT ass kissing majority.


Here's the truth about TT:

They hacked the Wii (the first time included)
They hacked the PS3 (as part of team failoverflow)
They hacked the DSi.

And they never asked for a cent, and always conducted themselves with honor and integrity.

So yeah, for all that they've done, I can trust them with my worthless wii Mac address, lol.


----------



## pokemonster (Aug 9, 2011)

cut the red wire or cut the blue wire please  explain.


----------



## Snailface (Aug 9, 2011)

pokemonster said:
			
		

> cut the red wire or cut the blue wire please  explain.


Good question, I just chose the red one. Maybe its some sort of bomb joke? 
	

	
	
		
		

		
		
	


	




 I've seen a lot of movies.

Don't worry, if you choose the wrong one you won't know about it. You'll be dead.


----------



## Nujui (Aug 9, 2011)

Question, would this work on 4.2 also? I kinda want to see what this thing looks like in action, even though I already have a bannerbombed will Lol.


----------



## wrettcaughn (Aug 9, 2011)

no, it will only work on 4.3 in its current state.


----------



## machomuu (Aug 9, 2011)

hanibel said:
			
		

> So they have time to "reverse engineer, hack and implement" this hack and couldn't get a simple fix for the network init function of the hbc done in nearly a year? Give me a break, this team is as ridiculous as they're user data-hungry. A simple pc tool for self-signing the binary would have been perfectly fine. As if that were not enough, the exploit only works on this useless 4.3 system menu.


I don't really see why this is something to complain about.  They hack the systems, they're not hurting you, don't see why you complain about it..

Also, I use 4.3.  When 4.4 comes out, I'll update.  See, it's rather convenient.


----------



## shakirmoledina (Aug 9, 2011)

this does prove one thing (or some more things) that
1. hackers are always vigilant on every console that is available always searching for exploits (including the 3ds)
2. if an exploit or hack is released, it is first announced on gbatemp (or at least very early)

wonderful work by hackers to find an exploit on the message board... who even goes there


----------



## Bladexdsl (Aug 9, 2011)

hanibel said:
			
		

> Yes I did. Somebody had to speak the truth rather than join the TT ass kissing majority.


so whats your REAL account in here?


----------



## hanibel (Aug 9, 2011)

Bladexdsl said:
			
		

> hanibel said:
> 
> 
> 
> ...


I would've to 
	

	
	
		
		

		
		
	


	




 you and gbatemp if I tell.


----------



## megawalk (Aug 10, 2011)

soooooo. now i can use WAD Manager ? and if so which one ? 1.7 Official or 1.8 Unofficial ?
my mind is going nuts with options...i inquire some assistance...or a medic (Tf2 Joke)


----------



## JoostinOnline (Aug 10, 2011)

hanibel said:
			
		

> Bladexdsl said:
> 
> 
> 
> ...


Well we know you are a douche who likes to make up stuff just to tear down the accomplishments of others, so I'm going to say tueidj.


----------



## BORTZ (Aug 10, 2011)

Heh. Ive been hacked and on 4.0U for like 2 years now. No need to go to 4.3.


----------



## JoostinOnline (Aug 10, 2011)

BortzANATOR said:
			
		

> Heh. Ive been hacked and on 4.0U for like 2 years now. No need to go to 4.3.


Nobody should ever update to 4.3, but you might consider updating to 4.1 for the bug fix.


----------



## Hyro-Sama (Aug 10, 2011)

JoostinOnline said:
			
		

> BortzANATOR said:
> 
> 
> 
> ...



Well, I am thinking this is an easier option for my cousin. He has a hardmodded Wii but he broke the disc Slot. He is on 3.4 now but updating striaght to 4.3 and using this hack will be easy as pie. Plus he can probably use boot2 since he bought the Wii when it was first released.


----------



## tueidj (Aug 10, 2011)

JoostinOnline said:
			
		

> Well we know you are a douche who likes to make up stuff just to tear down the accomplishments of others, so I'm going to say tueidj.


Yeah, I made a fake account to attack the people who created this exploit... which includes myself.
Not to worry Joostin, even stupid posts like this add to your count - I'm sure if you try hard you can spout enough drivel (keep requesting those useless syschecks!) to hit 5000 by xmas.


----------



## Rydian (Aug 10, 2011)

JoostinOnline said:
			
		

> Well we know you are a douche who likes to make up stuff just to tear down the accomplishments of others, so I'm going to say tueidj.


He's not the guy with the most tact, but he's more respectable than that.


----------



## JoostinOnline (Aug 10, 2011)

Hyro-Sama said:
			
		

> JoostinOnline said:
> 
> 
> 
> ...


Updating to 4.1 during the softmod would be a lot easier and safer.


----------



## kevan (Aug 10, 2011)

why no 4.3? whats so bad about it? Sorry havnt used Wii in ages.


----------



## JoostinOnline (Aug 10, 2011)

kevan said:
			
		

> why no 4.3? whats so bad about it? Sorry havnt used Wii in ages.


4.1 was the last update to receive anything beneficial.  4.2+ were released to brick region changed Korean Wii's and block multiple types of homebrew.


----------



## tueidj (Aug 10, 2011)

4.2 fixed a long standing bug(/exploit) in the way some IOSes handled a particular key, which is used for DLC titles (among other things).
4.3 included improvements to the wifi driver in all IOSes, as well as introducing IOS58.
The only thing 4.3 blocked was bannerbomb - which means nothing now this is available.


----------



## JoostinOnline (Aug 10, 2011)

tueidj said:
			
		

> 4.2 fixed a long standing bug(/exploit) in the way some IOSes handled a particular key, which is used for DLC titles (among other things).
> 4.3 included improvements to the wifi driver in all IOSes, as well as introducing IOS58.
> The only thing 4.3 blocked was bannerbomb - which means nothing now this is available.


I was talking about the System Menu itself, which offers no benefits.  You can get everything you need on 4.1.


----------



## tueidj (Aug 10, 2011)

Or you can do it on 4.3, with the added bonus of the IOS fixes.


----------



## Z-Gear (Aug 10, 2011)

Omg the man who found that exploit is a genius , seriously a genius he must be .


----------



## JoostinOnline (Aug 11, 2011)

tueidj said:
			
		

> Or you can do it on 4.3, with the added bonus of the IOS fixes.


The IOS's work just as well with 4.1 though.


----------



## tueidj (Aug 11, 2011)

JoostinOnline said:
			
		

> The IOS's work just as well with 4.1 though.


Updating to 4.1 and upgrading the IOSes individually (or worse, downgrading the system menu) is not simpler/safer than just updating straight to 4.3. There is also no longer any advantage to using sysmenu 4.1 over sysmenu 4.3, unless you actually enjoy installing extra shit like priiloader (which has many reported cases of bricking wiis while installing/contains stolen code) to stop games nagging you to update.


----------



## cwstjdenobs (Aug 11, 2011)

tueidj said:
			
		

> (which has many reported cases of bricking wiis while *installing/contains stolen code*) to stop games nagging you to update.



Really? I didn't know that. Which parts if you don't mind me asking?


----------



## tueidj (Aug 12, 2011)

I don't mind at all - it's not as if I make stuff up or blindly repeat what others say without any evidence of my own.

The hacky way daco "fixes" the ahbprot bug is to install the old DVDX stub as a hidden title and launch it, which causes a fresh IOS to be loaded (with AHBPROT disabled since the magic TMD bit is set) and then control is passed back to the installer program so it can finish its business. The problem is that he isn't allowed to distribute the DVDX stub. See here.


			
				QUOTE said:
			
		

> +//NOTE : this is all copywrited work of marcan for DVDX. i thank him for creating this and i know its illigal for the data
> +//to be here. i need to look at how to replace the nand code myself but since the wii scene is dead
> +//and since i am close not to give a damn about the wii i can't be arsed to do it atm.
> +//this is the only part of my patch that makes it illigal since this is the only part of DVDX left in it


(Note his cute hidden message in 00000000.app which he used to overwrite the original contents (removing marcan's name in the process) after I called attention to what he was doing. Note also that if he had any clue about how things work, he'd realize 00000000.app isn't functionally required and only existed in DVDX to show who the original creator was.)


----------



## cwstjdenobs (Aug 12, 2011)

tueidj said:
			
		

> I don't mind at all - it's not as if I make stuff up or blindly repeat what others say without any evidence of my own.
> 
> I wasn't suggesting otherwise. It was a genuine question, I wasn't trying to set you up or anything, I just thought maybe you couldn't be arsed explaining it to someone who can't be arsed looking for themselves.
> 
> ...



Couldn't he have also patched the ticket, or rather simply made his own, to keep ahbprot rights too? I mean that's all DVDX was right, an empty channel with the right flags set in the ticket?

Sorry and thanks for the answer.

EDIT: Almost forgot. Also thanks to you all for working on this as well.


----------



## tueidj (Aug 12, 2011)

cwstjdenobs said:
			
		

> I wasn't suggesting otherwise. It was a genuine question, I wasn't trying to set you up or anything, I just thought maybe you couldn't be arsed explaining it to someone who can't be arsed looking for themselves.I know, I just threw that in there for Joostin.
> 
> 
> 
> ...


Not really. The title with the magic TMD bits has to be launched for them to do their magic (with ES_LaunchTitle or whatever) so the DVDX "channel" (00000001.app) has to do some tricks to give execution control back to the program that launched it. In the old days when ES_Identify was usable, it would have been enough to call it using a fakesigned TMD with the AHBPROT bit set.


----------



## hanibel (Aug 16, 2011)

tueidj said:
			
		

> 4.2 fixed a long standing bug(/exploit) in the way some IOSes handled a particular key, which is used for DLC titles (among other things).
> 4.3 included improvements to the wifi driver in all IOSes, as well as introducing IOS58.
> The only thing 4.3 blocked was bannerbomb - which means nothing now this is available.
> 
> ...



Wait, what? IOS fixes and improved wifi drivers? Can you explain these a bit more in detail? Is the system menu 4.3 required for these fixes or do they also apply on system menu 4.1 with manually updated IOSes?


----------

