Hacking Wii Mod

[Albatroz]

thx for update @[member='jskyboo']
I will test new 3.2 tomorrow.
thx

 

[Shano56]

glad to see this shit is still being worked on! This was my favorite wii modding app. Only think keeping me on MMM was the bugs in this. I think I can make my switch back

 

[JoostinOnline]

Did you update the code to check for new serial codes as well?

 

[jskyboo]

Did you update the code to check for new serial codes as well?

Yep, but so far the only part that uses it is the check for region changed korean wiis. I plan to tie it in more later especially if we can confirm those other serials.

 

[JoostinOnline]

Did you update the code to check for new serial codes as well?

Yep, but so far the only part that uses it is the check for region changed korean wiis. I plan to tie it in more later especially if we can confirm those other serials.

It sucks that everybody said they would check, but then nobody did.

 

[mauifrog]

If you wanted to check for the korean key, could you not patch whatever code is in ios 70 and 80, then run the same call system menu 4.2/4.3 makes, then have tell you if it has the korean key or not?

 

[jskyboo]

If you wanted to check for the korean key, could you not patch whatever code is in ios 70 and 80, then run the same call system menu 4.2/4.3 makes, then have tell you if it has the korean key or not?

While that is an option I believe that function just checks a value in the seeprom, which there is a library for accessing. So I'm likely going to change it to read that value in seeprom directly and then it won't matter if I have AHBPROT or not, as patching would require.

 

[Excelsiior]

small addition to database.txt:

HBF-Homebrew Filter (old)
THB-Homebrew Filter (new)

 

[air2004]

I've got a couple bug reports:
1) Priiloader will still interfere with returning to the System Menu. You need to change the code for loading the System Menu to this:

*(vu32*)0x8132FFFB = 0x50756e65; // "Pune" , causes priiloader to skip autoboot and load Sys Menu
DCFlushRange((void*)0x8132FFFB, 4); // Thanks to entropy for this line
ICInvalidateRange((void *)(0x8132FFFB), 4); // Thanks to FIX94 for this line
SYS_ResetSystem(SYS_RETURNTOMENU,0,0);

2) The News and Forecast channels have 2 parts that need to be installed. v3 is region free and should be installed on all Wii's. v7 (or v6, but that's outdated) are region specific. You should either have 2 separate categories, or just always include v3 in the install if there is a lower version.

Not sure if someone has already done this but ..... Can you make the news and forcast channel work without turning on the wifi ? Like the way homebrew works.

 

[JoostinOnline]

If you wanted to check for the korean key, could you not patch whatever code is in ios 70 and 80, then run the same call system menu 4.2/4.3 makes, then have tell you if it has the korean key or not?

In addition to what jskyboo said, that still wouldn't tell you the original region of all Wii's. I need to release the new version of CheckRegion publicly.

I hope someone can create a reliable way to check the Korean key though. MiiKorean (or whatever it was called) returned the wrong results like half the time.

 

[mauifrog]

If you wanted to check for the korean key, could you not patch whatever code is in ios 70 and 80, then run the same call system menu 4.2/4.3 makes, then have tell you if it has the korean key or not?

In addition to what jskyboo said, that still wouldn't tell you the original region of all Wii's. I need to release the new version of CheckRegion publicly.

I hope someone can create a reliable way to check the Korean key though. MiiKorean (or whatever it was called) returned the wrong results like half the time.

Installing ios80 into slot 180 and loading system menu 4.2/4.3 is a very reliable way to check for the korean key. I don't understand how an app made to check for it could miss it if it can read eeprom. You can view the darn thing with ftpii, should be simple. I guess if the app does not load with the proper permissions it just returns negative, key not found.
Other than avoiding 003 brick, why would you want to know the original region? Fix the shop channel I suppose if it had an active account on another region.

 

[JoostinOnline]

If you wanted to check for the korean key, could you not patch whatever code is in ios 70 and 80, then run the same call system menu 4.2/4.3 makes, then have tell you if it has the korean key or not?

In addition to what jskyboo said, that still wouldn't tell you the original region of all Wii's. I need to release the new version of CheckRegion publicly.

I hope someone can create a reliable way to check the Korean key though. MiiKorean (or whatever it was called) returned the wrong results like half the time.

Installing ios80 into slot 180 and loading system menu 4.2/4.3 is a very reliable way to check for the korean key. I don't understand how an app made to check for it could miss it if it can read eeprom. You can view the darn thing with ftpii, should be simple. I guess if the app does not load with the proper permissions it just returns negative, key not found.
Other than avoiding 003 brick, why would you want to know the original region? Fix the shop channel I suppose if it had an active account on another region.

That mostly. It also solves an issue with the Shop Channel in neek2o, and it can help know the original region if someone screwed up a region change.

If someone made an app that checked the SEEPROM for the Korean key correctly, CheckRegion would be far less useful, but the only existing app is so very unreliable (both my US launch Wii's are apparently Korean about 50% of the time, lol) that it doesn't tell you anything.

 

[jskyboo]

small addition to database.txt:

HBF-Homebrew Filter (old)
THB-Homebrew Filter (new)

Thanks, I'll add that to in the next release.

Not sure if someone has already done this but ..... Can you make the news and forcast channel work without turning on the wifi ? Like the way homebrew works.

Nope, unfortunately I don't know anything about decompiling titles to search for patch locations and such. But even if I did why would you want a news and forcast channel that starts up without access to the internet? Where is it going to get the news and forcast? Unless I am misunderstanding something, do they not work with the wired adaptor?

In addition to what jskyboo said, that still wouldn't tell you the original region of all Wii's. I need to release the new version of CheckRegion publicly.

I hope someone can create a reliable way to check the Korean key though. MiiKorean (or whatever it was called) returned the wrong results like half the time.

Installing ios80 into slot 180 and loading system menu 4.2/4.3 is a very reliable way to check for the korean key. I don't understand how an app made to check for it could miss it if it can read eeprom. You can view the darn thing with ftpii, should be simple. I guess if the app does not load with the proper permissions it just returns negative, key not found.
Other than avoiding 003 brick, why would you want to know the original region? Fix the shop channel I suppose if it had an active account on another region.

Well I don't yet know much about reading from the seeprom but from what I have seen so far I don't know why it would fail, reading the seeprom doesn't seem to require any special permissions or anything. But who knows, we'll see in the testing and if what Joostin says is true, well I'll just have to try to figure out why it fails sometimes. But I would rather read it directly, installing a temp IOS would be WAY too slow, patching the currently running IOS is an option but the alternatives are much easier. As for why you might want to know the original region, well for the anyregion changer portion, if the Wii is semi bricked it is a better suggestion of what to change to. But yeah the only crucial need for knowing original region is avoiding the 003 brick.

 

[air2004]

What I mean is . In order to use the forecast channel and news channel , the WiiConnect24 cant be in standby mode. The homebrew browser works just fine with the WiiConnect24 in stand by mode. So I was wondering if you could make those channels work as well.
I turned standby off becasue I dont see any need for it. I also fear it could shorten the life of the wii.

 

[mauifrog]

Could wiimod not do this

System Menu 4.2E/U/J and higher call a new ES Ioctlv(0x45) which got added in IOS70. On older(check!) IOSs this Ioctlv always returns -1017.
IOS tries to encrypt a certain byte pattern with the Korean key and then compares it with hard coded values, if the result matches it returns 0 which will then trigger the error in the System Menu.

Either patch whatever is needed into the running ios or install a temp ios80 into some slot, load it and do what sm 4.2/4.3 does, except just give a friendly korean message instead of a nice brick.

Or could you not have wiimod try to decrypt some small file with the korean key on the wii, by setting the Korean key bite in a ticket, then compare the hash to see if it matched or not. Perhaps a very small wad.

 

[JoostinOnline]

I'm pretty sure that would require AHBPROT or a cIOS.

So far, CheckRegion has proven to be 100% reliable. I'm not saying that it's the best way (because it CAN be fooled if someone set out to do so), but I don't think there is any immediate danger here.

 

[jskyboo]

What I mean is . In order to use the forecast channel and news channel , the WiiConnect24 cant be in standby mode. The homebrew browser works just fine with the WiiConnect24 in stand by mode. So I was wondering if you could make those channels work as well.
I turned standby off becasue I dont see any need for it. I also fear it could shorten the life of the wii.

Ah, so I did mistake your meaning, but still I don't know much about creating patches. So sorry but still no.

Could wiimod not do this

System Menu 4.2E/U/J and higher call a new ES Ioctlv(0x45) which got added in IOS70. On older(check!) IOSs this Ioctlv always returns -1017.
IOS tries to encrypt a certain byte pattern with the Korean key and then compares it with hard coded values, if the result matches it returns 0 which will then trigger the error in the System Menu.

Either patch whatever is needed into the running ios or install a temp ios80 into some slot, load it and do what sm 4.2/4.3 does, except just give a friendly korean message instead of a nice brick.

Or could you not have wiimod try to decrypt some small file with the korean key on the wii, by setting the Korean key bite in a ticket, then compare the hash to see if it matched or not. Perhaps a very small wad.

I'm pretty sure that would require AHBPROT or a cIOS.

So far, CheckRegion has proven to be 100% reliable. I'm not saying that it's the best way (because it CAN be fooled if someone set out to do so), but I don't think there is any immediate danger here.

Patching the call to ES Ioctlv(0x45) into the current running IOS or installing a temp would require AHBPROT or a cIOS, but if reading the seeprom directly has issues I may look into if I can just call ES Ioctlv(0x45) directly but I'm not sure if I need any special permissions for that but I'll get to that in the testing if seeprom doesn't work. So maybe I can call ES Ioctlv(0x45) without requiring AHBPROT or a cIOS, but I won't know till I try. And this is all predicated on reading from seeprom being unreliable which until I see it for myself I find a little questionable.

 

[JoostinOnline]

And this is all predicated on reading from seeprom being unreliable which until I see it for myself I find a little questionable.

I know that the app is unreliable, but that could easily be (and probably is) a result of bad coding. I do suggest you look into it, just don't copy the MiiKorean source assuming that it will work. If checking the seeprom for the Korean key can be done reliably, by all means you should integrate it.

 

[jskyboo]

And this is all predicated on reading from seeprom being unreliable which until I see it for myself I find a little questionable.

I know that the app is unreliable, but that could easily be (and probably is) a result of bad coding. I do suggest you look into it, just don't copy the MiiKorean source assuming that it will work. If checking the seeprom for the Korean key can be done reliably, by all means you should integrate it.

Right, I'm going to look at other sources that access seeprom and not so much just MiiKorean. As maui said even ftpii displays it.

 

[hvckz]

does the new update have a compatibility with the new remote?