Hacking Smash Stack PAL/Korean

XFlak · Mar 3, 2011

Bad_Ad84 said:
Im interested to know what your "003 fix" application is that you run from HBC.

Is that an application to remove the korean key from the eeprom?

Someone please correct me if I'm wrong...

First, u would autoboot the smash bros game (avoiding the system menu), and from there launch the exploit, use it to load up w/e homebrew u want to use to install a system menu and/or system menu IOS (ie. MMM), then from there, either install a non-stubbed IOS60 and 4.1 System menu IOS, or just install IOS60v6174 to slot 70 or 80 for 4.2 and 4.3 wii's respectively (these WADs are available in ModMii's download page 1, but u can easily change the slot yourself if u prefer)

Hozu · Mar 3, 2011

Thank you for releasing this. Even though I have no use for this myself I think it's totally unfair for people to jack up the price on the few games that can be used to begin hacking a Wii outside NA and Japan. Now they can't do such a thing anymore.

DeadlyFoez · Mar 3, 2011

Bad_Ad84 said:
giantpune said:

http://gbatemp.net/t281361-smashstack-pal-kor

Click to expand...

Im interested to know what your "003 fix" application is that you run from HBC.

Is that an application to remove the korean key from the eeprom?

There is no homebrew software that exists to do any writing to the eeprom. All the people that I have chatted to about that in the past are not caring to take the time to do it or don't want to risk a wii... even if it is my wii that is being risked. Marcan knows the code to do it

Bad_Ad84 · Mar 3, 2011

I have a spare Korean board that I have dedicated to science with daco (priiloader dev), I have been testing things as he tries them. The code to read the eeprom is in the ftpii sources, so we have been working from there.

Just figured if giantpune had already done it, there was no point duplicating the work.

my comment about his "003 fix" application is based on what I saw in this video - http://www.youtube.com/watch?v=g8sQzgRhuko...player_embedded

nobody_tw · Mar 3, 2011

airline38 said:
Confirm SSBB-KOR exploit works .

Great Job , giantpune !!

you should not post the files to tvgzone
giantpune ask that you please do not rehost them elsewhere, but instead link people back here.
(http://giantpune.zzl.org/smashStackPK.html)

you still host the files on tvgzone, although you add the link.
If you have communicated with giantpune and got his perrimision, I am sorry for writing this.
we should respect the auther's right. we all love giantpune.
we should be honest to everyone in the world!!

DeadlyFoez · Mar 3, 2011

Get ahold of marcan if you can. I doubt he will care much because he doesn't do anything with the wii anymore as far as I know. But if you guys do happen to come up with some working code that needs to be tested then I will be alright with risking a few wii's on it.

But unfortunately, since the wii's jtag points are grounded out, if something does not work right then the wii is dead without any conventional or easy way to repair it.

I was actually wanting to see if I can find a ZIF socket to put on my wii mobo. If there is in fact some JTAG points, and if in fact they are grounded out then it would most likely be grounded on the motherboard. So if that is really the case then the jtag should be ungrounded and available when Hollywood is removed from the board. But then that brings up a whole other world of issues.

Bad_Ad84 · Mar 3, 2011

I have removed the hollywood chip and refitted it before - I also have a $2200 IR BGA rework station (admittedly, I'm still learning how to use it effectively and killed 2 boards out of 3 attempting it).

If someone knows the pinsfor jtag (or if the eeproms pins are wired externally to any of the pins?, tho id imagine its all internal) I could test that.

I may see if I can place a hollywood chip with boot1 vuln from a dead motherboard onto a newer board that is bricked (and therefore cant be flashed).

DeadlyFoez · Mar 3, 2011

Bad_Ad84 said:
I have removed the hollywood chip and refitted it before - I also have a $2200 IR BGA rework station (admittedly, I'm still learning how to use it effectively and killed 2 boards out of 3 attempting it).

If someone knows the pinsfor jtag (or if the eeproms pins are wired externally to any of the pins?, tho id imagine its all internal) I could test that.

I may see if I can place a hollywood chip with boot1 vuln from a dead motherboard onto a newer board that is bricked (and therefore cant be flashed).

Your only issue with trying that might come from how many of the newer boards (the lu64+ boards) have a smaller starlet and most likely a different pinout to starlet. The old hollywood may not be compatible to the newer starlet. It's worth a shot to try it though if you got the boards to play with and the tools to do it.

Bushing posted up a image of the hollywood pinout and what components each solder pad led to. There were quite a bit that weren't labeled, so that could at least be a good starting point. I'll try to find the image for you.

Bad_Ad84 · Mar 3, 2011

I thought about that too, however the hollywood chip seems the same across models - I don't think pin out will be an issue on the hollywood chip itself as I doubt it changed.

What I suspected would be the issue is the boot1 revision - apparently they vary (i.e. 1a vs 1b and 1c vs 1d) to cater for different RAM chips etc, so it might cause instability? Again, picked up from bushing's blog and wiibrew pages.

Ace Overclocked · Mar 3, 2011

i can finally mod my wii without losing another 40 euro YAY
i'll have to borrow my best friend's brawl though

Bad_Ad84 · Mar 3, 2011

DeadlyFoez said:
Your only issue with trying that might come from how many of the newer boards (the lu64+ boards) have a smaller starlet and most likely a different pinout to starlet. The old hollywood may not be compatible to the newer starlet.

Also, I think you are talking about broadway being smaller on newer boards? Starlet is a core within the Hollywood package.

DeadlyFoez · Mar 3, 2011

Bad_Ad84 said:
DeadlyFoez said:

Your only issue with trying that might come from how many of the newer boards (the lu64+ boards) have a smaller starlet and most likely a different pinout to starlet. The old hollywood may not be compatible to the newer starlet.

Click to expand...

Also, I think you are talking about broadway being smaller on newer boards? Starlet is a core within the Hollywood package.

My bad. Brainfart.

But yeah, you got my point about it.

SO here's is bushing's flickr directory. http://www.flickr.com/photos/bushing/page13/

The image that I was mentioning is at the bottom, but there is plenty of other great detail in the other pics too.

Other good info: http://wiibrew.org/wiki/Hardware/Hollywood_GPIOs

Funny enough, I had found pics of bushing sanding down the PCB to image the conductive layers. I didn't see the images of the other conductive layers, just the WIP. But funny enough what type of extent that man will go to to reverse engineer something.

Ahh, here we go. LMAO. http://www.flickr.com/photos/bushing/3889615636/

woffi63 · Mar 3, 2011

GREAT JOB !!!! @ giantpune

I've tested the Stack w/o save on PAL ....... and what should i say............IT WORKS!!!!!!!!
My first 4.3 Wii with Homebrew!

I love you giantpune

XFlak · Mar 3, 2011

woffi63 said:
I love you giantpune

Who doesn't love giantpune? Giantpune is one of my favourite ~~things~~ people in the world!

DeadlyFoez · Mar 3, 2011

XFlak said:
woffi63 said:

I love you giantpune

Click to expand...

Who doesn't love giantpune? Giantpune is one of my favourite ~~things~~ people in the world!

Same reason why I love yo momma.

Hacking Smash Stack PAL/Korean

Wiitired but still kicking

Well-Known Member

XFlak Fanboy

Active Member

Well-Known Member

XFlak Fanboy

Active Member

XFlak Fanboy

Active Member

My CPU's hot but my core runs cold.

Active Member

XFlak Fanboy

Well-Known Member

Wiitired but still kicking

XFlak Fanboy

Similar threads

Popular threads in this forum