Hacking new exploit for wii !!

[FenrirWolf]

HackMii Installer can install and uninstall all the components it supports, so that argument is void, and as many have said, its clearly not a virgin Wii. So it definitely isn't "as fake as it can be".

true, but that video does not proof he hacked a virgin wii with it either.
since he is running the exploit on an allready softmodded wii.
How did he softmod it the first time? nobody knows.

You don't get how this works, do you? The exploit does not depend on any existing hacks. It doesn't matter if the console's been hacked before or not. It functions exactly the same regardless. BannerBomb, Smash Stack, Indiana Pwns, and the Twilight Hack are the same way.

 

[WiiPower]

HackMii Installer can install and uninstall all the components it supports, so that argument is void, and as many have said, its clearly not a virgin Wii. So it definitely isn't "as fake as it can be".

true, but that video does not proof he hacked a virgin wii with it either.
since he is running the exploit on an allready softmodded wii.
How did he softmod it the first time? nobody knows.

You don't get how this works, do you? The exploit does not depend on any existing hacks. It doesn't matter if the console's been hacked before or not. It functions exactly the same regardless. BannerBomb, Smash Stack, Indiana Pwns, and the Twilight Hack are the same way.

Is the most important thing here mentioned? Which IOS does the game use? And what version, patched/not patched of it does everybody test? If that IOS is patched in all successful tests, then the result is irrelevant. All other stuff on the wii doesn't matter, only things that are running while the game is running is the game itself and its IOS.

 

[airline38]

Is the most important thing here mentioned? Which IOS does the game use? And what version, patched/not patched of it does everybody test? If that IOS is patched in all successful tests, then the result is irrelevant. All other stuff on the wii doesn't matter, only things that are running while the game is running is the game itself and its IOS.

It's IOS35.

 

[propered]

Who cares which game the exploit is on....anyway sorry to hear it was released early...bit cheeky but people should wait for proper release before complaining...Hopefully if it all works of course

I had SSBB pal for ages then heard about exploit but nothing ever came hopefully it does... even though i no longer have the game

Anyway I like the German crew always the best travellers/trekkers (even if they always beat us at football)

Btw I have wheelie Breakers and Lego Indiana Jones not tested this one yet though

 

[Slowking]

This exploit is very nice, since the game also has a japanese version. So the japanese will be able to mod their 4.3 Wiis once there is a save for every region.

to my knowledge excite truck exploit was still just at bug stage. (it crashed but wasn't loading code yet)

Imo some people that know their stuff should take a closer look at the MP3 feature of Excite Truck or Endless Ocean. It wouldn't suprise me if the devs used an MP3 lib that can be exploited.
The best thing about this would be: no savegame installing, so we could fix nearly every Wii, from bannerbricks to error #003.

I wish I would know more about this stuff, to try to find something.

 

[svpe]

No, it does not matter which IOS is currently running in that game. All that matters is that he got powerpc code execution. The Hackmii Installer will take of whatever IOS is running then.
So yes, I actually believe that this is a working exploit. It's nice that some other people finally start working on this

 

[WiiCrazy]

@SlowKing : I took my chances with throwing hundreds of garbage mp3's to endless ocean... filling the sd card with lots of files... lots of files with long filenames and so on... it seems solid... though one should take a closer look at it's file handling stuff, there might indeed be a bug... I don't think it would fail on mp3 code though... (just estimation)

 

[Tom191]

I did some looking around. From what I found in some of the cached threads was that the initial bug was found with a Nine Inch Nails MP3. It either had something to do with the ID3 tag or that there was some negative timed audio. Apparently the audio track started at -4 or -6 seconds then got to zero and then started counting upwards from there. That was the most that I could find about this supposed Excite Truck exploit. I wonder why the author stopped working on it.

 

[W hat]

If you guys look for an exploit, try with Excite Truck first. It might be more buggy, and real copies of Endless Ocean don't need to become more rare than they already are. I love that game.

edit: I seriously doubt there would be an exploitable bug in the MP3 loading, but here's a start. In Endless Ocean only (Excite Truck doesn't do it) a Rick Astley - Never Gonna Give You Up (yes, really) mp3 I downloaded plays 2x speed. Why? (It plays normally on VLC, Foobar2k, and Excite Truck)

 

[Tom191]

If you guys look for an exploit, try with Excite Truck first. It might be more buggy, and real copies of Endless Ocean don't need to become more rare than they already are. I love that game.

edit: I seriously doubt there would be an exploitable bug in the MP3 loading, but here's a start. In Endless Ocean only (Excite Truck doesn't do it) a Rick Astley - Never Gonna Give You Up (yes, really) mp3 I downloaded plays 2x speed. Why? (It plays normally on VLC, Foobar2k, and Excite Truck)

I got to tell you, it would not surprise me if there are MANY bugs in the way games load MP3's. It is very very well worth it to look in the way both games handle MP3's or even the code leading up to loading the MP3.

 

[W hat]

I hope if a glitch is present in Endless Ocean, it is also present in Excite Truck. Maybe I should try and get my import copies now...

I don't think I can post the mp3 here - it is copyrighted.

 

[Slowking]

edit: I seriously doubt there would be an exploitable bug in the MP3 loading, but here's a start. In Endless Ocean only (Excite Truck doesn't do it) a Rick Astley - Never Gonna Give You Up (yes, really) mp3 I downloaded plays 2x speed. Why? (It plays normally on VLC, Foobar2k, and Excite Truck)

Well i brought it up since I remember that MP3 libs are notoriously buggy. Even more so when they read ID3 tags (dunno if these games do).

 

[WiiCrazy]

Games got nothing to do with ID3 tags, possibly they don't care about them... I forgot to tell I've tried bogus ID3 stuff too, with some strings extremely large. I'm only talking about Endless Ocean btw.

Considering the general slopiness of devs producing for Nintendo Systems though still a candidate for an exploit if found....

- slopiness examples
1. Internet Channel have full svn repository information crammed into it and lots of duplicated large files(fonts and stuff)
2. C64 VC games contains cracked intros
3. Mario Kart has lots of .svn folders

 

[hetfield]

Is the most important thing here mentioned? Which IOS does the game use? And what version, patched/not patched of it does everybody test? If that IOS is patched in all successful tests, then the result is irrelevant. All other stuff on the wii doesn't matter, only things that are running while the game is running is the game itself and its IOS.

It's IOS35.

@FenrirWolf:
Do you get it how the wii works now?

 

[Pandadoux]

hi all so i've managed to run pimp my wii with yu gi oh exploit but after i tried to hack my wii with (hack your wii) it'give me a error code dump so i cant run pimp my wii without getting that error :

Exception (DSI) occurred!
GPR00 00000000 GPR08 CD000004 GPR16 80EA0000 GPR24 00000000
GPR01 81046038 GPR09 80EA0000 GPR17 00000000 GPR25 80EA1E00
GRP02 80E99F70 GPR10 80EA0000 GPR18 80E1B188 GPR26 80EA2660
GPR03 00000000 GPR11 00000000 GPR19 00000000 GPR27 00000000
GPR04 00000000 GPR12 00000000 GPR20 00000000 GPR28 00000000
GPR05 00000000 GPR13 80E9C6E0 GPR21 80EA7180 GPR29 00000000
GPR06 00000001 GPR14 80EA0000 GPR22 80EA2660 GPR30 00000000
GPR07 933E0E58 GPR15 00000000 GPR23 80EA1E00 GPR31 80EA0000
LR 80E1D35C SRRO 80e1d3e0 SRR1 00008032 MSR 00000000
DAR 00000000 DS1SR 04000000

STACK DUMP:
80e1d3e0 --> 80e1d35c

CODE DUMP:
80e1d3e0: 806B0000 38A00000 3D6080EA 38C00000
80e1d3f0: 7EA7AB78 7E489378 90ECCA21 7EBBAB78
80e1d400: 92AB2644 48000FFD 2F830000 419C0010


who can help me??? i can use loadmii and TBR

 

[Slowking]

edit: I seriously doubt there would be an exploitable bug in the MP3 loading, but here's a start. In Endless Ocean only (Excite Truck doesn't do it) a Rick Astley - Never Gonna Give You Up (yes, really) mp3 I downloaded plays 2x speed. Why? (It plays normally on VLC, Foobar2k, and Excite Truck)

That's probably not the wisest aproach.
Chances are they didn't program their own MP3 lib, but used an existing one. So decrpting the ISO and searching for what lib it is and what version of it would be the way to go. When you know that you can just look into the changelog of that lib to see what bugs it had at that time...

 

[airline38]

I just tested this new exploit (yu gi oh exploit ) and I can confirm it works.
(for 4.3E only)

The way I did was :

1. I used "Save Game Manager" to install the downloaded file (banner.bin+savedata.dat)
to my Wii. (of course I had to play a while to create a gamesave file in advance)

2. Copy boot.elf of loadmii (Hackmii Install v0.7 didn't work) to SD:\ .

3. The same way as you saw in the video . Click on "A" when you saw the "Please
Press A Button" screen and wait a while (Now Loading) , then you should see
"LoadMii " screen.

Not sure if someone can help to create a JPN exploit .................. that will really help
4.3J virgin Wii users !!

 

[W hat]

edit: I seriously doubt there would be an exploitable bug in the MP3 loading, but here's a start. In Endless Ocean only (Excite Truck doesn't do it) a Rick Astley - Never Gonna Give You Up (yes, really) mp3 I downloaded plays 2x speed. Why? (It plays normally on VLC, Foobar2k, and Excite Truck)

That's probably not the wisest aproach.
Chances are they didn't program their own MP3 lib, but used an existing one. So decrpting the ISO and searching for what lib it is and what version of it would be the way to go. When you know that you can just look into the changelog of that lib to see what bugs it had at that time...

I'm no programmer, and I'm definitely no hacker. If anyone has questions on Endless Ocean, I can probably answer them, but any exploit work I could do probably ends here, unless you want be to look at Forever Blue v1.0 (JPN) (more buggy, got recalled for a game breaking glitch). "MP3" is common enough to be gibberish - 128 times in the NTSC-U GAME.DAT. The devs of Endless Ocean chose to bundle almost the entire game into one 700MB+ DAT file. I looked at every instance, this is the least gibberish looking one that could be relevant.

I'm 99% sure this is gibberish, but it looks less gibberish than the others and has different capitalization.

 

[Gangboy]

I just tested this new exploit (yu gi oh exploit ) and I can confirm it works.
(for 4.3E only)

The way I did was :

1. I used "Save Game Manager" to install the downloaded file (banner.bin+savedata.dat)
to my Wii. (of course I had to play a while to create a gamesave file in advance)

2. Copy boot.elf of loadmii (Hackmii Install v0.7 didn't work) to SD:\ .

3. The same way as you saw in the video . Click on "A" when you saw the "Please
Press A Button" screen and wait a while (Now Loading) , then you should see
"LoadMii " screen.

Not sure if someone can help to create a JPN exploit .................. that will really help
4.3J virgin Wii users !!

Also tested it with a original game disc on a 4.2E already softmodded, but as how the video shows it, that way it does work perfectly. Now I can finally mod some of my friend's wiis because they updated

 

[kiffer]

Not sure if someone can help to create a JPN exploit .................. that will really help
4.3J virgin Wii users !!

Quote ichfly : porting may is easy just change the entry point. thats at

Makefile

exploit.elf: baddr := 0x80792DC0