Hacking PRELOADER v.25 Released

[WiiCrazy]

maybe you put the autoboot dol but didn't install a .dol..!!

Well it was because autoboot function comes disabled as default... I activated it now it's normal...

Now the problem is I can't play with the menu hacks since now preloader's dol is loaded by my patcher...

If someone want to play with them, here with the fixed source : http://www.tepetaklak.com/data/crazymenunocopysource.rar

ps: will not work with preloader due to above thing I mentioned...

 

[AllWiidUp]

I'm surprised no one has posted the hack for changing the IOS version and such.

Chage IOS version of What. We've already changed the System Menu IOS and played around with that. That's what led to CIOSCORP.

Use preloader to change the IOS of the system menu, instead of the modifying a WAD. Seems like it's be easier and perhaps safer.

 

[ppc_gba]

has anyone tried to install this on 3.3U system menu? it seems that if both the menu and hbc don't work you could get bricked, so i'd prefer to know that both should work in advance in case one or the other fails. if preloader installs the old system menu as a new title rather than copying the binary to a different number, someone should compare a list of titles before installing preloader to after. it would help if we had more info or the source code.

 

[djtaz]

I tried it and it fried my system menu - i had to get the systemmenu32.wad and install that with HBC.

 

[Jizmo]

I tried it and it fried my system menu - i had to get the systemmenu32.wad and install that with HBC.

taz,

did you stick with all cios after you put system menu back on, or did you revert to original IOS?

EDIT: Oh crap my bad, I thought you were replying about installing it on 3.3

 

[djtaz]

Jizmo,
I was - i installed it on 3.3e and it fried the system menu - i then installed the systemmenu3.2e.wad and it recovered the system menu again but it deleted the preloader when installing the wad.

I kind of expected it to work that way , though i didnt think the 3.3 menu would get fried, but once on 3.2 i installed preloader again and it worked fine.

 

[Jedis]

Ok, I've got preloader up and running.

I want to make it so it auto-boots the system menu. I chose the install option in the main menu, but it's just showing me the boot.dol on my SD card (which is the HBC installer).

How do I direct it to load the system menu? Do I need a copy of it on my SD card root? If so, which file should I be using? So far I've used Twilight Hack to load HBC and downgraded from 3.4U to 3.2U. From there I installed preloader v0.25 and am stuck on how to direct it to the system menu wad to auto-boot.

 

[Phratt]

Ok, I've got preloader up and running.

I want to make it so it auto-boots the system menu. I chose the install option in the main menu, but it's just showing me the boot.dol on my SD card (which is the HBC installer).

How do I direct it to load the system menu? Do I need a copy of it on my SD card root? If so, which file should I be using? So far I've used Twilight Hack to load HBC and downgraded from 3.4U to 3.2U. From there I installed preloader v0.25 and am stuck on how to direct it to the system menu wad to auto-boot.

I think there is an option where you can do this. Have you looked throughout preloaders menu? (though Im not sure, as I do not even Have a Wii as of now)

 

[digitydogs]

@jedis
goto settings change autoboot to system menu. it and hbc are your options if they are both installed.

 

[Jedis]

Thanks, I found it

 

[fishears]

Would it be possible to use these patches from Waninkoko's Menupatcher in Preloader? Can they be converted? Particularly the first one... or am I being a fool? (probably)

CODEvoid Sysmenu_PatchIOSReload(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x7F, 0x06, 0xC3, 0x78, 0x7F, 0x25, 0xCB, 0x78, 0x38, 0x7E, 0x02, 0xC0, 0x4C, 0xC6, 0x31, 0x82 };
ÂÂÂÂconst u8 newcode[] = { 0x3B, 0x20, 0x00, 0x01, 0x3B, 0x00, 0x00, 0xF9, 0x38, 0x7E, 0x02, 0xC0, 0x4C, 0xC6, 0x31, 0x82 };

ÂÂÂÂ/* Patch IOS reload */
ÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}

void Sysmenu_PatchUpdateCheck(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x80, 0x65, 0x00, 0x50, 0x80, 0x85, 0x00, 0x54, 0xA0, 0xA5, 0x00, 0x58,
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0x48, 0x21, 0xC5, 0xB9, 0x2C, 0x03, 0x00, 0x00, 0x40, 0x82, 0x00, 0x20 };
ÂÂÂÂconst u8 newcode[] = { 0x80, 0x65, 0x00, 0x50, 0x80, 0x85, 0x00, 0x54, 0xA0, 0xA5, 0x00, 0x58,
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0x48, 0x21, 0xC5, 0xB9, 0x2C, 0x03, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00 };

ÂÂÂÂ/* Patch update check */
ÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}

s32 __Sysmenu_PatchRegionJap(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x2C, 0x1B, 0x00, 0x00 };
ÂÂÂÂconst u8 newcode[] = { 0x60, 0x00, 0x00, 0x00 };

ÂÂÂÂ/* Patch JAP region */
ÂÂÂÂreturn __Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}

s32 __Sysmenu_PatchRegionUsa(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x28, 0x1B, 0x00, 0x01 };
ÂÂÂÂconst u8 newcode[] = { 0x60, 0x00, 0x00, 0x00 };

ÂÂÂÂ/* Patch USA region */
ÂÂÂÂreturn __Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}

s32 __Sysmenu_PatchRegionPal(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x28, 0x1B, 0x00, 0x02 };
ÂÂÂÂconst u8 newcode[] = { 0x60, 0x00, 0x00, 0x00 };

ÂÂÂÂ/* Patch PAL region */
ÂÂÂÂreturn __Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}

void Sysmenu_PatchRegionFree(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 code[] = { 0x7C, 0x60, 0x07, 0x74, 0x2C, 0x00, 0x00, 0x01, 0x41, 0x82,
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ0x00, 0x30, 0x40, 0x80, 0x00, 0x10, 0x2C, 0x00, 0x00, 0x00 };

ÂÂÂÂs32 cnt;

ÂÂÂÂ/* Find code */
ÂÂÂÂfor (cnt = 0; cnt < len; cnt += 4) {
ÂÂÂÂÂÂÂÂu8 *ptr = dol + cnt;

ÂÂÂÂÂÂÂÂ/* Code found */
ÂÂÂÂÂÂÂÂif (!memcmp(code, ptr, sizeof(code))) {
ÂÂÂÂÂÂÂÂÂÂÂÂu32 size = len - cnt;
ÂÂÂÂÂÂÂÂÂÂÂÂs32 ret;

ÂÂÂÂÂÂÂÂÂÂÂÂ/* Patch regions */
ÂÂÂÂÂÂÂÂÂÂÂÂret = __Sysmenu_PatchRegionJap(ptr, size);
ÂÂÂÂÂÂÂÂÂÂÂÂif (ret < 0)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂret = __Sysmenu_PatchRegionUsa(ptr, size);
ÂÂÂÂÂÂÂÂÂÂÂÂif (ret < 0)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂret = __Sysmenu_PatchRegionPal(ptr, size);
ÂÂÂÂÂÂÂÂ}
ÂÂÂÂ}
}

void Sysmenu_PatchNocopySaves(u8 *dol, u32 len)
{
ÂÂÂÂ{
ÂÂÂÂÂÂÂÂconst u8 oldcode[] = { 0x54, 0x00, 0x07, 0xFF, 0x41, 0x82, 0x00, 0x1C, 0x80, 0x63, 0x00, 0x68 };
ÂÂÂÂÂÂÂÂconst u8 newcode[] = { 0x7C, 0x00, 0x00, 0x00, 0x41, 0x82, 0x00, 0x1C, 0x80, 0x63, 0x00, 0x68 };

ÂÂÂÂÂÂÂÂ/* Patch "nocopy" savegame check (1) */
ÂÂÂÂÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
ÂÂÂÂ}
ÂÂÂÂ{
ÂÂÂÂÂÂÂÂconst u8 oldcode[] = { 0x54, 0x00, 0x07, 0xFF, 0x41, 0x82, 0x00, 0x24, 0x38, 0x7E, 0x12, 0xE2 };
ÂÂÂÂÂÂÂÂconst u8 newcode[] = { 0x7C, 0x00, 0x00, 0x00, 0x41, 0x82, 0x00, 0x24, 0x38, 0x7E, 0x12, 0xE2 };

ÂÂÂÂÂÂÂÂ/* Patch "nocopy" savegame check (2) */
ÂÂÂÂÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
ÂÂÂÂ}
ÂÂÂÂ{
ÂÂÂÂÂÂÂÂconst u8 oldcode[] = { 0x48, 0x00, 0x00, 0x58, 0x38, 0x61, 0x01, 0x00, 0x38, 0x8D, 0x9F, 0x68, 0x48, 0x03, 0xC9, 0x25 };
ÂÂÂÂÂÂÂÂconst u8 newcode[] = { 0x48, 0x00, 0x00, 0x58, 0x38, 0x61, 0x01, 0x00, 0x38, 0x8D, 0x9F, 0x68, 0x38, 0x60, 0x00, 0x01 };

ÂÂÂÂÂÂÂÂ/* Patch "nocopy" savegame check (3) */
ÂÂÂÂÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
ÂÂÂÂ}
ÂÂÂÂ{
ÂÂÂÂÂÂÂÂconst u8 oldcode[] = { 0x80, 0x01, 0x00, 0x08, 0x2C, 0x00, 0x00, 0x00, 0x41, 0x82, 0x00, 0x0C, 0x3B, 0xE0, 0x00, 0x01 };
ÂÂÂÂÂÂÂÂconst u8 newcode[] = { 0x80, 0x01, 0x00, 0x08, 0x2C, 0x00, 0x00, 0x00, 0x41, 0x82, 0x00, 0x0C, 0x3B, 0xE0, 0x00, 0x00 };

ÂÂÂÂÂÂÂÂ/* Patch "nocopy" savegame check (4) */
ÂÂÂÂÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
ÂÂÂÂ}
ÂÂÂÂ{
ÂÂÂÂÂÂÂÂconst u8 oldcode[] = { 0x41, 0x82, 0x00, 0x24, 0x38, 0x7E, 0x12, 0xE2, 0x4C, 0xC6, 0x31, 0x82, 0x48, 0x1B, 0xB4, 0xC9 };
ÂÂÂÂÂÂÂÂconst u8 newcode[] = { 0x80, 0x1D, 0x00, 0x24, 0x54, 0x00, 0x00, 0x3C, 0x90, 0x1D, 0x00, 0x24, 0x48, 0x00, 0x00, 0x18 };

ÂÂÂÂÂÂÂÂ/* Patch "nocopy" savegame check (5) */
ÂÂÂÂÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
ÂÂÂÂ}
}

 

[WiiCrazy]

Would it be possible to use these patches from Waninkoko's Menupatcher in Preloader? Can they be converted? Particularly the first one... or am I being a fool? (probably)

void Sysmenu_PatchIOSReload(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x7F, 0x06, 0xC3, 0x78, 0x7F, 0x25, 0xCB, 0x78, 0x38, 0x7E, 0x02, 0xC0, 0x4C, 0xC6, 0x31, 0x82 };
ÂÂÂÂconst u8 newcode[] = { 0x3B, 0x20, 0x00, 0x01, 0x3B, 0x00, 0x00, 0xF9, 0x38, 0x7E, 0x02, 0xC0, 0x4C, 0xC6, 0x31, 0x82 };

ÂÂÂÂ/* Patch IOS reload */
ÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}
...snip...

Of course you can,

Add to the program i put up earlier these...

CODEÂÂÂÂstatic const u32 iosreloadpatch[4] ={ 0x7F06C378, 0x7F25CB78, 0x387E02C0,0x4CC63182 };
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂsearch_patch(iosreloadpatch,4, (u32 *) 0x81330000, (u32 *) 0x81770000);

run it on your wii... it will dump the address where it finds that code block... say it's a1... then patches are
a1=0x3B200001
a1+4=0x3B0000F9

now convert these to the preloader's format adding system menu version and such (offset=a1... value= blah blah)

 

[Beatchu]

lol did you really need to quote his rather large post

 

[WiiCrazy]

lol did you really need to quote his rather large post

Well no, it was just a quick reply so... anyway cropped

 

[IronMask]

Very interesting Wiicrazy... So that's how to convert them to hacks.ini so now I need to hear if these patches work converted into preloaders hacks format work??? If we convert those patches they will be stored in the NAND but will they activate?
Anyone convert them to hacks yet?

 

[MicShadow]

There needs to be a stickied guide for this. Im not sure at all how to install this, and get the hacks.ini working

 

[wiigee]

There needs to be a stickied guide for this. Im not sure at all how to install this, and get the hacks.ini working

its not ready for general release, so no, no guide to install this, let the testers tweak it some more first

 

[MicShadow]

There needs to be a stickied guide for this. Im not sure at all how to install this, and get the hacks.ini working

its not ready for general release, so no, no guide to install this, let the testers tweak it some more first

Ah I see. I just didnt see that really mentioned anywhere.

Ill wait till all its released then

 

[fishears]

Of course you can,

Add to the program i put up earlier these...

ÂÂÂÂstatic const u32 iosreloadpatch[4] ={ 0x7F06C378, 0x7F25CB78, 0x387E02C0,0x4CC63182 };
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂsearch_patch(iosreloadpatch,4, (u32 *) 0x81330000, (u32 *) 0x81770000);

run it on your wii... it will dump the address where it finds that code block... say it's a1... then patches are
a1=0x3B200001
a1+4=0x3B0000F9

now convert these to the preloader's format adding system menu version and such (offset=a1... value= blah blah)

That's great - thanks. I just put this into your app, compiled it, ran it, realised I'm a dick (ouch!)...
To get this to work I need to go back to stock 3.2 (removing Preloader) then run Menupatcher, then launch your app right, duh? Before I go down that road (again) does anyone have a Wii without Preloader who could run the app and post the results? (Preferably a PAL Wii - seems like everyone else is USA)
Here's a link to the app: http://rapidshare.com/files/182745484/craz...source.dol.html

 

[WiiCrazy]

Of course you can,

Add to the program i put up earlier these...

ÂÂÂÂstatic const u32 iosreloadpatch[4] ={ 0x7F06C378, 0x7F25CB78, 0x387E02C0,0x4CC63182 };
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂsearch_patch(iosreloadpatch,4, (u32 *) 0x81330000, (u32 *) 0x81770000);

run it on your wii... it will dump the address where it finds that code block... say it's a1... then patches are
a1=0x3B200001
a1+4=0x3B0000F9

now convert these to the preloader's format adding system menu version and such (offset=a1... value= blah blah)

That's great - thanks. I just put this into your app, compiled it, ran it, realised I'm a dick (ouch!)...
To get this to work I need to go back to stock 3.2 (removing Preloader) then run Menupatcher, then launch your app right, duh? Before I go down that road (again) does anyone have a Wii without Preloader who could run the app and post the results? (Preferably a PAL Wii - seems like everyone else is USA)
Here's a link to the app: http://rapidshare.com/files/182745484/craz...source.dol.html

The thing itself is a menu patcher... so you only need to run it in your wii, get the address that it locates the to be patched code... then write the patches into the hacks.ini file...

for this specific ios reloading stuff you only need to write two patches...
a1 and a1+4 here is the offsetts, right to the equal signs are the values... so they will end up in hacks.ini like this (for ntsc version should be 289)

[IOS Reloading]
version=290
offset=0x[The address patch is found]
value=0x3B200001
[IOS Reloading]
version=290
offset=0x[Add 4 to the address where partch is found]
value=0x3B0000F9