Hacking savemiifrii

[remixer]

Hey marcan/bushing.. you have this fools address (wiicrazy) obviously some people dont like and appreciate your efforts like most others do .. if i was you just report the guy to his nearest anti-piracy squad and give his address out.. i'm sure he's got a pirated game somewhere they can catch him with !

WIICRAZY.. GET A LIFE !

 

[skawo96]

Holy shit, it actually worked

I have a dodgy pad that allows to press four buttons at once (I haven't to dissassebly)

 

[Rykin]

I fail to see the point in attacking marcan or bushing.
What have they done?

They provide me with free tools to run homebrew on my Wii.
They give free warnings about what to do and what not to do.

Everything they've given out till now has been free. They're only charging for the hardware and time spent on the devices. If it was pure software, it probably would have been free also.

I fail to see the issue. In fact, I'm surprised Savemii even needs to exist beyond the programmer/developer level; there's enough information out there to prevent basic users from bricking their Wii system, yet it still happens.

 

[skawo96]

I fail to see the point in attacking marcan or bushing.
What have they done?

They provide me with free tools to run homebrew on my Wii.
They give free warnings about what to do and what not to do.

Everything they've given out till now has been free. They're only charging for the hardware and time spent on the devices. If it was pure software, it probably would have been free also.

I fail to see the issue. In fact, I'm surprised Savemii even needs to exist beyond the programmer/developer level; there's enough information out there to prevent basic users from bricking their Wii system, yet it still happens.

Well, when they knew that you can just use your GC pad, they could just tell us...
But still, they're giving us homebrew, so it's okay for them to make some money....

 

[dmonkey21]

i wonder who is the biggest asshole ,,the guy posting the video or you shutting up this trick and trying to sell 1000pcs to different users getting them cheated when they can make the same thing for a simple "gamecube pad keys combo"

how is he an asshole for using his own work and trying to make money off of it? YOU had no idea that you could fix your wii, so why should he have to give that to you for FREE? You are retarded.

FoSho lololololol

 

[bailli]

Has anybody who claims it should have been easy to find ever disassembled stuff... ?

 

[joda]

Well, when they knew that you can just use your GC pad, they could just tell us...

Since when do they have an obligation to do stuff like that. They provide the community with loads of usefull stuff; yet this doesn't make them obliged to do anything. They can at anytime say FUCK OFF to us and go on by themselves. There would be nothing you could do.

If they decide to charge for stuff, it's up to them. You're free to just create your own exploits and apps ...

The next step would be to demand they disclose all the bugs they've found and keep disclosed for future use. That would really help the community now. (The big N would be happy though.)

I can see people would be mad if someone would ask the Twiizers if they knew and they blatantly denied it; still it would even in this case be up to them. Fact remains that you're just plain dumb if you screw your own investment over like preemptive disclosure would have caused them. Maybe you all will realize once you grow out of your teens, move away from home and get a taste of real life in society.

Quit wining ...

 

[linkinworm]

How does the Starfall method using the Y differ from the up/down/left/right method, as in execution in the code not the end results?

I was planning on buying a SaveMii anyway once they come back in stock for America orders anyway, just to support Team Twiizers.

-FTen

i think the Y button just was a workaround to activate the recovory menu, not to do with this, or was it, marcan said something about crediar knowing about this around starfall or something in an earlier post, i think people need to get off twiizers backs because they might turn around and say, you know wii community keep what you have cos we quit. and then there wouldnt be anymore l33t level coders for not, not anyone who understands it like the back of there hand. who ever 11st said the wii community was a waist was right everyting ends up being an argument

 

[fennec]

Agrees 100% with you joda !

Team Twiiser kept bringing cool stuff to the Wii and never asked for anything in return. They made clear from the begining that SaveMii was just made to help poeples that already briked their wii. With the future release of BootMii they are proposing a way to get rid of any hardware need (modchip or SaveMii) in case of briks, again fo free ...

I don't get how can someone get mad at them ...

I just understand that a guy is pissed because he did not get his bootmii yet, but that's freight conpany's fault...

 

[djdynamite123]

thanx for the replies Marcan & Bushing!!!

Please can this bitching just stop, YOU now have an alternative of a savemii, CHOOSE!

How can you NOT trust these guys when they opened up the gates for wii homebrew.....
Please END this....Marcan & Bushing are pretty much the most intelligent coders around for the wii........... What would you do if you found a method of recovery i.e. saveii? oh tell everyone to start making it, or easier they make them and sell them at a good price... now you know the alternative........
Your still Fukked if you aren't modded and brick your wii on say 3.2 with starfall etc, TP cannot load properly it freezes so...Fucked i believe....
Im glad to hell i have an autoboot modchip.....at warning screen wadmanager loads up in a second along with any other fakesigned iso

Remember your more safer with a modchip than without especially messing around with bits and bobs

Oh by the way, (backup loaders) waninkoko & wiigator could have easily SOLD this software instead of releasing it for ANYONE.....

remember what you get for FREE is for FREE.... please stop the bad comments and live with it*
Thankyou.

 

[WiiCrazy]

maybe they trusted you, like me...
Trust is a weakness. And we're not above mistakes, as you seem to assume. If you think there's a chance that we might be wrong (and there probably is), go check yourself.

Well It depends how you take it... it's strength and power at the same time... weakness is choosing the wrong party to trust... It's the same with the "dependency"...

And here is part of the code block you depicted...
seg006:81374CB8 cmpwi %r0, 0xF
seg006:81374CBC bne loc_81374CC8

In the above part you see if the register r0 is 0xF then the code gracefully continues on to recovery menu.
Isn't that what reverse engineering is all about? There is a fact right there, there is an extra condition there
leading to recovery menu... well yeah, trust is a weakness as you say it...


seg006:81374C3C loc_81374C3C: # CODE XREF: main+F3Cj
seg006:81374C3C # main+F50j
seg006:81374C3C lwz %r4, 0x130+var_128(%sp)
seg006:81374C40 addi %r3, %r29, 0x4DE
seg006:81374C44 crclr 4*cr1+eq
seg006:81374C48 bl OSReport
seg006:81374C4C
seg006:81374C4C loc_81374C4C: # CODE XREF: main+F64j
seg006:81374C4C addi %r5, %sp, 0x130+var_128
seg006:81374C50 li %r3, 1
seg006:81374C54 li %r4, 0
seg006:81374C58 bl EXIGetIDEx
seg006:81374C5C cmpwi %r3, 0
seg006:81374C60 beq loc_81374C8C
seg006:81374C64 lwz %r0, 0x130+var_128(%sp)
seg006:81374C68 clrrwi %r3, %r0, 8
seg006:81374C6C addis %r0, %r3, -0x702
seg006:81374C70 cmplwi %r0, 0
seg006:81374C74 bne loc_81374C8C
seg006:81374C78 addi %r3, %r29, 0x4EA
seg006:81374C7C crclr 4*cr1+eq
seg006:81374C80 bl OSReport
seg006:81374C84 li %r22, 1
seg006:81374C88 b loc_81374C9C
seg006:81374C8C # ---------------------------------------------------------------------------
seg006:81374C8C
seg006:81374C8C loc_81374C8C: # CODE XREF: main+F8Cj
seg006:81374C8C # main+FA0j
seg006:81374C8C lwz %r4, 0x130+var_128(%sp)
seg006:81374C90 addi %r3, %r29, 0x4F8
seg006:81374C94 crclr 4*cr1+eq
seg006:81374C98 bl OSReport
seg006:81374C9C
seg006:81374C9C loc_81374C9C: # CODE XREF: main+FB4j

seg006:81374C9C cmpwi %r22, 0
seg006:81374CA0 bne loc_81374CC0
seg006:81374CA4 lbz %r0, 0x130+var_7A(%sp)
seg006:81374CA8 extsb. %r0, %r0
seg006:81374CAC bne loc_81374CC8
seg006:81374CB0 lhz %r0, 0x130+var_84(%sp)
seg006:81374CB4 clrlwi %r0, %r0, 28
seg006:81374CB8 cmpwi %r0, 0xF
seg006:81374CBC bne loc_81374CC8 # HERE IT IS, ANOTHER ROUTE FOR THE RECOVERY MENU
seg006:81374CC0
seg006:81374CC0 loc_81374CC0: # CODE XREF: main+FCCj
seg006:81374CC0 bl BS2BootIRD
seg006:81374CC4 b loc_81374CCC
seg006:81374CC8 # ---------------------------------------------------------------------------

seg006:81374CC8
seg006:81374CC8 loc_81374CC8: # CODE XREF: main+FD8j
seg006:81374CC8 # main+FE8j
seg006:81374CC8 bl BS2Entry
seg006:81374CCC
seg006:81374CCC loc_81374CCC: # CODE XREF: main+FF0j
seg006:81374CCC addi %r5, %r29, 0x504
seg006:81374CD0 addi %r3, %r13, -0x7B2C
seg006:81374CD4 li %r4, 0x816
seg006:81374CD8 crclr 4*cr1+eq
seg006:81374CDC bl OSPanic
seg006:81374CE0 addi %r11, %sp, 0x130+arg_0
seg006:81374CE4 bl _restgpr_22
seg006:81374CE8 lwz %r0, 0x130+arg_4(%sp)
seg006:81374CEC mtlr %r0
seg006:81374CF0 addi %sp, %sp, 0x130
seg006:81374CF4 blr
seg006:81374CF4 # End of function main

Then you should have thought twice about buying it. And get rid of the software, just in case.

There was no reason for me to think about it twice, savemii was a nice thing as a product and it was what I needed... Still it has value in it, now though very little.... For software, I'll consider stopping usage... for that of course first I need an unbricked wii...
For those 1000pcs on production I suggest you to enhance the design of the fpga chip at least and add more value in it so you can easily sell them off... though I think you should have done that from the start...

Any. Unless we've missed something, once you're in recovery mode, there's no way of getting that error code to even run. And I don't think it can happen during initialization, before recovery mode runs. Heck, it doesn't even initialize the normal graphics system. And if I'm wrong, feel free to correct me and help the community. This isn't an exact science.

If you get to the version number screen and inserting a disc causes the error, then we've missed something.

I need to check that thoroughly in my disassembly, I don't remember what functions were called during the init phase, it may well be an issue with my modchip but I doubt it... yet it's now simple to check just patching the BS2IsDiagDisc function... What you are missing in your perceived order of things running in system menu is some functions are async and sets error statuses all around the place...
These error statuses are all checked and acted upon then in various places... For a "system files corrupted" brick, probably this is the case... I am not 100% sure yet it's easy to be proven...


QUOTEWhat? You don't know what you're talking about. I had a TEMPORARY patching system. Really just menuloader with a patch added to make all discs look like autoboot to the system menu. That doesn't help anyone avoid SaveMii, so you're wrong as to the reason why we didn't get around to releasing it. On the other hand, we're working on BootMii which makes SaveMii useless for those who install it, so you're entirely wrong on whether we'd help people avoid the need for SaveMii.

Bootmii is nothing for all those already bricked... right? So you took the same path as me and fiddled with an apploader... If you can patch diag disc check function then you can patch recovery mode check too... right?

QUOTE

Sure, some people have an infectus. And? You expect us to test every possibility? Sorry, that's not an option - there are thousands of ways of bricking a Wii. We tested common configurations, and didn't expect 2.x to have such a different recovery code. Sure, that was a mistake. Big deal. It still works with 2.x. You'd be entitled to some bitching rights if you had a bricked 2.x wii and SaveMii were useless, but sorry, that's not the case because it does work with 2.x.

I don't expect you to try every possibility... Remember you bashing other people that they are not testing their stuff? It's directed more at that...
And no there aren't thousands ways to brick the wii at least until someone decides to write malicious software for homebrewers... It's not the case currently... bricks can be classified into manageable groups... If you have an hardware unbrick means then you must (not you should) test if you are laying those cases out in diagrams detailing what it's good for...

 

[hetster]

Oh by the way, (backup loaders) waninkoko & wiigator could have easily SOLD this software instead of releasing it for ANYONE.....

remember what you get for FREE is for FREE.... please stop the bad comments and live with it*[/b]
Thankyou.

lol problem solved..create a marcan signed backup loader hard coded to the savemii and you'll sell them by the truck load lol.

seriously i cant see where the bitching is comming from. the ONLY reason to be in these forums is homebrew. the only reason there is homebrew is from groups like team twiizers. i'm pretty sure if 99% of the people here bought a shipment of things to help there friends out with their own money and then found out a way of doing it for free they would keep it quiet themselves. at least till they broke even..
but pointless blaming/flaming/bitching.. everyone now has 2 choices. either buy a gamecube pad or buy a savemii. luckily i havent bricked my wii but if it ever did i know which i would prefer to buy. not only would i have my wii fixed i would also have contributed to the main reason i'm here for homebrew.
also lets not forget that if it wasnt for homebrew there would be no wiigator/waninkoko loader (sorry marcan i know you dont want associating with it but its true lol). how else would you have spent that entire week a fortnight ago if you wasnt in here begging and pleading with wiigator to release his 0.3 to the public. or reading through 300+ pages of PLEASE RELEASE IT..
even if you think marcan doesnt deserve your money he still deserves your respect which doesnt cost a penny.

 

[djdynamite123]

I agree with Marcan, how can you NOT TRUST them etc, it shows that theyre are pretty guttted about this but bigger & better things hopefully to come from them

thanx again for all your work marcan & bushing!


Please stop the moaning, if you bought a savemii then good on you, saves opening your pad.....Remember WHOS FAULT FOR BRICKING YOUR OWN WII???/ certainly not mine or thers, but your OWN!

We all know team wiinja have let this be known at a BAD time, and it DOES make team tweasers look BAD, but theyre not... IT'S A FININCIAL JUNGLE OUT THERE MAN!!!!

these guys are normal workers and they do the wii homebrew in their own time, so if you DONT TRUST THEM - GO AND GET RID OF ALL WII HOMEBREW, AS THEY OPENED IT UP FOR EVERYTHING HOMEBREW WISE!!!!!!!!!!!!!

even if you think marcan doesnt deserve your money he still deserves your respect which doesnt cost a penny.

Agree 100% with giving them RESPECT!!!! please dont hate these guys, WHAT I HATE IS THE MOANING AND QUESTIONING OF THIS THAT AND THE OTHER regarding the BACKUP LOADERS....... LEAVE WANINKOKO & WIIGATOR TO IT, IF YOU ARE ANNOYED BY IT* SIMPLY BUY A MODCHIP THEN YOU KNOW EVERYTHING WORKS 100%

Please RESPECT all coders

 

[Patchanka]

Every time I read topics like this one, I'm more convinced that the Wii scene is more and more like a soap opera... When will we know if Waninkoko is really Marcan's half-brother?

 

[djdynamite123]

Every time I read topics like this one, I'm more convinced that the Wii scene is more and more like a soap opera... When will we know if Waninkoko is really Marcan's half-brother?

LOL LOL HAHAHAHAH
he isn't lol they know eachother well though, Marcan tought Waninkoko most of his stuff,
Marcan is probably the most KNOW IT ALL wii tech around
Just the fact Marcan doesnt like thing things Waninkoko does & releases....

Thanx to all Wii Coders!!! Nothing but Respect to ya all!

 

[Gnac]

Just tried this out of curiosity with some spare parts and a rarely-used controller. I snapped off the little nubbin from the bottom of the D-pad to allow the whole thing to be pushed down, plugged it into controller port 4, and I can now marvel at a black screen with 3.3(EUR) in the bottom right!

...Not that I'll need this, as I don't mess with WADs.

 

[djdynamite123]

Right without a modchip, say your on 3.3 or 3.2 without starfall and use this 4 button savemii from gcpad, does it recover from a banner brick, can you load up your TP hack save and run boot.dol of manager or file manager or whatever?
As im sure people say it FREEZES?

 

[joda]

As a sidenote: Wohee, got my SaveMii from OzModChips in the mail (from down under to Sweden!) today. Even if I hopefully don't have to use it other than for playing with, I'm happy I bought one. It will make a good buddy with my old original 1st batch natrium42 PassMe. Since a lot of homebrew devs don't accept donations, this is the least I can do.

Keep up the good work, and know that most of us appreciate what you do, which we neither have time nor knowledge enough for ourselves. Looking forward to BootMii, when it's done.

 

[marcan]

And here is part of the code block you depicted...
seg006:81374CB8 cmpwi %r0, 0xF
seg006:81374CBC bne loc_81374CC8
Congratulations, you can read two lines of asm code. That doesn't quite suffice to make the connection from a register compare to a pad read hundreds of instructions earlier in the sequence, especially considering that they don't share any stack offsets. Looking at the stack frame view might have helped, but I don't usually keep that view open in IDA.

For those 1000pcs on production I suggest you to enhance the design of the fpga chip at least and add more value in it so you can easily sell them off... though I think you should have done that from the start...
It's not an FPGA, it's a CPLD. 36 bits of register memory. We have three LEDs. What are we going to do, sell it as a debugging aid for BootMii problems (if the yellow light comes on, the SD card read failed)? Not very sellable. We don't even have an oscillator, so all actions have to be synced to requests from the console.

I need to check that thoroughly in my disassembly, I don't remember what functions were called during the init phase, it may well be an issue with my modchip but I doubt it... yet it's now simple to check just patching the BS2IsDiagDisc function... What you are missing in your perceived order of things running in system menu is some functions are async and sets error statuses all around the place...
These error statuses are all checked and acted upon then in various places... For a "system files corrupted" brick, probably this is the case... I am not 100% sure yet it's easy to be proven...
The "system files corrupted" crap is part of the C++ framework that comprises the system menu GUI and which starts at mainmenu(), which is normal mode. None of that crap runs in IRD mode. It's a stupid simple main routine which calls the BS2 state machine functions. I highly doubt BS2 cares to initialize the C++ framework to display an error message (and, as you say, most of it is async, so it couldn't anyway).

Bootmii is nothing for all those already bricked... right? So you took the same path as me and fiddled with an apploader... If you can patch diag disc check function then you can patch recovery mode check too... right?
Wrong, because once the BS2 state machine is running it's too late to get into IRD mode. And I didn't fiddle with the apploader. It's our bog standard GPLed apploader with a special build of menuloader as the payload DOL.

QUOTE(WiiCrazy @ Nov 4 2008, 12:01 PM) I don't expect you to try every possibility... Remember you bashing other people that they are not testing their stuff? It's directed more at that...

Except here we're FIXING already BROKEN wiis (often broken by those "other people's" stuff).

QUOTE(WiiCrazy @ Nov 4 2008, 12:01 PM)

And no there aren't thousands ways to brick the wii at least until someone decides to write malicious software for homebrewers...

I beg to differ. There are tons of ways of fucking up your wii. It just happens that the vast majority of them can be classified into a small set of groups because it's the same people doing the same stupid shit over and over and over again.

 

[Simo75]

And a dance mat on gamecube controller port 4...mmmh...Will it work?