Hacking Smash Stack PAL/Korean

[XFlak]

Im interested to know what your "003 fix" application is that you run from HBC.

Is that an application to remove the korean key from the eeprom?

Someone please correct me if I'm wrong...

First, u would autoboot the smash bros game (avoiding the system menu), and from there launch the exploit, use it to load up w/e homebrew u want to use to install a system menu and/or system menu IOS (ie. MMM), then from there, either install a non-stubbed IOS60 and 4.1 System menu IOS, or just install IOS60v6174 to slot 70 or 80 for 4.2 and 4.3 wii's respectively (these WADs are available in ModMii's download page 1, but u can easily change the slot yourself if u prefer)

 

[Hozu]

Thank you for releasing this. Even though I have no use for this myself I think it's totally unfair for people to jack up the price on the few games that can be used to begin hacking a Wii outside NA and Japan. Now they can't do such a thing anymore.

 

[DeadlyFoez]

http://gbatemp.net/t281361-smashstack-pal-kor

Im interested to know what your "003 fix" application is that you run from HBC.

Is that an application to remove the korean key from the eeprom?

There is no homebrew software that exists to do any writing to the eeprom. All the people that I have chatted to about that in the past are not caring to take the time to do it or don't want to risk a wii... even if it is my wii that is being risked. Marcan knows the code to do it

 

[Bad_Ad84]

I have a spare Korean board that I have dedicated to science with daco (priiloader dev), I have been testing things as he tries them. The code to read the eeprom is in the ftpii sources, so we have been working from there.

Just figured if giantpune had already done it, there was no point duplicating the work.

my comment about his "003 fix" application is based on what I saw in this video - http://www.youtube.com/watch?v=g8sQzgRhuko...player_embedded

 

[nobody_tw]

Confirm SSBB-KOR exploit works .

Great Job , giantpune !!

you should not post the files to tvgzone
giantpune ask that you please do not rehost them elsewhere, but instead link people back here.
(http://giantpune.zzl.org/smashStackPK.html)

you still host the files on tvgzone, although you add the link.
If you have communicated with giantpune and got his perrimision, I am sorry for writing this.
we should respect the auther's right. we all love giantpune.
we should be honest to everyone in the world!!

 

[DeadlyFoez]

Get ahold of marcan if you can. I doubt he will care much because he doesn't do anything with the wii anymore as far as I know. But if you guys do happen to come up with some working code that needs to be tested then I will be alright with risking a few wii's on it.

But unfortunately, since the wii's jtag points are grounded out, if something does not work right then the wii is dead without any conventional or easy way to repair it.

I was actually wanting to see if I can find a ZIF socket to put on my wii mobo. If there is in fact some JTAG points, and if in fact they are grounded out then it would most likely be grounded on the motherboard. So if that is really the case then the jtag should be ungrounded and available when Hollywood is removed from the board. But then that brings up a whole other world of issues.

 

[Bad_Ad84]

I have removed the hollywood chip and refitted it before - I also have a $2200 IR BGA rework station (admittedly, I'm still learning how to use it effectively and killed 2 boards out of 3 attempting it).

If someone knows the pinsfor jtag (or if the eeproms pins are wired externally to any of the pins?, tho id imagine its all internal) I could test that.

I may see if I can place a hollywood chip with boot1 vuln from a dead motherboard onto a newer board that is bricked (and therefore cant be flashed).

 

[DeadlyFoez]

I have removed the hollywood chip and refitted it before - I also have a $2200 IR BGA rework station (admittedly, I'm still learning how to use it effectively and killed 2 boards out of 3 attempting it).

If someone knows the pinsfor jtag (or if the eeproms pins are wired externally to any of the pins?, tho id imagine its all internal) I could test that.

I may see if I can place a hollywood chip with boot1 vuln from a dead motherboard onto a newer board that is bricked (and therefore cant be flashed).

Your only issue with trying that might come from how many of the newer boards (the lu64+ boards) have a smaller starlet and most likely a different pinout to starlet. The old hollywood may not be compatible to the newer starlet. It's worth a shot to try it though if you got the boards to play with and the tools to do it.

Bushing posted up a image of the hollywood pinout and what components each solder pad led to. There were quite a bit that weren't labeled, so that could at least be a good starting point. I'll try to find the image for you.

 

[Bad_Ad84]

I thought about that too, however the hollywood chip seems the same across models - I don't think pin out will be an issue on the hollywood chip itself as I doubt it changed.

What I suspected would be the issue is the boot1 revision - apparently they vary (i.e. 1a vs 1b and 1c vs 1d) to cater for different RAM chips etc, so it might cause instability? Again, picked up from bushing's blog and wiibrew pages.

 

[Ace Overclocked]

i can finally mod my wii without losing another 40 euro YAY
i'll have to borrow my best friend's brawl though

 

[Bad_Ad84]

Your only issue with trying that might come from how many of the newer boards (the lu64+ boards) have a smaller starlet and most likely a different pinout to starlet. The old hollywood may not be compatible to the newer starlet.

Also, I think you are talking about broadway being smaller on newer boards? Starlet is a core within the Hollywood package.

 

[DeadlyFoez]

Your only issue with trying that might come from how many of the newer boards (the lu64+ boards) have a smaller starlet and most likely a different pinout to starlet. The old hollywood may not be compatible to the newer starlet.

Also, I think you are talking about broadway being smaller on newer boards? Starlet is a core within the Hollywood package.

My bad. Brainfart.

But yeah, you got my point about it.

SO here's is bushing's flickr directory. http://www.flickr.com/photos/bushing/page13/

The image that I was mentioning is at the bottom, but there is plenty of other great detail in the other pics too.

Other good info: http://wiibrew.org/wiki/Hardware/Hollywood_GPIOs

Funny enough, I had found pics of bushing sanding down the PCB to image the conductive layers. I didn't see the images of the other conductive layers, just the WIP. But funny enough what type of extent that man will go to to reverse engineer something.

Ahh, here we go. LMAO. http://www.flickr.com/photos/bushing/3889615636/

 

[woffi63]

GREAT JOB !!!! @ giantpune

I've tested the Stack w/o save on PAL ....... and what should i say............IT WORKS!!!!!!!!
My first 4.3 Wii with Homebrew!


I love you giantpune

 

[XFlak]

I love you giantpune

Who doesn't love giantpune? Giantpune is one of my favourite things people in the world!

 

[DeadlyFoez]

I love you giantpune

Who doesn't love giantpune? Giantpune is one of my favourite things people in the world!

Same reason why I love yo momma.