Hacking System Menu questions/thoughts

[Jizmo]

Ok, now that I'm starting to be convinced modifying system menu is the answer..... I'm gonna propose a small side project till the resources to attack the Sys Menu are ensembled. How about we make a channel just like Menu Patcher Channel except is uses The code from Rebooter/GeckoS. That way we would have full native region support at boot, and a simple way to enable out of region to the disc menu also. That way at least we wouldn't have to load Gamma or GeckoS and step through a bunch of options (actually I think you can just load gamma and press B but for some reason seems clunky). Or does that sound like too much work for what it's worth? I really liked using Menu Patcher!!!!! One of the benefits of it would be that if you put a disc in and it doesn't show up natively in system menu, then you would just do a simple channel start to enable it. If it then didn't show up, you would know you have a decrypted disc. (and properly eliminate it from your library!) sorry i got a thing about those now.

EDIT: Scratch that whole idea, it's just as easy to use a non-autoboot launcher and just press B for same results. Only takes a couple seconds longer. I hadn't realized I no longer needed an autoboot launcher.

 

[seb77]

Maybe we could use WiiMU source and add a region free option ... In that way any kind of backup could load from it.

WiiMU - An open source Wii Menu replacement by SquidMan and crediar

Edit: Nevermind... it has to be loaded from HBC or on an autoboot disc. Having to swap discs is annoying...

We need to know how the rebooter apply a patch to Sys Menu and do a permanent mod from it.

Also we need to know if the rescue menu load when the sys menu is corrupted by a bad sysmenu.wad installation. For future testing purposes... we could use the 3.2U System Menu ISO to recover from a bad try.

 

[digitydogs]

Still waiting for a reply from wii or wan on the region issue. Don't let this thread die because of the other one, there is still work to do

 

[digitydogs]

Does anyone have a link to the menuloader source. I don't feel like going through the hassle of translating technoconsolas and creating a login to d/l it, but want to examine it to figure out the region free on the fly patching wan uses and see about permanently incorporating it

 

[Jizmo]

OK GUYS..... GUESS WHAT!!!!!!!!!! I've figured out the set of tools that will make this work. The only thing we need to do is figure out how to make menu loader execute without user input and to have some setting turned on. I'm gonna write my proof of operation report right now and it will take about 10 minutes to write up how i confirmed this will work. Check back at about xx:45 for the report.

BRB....

 

[DJPlace]

damn we have to wait... oh well the only reason i want this is so i can install a save with the save game installer and also use the exactorer.

 

[Jizmo]

First of all here is how i got to trying this method....

I kept saying we need that rebooter code implemented (menu patcher not working after all) but was assured it wouldn't work because if the system menu isn't loaded there is nothing to patch. Waninkoko said so himself!

Then somebody mentiond Menu Loader, so I checked it out and it seemed nice and streamlined but I was assured it would not work preloaded either.

But being stubborn that I am, and knowing this wasn't written by Wanninkoko, but by Marcan and Bushing I did this.......

1: Turned Off Wii

2: Unpluged Wii

3: Insert Gamecube dancepad into port 4 to do a recovery menu boot.

4. Insert Twilight Princess disk

5. held down all 4 directions. Wii booted in recovery mode and loaded Twilight Princess

6. performed the TP hack

7. wii booted menu loader off SD

8. i set region free and some other options on

9. launched system menu from there

10. removed Twilight Princess disc

11. inserted Boom Blox NTSC Backup, it appeared in Disc Channel

12. removed Boom Blox

13. inserted Skate It PAL Backup, it appeared in Disc Channel

14. launched Skate It from disc channel and it loaded and worked perfect.

***** Note that at no time during the process was System Menu loded until after menu loader.

15. repeated whole procedure with a different PAL game. worked exactly the same.


SO......... I'm about 99% sure that menu loader will launch ok from preloader........ who's ready to test?????

and if that works then it looks like eliminating the user input of menu loader is the only problem. What do you think?

 

[digitydogs]

I just grabbed the source for menu patcher from waninkoko. Looking through it now to see what is patched to enable the region free loading... will report back if i make any breakthrough...

Looks like its time for me to grab devkit finally. The patches aren't that big at all....

Jap Region patch
Old Code 0x2C, 0x1B, 0x00, 0x00
New Code 0x60, 0x00, 0x00, 0x00
NTSC Region patch
Old Code 0x28, 0x1B, 0x00, 0x01
New Code 0x60, 0x00, 0x00, 0x00
PAL Region patch
Old Code 0x28, 0x1B, 0x00, 0x02
New Code 0x60, 0x00, 0x00, 0x00
So all this time thats the code we need to change in the system menu.... is it really that simple?

 

[Jizmo]

I just grabbed the source for menu patcher from waninkoko. Looking through it now to see what is patched to enable the region free loading... will report back if i make any breakthrough...

Looks like its time for me to grab devkit finally. The patches aren't that big at all....

How about disassemble menu loader and replace user input with defined varaiables.

 

[digitydogs]

searching for source code on forcing video modes now... will update this post with code when i find it. Will then attempt to compile a new sysmenu with forced video for each region unless someone experienced with devkit offers to do it.

 

[Jizmo]

I just grabbed the source for menu patcher from waninkoko. Looking through it now to see what is patched to enable the region free loading... will report back if i make any breakthrough...

Looks like its time for me to grab devkit finally. The patches aren't that big at all....

Jap Region patch
Old Code 0x2C, 0x1B, 0x00, 0x00
New Code 0x60, 0x00, 0x00, 0x00
NTSC Region patch
Old Code 0x28, 0x1B, 0x00, 0x01
New Code 0x60, 0x00, 0x00, 0x00
PAL Region patch
Old Code 0x28, 0x1B, 0x00, 0x02
New Code 0x60, 0x00, 0x00, 0x00
So all this time thats the code we need to change in the system menu.... is it really that simple?

my concern with this is that Menu Patcher doesn't work with the current CIOSCORP setup. The Rebooter portion of Gamma, Menu Loader, and GeckoOS 1.7b all do. You should probably compare those sections with code form the others a bit. Or put Waninkoko's cIOS36r7 at IOS30 if necessary.

 

[bp2000]

i want to delete cioscrop can i just update

 

[ether2802]

You're really breaking this thru guys...!!! have fun

yeah just update ^^^^

 

[digitydogs]

i won't be using menupatcher. The reason the app fails is it checks size of IOS's before doing anything with the changed ones it fails for safety reasons. The actual code in the sysmenu is still the same. Therefore replacing the code will have the desired effect as it doesn't actually rely on the IOS, just uses wan's r7 code to institute the patch in memory. Since we arn't patching in memory but in the actual system menu we should be fine.

 

[Jizmo]

i want to delete cioscrop can i just update

I believe you can update or you can just overwrite the cIOS with your original IOS wads.

 

[digitydogs]

either way will work, but if you update you will have to re-enable truncha signing etc again

 

[Deleted User]

I just grabbed the source for menu patcher from waninkoko. Looking through it now to see what is patched to enable the region free loading... will report back if i make any breakthrough...

Looks like its time for me to grab devkit finally. The patches aren't that big at all....

Jap Region patch
Old Code 0x2C, 0x1B, 0x00, 0x00
New Code 0x60, 0x00, 0x00, 0x00
NTSC Region patch
Old Code 0x28, 0x1B, 0x00, 0x01
New Code 0x60, 0x00, 0x00, 0x00
PAL Region patch
Old Code 0x28, 0x1B, 0x00, 0x02
New Code 0x60, 0x00, 0x00, 0x00
So all this time thats the code we need to change in the system menu.... is it really that simple?

my concern with this is that Menu Patcher doesn't work with the current CIOSCORP setup. The Rebooter portion of Gamma, Menu Loader, and GeckoOS 1.7b all do. You should probably compare those sections with code form the others a bit. Or put Waninkoko's cIOS36r7 at IOS30 if necessary.

Wait.
So menu patcher uses the same method as syndicates regionfrii, except does it on the spot?

 

[mestapho]

i want to delete cioscrop can i just update

LOL!! He writes a horrible guide then comes here to

find out what anyone who has been following this

thread should know. Biggest self pwnage I've seen in

a long time.

Classic.

Oh yeah. Read your guide for directions.

 

[digitydogs]

that would allow any disc to be loaded though the video mode would remain the discs. so those with tvs that dont do both pal and ntsc would still have video issues but games would show in disc channel and load. I'm trying to figure out what is patched to change video modes, but having a hell of a time finding the source for wiifrii or video mode changer. If anyone has the source to these laying around please PM them to me. The wiifrii source link on wan's site is invalid, and i cant find a copy anywhere else.

i want to delete cioscrop can i just update

LOL!! He writes a horrible guide then comes here to

find out what anyone who has been following this

thread should know. Biggest self pwnage I've seen in

a long time.

Classic.

Oh yeah. Read your guide for directions.

Now Now hes already been reamed out by me and others. No need to add insult to injury, heh

 

[Jizmo]

that would allow any disc to be loaded though the video mode would remain the discs. so those with tvs that dont do both pal and ntsc would still have video issues but games would show in disc channel and load. I'm trying to figure out what is patched to change video modes, but having a hell of a time finding the source for wiifrii or video mode changer

Posts merged

i want to delete cioscrop can i just update

LOL!! He writes a horrible guide then comes here to

find out what anyone who has been following this

thread should know. Biggest self pwnage I've seen in

a long time.

Classic.

Oh yeah. Read your guide for directions.

Now Now hes already been reamed out by me and others. No need to add insult to injury, heh

I felt so sorry for the guy (he was just trying to be helpful) that I sent him a PM pat on the shoulder. And that was long before this shot.

You guys are brutal!!