Hacking System Menu questions/thoughts

[ether2802]

the thing is that we need a kind of Starfall that do the patches on the fly, yet it start at the moment SysMenu start too...!!!

EDIT: In fact we need Starfall to work wih this DIP7'd SysMenu

 

[WiiBlaster]

Hea thats what i'm getting at a starfall like thing, to make it easier for users to patch their system menu. That would fly alot better i think

 

[CIJC]

why didn't anyone think of this before? rofl.

starfall type app.

install, to softmod your wii.
run the app again to remove any patches at a later date.

would be SOOOOOO cool

 

[IronMask]

That was my intentions entirely. Just hope we have someone that can do it. Damn I wish I could figure out devkitpro and the like.

Hopefully after this we can zip a pack up of everything one needs to do it and very cleanly explained instructions inserted. Because I am afraid that this is going to be the majoritized path for people running backups until cSM, etc. even this means not being able to public post the download links in the thread. IU know what everyone feels on that issue...so we can just continue to distribute things the way they've already been going...

So if and when the test needs to be done.... I'm strapped.

 

[digitydogs]

I was actually thinking about the patch route myself. We will have to make three seperate patches though, one for each region.

 

[CIJC]

and make sure to put it in bold, that you have to install the correct region. some people are sooooo dumb.

 

[djdynamite123]

and make sure to put it in bold, that you have to install the correct region. some people are sooooo dumb.

They know what the consequences are....Fuck em...Time & Time again, someone jumps into the deep end, and BAM No my wii is buggered...erm answer? Slow does it!

 

[seb77]

I was actually thinking about the patch route myself. We will have to make three seperate patches though, one for each region.

That was my first tough but finally I don't think we need a different SysMenu for each region settings. Because the hex change final result is the exactly same for all region.

Look at it:

Jap Region patch
Old Code 0x2C, 0x1B, 0x00, 0x00
New Code 0x60, 0x00, 0x00, 0x00
NTSC Region patch
Old Code 0x28, 0x1B, 0x00, 0x01
New Code 0x60, 0x00, 0x00, 0x00
PAL Region patch
Old Code 0x28, 0x1B, 0x00, 0x02
New Code 0x60, 0x00, 0x00, 0x00

And my PAL games display correctly because of my RGB cables. My TV do not support PAL signal. To test this i've started a PAL game with RGB cables and it displayed fine, unplugged cables and plug in normal cables and the image is in Black/White (PAL50) Format.

With my configuration i can load ANY backed up gamma compatible games with the disc channel, maybe more compatibility than gamma.

My configuration is:

NTSC 480i TV
NTSC Wii Running on 3.2U Multiple-cIOS
Starfall installed
Rebooter Channel installed (A black channel that reload the SysMenu onto region free mode)
Component/RGB video cables instead of normal RCA video cables (you can find those cables for 10$ or less)

Compatibility : Near 100%, only the out of region games that not contain any video code for other regions won't load. Maybe adding those codes to the unworking ISOs will do the job.


Its just a temporary solution. Not the one we are looking for but its noob friendly.

 

[Beatchu]

Can anyone PM a link to CIOSCORP

Thanks

 

[digitydogs]

yes but using the wrong region system menu for your console can result in brickage... anyway i have found the source to gamma and am looking at the following lines

static void __setappvideo()
{
switch(gameidbuffer[3])
{
case 0x50: // PAL default
writentsc_CC = 1;
rmode = &TVPal528IntDf;
break;

case 0x44: // PAL German
writentsc_CC = 1;
rmode = &TVPal528IntDf;
break;

case 0x45: // USA default
writentsc_CC = 0;
rmode = &TVNtsc480IntDf;
break;

case 0x46: // F (french PAL)
writentsc_CC = 1;
rmode = &TVPal528IntDf;
break;

case 0x4A: // JAP default
writentsc_CC = 0;
rmode = &TVNtsc480IntDf;
break;

case 0x58: // PAL X euro
writentsc_CC = 1;
rmode = &TVPal528IntDf;
break;

case 0x59: // PAL Y euro
writentsc_CC = 1;
rmode = &TVPal528IntDf;
break;

and then

VIDEO_Configure(rmode);
VIDEO_Flush();
VIDEO_WaitVSync();
if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();

/* read in Arena, FST, Max FST from DOL */
u32 arealow = *(u32*)0x80000034;
u32 areahigh = *(u32*)0x80000038;
u32 maxfst = *(u32*)0x8000003c;
u32 bi2 = *(u32*)0x800000f4;

if(writentsc_CC){
*(u32*)0x800000CC = 1;
}
else {
*(u32*)0x800000CC = 0;
}

if(forcedpal){
*(u32*)0x800000CC = 1; // color fix, values just reverse
}
if(forcedntsc){
*(u32*)0x800000CC = 0;
}

So it looks like setting 0x800000CC to 1 is pal and 0 is ntsc, now to figure out what rmode is changing and then we should be able to begin patching

 

[IronMask]

Magic time.

 

[seb77]

yes but using the wrong region system menu for your console can result in brickage...

Damn... yeah you're right lol didn't think to that

, i was focused only on the region hex mod hehehe

We need 3 different WADs like you said.

And we absolutely need to know if we can load the rescue menu to reinstall the v289 or whatever region version of 3.2 SM you have if the hex region free mod screw things and cause a corrupt SysMenu brick.

 

[digitydogs]

Honesty my thought was to also incorporate starfall's recovery menu option into the system menu/patch so that we end up with a region free forced video menu with recovery and autoboot. Anyone got the source to starfall handy? heh.
Strictly speaking these changes should be safe as they are already done on the fly without problems. Once we have bootmii or a preloader compatible with all systems we can simply have it load this new system menu packaged as a dol, and still have our original menu on system to revert to in case of errors. Bad thing is my wii is NTSC so i can't attempt this with preloader. Maybe fors would throw me an advanced copy of his loading system if i asked nicely
Recovery hooks used by gamma
0xA00100AC,0x5400073E,0x2C00000F

 

[Jizmo]

I found a link to the gamma rebooter with source... maybe we could take a look into it...

Gamma rebooter with source

I think the region free code should be in the relostub.* files

I think i need a devkitpro too hehehe...

Edit: A quick solution to Region free support is probably to install the rebooter channel. We could have a channel that reboot the console in region free mode. One little step to do to enable region free loading but its a non-permanent mod/patch.

You can already do this by loading up a non-autoboot gamma channel and press B.

 

[Jizmo]

.globl regionfreeusaÂÂÂÂÂÂÂÂ# r3 address
regionfreeusa:
ÂÂÂÂmtctrÂÂÂÂr4
ÂÂÂÂlisÂÂÂÂr6, 0x281B
ÂÂÂÂoriÂÂÂÂr6, r6, 0x0001ÂÂÂÂ# blr
findusa:
ÂÂÂÂlwzÂÂÂÂr5, 0(r3)
ÂÂÂÂcmpwÂÂÂÂr6, r5
ÂÂÂÂbeqÂÂÂÂwritenop1
ÂÂÂÂaddiÂÂÂÂr3, r3, 4ÂÂÂÂ# next word
ÂÂÂÂbdnzÂÂÂÂfindusaÂÂÂÂÂÂÂÂ# loop length
ÂÂÂÂbÂÂÂÂexitusaÂÂÂÂÂÂÂÂ# stop unhooked game hanging

writenop1:
ÂÂÂÂaddiÂÂÂÂr3, r3, 4ÂÂÂÂ# next word
ÂÂÂÂlisÂÂÂÂ r4, 0x6000ÂÂÂÂ# nop
ÂÂÂÂoriÂÂÂÂ r4, r4, 0x0000
ÂÂÂÂstwÂÂÂÂ r4, 0(r3)ÂÂÂÂ# result in r3
ÂÂÂÂdcbfÂÂÂÂr0, r3ÂÂÂÂÂÂÂÂ# data cache block flush
ÂÂÂÂicbiÂÂÂÂr0, r3
exitusa:
ÂÂÂÂblrÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ # return

diggitydoggs you're right. We need to permanently patch this section of the sysmenu --> 0x28, 0x1B, 0x00, 0x01 to this 0x60, 0x00, 0x00, 0x00

That's what the rebooter do.

We need someone who is able to include this little change into the sysmenu.wad and it should be permanently set to region free for PAL-NTSC-JAP consoles.

Do I hear an Echo.......??????????


hahahahaha

 

[seb77]

You can already do this by loading up a non-autoboot gamma channel and press B.

I know but with the Rebooter channel the process is automated...

1 little step to do and i have a PAL game that load from DC and display fine on my TV.

With a BL with a rebooter you have to start the channel AND press B = 2 Steps before loading a game.

And why should i have to start the BL channel to reboot the sysmenu and load the game from DC when i can load it directly from th BL ?!

Its like turning around...

I prefer my method until we find a coder to patch the sysmenu to region free

Edit: And damn... for less than 10$ you get RGB cables that add quality to your video signal and convert PAL signal to NTSC. 95% of my PAL games works from disc channel and display in NTSC without modifying the ISO ! No need to force anything

 

[Jizmo]

Honesty my thought was to also incorporate starfall's recovery menu option into the system menu/patch so that we end up with a region free forced video menu with recovery and autoboot. Anyone got the source to starfall handy? heh.
Strictly speaking these changes should be safe as they are already done on the fly without problems. Once we have bootmii or a preloader compatible with all systems we can simply have it load this new system menu packaged as a dol, and still have our original menu on system to revert to in case of errors. Bad thing is my wii is NTSC so i can't attempt this with preloader. Maybe fors would throw me an advanced copy of his loading system if i asked nicely
Recovery hooks used by gamma
0xA00100AC,0x5400073E,0x2C00000F

I don't like the idea of incorporating the starfall functions into the System Menu. I love starfall and Like haveing it sepereate. If you incorporate it into system menu you will lose your recovery ability because of a banner brick. At least it seems that way to me. Besides, preloaders are fun.

 

[digitydogs]

Honesty my thought was to also incorporate starfall's recovery menu option into the system menu/patch so that we end up with a region free forced video menu with recovery and autoboot. Anyone got the source to starfall handy? heh.
Strictly speaking these changes should be safe as they are already done on the fly without problems. Once we have bootmii or a preloader compatible with all systems we can simply have it load this new system menu packaged as a dol, and still have our original menu on system to revert to in case of errors. Bad thing is my wii is NTSC so i can't attempt this with preloader. Maybe fors would throw me an advanced copy of his loading system if i asked nicely
Recovery hooks used by gamma
0xA00100AC,0x5400073E,0x2C00000F

I don't like the idea of incorporating the starfall functions into the System Menu. I love starfall and Like haveing it sepereate. If you incorporate it into system menu you have lost your preloader because of a banner brick. At least it seems that way to me. Besides, preloaders are fun.

Not to be rude but that made no sense at all! incorporating starfall has nothing to do causing a banner brick. And although im not sure but i have a feeling any changes made to the system menu will preclude preloader from running do to menu comparison checks.

 

[FRanatic]

@FRANtic.. your avatar definately zoned me out in this thread this morning!

Where's my x-ray spectacles at?

Happened to me too when I stumbled upon it yesterday night. After staring at it for a few minutes, I immediately grabbed it and put it on here !

Enjoy once more....

 

[WiiCrazy]

.globl regionfreeusaÂÂÂÂÂÂÂÂ# r3 address
regionfreeusa:
ÂÂÂÂmtctrÂÂÂÂr4
ÂÂÂÂlisÂÂÂÂr6, 0x281B
ÂÂÂÂoriÂÂÂÂr6, r6, 0x0001ÂÂÂÂ# blr
findusa:
ÂÂÂÂlwzÂÂÂÂr5, 0(r3)
ÂÂÂÂcmpwÂÂÂÂr6, r5
ÂÂÂÂbeqÂÂÂÂwritenop1
ÂÂÂÂaddiÂÂÂÂr3, r3, 4ÂÂÂÂ# next word
ÂÂÂÂbdnzÂÂÂÂfindusaÂÂÂÂÂÂÂÂ# loop length
ÂÂÂÂbÂÂÂÂexitusaÂÂÂÂÂÂÂÂ# stop unhooked game hanging

writenop1:
ÂÂÂÂaddiÂÂÂÂr3, r3, 4ÂÂÂÂ# next word
ÂÂÂÂlisÂÂÂÂ r4, 0x6000ÂÂÂÂ# nop
ÂÂÂÂoriÂÂÂÂ r4, r4, 0x0000
ÂÂÂÂstwÂÂÂÂ r4, 0(r3)ÂÂÂÂ# result in r3
ÂÂÂÂdcbfÂÂÂÂr0, r3ÂÂÂÂÂÂÂÂ# data cache block flush
ÂÂÂÂicbiÂÂÂÂr0, r3
exitusa:
ÂÂÂÂblrÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ # return

diggitydoggs you're right. We need to permanently patch this section of the sysmenu --> 0x28, 0x1B, 0x00, 0x01 to this 0x60, 0x00, 0x00, 0x00

That's what the rebooter do.

We need someone who is able to include this little change into the sysmenu.wad and it should be permanently set to region free for PAL-NTSC-JAP consoles.

Do I hear an Echo.......??????????


hahahahaha


No 0x281B0001 is the compare instruction, you should patch the instruction one below that...
bne loc_81377AC4

here is the related system menu code... 0,1,2 each one corresponds to a region... you should only patch the related bne (branch not equal) instruction...

CODE

.data1:81377A94 # ---------------------------------------------------------------------------
.data1:81377A94
.data1:81377A94 loc_81377A94:ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ # CODE XREF: sub_81377198+8E8j
.data1:81377A94ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ cmpwiÂÂ %r27, 0
.data1:81377A98ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ bneÂÂÂÂ loc_81377AC4
.data1:81377A9CÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ liÂÂÂÂÂÂ%r0, 1
.data1:81377AA0ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ bÂÂÂÂÂÂ loc_81377AC8
.data1:81377AA4 # ---------------------------------------------------------------------------
.data1:81377AA4
.data1:81377AA4 loc_81377AA4:ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ # CODE XREF: sub_81377198+8DCj
.data1:81377AA4ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ cmplwiÂÂ%r27, 1
.data1:81377AA8ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ bneÂÂÂÂ loc_81377AC4
.data1:81377AACÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ liÂÂÂÂÂÂ%r0, 1
.data1:81377AB0ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ bÂÂÂÂÂÂ loc_81377AC8
.data1:81377AB4 # ---------------------------------------------------------------------------
.data1:81377AB4
.data1:81377AB4 loc_81377AB4:ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ # CODE XREF: sub_81377198+8F8j
.data1:81377AB4ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ cmplwiÂÂ%r27, 2
.data1:81377AB8ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ bneÂÂÂÂ loc_81377AC4
.data1:81377ABCÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ liÂÂÂÂÂÂ%r0, 1
.data1:81377AC0ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ bÂÂÂÂÂÂ loc_81377AC8
.data1:81377AC4 # ---------------------------------------------------------------------------