Hacking Testers needed #235

[sorgelig]

looks like this problem happened on 2xDOL games: first DOL is menu and second is game itself.
Probably, problem is in apploader which forcely reload IOS and thus erase information of selected ISO. As far as i understood, IOS249 doesn't preserve settings (like selected ISO) between reloadings, so even if game reloads IOS249, selected ISO get lost...

so, either IOS249 should save selected ISO ID in some non-touched place of RAM to catch it after reloading, or need to find the way how to prevent IOS reloading.

 

[WiiPower]

looks like this problem happened on 2xDOL games: first DOL is menu and second is game itself.
Probably, problem is in apploader which forcely reload IOS and thus erase information of selected ISO. As far as i understood, IOS249 doesn't preserve settings (like selected ISO) between reloadings, so even if game reloads IOS249, selected ISO get lost...

so, either IOS249 should save selected ISO ID in some non-touched place of RAM to catch it after reloading, or need to find the way how to prevent IOS reloading.

The apploader is executed inside the launcher(Gamma/SoftChip) and does NOT touch the IOS. It's the 1st .dol that loads the IOS and then the other .dol. And the IOS ID stuff is usb loader only related, where the bigger problem is to reinit the usb storage at all.

 

[sorgelig]

just tried WiiBlaster's trick with Mortal Kombat Armagedon - it works.
Since, there is no any meaningful code in original main.dol (only health splash and notifying about possible using different controllers), after replacing main.dol game is fully playable without any restrictions (saves configured in second dol).

probably most 2 dol games can be fixed this way. depends on how much functionality in first dol.

WiiPower,
is there a pattern to find place where first dol reloads IOS? i want to play with it.
I'm very suspicious about not touching IOS in apploader since this problem happens only in 2 dol games.
Do you know how to tell apploader to load specific dol instead of main.dol?

 

[sorgelig]

technically, it's possible to inject additional code into apploader since it's not changing in memory. So, this injected code will reinit usb storage with predefined game id and then will load requested dol.

i'm not good at ppc assembling, so need practice a bit...

 

[WiiPower]

[...]

WiiPower,
is there a pattern to find place where first dol reloads IOS? i want to play with it.
I'm very suspicious about not touching IOS in apploader since this problem happens only in 2 dol games.
Do you know how to tell apploader to load specific dol instead of main.dol?

Do you know more about apploaders? Did you look what SoftChip for example does with it? Init, get the stuff to load and then exits the apploader.

 

[wiiztec]

Why does it have to be the disc channel? You can play the game in SoftChip and Gamma, why not create the save with them? Is it different then? I doubt that, because it would be different too when using the usb loader.

Yea that should work also, just telling exactly what i done

That doesn't work the Wii won't let you copy a save file to the NAND untill you've used the disc to create a save file

 

[sorgelig]

no, i don't know much about apploader.
i'm just trying to analyze. Why single dol games don't reload IOS, while double dol games do?
I've asked you about IOS reloading code. Do u know pattern to find place where in dol reloading IOS?

 

[Slimmmmmm]

Why does it have to be the disc channel? You can play the game in SoftChip and Gamma, why not create the save with them? Is it different then? I doubt that, because it would be different too when using the usb loader.

Yea that should work also, just telling exactly what i done

That doesn't work the Wii won't let you copy a save file to the NAND untill you've used the disc to create a save file

You could get around that for games like that by installing a .tik with matching ID
(don't want people with no drive/broken drive to be put off

)

 

[wiiztec]

I tried to fix MoHH2 with WiiBlaster's method and wiiscrubber told me that it could not find the free space to replace main.dol

 

[wiiztec]

Neither Red Steel or Medal of Honor Heroes 2 work by replacing main.dol for MoHH2 I had to change the partition size in order to replace it with RS I didn't but they both just hang at when trying to load them with a USB Loader

 

[WiiBlaster]

Neither Red Steel or Medal of Honor Heroes 2 work by replacing main.dol for MoHH2 I had to change the partition size in order to replace it with RS I didn't but they both just hang at when trying to load them with a USB Loader

Well i'm pretty sure it wont work for every game that does't work on the USB Loader, but only a few games, the only two games i've tried is MP1 and MK yea Sorg you beat me to it.lol most of the other games i dont have to try, But hopefully people can play around with it alittle more, Though i really would like to see a USb Loader fix instead of touching the ISO

 

[sorgelig]

i've used Mortal Kombat since its first dol is simple and strightforward.
i've located the part where first dol makes some exception. It's right after loading second dol through apploader and getting entry point. First dol passes execution to ep address of second dol and at this point wii reboots. Too bad i have no USB Gecko and can not check registers. I'm not sure if something happens on loading stage of second dol and instead of file, some garbage loaded, or second dol has some problem at start.
I've disabled IOS reloading but there is no changes in behaviour. I think, there is some problem with disk authentification from inside game.

Or may be USB loader doesn't set some memory locations to correct value and thus re-authentification (or simple using of apploader) crashes the game. - I think this thing should be researched more. USB gecko is required here

So, here i'm stuck without USB Gecko...
If somebody experienced enough in using USB gecko (to debug, dump memory) want to help - let me know.

 

[WiiPower]

I think even with IOS reload it won't work, because around the IOS reload i expect some subsystem shutdown and init code. Once the usb storage is shutdown, you need to reinit it. And according to Waninkoko it's only possible from ppc and not from arm. Did you test if the IOS reload is really blocked by testing with a burned disc? (and compared to a not patched burned disc of course) Or just to test if there are any other sideeffects.

 

[sorgelig]

WiiPower,
there are many "traps" in code. Almost after every system function, there is check for success. If not succeed, then reboot. So, i tracked code using some tricks, and i'm 100% sure that reboot happens on second dol entry point jump. It means all those checks after IOS reloading, closing and opening partitions, loading apploader and then second dol - everything passes with success. There is subroutine which closes existing partition, re-loads IOS, opens partition again. I disable this subroutine and nothing changes. The same reboot on second dol's EP jump.
If i could have chance to look at registers on some stages, then probably i could understand where is problem. First dol often gets some info from -0x8000 address. I don't know what is on that high address.