Endless Paradigm

Full Version: [How To] Hack your Nintendo Wii 2.0
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello and welcome to YoYo's latest guide, today I will be covering information on soft modding your Nintendo Wii.  These soft mods will allow Wii users to run Homebrew game's and applications on a unmodified Nintendo Wii.  I am going to try my bet to make this guide as easy to follow as I can.  

[EP UPDATE] Hahaha, I wrote this guide last year when I kinda started that Wii-station site that failed greatly.  I always planned on posting it on here on EP but never got around to it, and now that wiistation is closed this guide shouldn't go to waste so I have updated it with the latest info on how to hack your Nintendo Wii.  With the Wii hacking scene BOOMING now with hacks like BootMii, USB loaders, Bannerbomb ect. Wii hacking is only getting easier and safer.  So yeah I thought I would share some Wii knowledge with the EPeople.  I am also updating this with the latest way to soft mod your Nintendo Wii using Comex's BannerBomb exploit that works with all current Wii firmwares.  I am just going to quote the guide from WiiBrew.org because the hack installation is very easy and WiiBrew explains it the easiest, and if I were to write it myself it would pretty much be the same so yeah :P  So thanks to them.


Spoiler for WiiBrews Guide for BannerBomb:
Bannerbomb is an exploit capable of launching homebrew from any version of the System Menu. It was created to replace the Twilight Hack, which does not work on System Menu 4.0.

The exploit works by using a malformed banner to crash the Wii and run code to load the boot.dol placed in the root of the SD card. It can be used to install the Homebrew Channel, DVDx and the BootMii public beta via the HackMii Installer


Downalod BannerBomb here

    *  For the first time, try "aad1f_v108.zip"
    * If that doesn't work, continue on to "aad20_v108.zip", etc.


  What you need

    * SD (or SDHC if you're running System Menu 4.0) card formatted as FAT16 or FAT32.
    * SD card reader for PC or a PC with one built-in
    * Bannerbomb channel data
    * Some homebrew to load


Guide

   1. If your SD card has a private directory, rename it temporarily, e.g. to "privateold". Having other saved channels on the same card will screw it up. (Also, if you don't have any channels on the SD card already, it's possible to skip this step so you can keep saves on your SD card)
   2. Copy the Bannerbomb "private" folder to the root of your SD card.
   3. Take your Wii executable, name it "boot.dol" or "boot.elf" if it isn't already, and save it in the root directory of your SD  card.

   4. Put your SD card in your Wii and turn it on.

   5. Go into Wii Options -» Data Management -» Channels -» SD Card.

   6. A message should appear asking to "load boot.dol/.elf". If it freezes or does not appear, download the next .zip file from the Bannerbomb website and start over.

   7. The homebrew on your SD card will load. Enjoy!

   8. (Optional) Fill out Comex's survey on the Bannerbomb website.

-----------------------------------------------------------------------------------------------------------------------

  Troubleshooting

Please note that Bannerbomb does not work for everyone at this time.

If your Wii freezes while trying to use Bannerbomb, follow these diagnostics:

    * Make sure you're not trying to use the SD Menu on System Menu 4.0 (the little blue SD card button in the lower left).
    * Check that you pressed the Channels button in Data Management.
    * Make sure that Bannerbomb is the only channel on the SD card.
    * Try a different version of Bannerbomb. Most people should be able to use aad1f, but some might need another version.

Bugs

    * If it gives you the dialog but freezes instead of loading the dol, email Comex ( comexk @ gmail dot com ). Tell him where it froze and whether or not the slot light is on. You might also try removing the disc.
    * If you press "no" when it asks you whether you want to load a dol then it might freeze.
    * It is possible to press the back button "under" the dialog.

Changelog

v104

    * Message "Load /boot.dol?" changed to "Load /boot.dol/elf?"

v103

    * Added some stuff that may or may not help with stability.

v102

    * First public release

Credits

    * bushing, dhewg, segher, etc.
    * CaitSith, Artik and everyone else who tested
    * and last but not least, Igglyboo for testing over 9000 zips for Comex

Thanks to WiiBrew for the great guide and thanks for letting me copy/paste this :P

Spoiler for YoYo's Twiight Hack Guide:
First things first.  your going to need to know somethings.


Q - What is the Twilight Hack and how does it work?

A - The Twilight Hack is currently the only safe, released way to run homebrew on an unmodded Wii.  The Twilight Hack works by employing a lengthly character name for the horse in the game ('Epona') in order to facilitate a stack smash. This gets triggered when talking to the man next to you when you start the savegame as he loads the name to use it in his dialog or upon attempting to enter the next zone, before the man talks to you and reminds you to go the ot"her way to get the horse.


Q - Does this hack work on the latest Wii firmware update??

A - Yes, So far it has been tested up to firmware 3.2 (Im almost sure that the latest update as of 3/21/08)

Q - How safe is the hack?

A The hack is as safe as it gets, the easiest and safest way to mod your Wii.



Now, Your going to need theses things.



[u]You will need


1. A Wii
2. a un-patched copy of The Legend of Zelda: Twilight Princess for Wii (The older, the better)
3. A The Legend of Zelda: Twilight Princess game save on your Wii, one that has been save at least once.
4. A SD card (No bigger then 2GB0 and a card reader on your PC (A way to get files from your PC to the SD card.)
5. The Twilight Hack
6. The Homebrew Channel or BootMii Installer
7. WinRaR (A program used to open and view the required files.
8. Required files (YoYo Wii Pack)


Ok, if you read the Q/A you should already know that The Twilight Hack works by using a modified Zelda TP  game save that installs files to you Nintendo that allows your Wii to run user made code (Homebrew)  

First thing you want to do is to check to see if you copy of "The Legend of Zelda: Twilight Princess" is even going to work, earlier made copy's of Zelda have a bug in the game that allows this to work, if you have a recently bought copy of Zelda, it's probably not going to work.  You want to find a old copy of the game, find a friend who has had the game for a long time or try renting it but you have to have a older copy (Un-patched) of the game.  You can find out the that disks work below.

Once you have downloaded the YoYo Wii Pack, you are ready to start.  Open the YoYo Wii Pack and inside you will see a RAR file called "Twilight Hack"  open it.   Inside this RAR you will see a folder named "Private" open it, Private/ Wii/title/  and then you will see 3 folders (rzde, rzdj, rzdp ) each of theses are the Twilight Hack but different regions, you must find out what region you Zelda disk is so you know what folder of the hack to use.  On the inner circle on the disk will be the region code of the disk.  Here below are inner disk numbers of the disk that work, your inner disk code must match one of theses region codes.

The inner circle code of the disk can be found here

[Image: Twilight_Serial.jpg]




               Region                    Inner circle text                    File                                        Save slot

Europe/Australia (EUR)          RVL-RZDP-0A-0 JPN                 /private/wii/title/rzdp/data.bin             Twilight Hack

Asia (JPN)                           RVL-RZDJ-0A-0 JPN                 /private/wii/title/rzdj/data.bin              Twilight Hack

America (USA)                     RVL-RZDE-0A-0 JPN                /private/wii/title/rzde/data.bin              TwilightHack0

America (USA)                     RVL-RZDE-0A-0 USA               /private/wii/title/rzde/data.bin              TwilightHack0

America (USA)                     RVL-RZDE-0A-2 USA               /private/wii/title/rzde/data.bin               TwilightHack2


The above list should be able to tell you what Disk you have and what Twilight Hack file to use, ok now to start.

You want to start by opening your SD card on your PC using your built in SD card reader or USB card reader, you will need to reformat (Erase everything from your SD card, so if you want to keep the files already on it, you will want to back up everything on the card to your PC) So, once you have your SD in your PC go to "My Computer" and you should see your SD card shown in "My Computer" as "Removable Disk (X:)    X being the letter your PC gave the SD card.  right click on the "Removable Disk" and go to "Reformat"  (Last chance to back up the data on your SD card) This then will erase everything on the card.  Once you have reformatted the SD card, you now need to copy the Private folder (Inside the Twilight Hack) to the root on your newly reformatted SD card, inside the "/private/wii/title/" needs to be the correct "rzde" or "rzdp" or "rzdj" file, depending on the inner circle code, will depend on the file that need to be in the "/private/wii/title/"

Once you have got the correct save file in "/private/wii/title/" put t your Sd card in your Wii and turn on your console.  Once it has booted, go to "Wii Options" then "Data Management" then "Save Data" then "Wii"  

When there, you should be viewing all of your Wii game saves, now locate you Zelda Wii save, and delete it. (You may want to pack it up to another SD card or your PC if you don't want to lose anything, this needs to be deleted so you can add the new modified Zelda game save)  Once you have deleted it from you Wii then, you want to go back to "Save Data" and switch to your SD card, if you have done everything right so far you should a a game save file that say Twilight Hack.  If you don't, go back and see what you have done wrong.  


Copy the Twilight Hack file from your SD card to your Wii.  Now.  Turn on your Wii and put in your copy of The Legend of Zelda: Twilight Princess.


Before running the hack, wee have to get the Homebrew Channel (Or BootMii installer) on your SD card so when the Twilight Hack runs, it will boot the Homebrew Channel installer, and then install the homebrew channel.  Open "YoYo Wii Pack" and inside you should see a RaR file that is called Homebrew channel, open it and inside you will see a folder called The_homebrew_channel, open it and inside you will find another folder called Homebrew channel something and a file called "boot.elf"  Forget about the Wiiload and drag and drop the "boot.elf" to your computers desktop.  Once you have the "boot.elf" on your desktop, put your SD card back in your computer and open it.  Drag and drop the boot.elf on the root of your SD card (The first screen that appears when you open your card) once you have the boot.elf on the root on your SD card you then can take the SD back out of your computer and put it back in your Wii.  NOTE, you can place a different "boot.dol" or "boot.elf" on the root on your SD card for example BootMii could be launched with the Twilight hack instead of HBC, BootMii can install the latest version of the homebrew channel, DVDX (Allows your Wii to play DVD Movie's) and BootMii al in one installer.  You can learn more about BootMii and how it works HERE  

Turn on your will and start you Wii, load Zelda.  Once the game has loaded you will have Link standing there at the beginning of the game, you can do 1 of 2 things to trigger the hack

1. Run up and talk to the man in front of you.

2. Run backwards.

Then you will see a line of code run down your screen (this is normal) and then it will boot to the Homebrew Channel Installer (This being the boot.elf that you placed on the root of your SD card.) READ THE DISCLAIMER! In the VERY unlikely case your Wii should be bricked by the installer, this will let you know where you stand in regards to Team Twiizers.  Follow the on screen instructions, and it will install the Homebrew channel.  Yahooo!  

You have soft modded your Nintendo Wii.  Please be sure to read the README of The Homebrew Channel below so you fully understand how to use it.

Spoiler for The Homebrew Channel README:

Code:
The Homebrew Channel
Beta 8
Wiibrew.org

2008/06/06

In this archive, you will find the following files:

* README.txt                    This file
* boot.elf                      Main channel installer
* wiiload/                      USBGecko / TCP loader client
*       win32/wiiload.exe           Precompiled binary for Windows
*       lin32/wiiload               Precompiled binary for Linux (x86)
*       osx/wiiload                 Precompiled binary for Mac OS X (Universal)
*       wiiload.tgz                 Source code

       Update instructions:
If you have previously installed The Homebrew Channel, you can update it. If
this is the first time you are installing it, see below for Installation
Instructions. The easiest way to update is using the built-in Online Update
functionality. Simply configure the WiFi network settings for your Wii for
proper Internet connectivity, and boot up the channel. If the connection is
established, you'll see an opaque white (not semitransparent) world icon
in the lower right corner, and an update prompt will automatically appear.
Accept it to begin downloading the update. If you cannot or do not want to
connect your Wii to the Internet, simply run the boot.elf file using any
homebrew booting method. For example, you can upload it using wiiload or
you can make a directory inside /apps (for example, /apps/Update) and copy
boot.elf there. Then, simply run it from the previous version of the channel.

       Installation instructions:

The suggested way to install the Homebrew Channel is by using Zelda: The
Twilight Pricess with the Twilight Hack, which is available at
http://wiibrew.org/index.php?title=Twilight_Hack.  After installing the
Twilight Hack savegame, format an SD card (as FAT16; must be <=2GB, non-SDHC)
and place the contents of this distribution in the root directory of that card.
Boot.elf must be in the root directory, and you must have a directory named
"apps" inside the root directory.  (You can delete the wiiload files from the
SD card, as they are not needed.)

Execute the Twilight Hack, and it will load and run boot.elf from the SD card.
You will be presented with a disclaimer screen about the dangers of installing
this hack (discussed here as well, below); follow the instructions.  After this
process has completed, you should have a new Homebrew Channel in your System
Menu.  You may safely delete the boot.elf file from the SD card; it is no
longer needed.

      Adding and customizing apps:

All user applications should be stored in their own subdirectory inside of
apps/; some examples have been provided.  Each subdirectory should have at
least three files; ScummVM will be used as an example.

* apps/ScummVM/boot.[dol|elf]   main executable to be loaded
* apps/ScummVM/icon.png         icon to be displayed in the Homebrew Channel
                                    Menu; should be 128 x 48
* apps/ScummVM/meta.xml         XML description of the channel.  This format
                                    will change for future releases of the
                                    Homebrew channel, but we will try to remain
                                    backwards-compatible.   See the included
                                    files for information on what data should
                                    be included in this file.

      Staying current with new releases:

Relax, you will not need to do anything to keep up with new releases of the
Homebrew Channel.  When a new version is available, a message will appear
giving you the option to download and install the new version, if your Wii
is configured to connect to the Internet.

      Uninstallation:

You may uninstall the channel as you would any other channel, by using the Data
Management screen of the Wii Menu.

***************************************************************

RISKS, CAUTIONS, and SYSTEM UPDATES:

Any persistent modification to your system (meaning, anything that does not go
away when you turn off your Wii) carries some inherent risk.  We have worked
hard to avoid this whereever possible, but we are unable to test all possible
configurations.

We do, however, believe that our channel is safer to install than any other
homebrew channel that has been released, and once you have installed it we hope
you will never need to install another!

A special note about System Updates:
The Homebrew Channel relies on certain security flaws (fakesigned TMD and
ticket) that may eventually be fixed in future versions of the Wii System
Software.  When these flaws are fixed, you may not be able to install this
channel for the first time.

It is not clear what will happen to users who have already installed this
channel.  We have done extensive simulation testing with the current System
Menu and the (currently dormant) IOS37, and we believe there is no danger to
your system, even if you upgrade.

That having been said, we are releasing this software to you in the hope that
you will find it useful.  We can not and will not offer you any warranty on the
functionality of this software, or its impact on your Wii System.   We have
made our best effort to ensure its safety and to honestly explain the risks
involved, but the decision (and responsibility) is ultimately up to you.

We recommend that you check for news at http://wiibrew.org about compatibility
with new Nintendo System Updates before installing them; we will test each
update as soon as it is publicly available, and will announce whether any
issues have been discovered.


Once you have the homebrew channel installed, you will have a new channel on your Wii system menu that is used to launch homebrew apps.  You can download The Homebrew Browser to download apps./games/emulators to the HBC.

Spoiler for BootMii Beta 1 info:
[Image: 72t99c.png]




FINALLY! After waiting for over a year Team Twiizers have released beta 1 of BootMii.
If you are a Wii user thinking of using BootMii should read everything and make sure you fully understand what your doing.   If your not a Wii user you should read it any way because it's a good read.  Enjoy

If you have not been following the HackMii blog, I have kept track of the entire thing and it can be found HERE or just go to http://hackmii.com





HackMii Wrote:BootMii beta 1
May 13th, 2009 by bushing · 41 Comments

Wee are proud to present HackMii Installer v0.1.  This is one executable that can install the Homebrew Channel and DVDX on any Wii, with any System Menu version.  It can be used with Comex’s BannerBomb on System Menu 4.0, or on our Twilight Hack on earlier versions, or through the Homebrew Channel or any other method to run homebrew software on your Wii.

For many people, that will be enough.  For the intrepid or foolish, HackMii Installer v0.1 can install BootMii Beta 1 on your Wii, either in front of boot2 or as an IOS.  Wee have put a lot of hard work into this software and believe it to be safe, but wee have only tested it on 10 Wiis.   Wee have written it so that it does extensive sanity checking before installing; as a result, the first beta will probably refuse to install on some Wiis (instead of running the risk of a broken install).

Ideally, wee would find another 50-100 beta testers and have them test it out before releasing it to the world at large.  Realistically, that doesn’t work; it’d land on gbafail in less time than it took us to compile it.   Besides, wee’re not trying to make this a release for “the kool kids”; wee want the people out there who can help us test and improve it to try it so wee can make it universally compatible and safe.

So, wee’ll do it like this.  Wee think BootMii is safe to install, but wee can’t promise there are no bugs in the installer.  Once you do get it installed, many features are incomplete and most users won’t even know why they bothered to risk their console.  For those who like to tinker, you’ll find an easy-to-use NAND backup/restore suite, a way to autoboot the HBC, and eventually a way to run arbitrary ARM or PPC code.  You will also find bugs — none of which should harm your Wii, but they might be frustrating.  Help us fix them.

To be perfectly clear — anyone can use this to install the Homebrew Channel and DVDX on their Wii.  Most people can safely install BootMii/IOS on their Wii, but it’s not very useful.  Many people can install BootMii/boot2, but an unforeseen bug could harm your Wii.

Please do not install BootMii unless you have been following our blog for a while and know what IOS is, what boot1 and boot2 are, etc.  If you’re curious, you can try anyway, but if you can’t figure out how to work this thing you should probably wait for a future beta.   Wee really don’t want to see epic threads with “tips” on installing — this thing is supposed to be self-explanatory, and if it won’t install for you, that’s a bug wee need to fix.


Known issues:


    * BootMii may refuse to install on some Wiis.  Wee ran into various errors in our sanity checks on about half of the consoles wee tried; wee have fixed all of those bugs, but there are probably more.  The installer will write out an “installer.log” to SD; please email that log to beta_logs@bootmii.org so that wee can add support for your Wii in the next beta.


    * Wee wrote MINI (our low-level replacement for IOS) from scratch; the SD code has some compatibility issues.  Most cards (SD and SDHC) work; some will not be recognized at all when you try to boot from them (you’ll know this by the fact that your drive slot will flash).  If this happens and you have a USBGecko, please capture the output and email it to the address above.


    * Wee intend to eventually release source code for MINI and a sample PowerPC project than uses it, but those releases are not ready yet.  This is a binary only release; your patience is appreciated.

The installer is available for download from http://bootmii.org.  Please report bugs at http://bugs.hackmii.com.  You can discuss this release in a moderated forum on http://forum.wiibrew.org, but wee will only permit posts that wee deem to be constructive in our efforts to improve our code.


Thanks go out to Nuke for donating the USBGeckos wee used for development, and Stan64 for donating a few to our testers.


FAQs: (will be updated periodically)

Q: Why won’t my wiimote sync in the BootMii menu?

A: Due to architectural limitations, wee can’t access the WiiMote. Use a GC controller or the Power/Reset buttons. See also http://bugs.hackmii.com/index.php?do=details&task_id=21

Q: Why do I have all of these bad blocks in my NAND?

A: The NAND Flash chips used in the Wii come with up to 80 bad blocks from the factory. This is normal.



Spoiler for MINI Source code:

HackMii Wrote:MINI source code
May 15th, 2009 by Sven · No Comments

Just a brief note to fulfill our promise about the MINI source code:

It’s available in a git repository now. Please note that everything in this repository (i.e. the full source code and the build utils) is licensed under the GNU GPL 2. This essentially means that you will also have to license all your changes under the same license. Binary only releases are not possible.

You will need to compile a new toolchain in order to be able to compile mini. Please take a look at the bootmii-utils repository and run the ‘buildit’ script. Make sure to create the WIIDEV environment variable which will point to the target directory for this new toolchain before doing this.

Install and launch BootMii (either as boot2 or as IOS) and copy mini to your SD card as /bootmii/armboot.bin in order to run it. This may break the PowerPC GUI (aka “ceiling cat”) though. You can also compile and use the “bootmii” gecko uploader if you own a USB Gecko. Source code for the PowerPC part is not included yet but wee will add an example PowerPC project during the next few days.

Please send patches to info@bootmii.org or contact anyone of us in IRC (#wiidev, #bootmii or #hackmii on EFNet). It would be great if wee could manage this all in one repository instead of having thousands of fudges with different features.

DOWNLOAD - http://gitweb.bootmii.org/


Spoiler for BootMii Beta 1 README:
Quote:




YoYo's Random BootMii Tip's and FAQ's


YoYo's Random BootMii Tip's/FAQ's/NOTE's  In no order what so ever.


NOTE, you will need a GameCube controller install BootMii and to use the on the BootMii menu, beta 1 does not have Wiimote support yet.  If you do not have a GameCube controller you can use the power and reset buttons on the wii console to navigate the menus in BootMii


NOTE, When backing up your NAND to the SD card,  BootMii WILL REFORMAT YOUR SD CARD!  So make sure you have backed it up on your PC BEFORE dumping NAND to SD card.



The first release of BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will be added when possible.


BootMii can be installed on firmware 4.0 using comex's BaNNeRBoMB exploit, you can download it HERE.  Some users who installed BootMii using comex's BaNNeRBoMB exploit have reported that the installer sometimes hangs after completing the installation, bushing has already fixed this bug and should be in the next release.  Read the bug report HERE


Installing BootMii on "Boot2" (Instead of IOS245) is the best way to go if your Wii is compatible (The installer will tell you if it is or isn't, newer Wii console's may not be able to install on boot2) It is the safest as far as brick protection goes, you have to back up your NAND to your SD card first though, then save it on your PC and if you ever brick, you can just replace your NAND :)


The Homebrew Channel 1.0.2 (Released With BootMii) has a bug that make's SDHC cards not be read in HBC.  Fix will be out soon.


The Homebrew Channel 1.0.2 now supports USB HDD's.  


Installing BootMii as an IOS has a "Launch BootMii" button on the Home screen of The Homebrew Channel.


Installing BootMii on boot2 and IOS both works with no problem, though pretty much useless unless you really want that "Launch BootMii" button on the Home screen of The Homebrew Channel.



The Wii menu or The homebrew channel can be auto booted (Skipping BootMii menu) by editing the file sd:/bootmii/bootmii.ini  and change/add that line   AUTOBOOT=SYSMENU


Preloader 0.29 and BootMii beta 1 can co exist quite nicely together.


If you use preloader and delete the systemmenu, preloader will be deleted (Preloader is installed in the systemmenu) too so you can't recover without BootMii being installed before deleting the system.


Some users that reported long black loading screens auto booting into HBC or system menu, this is due to that some SD cards take longer to be recognized then others, if your SD card does not work try another SD card.  This bug is being worked on now by Team Twiizers and you can read the bug report HERE

Some website's have been saying that you need a wireless internet connection in order to install BootMii, not is not true it will fully install offline.


Bushing is working on an uninstaller that is about half done.


I Will be often updating this faq/tips, so please check back for more information, and the latest BootMii updates






Spoiler for Video's of BootMii in action:

Marcan's early BootMii demo. The hardware mod in the video is unrelated to BootMii.

Source: YouTube



A video showing a Wii being bricked, and then recovered with BootMii's RestoreMii.

Source: YouTube



The installation of BootMii,a d the backing up of the Wii NAND

[youtube]http://www.youtube.com/watch?v=HFfBfQrwFqQ[youtube]



If you have not been following the HackMii blog, I have kept track of the entire thing and it can be found HERE or just go to hackmii.org





[attachment=2787]



- Source: [BootMii.org]  - Source: [HackMii.org] - Source: [WiiWare.org]
Cool thanks, I do need to fix all this stuff on my wii.

Will be checking this out, thanks yoyo!
thanks for your time and effort man,makes my life alot easier
Wonder if anyone will do this for the DS later on... I intend to buy it for my lady.. DS is for good for girls...
DS isn't like this

For a DS just buy a flashcart and a microSD card
feinicks Wrote:Wonder if anyone will do this for the DS later on... I intend to buy it for my lady.. DS is for good for girls...

Girl's love Wii's to man trust me.  But yeah if your getting a DS flashcart For the win!
So let's say I am going to buy a wii... Do I need any exploited games to hackalackadingdong or just an sd card?
SchmilK Wrote:So let's say I am going to buy a wii... Do I need any exploited games to hackalackadingdong or just an sd card?

Just an SD card.
Use bannerbomb.  It works on any firmware.
i don't have a wii, but do Nintendo ever release any hardware reforms that make it impossible?

i know they stopped modchipping (ish) by putting epoxy resin on the pinouts xD
Reference URL's