SzsHaxx

From WiiBrew
Jump to navigation Jump to search
szsHaxx
szsHaxx banner
General
Author(s)MikeIsAStar, Team Twiizers
TypeExploit
Versionv1.0.0.0
LicenceGPLv2
Language(s)English, French, German, Italian, Japanese, Korean
Links
Download
Source
Peripherals
Loads files from the Front SD slot

szsHaxx provides a safe method to enable homebrew on a Wii without the need for any hardware modifications. This is accomplished by utilizing a modified save game for Mario Kart Wii.

Explanation

In Mario Kart Wii, competition data is stored within the game's save data. The course data for competitions is compressed using a proprietary compression format (Yaz) that was developed by Nintendo. The decompression function can be exploited via meticulously crafted compressed data, resulting in an overflow of the output buffer. In this instance, the buffer overflow leads to an arbitrary write, which grants the ability to write a single word to any memory address. By writing a branch instruction to the game's exception handler, code execution can be diverted in the event of a game crash. Following the arbitrary write, a Data Storage Interrupt (DSI) exception is triggered, resulting in code execution being redirected to the payload.

Usage

  1. Obtain an SD card that has a capacity of 2 gigabytes or less
  2. Format the SD card to FAT16 or FAT32
  3. Create the filepath sd:/private/wii/title/RMC[E|P|J|K] on the SD card. The final character should match the version of Mario Kart Wii that will be used
  4. Transfer the data.bin file that corresponds to the version of Mario Kart Wii that will be used into the aforementioned folder
  5. Place the boot.elf file to be executed on the root of the SD card (sd:/)
  6. Enable WiiConnect24
  7. Delete the save data for the version of Mario Kart Wii that will be used
  8. Transfer the save data from the SD card to the Wii
  9. Launch Mario Kart Wii
  10. Start the competition

Credits

Code

Images

  • Many thanks to jay for creating the banner
  • Many thanks to chillz for creating the icons

Translations

Many thanks to the individuals listed below for their help with translations.

French

  • JohnP55
  • pumpkintheproot

German

  • ItsNiceCraft

Italian

  • LNLenost

Japanese

  • custard
  • varemi

Korean

  • juno

Media

Retrieved from "https://wiibrew.org/w/index.php?title=SzsHaxx&oldid=120194"