Talk:Twilight Hack

From WiiBrew
Jump to navigation Jump to search

Picture wanted?

I made a macro picture of my zelda disc. any need for it? (explanation or so).

The lightning is too uneven and the image needs cropping. It feels like it is possible to do something similar enough with vector art.--henke37 11:54, 16 March 2008 (PDT)

Odd error on PAL version

I was searching for a place for this question to be seen by developers, so excuse me if I'm bothering you with this post. Recently, I've tried the Alpha3 version of Twilight Hack, on my PAL Wii running at 576i, 60Hz on a normal TV. As soon as I boot stuff, it'll always be in black and white, with both version A and B and with different homebrew applications (I've tried ScummVM and RIN so far). Has anyone got my same problem?

Using 50Hz (576i) it should work. To make it work properly on 60Hz, you'll probably need something similar to an RGB cable. By the way, don't you mean 480i?
Component is the best, RGB SCART has some compatibility problems. Alternatively, run your Wii on a different TV, what it is is that the apps say "ooh, 480i/p, that must mean they're american" and so the american colour encoding standard, NTSC, is used instead of PAL, making a poor quality monochrome picture. Muzer 09:33, 20 April 2008 (PDT)

Playing with the modified savegame

Is it safely possible to use the remaining two save files for actual game saves? Swapping the files as I currently do, is a little bit tedious... Helsionium 12:01, 25 April 2008 (PDT)

Even if it where possible, I would not recommend it, then you would be stuck with that version if there was a new version released.
Besides, the shellcode has to be somewhere in the save, I wouldn't risk it being in one of the other save files.--henke37 23:47, 25 April 2008 (PDT)
Out of curiosity, I tried it and it actually works in a completely normal way - as long as you leave the "Twilight hack" file in slot 1. Copying and (obviously) deleting that file will prevent it from working. Since ::currently all homebrew can be run with this version of the hack, I have no desire to keep swapping save files... Helsionium 07:49, 15 May 2008 (PDT)

Source Code

Does Team Twiizers have an intention on releasing the source code to their injected code, or any information on how they achieved this miraculous feat of hacking the save file? Anything appreciated! Just a simple guy wanting to see if this exploit is possible on any other game, but there seems to be so little information on how it was done that I haven't been able to even decrypt a save file! Thank you for your time --SquidMan 17:39, 28 April 2008 (PDT)

I think they do want to do that, eventually, when nobody is in any need of it.--henke37 01:47, 3 May 2008 (PDT)
I'm not exactly sure of their reasoning, but I'm pretty sure Team Twiizers aren't releasing the code just yet because they're worried about people bricking their Wiis with incomplete code. If you download an unstable version and brick your Wii with it it won't exactly be their fault, but I think they'd rather not have that guilt. :) As for decrypting a save file, there's some information on the Savegame page, but a page on Bushing's blog refers to secret keys that are used to encrypt the data. I believe Bushing got these keys out using a combination of hardware and software hacks, but they should be extractable from your own Wii by software methods ("I may release some software to extract them from your own console; do not ask me when it will be released." -- Bushing). What he definitely won't do is release the keys themselves -- there's too much potential for animosity from Nintendo. karaken12 01:57, 10 May 2008 (PDT)
I released that program (xyzzy). We've always planned to release source for the Twilight Hack as GPL, but Segher has been taking his time cleaning up the code for release -- come on IRC and offer to help, if you'd like to see it done faster. Bushing 07:13, 23 August 2008 (UTC)

Disc serial issue

If we want to make it dead obvious, let's make an image that illustrates where on the disc to read the serial number.--henke37 01:47, 3 May 2008 (PDT)

Chainloader doesn't show up?

Hello there!

I need help with the twilight hack. I've been following your instructions perfectly, naming every folder and file on my (FAT-formated) SD correctly. But when I insert the SD card in the Wii and want to copy the Twilight hack over to the Wii, there's no save visible at the SD card. I've been trying thousands of times, but the "Chainloader" symbol doesn't show up in the menu. It's all blank! [...] (Yes, I have made the folder(s) private/wii/title/RZDP and placed the 'rzdp0.bin' file in it, naming it 'data'.bin ) [...]

I had the same issue. What's happening is that when you're renaming the RZDP file to data.bin, you're actually renaming it to data.bin.bin. To avoid that renaming problem in the future, go to Tools>Folder Options>View and uncheck "Hide extensions for Known file types" (Thanks to Cybertronics).

I also loaded tp-hack-loader.elf to the root of the SD and renamed it to boot.elf, from there - it all worked like a charm! I hope this helps. I'm no pro, but feel free to ping me with any questions.

tp-hack-loader.elf? WTF is that? Muzer 10:03, 19 May 2008 (PDT)


Nothing important, but I'm really interested how large your shellcode is, it seems to be quite a lot for an overflow.

Respect and keep up the great work!


Thanks. The actual overflow for the savefile is about 600 bytes; it then executes the ELF loader, which is contained in a separate file in NAND (loader.bin -- about 23k). Both could probably be made smaller, if needed. Bushing 07:13, 23 August 2008 (UTC)

Other Save Files?

Not everyone has Twilight Princess, or is a fan of the genre. Wouldn't it be better to not have all our eggs in one basket and spread homebrew access out to other games as well? Games like Super Mario Galaxy or Metroid Prime 3, or even Wii Sports. I don't know if there are even access points within those games, but the least we could do is try to find them. Boinciel 18:20, 14 August 2008 (UTC)

Nintendo has already made an attempt at stopping homebrew by targeting the Twilight Hack directly. Which sounds better: Having to buy/rent a (good) game to get homebrew, or having no chance at running homebrew at all? Right now, it's better not to release extra savegame exploits when just one will do the job. --Tona 19:06, 14 August 2008 (UTC)
I'm not sure I understand you. I'm pretty sure the tp hack is a high buffer overflow (I think I read this somewhere, but everything of from here might be totally incorrect) so technically the exploit can be recreated in a number of games as long as there is a part that uses a lot of memory and involves some sort of user input, like Epona's super long name. I don't know of Wii games like this as I don't play videogames often, but one day I was playing Halo 3 on a friend's 360 and on one of the levels, you could shoot at this "plasma" bomb thing and it would create a pretty big lag. This pushes the system to the extreme and if you could overload the system by adding some more code then you could recreate the tp hack in any game. Of course, finding a scene like what I just described would involve lot of time and constant monitoring of the Wii so the chances of finding another exploitable part of a game is most likely the hardest part of making the hack. Again I could be totally wrong. Also longer games make things more of a pain. (unsigned, by SammyPwns)
Uhhh ... no. As you predicted, everything after "high buffer overflow" is incorrect; in the future, please just ask if you don't understand something rather than saying "I don't know what I'm talking about but you should do <xxxxx>". Finding overflows in games is possible for some percentage of games -- 10%? 50%? Hard to say. Finding them is fairly easy. Taking a crash and turning it into an exploit is much more work.
To answer the original question -- Every exploit expires. It's like a carton of milk. When you go to the store, do you buy one carton of milk, or four? In the same way, we release one exploit, wait for it to "expire", and then release another. Bushing 07:03, 23 August 2008 (UTC)

Can't load homebrew

For some reason, the exploit fails to read any homebrew files I've tried. After executing the exploit, I get some kind of error at the end that says something along the lines of "code not found, hanging." Does anyone know what might be wrong? I'm on 3.2U by the way. I've tried both the beta1 and alpha3 versions, yet they produce the same results. Back when I first used this exploit, it was able to run one of the emulators but now it doesn't run anything I try. -Stormfist 08:38 (UTC) 1 October 2008

are you already on 3.2U version? -Yod4z 1 October 2008 16:14 GMT+1
he said he was; the files are in the SD root and named boot.dol or boot.elf? -Noobwarrior7 1 October 2008 10:00