Changes

== Explanation ==

== Explanation ==

The hack exploits a [http://en.wikipedia.org/wiki/Stack_smashing buffer overflow error] caused by loading a specially crafted save file for Twilight Princess. The save file stores the name of the player's horse in the game (originally "Epona"). This save file presents a name much longer than expected to the Twilight Princess game, which causes the Wii system to crash when it tries to load the horse's name. With this crash, the system is made to run a loader program (which was loaded by the game as part of the name) instead of Twilight Princess's code which then proceeds to load a program from the Wii's front SD card slot. Any program that is placed on the root of the SD card, with the filename "boot.elf" or "boot.dol", will run.

The hack exploits a [http://en.wikipedia.org/wiki/Stack_smashing buffer overflow error] caused by loading a specially crafted save file for Twilight Princess. The save file stores a custom name for Epona ( Link's horse), this name is much longer than what the game would usually allow, in fact it even contains a small program. When the game tries to load the name into memory due to it's long length it inadvertently drops the small program into memory. This region of memory is designated the next region the console should execute and so the code is then executed. As you can see the save file is specially crated indeed. Once the code loads it runs either a "boot.elf" or "boot.dol" file from the root of the SD card.

== [[Wiibrew FAQ|FAQ]] ==

== [[Wiibrew FAQ|FAQ]] ==