Changes

== Explanation ==

== Explanation ==

The hack exploits a [http://en.wikipedia.org/wiki/Stack_smashing buffer overflow error] caused by loading a specially crafted save file for Twilight Princess. The save file stores a custom name for Epona ( Link's horse), this name is much longer than what the game would usually allow, in fact it even contains a small program. When the game tries to load the name into memory due to it's long length it inadvertently drops the small program into memory. This region of memory is designated the next region the console should execute and so the code is then executed. As you can see the save file is specially crated indeed. Once the code loads it runs either a "boot.elf" or "boot.dol" file from the root of the SD card.

The hack exploits a [http://en.wikipedia.org/wiki/Stack_smashing buffer overflow error] caused by loading a specially crafted save file for Twilight Princess. The save file stores a custom name for Epona, Link's horse, that is much longer than what the game would usually allow, in fact it even contains a small program. While the game doesn't allow you to manually enter a name this long it doesn't check the name in the file. When the game tries to load the name into memory it inadvertently drops the small program into memory filling not only the "horse name" buffer but adjacent ones. In a round about way these regions of memory happen to be designated the next region the console should execute. As you can see the save file is specially crated indeed. Once the code loads it runs either a "boot.elf" or "boot.dol" file from the root of the SD card.

== [[Wiibrew FAQ|FAQ]] ==

== [[Wiibrew FAQ|FAQ]] ==