Changes

== Explanation ==

== Explanation ==

The hack exploits a [http://en.wikipedia.org/wiki/Stack_smashing buffer overflow error] caused by loading a specially crafted save file for Twilight Princess. The save file stores a custom name for Epona, Link's horse, that is much longer than what the game would usually allow, in fact it even contains a small program. While the game doesn't allow you to manually enter a name this long it doesn't check the name in the file. When the game tries to load the name into memory it inadvertently drops the small program into memory filling not only the "horse name" buffer but adjacent ones. In a round about way these regions of memory happen to be designated the next region the console should execute. As you can see the save file is specially crated indeed. Once the code loads it runs either a "boot.elf" or "boot.dol" file from the root of the SD card.

The hack exploits a [http://en.wikipedia.org/wiki/Stack_smashing buffer overflow error] caused by loading a specially crafted save file for Twilight Princess. The save file stores a custom name for Epona, Link's horse, that is much longer than what the game would usually allow, in fact it even contains a small program. While the game doesn't allow you to manually enter a name this long it doesn't check the name in the file. When the game tries to load the name into memory it inadvertently drops the small program into memory filling not only the "horse name" buffer but adjacent ones. In a round about way these regions of memory happen to be designated the next region the console should execute. As you can see the save file is specially crafted indeed. Once the code loads it runs either a "boot.elf" or "boot.dol" file from the root of the SD card. If the boot.elf and bootmini.elf that loads HackMii exists on the root of your SD Card, you can use it to then install BootMii IOS, BootMii Boot2 (if compatible), or, importantly, the Homebrew Channel.

== [[Wiibrew FAQ|FAQ]] ==

== [[Wiibrew FAQ|FAQ]] ==