Talk:Twilight Hack

From WiiBrew
Jump to navigation Jump to search

Picture wanted?

I made a macro picture of my zelda disc. any need for it? (explanation or so).

The lightning is too uneven and the image needs cropping. It feels like it is possible to do something similar enough with vector art.--henke37 11:54, 16 March 2008 (PDT)

Japanese Version of Zelda TP

Japanese Version of Zelda TP is not supported in current version yet. Is it support in next release? Nekokabu

- It's supported from alpha 3

retval = c1000002 etc

If you're stuck on a black screen where the following text scrolls rather quickly:

start cluster = aaaa

retval = c1000002 reply = 0000000 000000 00000 00000

I used to have that problem no matter what SD card I used... And I modded my Wii with the "Internal Gecko" mod. I'd like to point out that if you, too, have made the "Internal Gecko" mod, undoing it enables running the alpha3 (took me a couple days to figure it out... Actually, I suspected there was some conflict with the internal Gecko mod, but I was really not in the mood of opening my Wii once again, with those million little screws, but since I got myself a SD Gecko as well... what the heck). alpha2 doesn't seem to be affected (i.e., if you want to keep the internal Gecko mod, you can load the data from the front slot using the alpha2 and the "write ELF to the 1MB mark" method).

BTW, if you'd like your SD card to remain usable to store your stuff and run alpha2 as well, follow these steps:



  • Save the contents of the SD card somewhere
  • Log on as an administrative user
  • Format the SD card using the formatter tool; enable Format Size Adjustment under Option. It doesn't matter whether you do a full erase or not (and I suggest that you don't so you don't wear out your card)
  • Create a reasonably large blank file using dd:
dd if=/dev/zero of=padding.bin bs=1M count=16 -- this will create a 16MB blank file named padding.bin.
  • Copy the blank file to your SD card, and run a disk defragmenter on it just for kicks.
  • Use "Roadkil's Sector Editor" to open the physical disk corresponding to your SD card. You should see several pages of mostly blank bytes; that's the partition table and padding. When you finally see the FAT partition entry (you'll see the string MSDOS5.0 beginning on column 3), take notice of the sector displayed as Current on the bottom of the window.
    • Notice the FAT type a few rows below the MSDOS5.0 string. If it says FAT12 or FAT32, reformat the disk using Windows, and make sure you select FAT (not FAT32, not NTFS) as the filesystem type. We only used the SD Formatter tool to ensure the card will have a partition table.
  • Subtract that number from 2048 (it's decimal already, don't worry). Let skipfactor = 2048 - Current. Now close the editor.
  • Depending on the SD reader you're using, Windows won't let you write straight to the raw device, so let's trick it:
dd if=\\.\x: of=mysdcard.bin bs=1M count=32 (where x: is the letter where Windows mounted your SD card)
dd if=homebrewapp.elf of=mysdcard.bin bs=512 seek=skipfactor
dd if=mysdcard.bin of=\\.\x: bs=1M --size
  • Open your physical disk corresponding to your SD card once again with the sector editor
    • Open the menu item Tools, choose Goto Sector, and enter 2048 there. You should see the string ELF starting from column 1. Congrats! You may close the editor now.
    • If you don't see the ELF string, retrace your steps and figure out what you did wrong...

  • Optional: open the blank file on your SD card using XVI32, and find the first non-blank sector in that file. Write down this position somewhere.
    • From now on, whenever you wish to change the app loaded by alpha2, just browse to the sector you just wrote down and use File - Insert on XVI32 to conveniently place your app on the right location. Make sure the Overwrite mode (Tools - Overwrite) is turned ON. Save your work, fill the SD card with your stuff, eject it, voila!

After following these steps, you'll be able to store a gazillion ELFs on your SD card and still be able to use it with alpha2, since by using the padding file we shielded the 1MB mark from being written; I suggest writing the ELF loader of your preference using the "1MB mark" method and then keep using the same card to store all the homebrew goodness.

Nice, isn't it?

(Slightly reeditted for clarity... again! -- mitts)

Mitts 19:21, 27 April 2008 (PDT)

Sector 0

Should probably mention that if it just displays "Sector 0" over and over again, you need to format the SD card as FAT16, not FAT32. 01:10, 14 March 2008 (PDT)

Format Errors

I changed the wiki to reflect that formatting an SD card in OS X as FAT16 doesn't seem to work with the chainloader.

Running GC homebrew on an unmodified Wii

after checking FAQ, as of now it cannot be done

Mac thing?

could someone elaborate, source, etc. I want to know if it will work as the only computer I have access to is running 10.4.11

- Mac just doesn't format it properly, I'm sure you know somebody with a Windows PC, just borrow thiers to format. To format the SD card you just insert it into a reader. Pres The Windows Key + E (This should bring you to my computer) and right-click on the drive for your SD card and click Format. DtD 09:59, 21 March 2008 (PDT)

Just tried it last night, worked perfectly 10.4.11

Odd error on PAL version

I was searching for a place for this question to be seen by developers, so excuse me if I'm bothering you with this post. Recently, I've tried the Alpha3 version of Twilight Hack, on my PAL Wii running at 576i, 60Hz on a normal TV. As soon as I boot stuff, it'll always be in black and white, with both version A and B and with different homebrew applications (I've tried ScummVM and RIN so far). Has anyone got my same problem?

Using 50Hz (576i) it should work. To make it work properly on 60Hz, you'll probably need something similar to an RGB cable. By the way, don't you mean 480i?
Component is the best, RGB SCART has some compatibility problems. Alternatively, run your Wii on a different TV, what it is is that the apps say "ooh, 480i/p, that must mean they're american" and so the american colour encoding standard, NTSC, is used instead of PAL, making a poor quality monochrome picture. Muzer 09:33, 20 April 2008 (PDT)

failed with error -1

When I try to use the hack, it says "FAT_ReadFile(boot.elf) failed with error -1". What should I do. I've tried using both 3a and 3b, with the same result. Formatting the SD card is not an option because I am using BitPim with the Samsung Sync to write to it. I don't have a reader/writer besides my phone.

You will have to find a way to format it. Your phone may have a mass storage device menu option somewhere where it lets you use the phone's memory and the SD card as two separate standard mass storage devices, detected in Windows. It may be in settings or somewhere weird. It may also have an option to format it from the phone, possibly in gallery or settings, that may work. 02:10, 8 April 2008 (PDT) (Muzer not logged in)

I tried that ^ and it doesnt help i tried formatting with a the format tool as FAT16 and it still says same error i the code just runs and the homebrew channel installer never runs.

Thanks, I just hope my phone formats correctly. I figured out that using Bluetooth is faster than BitPim and can save me about 10 hours of backing up the files on my SD card. --GodCube teh Philosopher, Jack of all Trades 19:27, 8 April 2008 (PDT)

Wii Remote Support

Will there be Wii Remote support eventually? Or does the homebrew itself need to support the wii remote? i would prefer the usage of wii remote rather then a gamecube controller.

Really?? You would?? Man, someone really should have been thinking about this. We all thought GC controllers were just more useful. —Preceding unsigned comment added by [[User:{{{1}}}|{{{1}}}]] ([[User talk:{{{1}}}|talk]] • [[Special:Contributions/{{{1}}}|contribs]])
Yes, the homebrew itself needs Wiimote support code. The only thing the loader might do is turn off the Wiimote before starting. 17:53, 9 May 2008 (PDT)

Formating an SD card on a Mac is possible

Just thought I'd let you guys know that it is possible to format an SD card into FAT16 on a Mac. Just select DOS File System in Disk Utility. I did this in 10.4.11 and the chainloader worked fine.

Good to know. So it seems to be an isolated incident then.

^^im this guy^^ It worked 100% fine, sweet.

Playing with the modified savegame

Is it safely possible to use the remaining two save files for actual game saves? Swapping the files as I currently do, is a little bit tedious... Helsionium 12:01, 25 April 2008 (PDT)

Even if it where possible, I would not recommend it, then you would be stuck with that version if there was a new version released. Besides, the shellcode has to be somewhere in the save, I wouldn't risk it being in one of the other save files.--henke37 23:47, 25 April 2008 (PDT)

Out of curiosity, I tried it and it actually works in a completely normal way - as long as you leave the "Twilight hack" file in slot 1. Copying and (obviously) deleting that file will prevent it from working. Since currently all homebrew can be run with this version of the hack, I have no desire to keep swapping save files... Helsionium 07:49, 15 May 2008 (PDT)

Source Code

Does Team Twiizers have an intention on releasing the source code to their injected code, or any information on how they achieved this miraculous feat of hacking the save file? Anything appreciated! Just a simple guy wanting to see if this exploit is possible on any other game, but there seems to be so little information on how it was done that I haven't been able to even decrypt a save file! Thank you for your time --SquidMan 17:39, 28 April 2008 (PDT)

I think they do want to do that, eventually, when nobody is in any need of it.--henke37 01:47, 3 May 2008 (PDT)

I'm not exactly sure of their reasoning, but I'm pretty sure Team Twiizers aren't releasing the code just yet because they're worried about people bricking their Wiis with incomplete code. If you download an unstable version and brick your Wii with it it won't exactly be their fault, but I think they'd rather not have that guilt. :) As for decrypting a save file, there's some information on the Savegame page, but a page on Bushing's blog refers to secret keys that are used to encrypt the data. I believe Bushing got these keys out using a combination of hardware and software hacks, but they should be extractable from your own Wii by software methods ("I may release some software to extract them from your own console; do not ask me when it will be released." -- Bushing). What he definitely won't do is release the keys themselves -- there's too much potential for animosity from Nintendo. karaken12 01:57, 10 May 2008 (PDT)

Disc serial issue

If we want to make it dead obvious, let's make an image that illustrates where on the disc to read the serial number.--henke37 01:47, 3 May 2008 (PDT)

Chainloader doesn't show up?

Hello there!

I need help with the twilight hack. I've been following your instructions perfectly, naming every folder and file on my (FAT-formated) SD correctly. But when I insert the SD card in the Wii and want to copy the Twilight hack over to the Wii, there's no save visible at the SD card. I've been trying thousands of times, but the "Chainloader" symbol doesn't show up in the menu. It's all blank! You see my problem? I can't get the Twilight hack onto my Wii, cause it doesn't show up on the "SD Card" menu in the Wii data managing. My Wii is a PAL wii.

(Yes, I have made the folder(s) private/wii/title/RZDP and placed the 'rzdp0.bin' file in it, naming it 'data'.bin )

Any idea what I might've done wrong, or what I can do? Desperately hoping for an answer!

Try removing everything from your SD, then copy the Zelda save from Wii to SD, that will make sure your path is right on the SD. Jackal 07:50, 15 May 2008 (PDT)
I had the same issue. What's happening is that when you're renaming the RZDP file to data.bin, you're actually renaming it to data.bin.bin. To avoid that renaming problem in the future, go to Tools>Folder Options>View and uncheck "Hide extensions for Known file types" (Thanks to Cybertronics).

I also loaded tp-hack-loader.elf to the root of the SD and renamed it to boot.elf, from there - it all worked like a charm! I hope this helps. I'm no pro, but feel free to ping me with any questions.

tp-hack-loader.elf? WTF is that? Muzer 10:03, 19 May 2008 (PDT)


Nothing important, but I'm really interested how large your shellcode is, it seems to be quite a lot for an overflow.

Respect and keep up the great work!


Freezes with No Bootloader

The Twilight Hack shows up on the Wii Memory, it works, but when I go to actually use it, the game simply freezes. No boot loader, no anything. The SD card is freshly formatted and blank except for a boot.elf. Any idea what the issue might be?

Problem solved. Was using 0A-2 version, when I had 0A-0. Curse my bad eyesight.

3.3 T.Hack?

Can somebody confirm that is a version that works in 3.3. Was published 10 minutes ago in forums. thx, Albertsab 09:45, 18 June 2008 (CEST)

I've done a comparison of this to the existing TP hack. This is the only difference in the exploited save file:

0x3510:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3520:00 00 00 00 00 00 00 00 00 00 00 00 ff ff f5 74
0x3510:cd 81 42 0e 1d 70 a9 63 43 f2 c9 64 05 45 a2 36
0x3520:00 00 00 00 00 00 00 00 00 00 8c 6c 14 69 f5 74

There are also a number of differences in loader.bin, but that's not likely important. Of course, this might not be the only change... I just used segher's tachtig utility, so if it is skipping over something (like an extra zeldaTp.dat) I won't know. --ProdigySim 10:42, 18 June 2008 (CEST)

This DOESN'T work its just the 0.3b TP hack, tested by linkinworm and putifreak(gbatemp) doesnt

I have a question about this whole thing!!

Okay, I have the Twilight Hack in, right? That's it. Now what? I tried to run it, but then it said it couldn't find the .dol or the .elf!

Well, then I got an .elf file. It read it, but then I got an error that said something about "exception 03000 occured!"

What do I do? >< I don't even know how to get the Homebrew Channel im my SD card... Or where to put apps into my SD card... and most of all, what the Twilight Hack even does.

Anyone, help?