2009-05-26T12:58:19Z Photos, electronics, cnc, and more Jeff Eplerjepler@unpythonic.net 2009-05-26T12:58:19Z 2009-05-26T12:58:19Z https://gamma.unpythonic.net/01243342699 <a href="https://gamma.unpythonic.net/01213050575">Last year</a>, I made a halting attempt to reverse engineer the &quot;twilight hack&quot;, but gave up. Now, <a href="http://git.infradead.org/users/segher/savezelda.git">the source has been released</a>. 2008-06-17T11:53:15Z 2008-06-17T11:53:15Z https://gamma.unpythonic.net/01213703595 I spent a few evenings trying to get an indication that my code inside the savegame was being executed on the wii (basically inserting what I had identified as the color setting function at the start of the shellcode area) and didn't have an immediate success. But now <a href="http://hackmii.com/2008/06/june-16-wii-update/">Nintendo has released</a> a set of updates which specifically block the Zelda hack. They have inserted special code in the system menu to specifically check the length of NUL-terminated strings in the Zelda: Twilight Princess savegame file. This would reduce a GPL'd zelda loader from being an important piece of Free software to being an uninteresting footnote, so I'm not going to spend more time on this endavour. <p>If you're a reader with an interest in savegame exploits, though, I urge you to read <a href="https://gamma.unpythonic.net/01212803011">this</a>; if you have an existing homebrew loader such as HBC, you can use wiifuse+net to read and install savegame files without needing any keys. Let me know when you have something interesting! <p> 2008-06-10T18:10:47Z 2008-06-10T18:10:47Z https://gamma.unpythonic.net/01213121447 <div style="float:right;clear:right"><!-- od.png--><div class=albumouter style=width:306px id=><div class=albumimage style="width:306px;margin-left:0.0px;"><a href="https://media.unpythonic.net/emergent-files/01213121447/od-medium.png" class="thickbox" rel="album" title="Partial hex dump of zeldaTp.dat"><img src="https://media.unpythonic.net/emergent-files/01213121447/od-small.png" width=300 height=173></a><div ><div style="float: right" ><a href="https://media.unpythonic.net/emergent-files/01213121447/od-medium.png">(M)</a><a href="https://media.unpythonic.net/emergent-files/01213121447/od.png">(L)</a></div><a href="https://media.unpythonic.net/emergent-files/01213121447/od.png">Partial hex dump of zeldaTp.dat</a></div></div></div> </div> The GNU GPL, my personal gold standard for a Free Software license, requires that you distribute the &quot;complete corresponding machine-readable source code&quot; in &quot;the preferred form of the work for making modifications to it&quot; for the binary program. But is it completely clear what that means in this case? 2008-06-09T22:29:35Z 2008-06-09T22:29:35Z https://gamma.unpythonic.net/01213050575 Since a source release for either of the major hombrew methods does not seem to be forthcoming from the original creators, I've started reverse engineering the zelda exploit. My ultimate goal is to create a hombrew method which anyone is free to build from source code. I will be concentrating on the 'rzde2' version of the Twilight Hack, since that's the disc version I own. 2008-06-08T01:39:47Z 2008-06-08T01:39:47Z https://gamma.unpythonic.net/01212889187 <b>Update, 2012</b>: I'm pretty sure that most of this stuff is long since irrelevant and superseded by stuff in libogc. <p>Based on the information at <a href="http://wiibrew.org/wiki//dev/di">http://wiibrew.org/wiki//dev/di</a> with hints from a few good guys on efnet/#wiidev, I got a basic wii dvd interface done. It includes 2008-06-07T01:43:31Z 2008-06-07T01:43:31Z https://gamma.unpythonic.net/01212803011 I modified wiifuse to work over the wireless network. unfortunately, for me it crashes very shortly after starting. Update: after fixing two memory leaks (one in wiifuse-server, one in libogc), it works for minutes at a time. Update2: New feature in version net3: if you don't specify an identity with -i, the one on the disc inserted in your wii is used (no need to extract the tmd/tik/cert first). 2008-06-06T12:07:23Z 2008-06-06T12:07:23Z https://gamma.unpythonic.net/01212754043 <div style="float:right;clear:right"><!-- cg.png--><div class=albumouter style=width:306px id=><div class=albumimage style="width:306px;margin-left:0.0px;"><a href="https://media.unpythonic.net/emergent-files/01212754043/cg-medium.png" class="thickbox" rel="album" title="partial callgraph from savegame-extractor"><img src="https://media.unpythonic.net/emergent-files/01212754043/cg-small.png" width=300 height=67></a><div ><div style="float: right" ><a href="https://media.unpythonic.net/emergent-files/01212754043/cg-medium.png">(M)</a><a href="https://media.unpythonic.net/emergent-files/01212754043/cg.png">(L)</a></div><a href="https://media.unpythonic.net/emergent-files/01212754043/cg.png">partial callgraph from savegame-extractor</a></div></div></div> </div> I was trying to decypher a particular piece of wii homebrew and wrote this script to show a call graph, excluding some functions I was uninterested in. Requires powerpc development tools, graphvis, python, and a wii homebrew .elf with symbols intact. <p><b>Files currently attached to this page:</b> <table cellpadding=5 style="width:auto!important; clear:none!important"><col><col style="text-align: right"><tr bgcolor=#eeeeee><td><a href="https://media.unpythonic.net/emergent-files/01212754043/cg.py">cg.py</a></td><td>1.2kB</td></tr></table><p> 2008-06-03T15:22:32Z 2008-06-03T15:22:32Z https://gamma.unpythonic.net/01212506552 My wii just got back from <a href="https://gamma.unpythonic.net/01210722111">being repaired</a>. The graphics are fixed, and in fact everything just &quot;looks better&quot; than I remember. Whether this is because the defective console was just rendering everything a bit wrong (in addition to the obvious sparkles in certain parts of certain games), or whether it's just my imagination, I don't know.