i think the internet channel is ruled out as an avenue for exploits because it stores/parses/runs/whatever the webpages from mem2. and it has configured mem2 to be non executable. there is already the old opera exploit with a whole bunch of opening html tags and no closing tags that works to crash the browser. however, even when you get it to execute your own code, you code happened to be in tby giantpune - Homebrew General
put it in a .s file. off the top of my head, i know that geckoOS has some asm in a .s. if you need something else to look at, you can grab its source code and dig around.by giantpune - Coding
can you verify that the elf didnt somehow get corrupted? md5 from v0.8 is 8dcada755a608c70ed171ced7f9ef2f3by giantpune - Getting Started
i dont think the ticket takes up a full block. the nand is separated into pages. 8 of those make up a cluster. and 8 of those make up a block. and every 8 blocks = 1MiB. the way the nand FS works, all pages of a single cluster must belong to the same file. there is no requirement for all the clusters in a block to belong to 1 file - there can possibly be 8 files that all have a cluster thatby giantpune - Homebrew General
s32 WII_ReturnToSettingsPage(const char *page) { if(!__initialized) return WII_ENOTINIT; return WII_LaunchTitleWithArgs(0x100000002LL, 1, page, NULL); }by giantpune - Coding
there are some functions in libogc to exit to the system menu and jump directly to a page in the settings. WII_Initialize(); WII_ReturnToSettingsPage( SETTINGS_INTERNET ); this function uses the same args hocus pocus that the opera one uses. see if it works for you.by giantpune - Coding
huh? i thought that bannerbomb was the only exploit that DID support SDHC. all the other ones used the savezelda loader that didnt get SDHC until the letterbomb version.by giantpune - Getting Started
search. ive answered this in this very subforum a couple times.by giantpune - Ideas, requests
try with a different SD card or reformatting yours. ive havent heard of preloader not being able to read ANY sd card yet. also, i think you will have better luck with a plain-jane SD card. not a micro SDHC inside an adapter, not a tiny SATA hard drive that is shaped like a SD card, but just a 2GB SD card.by giantpune - FixMii
Preloader has a nifty feature to load a dol. it will copy the dol to the nand, and then it can run it. you can make a dol that will load whatever HBC you have, then have preloader install that dol, and then have preloader boot that dol. I guess it is a bit of a challenge if you dont know which version of HBC you have installed. But it still can be done relatively easily. EDIT> savemeby giantpune - FixMii
you cant just copy the miis 1 at a time and paste them into the file. it has a crc16 checksum. even changing 1 byte in a mii or adding a new one means you must fix the checksumby giantpune - Homebrew General
i would suggest that you dont try to use DOP-xxx to fix this error. what mauifrog is thinking is that you are experiencing a "brick" caused by using the syscheck feature from dop-ios v11.something. i agree with him in that i think this is the cause of your problem. but i disagree that running the syscheck from a newer version of the program is the proper way to fix it. the issue happens bby giantpune - FixMii
Ive made a bit of progress with those messages. I managed to decrypt them, and figure out how the signature is generated. And aside from the image attachment, there is only like 16 bytes in the file which i havent figured out. The message title and text are stored as u16 strings. Miis are stored in the same struct use to store them in any other context. The file can have up to 2 attachmentby giantpune - Homebrew General
i dont have enough messages for the system menu to dump them to the SD card. but, it looks like it encrypts them when it does transfer them to SD. if you are trying to decipher messages from dumped-to-SD archives, you will need to decrypt them first. the IV is based on the current time and is stored at 0xa0 for 0x10 bytes. something called "keystr" is stored at 0x80 for 0x20 bytes, a signatby giantpune - Homebrew General
i set a breakpoint in the system menu as it reads the "AJPG" magic word. the function it is using to validate the header of the image is CArGBAOdh::decompressGbaOdh((uchar *,int,uchar *,int,uchar *,int,int)), and a bit farther back, ODHDecodeRGB565. Among these CArGBAOdh...() functions are a couple named CArGBAOdh::fdct_fast((unsigned long *, unsigned char *, unsigned long, unsigned long *))by giantpune - Homebrew General
It just happens that I was messing with some other vff files when I first saw your post. I have written a little program that replaces the vff header with a "normal" fat one. Then the resulting file can be mounted read/write or parsed with pretty much any other tool that understands FAT filesystem. After mounting the filesystem, I also see a folder for each year/month/day/etc. I honestly doby giantpune - Homebrew General
are you talking about parsing the vff file and reading the directories and files within it's filesystem? or are you talking about files and directories that are in the nand FS?by giantpune - Homebrew General
the answer to the 'why' you cant use a thumb drive is because of the lack of usb support in officially licensed software. to install homebrew, you must exploit some of the officially licensed code to allow running some sort of homebrew code. these exploits include a custom stage ( smash stack ), a custom channel banner ( banner bomb ), and custom game saves ( all the other exploiby giantpune - Getting Started
this patch wont work with that method to boot a channel. there are 3 ways ive seen channels be loaded. 1) having IOS launch it <- system menu and the code you posted above does it this way 2) booting the nandloader from the PPC app <- geckoOS does it this way 3) copying the executable into memory directly and running it this patch only works with the 3rd method.by giantpune - Ideas, requests
the way i made it work, it tries to calculate the MAC address that it should be using, and then compare that against some miis you already have. since you didnt have anything for it to compare against ( at least nothing that it will compare against and get the expected result ), it doesnt continue. this is the cause of the "bug" you got. it is just a safety feature to keep it from patching eveby giantpune - Testing Corner
sorry for not responding sooner. after reading that log, it is pretty obvious as to why your wii didnt start up. Checking 00000001-0000001e ... tmd RSA signature isn't even close ( 1 ) the TMD contains the wrong TID ........ Checking 00000001-00000002 ... name: "systemmenu.rvl.0802130503 irduser@IPLBUIL" version: 1.34 290 hex:by giantpune - FixMii
the emulators only use ahbprot for accessing the DVD drive. if youre not burning discs with roms on them, then the ahbprot stuff is not needed. and if you care about it, you can remove the "no_iso_reload/" tag from the meta.xml and the IOS will be restarted before the emulator gets it, instead of using it in whatever state it happens to be in when the emulator is loaded.by giantpune - Homebrew Applications
about the wad stuff, ohneswanzenegger will try to install any wad you give it. it doesnt check any signatures or anything. so, in theory it can definitely be used for piracy. but that is not its purpose. i think it would be rather closed-minded to discount a tool like this because one of its features can be abused for piracy. HBC can be used to start wad installers and warez loaders, but tby giantpune - Homebrew Applications
... all of those were listed right hereby giantpune - Coding
if you cant figure out how to use any of the readily available libraries, or copy the code from the thousands of programs that have png support, then i dont think youre gonna be able to white any portion of any game worth playing. using a png library and adding the 3 lines of code necessary to load a png is nothing compared to what i would take to write the rest of a game. especially any game tby giantpune - Coding
i wouldnt say they are lost. the only info you provided is that you have a "low level brick". that is far too little information to say your wii is a lost cause.by giantpune - FixMii
this sounds like a good idea on paper, but i dont see how it would work. your wii will not boot a nand with bootmi @ boot2. this is a known fact. your wii will only ever boot a nand with that 1 specific version of boot1. and that version of boot1 will only boot a version of boot2 that comes with proper signatures. it doesnt matter what physical nand chip they are on, your wii will refuse toby giantpune - FixMii
dont you think that in the 5 years since that wii was made, somebody would have tried putting a game in it? i would assume that if it would update from a game, it would have been taken care of long ago.by giantpune - FixMii
if it were me, i would send it to somebody to install a real system menu and whatnot using unofficial methods. if you try to have nintendo fix this, you will likely get a replacement. the wii you have now definitely has the vulnerable boot1, meaning you could install bootmii@boot2. IMO, it would be worth it to do it myself, or even to fork out the $20 for shipping to mail it to somebody befoby giantpune - FixMii
I would be interested in seeing the cause of the brick. You can use bootmii to dump your nand. and use my nandbincheck program linked above. give it the options "-all -v -v". and it should tell you what is busted. if, for some reason, the program does not tell you why your wii is acting broken, i would ask if you could send it to me for examination and i can improve the program.by giantpune - FixMii