HackMii

Notes from inside your Wii

HackMii header image 1

Final DSiWareHax

August 25th, 2011 by yellows8 · 87 Comments

The final DSiWareHax is now available, goto the exploitslist for the list of exploited DSiWare and the usage instructions for the exploits. The updated Sudokuhax is now available as well, the main change is faster boot.nds loading. You can only copy the new DSiWareHax to your DSi if you’re on 1.4.1 or below, and already have one of the exploited games, since 1.4.2+ blocks copying DSiWare exploits to your DSi “internal memory”. Likewise for obtaining the updated Sudokuhax, you must be on 1.4.1 and have the original Sudoku version.

The procedure for obtaining the new DSiWareHax and the updated Sudokuhax is identical to the original Sudokuhax, as described in the Sudokuhax post and the client software README. The client software was updated as well, updating to this version is required since the server doesn’t support client sw v1.0 anymore.

Hence the title and the 1.4.2 post, this is the last new DSiWareHax that will ever be released, since there’s no way to copy DSiWare exploits to DSi “internal memory” on 1.4.2+ without your system certs.

→ 87 CommentsTags:

Introducing: LetterBomb (the letter from heaven)

August 9th, 2011 by blasty · 125 Comments

Up until now the only way to liberate your Wii console and enable the use of homebrew with System Menu 4.3 was to use a gamedisc based exploit such as “BatHaxx”, “Return of the Jodi” and others.

Today we are announcing a project that changes this completely and removes the requirement for an exploitable game.

In memory of BannerBomb, we present you with LetterBomb , a brand new System Menu exploit that will allow you to enable homebrew with the push of an envelope ;) (no stamp licking involved)

This exploit reuses (and abuses) some of some Nintendo’s Wii Messageboard functionality. :-)

You will need:

  • A Wii running System Menu 4.3 (E/U/J/K)
  • A SD(HC) card with some free space
  • Your Wii’s WiFi MAC Address (available from your Wii’s system settings). This is needed because the Wii will only accept messages addressed to its specific MAC address.
  • A few minutes of your time

For this very special occasion we have created an easy-peasy webpage that takes away some of the pain that is usually involved with getting homebrew onto your system:

http://please.hackmii.com

This webpage will ask you for some necessary information (such as your System Menu region and MAC address), and  will then return a nicely packaged ZIP file that is ready for extraction to the root of your SD card. Simple eh?

All that is missing from that point is a boot.elf/boot.dol file (that you will need to place in the root of your card), and you should be good to go. For your convenience we have an option to prepackage and bundle the HackMii Installer boot.elf (this is enabled by default).

So, how do I do this?

Simple…. once you’ve unzipped the file to your SD card (and inserted it) just navigate to the “messageboard” on your Wii and in the default view you should browse to “yesterday” (the place where you usually see yesterday’s messages) – sometimes this may be “today” or “two days ago” (this depends on the timezone you are in).

From this view you will be presented with a small envelope (that should obviously stand out against the rest of your plain old boring ones), click it, kick back, twiddle your thumbs (the Brits among you, go and make a cup of tea) cross your fingers and hope it worked. :-)

DISCLAIMER: We are aware of a similar exploit by giantpune (good work!), but as of today this has not been released. In anticipation of its release we decided to reverse engineer, hack and implement something ourselves.

→ 125 CommentsTags:

DSi System Update 1.4.2

May 19th, 2011 by yellows8 · 66 Comments

Update: 25/05/11 An updated Sudokuhax(final update) will be released at the same time as the final DSiWareHax, but if you already have Sudokuhax and want to copy this updated Sudokuhax to “internal memory” you must still be on 1.4.1.(or below) This updated Sudokuhax and the final DSiWareHax uses an updated SD card loader, changes include faster boot.nds loading among other things.

DSi system update 1.4.2 blocks copying all current and future DSiWare exploits to “internal memory”. Most of you won’t have the final DSiWareHax target, but don’t update for now anyway. Only people who already have the target game, and stay on system version 1.4.1(or below) until exploit release could copy the exploit to “internal memory”. DSiWare savedata exploits are dead with system update 1.4.2, after the release of this exploit later, there will be no more DSiWare savedata exploits.

The EC certificate APCert in the DSiWare on SD card signs the hashes stored in the DSiWare on SD card, this includes hashes of savedata among other things. This APCert is signed by the console-unique TWCert, this cert is signed by Nintendo. This TWCert is stored in NAND.

The initial system settings title verified the APCert with the TWCert contained in the DSiWare stored on SD card. This allowed us to modify DSiWare savedata, since we could resign the APCert with any TWCert from other systems. The new 1.4.2 system settings title verifies the APCert with TWCert stored in NAND. This stops us from modifying DSiWare savedata for arbitrary systems, as the only way to get those system certs is from NAND. When you don’t already have DSiWareHax, it’s impossible to obtain your system certs without soldering NAND. The new system settings will not allow any DSiWare on SD card signed by other systems to copy to “internal memory”.

→ 66 CommentsTags: