HackMii

Notes from inside your Wii

HackMii header image 2

Menuloader 0.4 (test version)

August 8th, 2008 by marcan · 81 Comments

Yesterday we had some server issues, and I took the server offline for a while. During this, I decided it was time to release a preview version of menuloader. Since I couldn’t write a post about it here, I just let it loose on the forums. Unfortunately, the resulting game of Telephone (somewhat predictably) managed to get a few things wrong as the announcement bounced from forum to forum, so I think it’s time to write up a real announcement, now that the server is back up.

Update: version 0.5 is up, which fixes some region free issues and includes a patch to disable updates. See below.

Menuloader has existed in some form at least since the release of IOS37. It was developed as a way of checking that a System Menu running under an IOS with no fakesign bug would not cause a brick on consoles with modified software installed. It also gained debug abilities, which was nice to investigate what goes on behind the scenes with the System Menu. When The Homebrew Channel came out (the real one, not the “demo”), we added extra patches to increase debugging verbosity, and used it to debug our homebrew apploader. It remained like that for a while. I had ideas about adding more useful patches and releasing it, but they were put on the back burner.

Recently, there has been some activity regarding modding the system menu. A few people were asking me about menuloader. In an attempt to both get people to learn for themselves and avoid having to redirect my attention to menuloader (I had more important things to do at the time), I dropped some useful code and explained the general idea of menuloader. As far as I know, the very first application based on these ideas is sadmenu, which includes a simple patch that makes testing banners out quite a bit safer. Crediar did the same, but then reworked the resulting patches into a tool that installs them permanently into the Wii. After watching his video, I figured it was about time to finally clean menuloader up and release it.

menuloader 0.4 is a tool that dynamically launches the System Menu with a set of patches. The patching occurs entirely as the menu is loaded, and the changes aren’t permanent. None of the patches will persist once you reboot the Wii or reload the System Menu. This release is meant to be a “test” version, as it lacks some features and the patches have not undergone much testing. It includes the following (selectable) patches:

  • USBGecko debugging, with optional extended debugging information
  • Regionfree Wii disc booting (I hear this doesn’t work perfectly yet)
  • Regionfree channel booting (useful if you’ve region-swapped your Wii and want to use your old store-bought VC and WiiWare titles)
  • v0.5: Disable updates
  • Skip Warning screen
  • Disable background music

Additionally, you can pick which IOS to use when booting. On a 3.3 Wii, for example, pick IOS35 to get back the ability to use fakesigned discs. On a 3.2 or older Wii, you can pick IOS37 to “experience” what happens when 3.3 users try to use fakesigned discs, like we did in March (assuming you actually have IOS37 installed).

The main difference between this tool and crediar’s is that menuloader boots the new system menu with the patches applied during the launch process – nothing ever gets modified in your Wii’s NAND filesystem. This means that the hack only persists until the system menu exits (when you boot a game or reboot the Wii), but it also means that it is much safer for trying out new patches.

The ideas for some of the patches were inspired by crediar’s demonstration video, but the actual patches were developed independently and, in fact, before crediar’s installer was released. The patching methodology is entirely different in both applications – Starfall app uses static patches which only work on 3.2E, while menuloader uses dynamic search and replace, which is compatible with a wide range of System Menu versions. We can afford to do this because menuloader does not install anything to NAND. If anything goes wrong, you can just reboot the Wii and everything will be back to normal.

FAIR WARNING: While menuloader does not modify your NAND filesystem, the System Menu does have the ability to do so, and incorrect patches could result in the System Menu itself causing trouble. In particular, the same warnings that apply to region-free modchips apply to menuloader: if you run an update from a disc from another region, it could result in duplicated channels, a semibrick, or in rare cases a full brick. v0.5: This version includes a patch to disable disc updates. It is STRONGLY RECOMMENDED that you leave this on.

Once I get a chance to clean things up a bit, I’ll release a new version with source code so you can experiment with your own patches.

It is important to note that this isn’t merely a testing or specific-use tool with no ability to apply the patches on startup. While I do not think that modifying the System Menu in NAND is a good idea, there are ways of making Menuloader run on startup, effectively accomplishing the same goal in a safer way. We expect to be able to do this when the boot2 hack is released (which, from now on, I’m going to call boot1.5 or BootMii).

v0.5 notes: I added another patch to fix an extra region check. This is now part of the “disc region” option. I also added a patch to disable updates.

menuloader v0.5 download

Enjoy! Stay tuned for more information on my current ideas about future hacks, how were going to manage System Menu and IOS patches, and BootMii. Oh, yeah, and the DVD lib. No, we haven’t forgotten about it.

Tags: Wii

81 responses so far ↓

  • 1 Midda // Aug 11, 2008 at 4:33 am

    Curses, no edit button. That was meant to be “3.2E,” not “3.2Em”

  • 2 russellbdx // Aug 11, 2008 at 6:07 am

    I use a PAL Wii with 3.3e firmware.

    I have just tested 0.5 version then, my results :

    On Gamecube :

    Timesplitters 2 (US) = Ok! (but small black band on up and large on down)
    Resident Evil Zero (US) = Black screen!
    Winning Eleven 6 Final Evolution (JAP) = Black screen!

    On Wii :

    Mario Strikers Charged! (JAP) = Ok! No problems with colors.

    I hope my results will help you Marcan.

    Thanks for your job.

  • 3 Phelps // Aug 11, 2008 at 6:47 am

    @marcan

    There was a mod in the GC that solved this, but it essencially “switched” the console from NTSC/J to NTSC/U by switching around a few connections:

    http://wiki.nintendo-scene.com/Gamecube_Region_Switch

    Though I’m not sure if this could be done in the Wii, by software or hardware modding.

  • 4 IBNobody // Aug 11, 2008 at 7:34 am

    Marcan,

    Would it be possible to add in GC controller hooks so that the Wii menu could be navigated using a GC controller? At minimum, it would be nice to boot the console up while holding a GC controller button down to launch either the current game disc or the Homebrew channel (if present).

  • 5 giancarlo // Aug 11, 2008 at 7:39 am

    i’ve tryed all my japanese GC games and i’ve always the same iusses..no progressive mode and jaggies on some games, the same jaggies of the last Freeloader (before nintendo killing). Will my pal wii ever be able to read ntsc GC games right? please do something!

  • 6 marcan // Aug 11, 2008 at 9:06 am

    @Midda:
    Once you go back to the menu, the patches are gone. This is normal. The System Menu probably got confused because it had a valid disc in the cache but it couldn’t read the actual disc in the drive.

    @russellbdx, Phelps
    Fixing GC mode should be doable, but I need to come up with a sane way of doing it without extensive patches, and especially of making it compatible with most menus. Since it’s a strange patch, it may have to wait until the patching system evolves a bit, since I don’t want to blindly apply menu-version-specific patches.

    @IBNobody:
    It’s possible but quite a bit of work. Replacing Classic support with GC pad support sounds doable. The “hold down button” thing is easy, but none of these make much sense until menuloader can be booted directly instead of via HBC, so they’ll probably have to wait.

    As

  • 7 giancarlo // Aug 11, 2008 at 9:13 am

    @russellbdx: do you play GC games in progressive mode?

  • 8 Timmyhawky // Aug 11, 2008 at 10:35 am

    Hi,
    I’ve been thinking about Nintendo’s reason to be not interested in fixing this bug.(sorry for my English)

    Imagine they release a update, fixing the problem.
    Hackers would try to reverse-engineer the update, to find out what exactly has changed – and what the security flaw is. Then the hackers could make a exploit, loading the games. We already can downgrade a Wii’s firmware, so that wouldn’t be a problem for them.

    (correct me if I’m wrong)

  • 9 Timmyhawky // Aug 11, 2008 at 10:45 am

    Sorry for my previous post, I posted it on the wrong article.

  • 10 HackYuu // Aug 11, 2008 at 6:43 pm

    @ L.A.A

    Ive never really used the libogc before, but im guessing as it is, (or should be), another library, It most likely is a collection of predefined objects to embed in your C and C++ programs.

    so if you want to output text throught the wii’s default output system, instead of writing your own object to do that, you would include it in your program and then use its avaible functions.

    instead of putting

    #include
    for the normal output method on a computer

    you would put
    #include

    i hope that kind of gives you an idea of what a library is. And to more experienced programmers, Im sorry if i got some terminology wrong. =P correct me if you see something wrong.

  • 11 HackYuu // Aug 11, 2008 at 6:44 pm

    what the hell.. I cant use the “”

    if this time it doenst show up again, im talking about the “<” bracket set. THIS SITE NEEDS A FRIGGIN EDIT BUTTON.

  • 12 Midda // Aug 12, 2008 at 3:33 am

    Thanks for taking the time to answer all of the questions being posted here, Marcan.

    So, have any plans been made to include a means to apply these patches automatically at startup? What are the risks involved in doing that? And, if you go down that route, what would make it safer than Crediar’s Starfall hack?

    Cheers.

  • 13 Der_tolle_Emil // Aug 12, 2008 at 4:00 am

    @Midda: That the Wii spins the drive up again is also happening when you simply insert a disc from another region and only booting afterwards (or resetting). It happened with the Freeloader as well, if you boot up the Wii with the disc already in the Wii will constantly try to read the disc. Since the patches are gone when you reboot the same behaviour can be observed.

  • 14 Wii/NDS - 任天堂破解資訊網站 - Dash Hacks Network » Blog Archive » MenuLoader v0.5 // Aug 12, 2008 at 8:22 am

    […] 來源 […]

  • 15 DRayX // Aug 12, 2008 at 9:25 am

    It would be awesome if we had a custom channel launcher sort of like WiiMU that could be run by holding down a certain button on the first GC pad (sort of like the crappy rescue-menu in Crediar’s system menu) that could be used to launch the homebrew channel, the inserted disc, or boot.dol/elf from the root of the SD card. At menuloader’s current state, this wouldn’t be very useful, but once BootMii is released this would be incredibly useful for fixing a semi-bricked system. Great work so far marcan, can’t wait to see this project when it is more done (or once BootMii is released so it is really useful for something).

  • 16 marcan // Aug 12, 2008 at 10:31 am

    @Midda

    The idea is to insert a small loader in front of boot2 that loads some Starlet code from SD if an SD card is present and the right file is there. That way, except for boot2, nothing is ever modified in NAND. This code would be small enough, and the test case simple enough (no SD card), and we’re at an early enough stage in boot, that we can pretty much guarantee that, if there is no SD card in, it’ll boot normally.

    If there’s an SD card with the right file in, then we get to run arbitrary starlet code, patch the system menu upon boot, etc. Pop the card out, and everything goes back to normal.

    Installation should be safer than Starfall, since we’d use the standard boot2 update mechanism present in the Wii which is engineered to be pretty safe.

    @DRayX
    We’re going to be making a much more advanced recovery system. Sort of like what you mention, but much lower level and able to recover the system even if IOS or the System Menu are entirely deleted.

  • 17 Capt_Trips // Aug 12, 2008 at 12:11 pm

    Amazing ideas.

    Any chance you’ll name the boot 2 mod “Notty?”

    Again, Amazing.

    I’ll avoid this place like a parriah in the future: I don’t want to clutter up your good work with my opinions. Still, I had to say Amazing Ideas.

    Btw, anywhere I can find IOS number lists and what each IOS is used for, And how if at all the IOS versions differ one from another? Wiibrew/Wiki confuses the hell out of me:)

    Thank you all, “May God bless us, each and every one.” Tiny Tim.

  • 18 Ibrahim Awwal // Aug 12, 2008 at 12:42 pm

    Thanks for working so hard on a recovery system Marcan and Team Twiizers. It’s nice knowing some people in the scene actually care about keeping people’s Wiis safe and working.

  • 19 chungy // Aug 12, 2008 at 3:53 pm

    I’m curious about the region-free patch. Is it possible to, instead of making it region-free in general, to specify a specific region that games must be from/load as?

    I’m pretty much asking for some games that have different behavior depending on the region they’re loaded in (multi-region games).

  • 20 bugger // Aug 13, 2008 at 2:24 pm

    I know I’m a bit late but…

    Will you ever release a tool like Patchmii which enables developers to write their own system menu patches and (optionally) distribute them?

    Releasing source code is a wonderful thing 😉 (with some exceptions)

  • 21 DRayX // Aug 17, 2008 at 9:11 am

    I’m not sure this would be possible, but it would be really cool if you could make a patch so that if the drive didn’t recognize the disk, it would check to see if it was a DVD, if it was load some custom DVD icon and banner into the disk channel slot (sort of like when you put in a GC disk, it uses the same icon and banner for all games). Then when you started the disk channel it would load a slimmed down version of MPlayer that would simply play the DVD. This way, you could just play a DVD from the system menu instead of having to launch a channel or homebrew program. Like I said, don’t know if this is even possible, but it would be really cool.

  • 22 DarkUser89 // Aug 17, 2008 at 6:55 pm

    add the option saving settings on the wii ??

  • 23 NakedFaerie // Aug 19, 2008 at 1:05 am

    Same as the guy above. Can you add the option to save to NAND instead of loading it everytime the machine gets reset.

  • 24 Need some help selecting a chip and have some questions... - Wiihacks - Nintendo Wii Hacks Community // Aug 21, 2008 at 11:37 am

    […] menu loader when you download the file what do you do with the dol file menuloader 0.4Menuloader 0.4 (test version) […]

  • 25 http://28colors.blogspot.com/ // Aug 25, 2008 at 6:32 am

    Ok, have a quick question that I can’t find a definitive answer to.

    My wii hasn’t been updated since the first signs that Nintendo would be fixing the trucha signing bug. Quite a few of my games have been signed with this key, and I didn’t want to lose my ability to play them.

    Would I be correct in assuming that this tool will let me update my wii to the lastest FW, and then still be able to tell my wii to use an old IOS for those games that need trucha to work?

    Thanks for your time.

  • 26 marcan // Aug 25, 2008 at 3:14 pm

    @28colors:
    That is correct, assuming the games themselves don’t use fixed IOSes. Currently, IOS30 and 31 have been fixed and IOS37 was fixed ever since it came out. Menuloader will let you pick a vulnerable IOS for the system menu (say, IOS35) which means the menu itself will load the game fine. However, if the game itself calls for IOS30 or IOS31, it will fail when trying to read its own data files. Menuloader *could* get an extra patch to change this though.

  • 27 disorganizer // Aug 27, 2008 at 10:59 am

    i wonder whether it would be possible to have other settings for the “menuloader” system menu than for the original menu?

    the idea came when i had to set my wii to english to play my custom gh3 discs because they only had the right song sames in the english language files 🙂

    also if i menuloader has an update blocker, it would be nice to not have the wireless connection configured in the buildin system but configure it for the soft-loaded system menu … which brings me to my next question:

    if menuloader could load a system menu with other settings, and a game starts, will those settings still be in effect for the ios the game uses?

    or will the game-ios then run with the original settings?

  • 28 marcan // Aug 28, 2008 at 1:10 pm

    You could patch the system menu via menuloader to use altered settings, but those won’t propagate to the game being loaded. This would require patching the menu to itself patch games after loading, which is quite a bit more complicated.

  • 29 alehas // Sep 9, 2008 at 10:27 am

    Launch menuloader 0.5
    Next … Home > Menu wii > Bug! Dvd Wii import no eject HELP me pLz 😀

    sorry but i’m french and 13 years old :s

  • 30 Phelps // Nov 4, 2008 at 8:05 pm

    @marcan

    Old thread, not sure if you’ll see this, but I’ll leave here here anyway.

    According to this post, whatever method AnyRegionChanger uses works for Mr.Driller GC.

    http://wiird.l0nk.org/forum/index.php?topic=1625.0

    This is pretty interesting because this game is known for having lots of issues with a Freeloader. It’s quite likely this method would also fix the issues I described.

    Not sure if the same patch can be done by MenuLoader, but at least is some extra information that might be useful.

  • 31 C-Mac // Dec 19, 2008 at 10:25 pm

    @marcan – Will there be a future update? I love to use MenuLoader to boot under different IOS but the current version can’t verify the newer IOSs (38, 53, 55) and of course won’t re-boot the Wii under them.

You must log in to post a comment.