Jeff Epler's blog

26 May 2009, 12:58 UTC

Twilight hack source code

Last year, I made a halting attempt to reverse engineer the "twilight hack", but gave up. Now, the source has been released.


17 June 2008, 11:53 UTC

zeldaTp.patch: Nintendo stepped in (part 3 of 3, I guess)

I spent a few evenings trying to get an indication that my code inside the savegame was being executed on the wii (basically inserting what I had identified as the color setting function at the start of the shellcode area) and didn't have an immediate success. But now Nintendo has released a set of updates which specifically block the Zelda hack. They have inserted special code in the system menu to specifically check the length of NUL-terminated strings in the Zelda: Twilight Princess savegame file. This would reduce a GPL'd zelda loader from being an important piece of Free software to being an uninteresting footnote, so I'm not going to spend more time on this endavour.

If you're a reader with an interest in savegame exploits, though, I urge you to read this; if you have an existing homebrew loader such as HBC, you can use wiifuse+net to read and install savegame files without needing any keys. Let me know when you have something interesting!


10 June 2008, 18:10 UTC

zeldaTp.dat: complete corresponding source code (part 2 of ?)

The GNU GPL, my personal gold standard for a Free Software license, requires that you distribute the "complete corresponding machine-readable source code" in "the preferred form of the work for making modifications to it" for the binary program. But is it completely clear what that means in this case?

read more…

9 June 2008, 22:29 UTC

zeldaTp.dat exploit analysis (part 1 of ?)

Since a source release for either of the major hombrew methods does not seem to be forthcoming from the original creators, I've started reverse engineering the zelda exploit. My ultimate goal is to create a hombrew method which anyone is free to build from source code. I will be concentrating on the 'rzde2' version of the Twilight Hack, since that's the disc version I own.

read more…

8 June 2008, 1:39 UTC

First crack at a wii dvd API

Update, 2012: I'm pretty sure that most of this stuff is long since irrelevant and superseded by stuff in libogc.

Based on the information at with hints from a few good guys on efnet/#wiidev, I got a basic wii dvd interface done. It includes

read more…

7 June 2008, 1:43 UTC

wiifuse + net

I modified wiifuse to work over the wireless network. unfortunately, for me it crashes very shortly after starting. Update: after fixing two memory leaks (one in wiifuse-server, one in libogc), it works for minutes at a time. Update2: New feature in version net3: if you don't specify an identity with -i, the one on the disc inserted in your wii is used (no need to extract the tmd/tik/cert first).

read more…

6 June 2008, 12:07 UTC

Call graph from powerpc elf file with debug symbols

I was trying to decypher a particular piece of wii homebrew and wrote this script to show a call graph, excluding some functions I was uninterested in. Requires powerpc development tools, graphvis, python, and a wii homebrew .elf with symbols intact.

Files currently attached to this page:



3 June 2008, 15:22 UTC

Wii Back

My wii just got back from being repaired. The graphics are fixed, and in fact everything just "looks better" than I remember. Whether this is because the defective console was just rendering everything a bit wrong (in addition to the obvious sparkles in certain parts of certain games), or whether it's just my imagination, I don't know.

read more…

13 May 2008, 23:41 UTC

Oh no! My wii is broken

28 August 2007, 1:44 UTC

Bye Bye Gamefly

26 July 2007, 16:23 UTC

gamefly: it's no netflix

All older entries
Website Copyright © 2004-2018 Jeff Epler