• Download IOS11 from the Nintendo Update Server
• Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
• Patch it to allow it to delete itself later using ES_DeleteTitle()
• Find an unused IOS slot (counting downward from IOS255)
• Install the hacked IOS11 there
• Reboot into the hacked IOS
• Copy the private key structure from the IOS address space into MEM1
• Reboot back into a sane IOS
• Delete the temporary, hacked IOS
• Display the keys on screen
• Try to write them to a file on the SD card — keys.txt
• Pause for 60 seconds to allow you to copy the keys down using pen and paper,if necessary

I wrote this a week or two after I killed a Wii trying to reproduce tmbincÂ’s original Tweezer Hack. May it rest in peace.

The first version of this code just used a patched version of IOS, which was an ugly hack. ItÂ’s still an ugly hack, but at least it no longer contains copyrighted code. You should only really need to run it once on any given Wii, but it should be safe to run as much as you want.

If nothing else, it demonstrates the kinds of ways you can use PatchMii_core to do something useful (as opposed to just running it and then packaging the result up as cIOS).

• Nintendo finally responds to Bushing about Wii exploit discovery
• Bushing discovers exploit that allows ISOs to run on unmodified Wiis
• Wii System Menu v3.3 update workaround already in the works

Via hackmii

Tweet

This story sucks? This story rocks!

Vote Now!    (0) (0)