Eri HaKawai

• About
• Usage
• Downloads
• Credits

	This is another wii exploit.  This time for "Tales of Symphonia: Dawn of
the New World"  (RT4EAF).  It works by exploiting a buffer overflow.  This was
originally found by Pierre "delroth" Bourdon.  He has written an exploit that
works on the PAL version of the game.  And he provided enough information that
making this one only took a couple hours.


Source code is included that I used to make the exploit ( all of it is licensed
under GPLv2 ).  heres how i made it...

1) enter the "/loader" directory and build 2 versions of the loader.  in
loader.lds, you can change the entrypoint.  make loader.bin with the entrypoint
for v1, and loader2.bin with the entrypoint for v2.
 
2) use the Qt SDK to build the .pro and main.cpp.  it will give you a program that
will take a base save, inject the loader into it, and create the exploit

3) run the program you just built   "./ToSHack_jap ./000100005254344a/".  this will
create all the files necessary for the exploit.

4) pack it up with segher's tools.   "twintig 000100005254344a ./data.bin".

Again, everything involved is licensed under GPLv2.  You can do with it just
about whatever you want.  I ask that you please refrain from mirroring these
files but instead link people back here.

NOTE: For the JAP version, It has some issue still where it fails to load some homebrew. It did NOT load gecko OS 1.9.3 for me. But it does load the hackmii installer 0.8 fine, and that's all that really matters.

1. Copy the "private" folder from this archive to the root of your SD card and merge it with any existing folder. Install the save to your Wii just like any other save game.
2. Put the homebrew you want to load (theres a pretty cool one here) on the root of your SD card as
   "SD:/boot.elf"
3. Then start the game, and load the save data. For Jap users, there are 2 different versions of the game. If your game is version "RVL-RT4J-0A-0 JPN" use the top save, if you have "RVL-RT4J-0A-1 JPN" use the second save. if you have any other version of the disc, it probably won't work.
4. Once the game starts ( and you see a retarded dog waving at you ), press PLUS to enter the game's menu.
5. Scroll down to "Status" and press A.
6. Then scroll down to the second character (named "Giantpune"). Highlite him, and press A.
7. Hopefully everything works out like it should and the boot.elf is loaded from your SD card.

• USA[v1]
• JAP[v1] [v2]
• PAL[v1] (delroth's version)

-Credits-
team twiizers - savezelda elf loader
Pierre "delroth" Bourdon - originally found the buffer overflow & managed to turn it into a working exploit (for the PAL version of the game). checksum code for PAL which was a great start when i was doing the USA checksum stuff
giantpune - the USA version of this exploit. including - but not limited to - disassembling, poking, breakpointing, hex editing, checksumming, artworking, twintigging, tachtigging

And big thanks to...
Segher - really useful save packing/unpacking tools
nuke, link, dcx2, brkirch, Y.S, Frank Willie, et al - usb gecko, geckoOS, vdappc, geckoDotNET
megazig, dcx2 - lots of useful knowledge concerning ASM, registers, PPC behavior, and other similar low-level stuff

Home

"Wii" (c) (R) tm Nintendo
"Tales of Symphonia: Dawn of the New World" (c) (R) tm Namco Tales Studio & Namco Bandai