Bathaxx - A savegame exploit for "LEGO Batman" on the Nintendo Wii

January 27th, 2011, 03:36 Posted By: wraggster

A new hack to enable Homebrew and Emulation on the Wii has surfaced, heres the details from the homepage:

A savegame exploit for "LEGO Batman" on the Nintendo Wii



Prerequisites:
◦SD card (not SHDC) formatted as FAT16 or FAT32
◦Some possibility to copy the savegame (DOWNLOAD) from the PC to the SD card (i.e. card reader)
◦LEGO Batman ;-) (you have to boot it at least once before)
◦Some homebrew software to load, e.g. the HackMii Installer. Although this isn't necessary, it's highly recommended ;-)
Howto:
◦(OPTIONAL) If you have an existing "LEGO Batman" savegame. MOVE it to another SD CARD.
◦Copy the "private" directory from the ''Bathaxx'' download to the root of your SD card.
◦Take your homebrew and put it in the ROOT of your SD card as "boot.elf"
◦Put your SD card in your Wii and turn it on.
◦Go into Wii Options -> Data Management -> Save Data -> Wii.
◦Go to SD card and select the "Bathaxx" savegame that corresponds to your game region.
NOTE: Some people are having problems with the Wii not "seeing" the savegame on the SD card. If you are experiencing this, try setting the archive bit for the data.bin file. In Windows this can be either be done from the file's properties dialog (right click on it in Windows Explorer and check the box) or from the command line using "attrib +a <path to data.bin>". More info at #wiihelp on Efnet.
◦Copy the savegame to the Wii.
◦Boot LEGO Batman.
◦Load the saved game you just copied to the Wii.
◦You are now in the batcave, take the elevator on the right side. Then in the trophy room, go to the upper corner and go through the door in order to enter the "Wayne Manor". Now you can select a character. Choose the last enabled one in the lowest row.
◦YouTube Video
Misc:
◦Please do not copy/hotlink/whatever, just link here.
◦If you use this exploit for piracy, you will entirely brick your Wii. srsly! (i.e. please don't use it for warez. kthx)
◦Why I released the exploit? Please read this.
Thanks:
◦Team Twiizers (obviously :-))
◦In particular segher, for releasing all this awesome stuff!
◦roto, which found the original vulnerability (since I use exactly the same vulnerability as in Indiana Jones...)
◦joedj for the chksum fix
◦drmr for the awesome banner
◦Gecko OS (nuke et al.)
◦Tester: skinner33 (PAL), roto (NTSC)
◦tomjoks for hosting
How the exploit works:
It's a typical (string) buffer overflow. There are more than one way to trigger this vulnerability (I think there're three ways). I choose that one, because it's the closest one to the spawning point
If you interested in more detailed explanation, check the disassembly of the game, the exploit source or feel free to contact me.

http://wien.tomnetworks.com/wii/

There are 0 comments - Join In and Discuss Here