twilighthack

5 Articles

Digging Into The Twilight Hack That Brought Us Wii Homebrew

April 11, 2026 by 11 Comments

With each new game console, there’s an effort to get around whatever restrictions exist to run your own software on it. In the case of the Nintendo Wii, the system was cracked through one of its most popular games — The Legend of Zelda: Twilight Princess. How this hack works was recently covered in detail by [Skawo].

The key for this ‘Twilight Hack‘ is to use a modified game save that allows you to run arbitrary code from an SD card, something which was first patched out of the Wii firmware with version 3.3. As shown in the video using the source code, the basic concept is that the name of Link’s horse in the game is changed in the save file to be longer than the allocated buffer, which leads to a buffer overflow that can be used to reach the application loader code.

Interestingly, while the horse’s name can only be 8 characters long, and the buffer is 16 bytes (due to ShiftJIS two-byte encoding), the save file loading code allocates no less than 100 bytes, for some reason. Since the code uses strcpy() instead of strncpy() (or C11’s strncpy_s()), it will happily keep copying until it finds that magic 0x00 string terminator. Basically the horse can have any name that fits within the save file’s buffer, just with no null-byte until our specially crafted payload has been copied over.

Although it took Nintendo a few months to respond to this hack, eventually it was patched out in a rather brutal fashion by simply searching for and wiping any modified save files. Naturally this didn’t stop hackers from finding ways to circumvent this save file check, which led to more counter-fixes by Nintendo, which led to more exploits, ad nauseam.

Even with firmware update 4.0 finally sunsetting the Twilight Hack, hackers would keep finding more ways to get their previous Homebrew Channel installed, not to mention so that they could keep watching DVDs on a Wii.

Continue reading “Digging Into The Twilight Hack That Brought Us Wii Homebrew”

Watching DVDs On Your Wii

August 14, 2008 by 9 Comments


Nintendo Wii Fanboy explains how to watch DVDs on your Wii using the new MPlayer application. Although the reviews are mixed, some claim it works and others claim it doesn’t, most are excited about this new feature which has been missing since the Wii’s launch. To get this working, you need to run the Twilight Hack and get the Homebrew Channel. Then you download the MPlayer software onto your SD card and install that using the Homebrew Channel. From there, you can launch the application and play your DVDs with ease using the minimalistic DVD player interface.

Although this seems like a lot of work just to watch a DVD, especially considering this might not work for you, it is interesting to see people trying to push for media center software on the Wii. Now they only need to find ways to get past the Nintendo’s attempts to stop this Homebrew movement.

Wii Menu 3.3 Already Circumvented

June 19, 2008 by 3 Comments


Well, that didn’t take long. Three days after the release of the Wii Menu 3.3 update (which prevents homebrew loading on the Wii by killing a special hack), the update has been circumvented. The update targeted the ubiquitous Twilight Hack, which allows homebrew software to be loaded from the Wii’s SD card slot by using a special game save. The team at HackMii were quick to disassemble, analyze, and scoff at the update, with member [bushing] quipping “we are not impressed.” The team found bug exploits for new code in the the update that cause it to ignore the Twilight Hack. They have yet to release the fix to the public, but its likely that they’ll do so at least as fast as they developed it.

[via Wii Fanboy]
[photo: cibomahto]

Wii Upgrade Breaks Twilight Hack

June 17, 2008 by 9 Comments


Nintendo’s latest menu upgrade for the Wii, version 3.3, has broken the long standing Twilight Hack. In the past, you could load a hacked Twilight Princess save game to execute arbitrary code. After the upgrade, the Wii now deletes the hacked save game. The Homebrew Channel seems to have remained intact. So, if you’ve already added it and you upgrade, you should be fine. There’s no telling how long before homebrew code will be completely locked out though.

[photo: cibomahto]

Homebrew Channel For Wii

May 26, 2008 by 29 Comments

[youtube=http://www.youtube.com/v/6ji2imug_bc]

Had enough Nintendo homebrew action yet? We haven’t either. Especially not now that the doors to the homebrew scene have been blown open by The Homebrew Channel. Up to this point, the only way you could run homebrew on an unmodded Wii was the Twilight Hack, which leveraged a flaw in Twilight Princess save games. The Homebrew Channel lets you launch various homebrew apps with a useful GUI instead of performing the hack every time you want to run them. It can access apps stored on an SD card, a computer on the same network, and even USB Gecko. There is no USB flash drive or DVD support at the moment.

The Homebrew Channel can be loaded onto the Wii by running the Twilight Hack (don’t worry, it’ll probably be for the last time) with the Homebrew Channel Files in the root of your SD card. The Wii will reboot and then the channel will appear in the list. We tested it ourselves, and found that everything loaded properly from the SD card (we didn’t try the other sources). We did run into a problem where it failed to load any of our homebrew apps or even reboot properly if a Gamecube memory card was in the slot, but it’s an easy fix, just pull it out.

The devteam behind this release wanted to make things as easy and accessible as possible, so they included download links to the Twilight Hack, The Homebrew Channel, and even a homebrew software bundle to get you started. If you want more homebrew apps, head to Wiibrew.

[via everywhere]