External Links

Exploits‎ > ‎

Twilight Hack

The Twilight Hack was the first widely circulated exploit for the Nintendo Wii, and possibly the most famous. This hack can only be executed by playing the game The Legend of Zelda: Twilight Princess with a modified save file.

As with other hacks, the Twilight Hack uses an overflow to load data that wasn't normally meant to be loaded. To cause this overflow, the name of Link's horse was modified to be incredibly long, so when the game tries to buffer it, it will automatically cause a buffer overflow.

The hack is executed whenever the name of the horse has to show on the screen, which is logically in a conversation. This conversation occurs when talking to the man at the beginning of the game (the room where the game starts if you load the hacked save file). It is also possible to leave the room, causing the man to shout to you to come back and go to the horse, executing the hack as well.

System menu 3.4 came with a fix for this hack, but some minor modifications could solve this problem. As of System menu 4.0, this exploit is permanently blocked. (One of the reasons we now use Bannerbomb instead).

A short time after, the source of the Twilight Hack was released.

Only for:
  • System menu 3.4 or lower

Required:
  • An SD card (NO SDHC) formatted to FAT(32).
  • The Legend of Zelda: Twilight Princess

Links:

Guide:


Wii ----------------------


1. The first thing you need to do is to play the game at least once. Its enough to just start the game and save after the introduction video ends. If you have an existing Twilight Princess save that you want to keep, do so before proceeding:
  1. Put your SD card in your Wii.
  2. Go into Wii Options > Data Management > Save Data > Wii
  3. Find your Twilight Princess save, click on it, click "Copy", and click Yes.


Computer ----------------------


2. If you want to keep your save file, make a backup of the private folder on the SD card.

3. Download the version of the Twilight Hack for your System menu. You will get a zip file with some different versions of the Twilight Hack in it.
Extract the full zip file to the root of the SD card.

4. Now for the file we want to boot with the Twilight Hack
Download a Wii app (like the Hackmii installer) and place its .elf in the root of the SD card. Be sure to rename it to boot.elf
Homebrew in DOL format doesn't work with this exploit.



Wii ----------------------


5. Go to the Wii data management (Wii button on the bottom left > Data management > Save files). Now delete the Zelda save file on the Wii.

6. Switch to the SD card tab and select the "Twilight Hack" save that corresponds to your game region. Click copy and then yes. Now exit out of the menu.

7. Insert the The Legend of Zelda: Twilight Princess disc and run the game.

Note: if you have an American version of the game, you need to look at the bottom of the game disc first. If it has RVL-RZDE-0A-2 USA in its inner ring, you'll have to load TwilightHack2 in the next step. If it says something else, load TwilightHack0.

8. On the title screen of the game, press A and B to go to the main menu. Now load the twilight hack save file (see the note above for American users).

9. The game will start like normal. To execute the hack, talk to the first character you see, or try to leave the room.

10. Here, the buffer overflow takes over and the the ELF file will be loaded.





Additional Hackmii installer steps:




11. You will see a Scam warning screen.

Wait for the message at the bottom to appear, then press 1.

12.  You will see a screen like this one:

Depending on your Wii, it will show different things behind BootMii:
  • If you see Can be installed, you can get BootMii as boot2 (which gives the best brick protection there is).
  • If you see Can only be installed as an IOS, you can only get BootMii as IOS (which will give you NO brick protection on its own).
Press A to continue.

Now we get to the main menu, where we can install everything.

First install the Homebrew Channel (choose Yes, continue).
The Homebrew Channel will now be installed on your Wii.



        Optional (Recommended) Steps: Installing BootMii
        BootMii is a helps greatly with Brick protection and it is recommended to install it.
        It is not required however.
        These steps don't work on WiiU

        13. In the HackMii main menu, choose BootMii... and press A. You will get another menu.

        14. Before BootMii will work, we need to prepare our SD card, so do that first with the third option.

        15. Install BootMii as IOS. This will always work.

        16. If you're one of the lucky winners, choose install Bootmii as Boot2, then Yes, continue and let it install.



Once you're done, return to the Main menu and choose Exit. It will reboot the Wii.
If you installed BootMii as Boot2, the BootMii menu will appear every time.
  • If you don't want this, rename/move the "bootmii" folder on the SD card (also check the Bootmii Section under How To Use)

17. Don't forget to restore your old private folder if you had one!




So, was that it?
It mostly depends on what you want to do. Many Wii applications will already work for you now.

However, if you want more, like backup loading, custom themes, etc; you will need to continue below.


Comments