WiiCrazy LIVES!!! Nice to see you active my old friend.
Time passing fast but I take these experiments rather slowly... finally I tried the exploit yesterday with a bit of effort I was able to use it against a 003 error region changed korean wii (4.3U)
Here is my take
- I used a raspberry pi 4 since that was lying around... I got 64 bit Ubuntu installed on it and because of the 32 bit libc.6.so dependency prebuilt binaries errored out with "There is no such file or directory" ... I knew it would work with an alternative os on that but I chose the other alternative : building...
- With satisfying dependencies I got everything to build the main executable... But stage0 part needed powerpc-eabi-gcc stuff which I was not able to satisfy... Joining the discord and asking people should have helped possibly but again I chose the non easy alternative... stage0 is included in the main binary with a c header.. I thought If I can extract the relevant binary from the prebuilt main binary than I can easily generate the needed header file... Downloaded Ghidra, identified the location of the stage0 array, I generated a header file out of it. I was able to build it! It was straight forward to use it against a non bricked wii, it worked at the first try...
Then came the 003 bricked korean wii... All over the place people complaining about that it doesn't work either in the recovery menu or in the error reporting screen so I skipped testing it that way... In one site developer has instructions for creating the necessary file to use the exploit with other dol files... I used that...
I prepared my wii drive to boot a game...
- Using wiiscrubber got the main dol of the game, throw it at
stage0-ldsgen python script provided by the exploit author like
./stage0-ldsgen --no-template main.dol
Script print outs 4 values... You create a 4 byte binary file out of printed
l2cb value and you use it as the payload in the program instead of
WII_SM4_3U.bin in my case....
The game I used was Carnival games... First try was in the selection screen of the game... Stage 1 transferred up to 40K and the game freezed... Second try was in the health & safety screen then it perfectly worked!
So ; to unbrick a 003 error wii with this exploit,
You need,
1- Autoboot supporting drivechip (same with the disc swap thing which I was never fully successful although it worked)
2- Some game
3- PC side preparations to create the 4 byte payload for the game you have
4- Exploit magic already provided by the FullMetal5... Thanks a lot FullMetal5
*5- Once the wii spits the 003 error it doesn't load games so a recovery dongle (savemii or savemiifree) is needed too.
Now I can finally assemble this Korean wii sitting in the shelves
* Forgot to add this