Twilight Hack

The Twilight Hack was the first widely circulated exploit for the Nintendo Wii, and possibly the most famous. This hack can only be executed by playing the game The Legend of Zelda: Twilight Princess with a modified save file.

As with other hacks, the Twilight Hack uses an overflow to load data that wasn't normally meant to be loaded. To cause this overflow, the name of Link's horse was modified to be incredibly long, so when the game tries to buffer it, it will automatically cause a buffer overflow.

The hack is executed whenever the name of the horse has to show on the screen, which is logically in a conversation. This conversation occurs when talking to the man at the beginning of the game (the room where the game starts if you load the hacked save file). It is also possible to leave the room, causing the man to shout to you to come back and go to the horse, executing the hack as well.

System menu 3.4 came with a fix for this hack, but some minor modifications could solve this problem. As of System menu 4.0, this exploit is permanently blocked. (One of the reasons we now use Bannerbomb instead).

A short time after, the source of the Twilight Hack was released.

Only for:

• System menu 3.4 or lower

Required:

• An SD card (NO SDHC) formatted to FAT(32).

• The Legend of Zelda: Twilight Princess

Links:

• Twilight hack: http://hbc.hackmii.com/download/ (get the beta1 for 3.3 and lower or beta2 for 3.4)

Guide:

1. The first thing you need to do is to play the game at least once. Its enough to just start the game and save after the introduction video ends. If you have an existing Twilight Princess save that you want to keep, do so before proceeding:

1. Put your SD card in your Wii.

2. Go into Wii Options > Data Management > Save Data > Wii

3. Find your Twilight Princess save, click on it, click "Copy", and click Yes.

2. If you want to keep your save file, make a backup of the private folder on the SD card.

3. Download the version of the Twilight Hack for your System menu. You will get a zip file with some different versions of the Twilight Hack in it.

Extract the full zip file to the root of the SD card.

4. Now for the file we want to boot with the Twilight Hack

Download a Wii app (like the Hackmii installer) and place its .elf in the root of the SD card. Be sure to rename it to boot.elf

Homebrew in DOL format doesn't work with this exploit.

5. Go to the Wii data management (Wii button on the bottom left > Data management > Save files). Now delete the Zelda save file on the Wii.

6. Switch to the SD card tab and select the "Twilight Hack" save that corresponds to your game region. Click copy and then yes. Now exit out of the menu.

7. Insert the The Legend of Zelda: Twilight Princess disc and run the game.

Note: if you have an American version of the game, you need to look at the bottom of the game disc first. If it has RVL-RZDE-0A-2 USA in its inner ring, you'll have to load TwilightHack2 in the next step. If it says something else, load TwilightHack0.

8. On the title screen of the game, press A and B to go to the main menu. Now load the twilight hack save file (see the note above for American users).

9. The game will start like normal. To execute the hack, talk to the first character you see, or try to leave the room.

10. Here, the buffer overflow takes over and the the ELF file will be loaded.

Additional Hackmii installer steps:

11. You will see a Scam warning screen.

Wait for the message at the bottom to appear, then press 1.

12. You will see a screen like this one:

Depending on your Wii, it will show different things behind BootMii:.

• If you see Can be installed, you can get BootMii as boot2 (which gives the best brick protection there is).

• If you see Can only be installed as an IOS, you can only get BootMii as IOS (which will give you NO brick protection on its own).

Press A to continue.

Now we get to the main menu, where we can install everything.

First install the Homebrew Channel (choose Yes, continue).

The Homebrew Channel will now be installed on your Wii.

Optional (Recommended) Steps: Installing BootMii

BootMii is a helps greatly with Brick protection and it is recommended to install it.

13. In the HackMii main menu, choose BootMii... and press A. You will get another menu.

14. Before BootMii will work, we need to prepare our SD card, so do that first with the third option.

15. Install BootMii as IOS. This will always work.

16. If you're one of the lucky winners, choose install BootMii as Boot2, then Yes, continue and let it install.

Once you're done, return to the Main menu and choose Exit. It will launch the Homebrew Channel. You can press Home to bring up a menu and reboot the console.

17. Don't forget to restore your old private folder if you had one!

If you installed BootMii

If you installed BootMii, regardless whether it was as boot2 or IOS, it is recommended you use it to create a NAND backup. This backup can be used to restore the Wii to a working state in case you brick it.

You can learn about launching BootMii and making a backup on the BootMii page.

If you installed BootMii as Boot2, the BootMii menu will appear every time you boot your Wii.

• If you don't want this, rename/move the "bootmii" folder on the SD card.

• Alternatively, you can enable Wii menu auto-boot in the configuration file.

So, what's next?

It mostly depends on what you want to do.

I want to run basic homebrew applications:

=> You are already done! Visit the list of Homebrew Applications on Wiibrew. You can also view our Homebrew Channel page if you need help setting things up.

I want to load backup games from a USB drive, install WADs:

=> Continue on to install a cIOS which will allow you to use these more advanced apps.

I want to change the system menu theme:

=> First install Priiloader for additional brick protection, then read up on MyMenuify, the app which allows you to change the system menu theme.