Bathaxx

A savegame exploit for "LEGO Batman" on the Nintendo Wii



Prerequisites:

Howto:

  1. (OPTIONAL) If you have an existing "LEGO Batman" savegame. MOVE it to another SD CARD.
  2. Copy the "private" directory from the ''Bathaxx'' download to the root of your SD card.
  3. Take your homebrew and put it in the ROOT of your SD card as "boot.elf"
  4. Put your SD card in your Wii and turn it on.
  5. Go into Wii Options -> Data Management -> Save Data -> Wii.
  6. Go to SD card and select the "Bathaxx" savegame that corresponds to your game region.
    NOTE: Some people are having problems with the Wii not "seeing" the savegame on the SD card. If you are experiencing this, try setting the archive bit for the data.bin file. In Windows this can be either be done from the file's properties dialog (right click on it in Windows Explorer and check the box) or from the command line using "attrib +a <path to data.bin>". More info at #wiihelp on Efnet.
  7. Copy the savegame to the Wii.
  8. Boot LEGO Batman.
  9. Load the saved game you just copied to the Wii.
  10. You are now in the batcave, take the elevator on the right side. Then in the trophy room, go to the upper corner and go through the door in order to enter the "Wayne Manor". Now you can select a character. Choose the last enabled one in the lowest row.
  11. YouTube Video

Misc:

Thanks:

How the exploit works:

It's a typical (string) buffer overflow. There are more than one way to trigger this vulnerability (I think there're three ways). I choose that one, because it's the closest one to the spawning point :p
If you interested in more detailed explanation, check the disassembly of the game, the exploit source or feel free to contact me.


email: lewurm _AT_ gmx _DOT_ net

Valid XHTML 1.0 Transitional Valid CSS!