A savegame exploit for "LEGO Batman" on the Nintendo Wii
Prerequisites:
SD card (not SHDC) formatted as FAT16 or FAT32
Some possibility to copy the savegame
(DOWNLOAD)
from the PC to the SD card (i.e. card reader)
LEGO Batman ;-) (you have to boot it at least once before)
Some homebrew software to load, e.g. the
HackMii Installer.
Although this isn't necessary, it's highly recommended ;-)
Howto:
(OPTIONAL) If you have an existing "LEGO Batman" savegame.
MOVE it to another SD CARD.
Copy the "private" directory from the ''Bathaxx'' download to
the root of your SD card.
Take your homebrew and put it in the ROOT of your SD card as
"boot.elf"
Put your SD card in your Wii and turn it on.
Go into Wii Options -> Data Management -> Save Data -> Wii.
Go to SD card and select the "Bathaxx" savegame that corresponds
to your game region. NOTE: Some people are having problems
with the Wii not "seeing" the savegame on the SD card. If you are
experiencing this, try setting the archive bit for the data.bin
file. In Windows this can be either be done from the file's
properties dialog (right click on it in Windows Explorer and check
the box) or from the command line using "attrib +a <path to
data.bin>". More info at
#wiihelp on Efnet.
Copy the savegame to the Wii.
Boot LEGO Batman.
Load the saved game you just copied to the Wii.
You are now in the batcave, take the elevator on the right
side. Then in the trophy room, go to the upper corner and go through
the door in order to enter the "Wayne Manor". Now you can select a
character. Choose the last enabled one in the lowest row.
It's a typical (string) buffer overflow. There are more than one way to
trigger this vulnerability (I think there're three ways). I choose
that one, because it's the closest one to the spawning point :p
If you interested in more detailed explanation, check the disassembly of
the game, the
exploit source
or feel free to contact me.