http://www.joystiq.com/2010/09/18/game-breaking-bug-found-in-metroid-other-m/
One of you with this game should fix this glitch! Unlocking doors isn't /that/ hard of a code!! Your name will likely appear on joystiq if you do! I'll spam their report-news email. Scout's honor!
hahaha god that would be awesome. I almost want to run out and buy this game just so I can do it! hahah XD
OMFG! In the business, this is what we call a Show Stopper. This shouldn't have made it out of QA.
It reminds me of the Twilight Princess glitch where you can get locked in the Sky Cannon room forever. Except that in TP, you weren't RIGHT AFTER A BOSS FIGHT! OF COURSE you want to save right after a boss fight.
We should totally hack the bug to be fixed. Imagine the irony if there was a Riivolution patch released by the Homebrew community that fixed the Nintendo's bug. Once again, hackers doing more to improve the Wii than Nintendo themselves...
Exactly my thoughts mate! It's a great opportunity. ^_^
Thanks for telling us the interesting issue, James :smileyface:
Okay, here's the code;
Open Sesame [Y.S.]
04CCCD88 00000000
This code unlocks the door in question.
Code's effect can be saved.
I can't say for sure if the code works for every version of MOM ATM, but at least it's working for me :p
That's awesome, Y.S.!! hahah so epic!
Can you possibly make a check to see if that boss has been beaten 3 times before unlocking it? (I realize that might be a more difficult thing to track down though!)
IIRC, you can't reach the unlockable door before you beat that boss 3 times,
meaning the check isn't really needed :)
Oh cool, that works! :D
Would you mind putting it on the database so anyone who needs it can get it? =)
Also you should put a note under it saying something like "A solution to the game-ending glitch"
This is so cool ^_^
Well done man.
Joystiq replied asking if there was a forum with users who could verify that it works.
Nobody's really said anything here or shown a video... Somebody make a video or something so Y.S.'s work can get onto Joystiq!!!
(wish I had the game!)
..can anyone spare the time to make a video for Joystiq? It would be the first time a code hacker has gotten light on there as far as I can recall. (been reading for 4, 5, maybe 6 years and I'm certain I'd remember a code hacker getting a story)
I guess I could go rent it and point my webcam at my TV.. but it's like $10 to rent a freakin game..
edit: if you do make a video, might want to stick Y.S.'s code under an activator for the purpose of showing it work
Does anyone have a save file for that location in the game? I cannot find one on google..
Screw it!
*buys the game*
(http://cdn2.dailybooth.com/4/pictures/large/bcc719bc27e3f50adb50e8b5ef4134cc_8477297.jpg)
Quote from: James0x57 on September 21, 2010, 06:51:14 AM
Does anyone have a save file for that location in the game? I cannot find one on google..
I cant get the glitch to happen to begin with D:
Found a glitched save;
http://www.mediafire.com/?v2wuhmejcuc226c
How do you play the game (how do you safely update Wii to 4.3)?
What System Menu are you currently on, and what Boot2 version do you have? You could probably just load the game through Gecko 1.9.3.1, and install the IOS version that it needs.
Alternatively, you could dump your FS onto an SD card or USB device, and run the game through a homebrew program called SNEEK. SNEEK/UNEEK will basically direct all NAND calls to the SD card or USB device, and your real NAND will be left alone. I currently have my "UNEEK NAND" at 4.3U (version 2). If I didn't like it, I could just delete that particular FS off, and put a different one on. ;D Unfortunately, I believe that it is probably against the rules of this forum for me to tell you how/where to get it. :-[
Also, if you have boot2v4, and BootMii as boot2, then I suppose that you could update the real NAND to 4.3, and then use a previous NAND backup to go back to the System Menu that you are currently on. Of course, that requires that you back up your NAND with BootMii before updating to 4.3, and that you have BootMii as boot2.
Thanks 111, I appreciate the info. I can google that stuff you mentioned because it sounds interesting. I used Gecko OS 1.9.3.1
My Wii is 4.2u and I have HomeBrew 1.8. Not sure about boot Mii version but it is boot 2.
I can't find the door. I'm starting in sector 3 (is there only one place to start there? I don't know..)
edit:
There's no way I can beat that thing that pops up. Found another save with it beat and I found a youtube video of where the door is. However I have no idea how to play whip out that grapling thing. I need more than 3 buttons this is lame.
other save:
http://www.mediafire.com/?16r3vxn6k74j1ba
edit again, figured everything out, going to get the video now
The game wont boot with that code on, Y.S.
Oh wait, I have to use that disable write protect I guess... I'll test again. Sorry
Quote from: James0x57 on September 22, 2010, 05:16:54 AM
Oh wait, I have to use that disable write protect I guess... I'll test again. Sorry
If that doesn't work I noticed something being loaded into that memory address when the game boots, so if the write protection doesn't work you can try putting a small check in it.
Open Sesame [Y.S.]
22CCCD88 00040406
04CCCD88 00000000
E0000000 80008000
Use this code when you got stuck in Sector 3;
http://www.joystiq.com/2010/09/18/game-breaking-bug-found-in-metroid-other-m/
-The show must go on-
Edit:
I just noticed my post was being edited at the same time i was making a edit. :)
Thank you, thomas83lin. I will have to wait for Y.S. to post that (or his own activated one) to geckocodes.
Sorry for the mistake, here' the fixed version of the code.
Open Sesame
20CCCD88 00000003
04CCCD88 00000000
E0000000 80008000
Open Sesame(Press B+UP / B+DOWN to lock / unlock)
282DBEC2 00000402
04CCCD88 00000003
282DBEC3 00000401
04CCCD88 00000000
E0000000 80008000
Thank you very very much, Y.S.!!
I will now, finally, make the video and Y.S. will be the first code hacker to get on joystiq AND it will send a positive, helpful message about who we are (hopefully)!!!
Good Job Y.S. ;) and yes i agree, Hopefully it does sent a positive message.
WIN! It totally worked. I'm uploading to YouTube right now!!!!
http://www.youtube.com/watch?v=-0yAOGszsTI
email sent to joystiq! *is excited*
I'm late to the party...but I believe I was once corrected on Gecko OS' behavior when playing games that require a new IOS. Gecko OS will read the new IOS from the update partition of the disc and install it, but it will NOT update the System Menu. i.e. Gecko OS will always safely update your Wii so that you can play new games.
Re: SNEEK, that's not a particularly pirate-y thing. It's more like bootmii...a form of brick protection. I don't see why it couldn't be discussed/linked to.
Finally...awesome that you're showing off the code. Keep us updated!
Gecko OS lets me play but the main menu still says "system update" for the disc channel
and I will for sure keep you all updated on it ^^
Yeah, I think the disc channel will always complain about a System Menu update unless you patch it out with something like PriiLoader.
Yeah, that's true about SNEEK/UNEEK. It is not a program that basically just aids piracy, and I find it nice to be able to update to the newer System Menus, and just be able to place an older FS back on the USB device if I don't like it for some reason. It is one of the homebrew programs that I use the most. However, I wasn't sure what the rules on it were, since it contains a USB loader as well. As far as I know, it is not allowed on Wiibrew for that reason.
Also, yes, anytime that your Wii has older IOS/MIOS/boot2/bc/System Menu versions than what is on the update partition of a disc, the System Menu will keep asking you to update until you do. You have to use something like Priiloader, or the Rebooter function of GeckoOS, to bypass that.
Quote from: James0x57 on September 22, 2010, 03:11:06 AM
How do you play the game (how do you safely update Wii to 4.3)?
http://wiinewz.com/forums/index.php?/topic/12429-waninkoko-firmware-updater-v43/
Is it better to make a video showing you lock / unlock with a button activator?
I might since they didn't reply yet... however I'd need Y.S. to add it to the db because I'm lazy.
Not sure if this as been posted anywhere on the site yet, but Nintendo finally came up with a official fix.
http://www.nintendo.com/consumer/systems/wii/en_na/ts/metroid-other-m.jsp
though, i don't think its as quick as the fix posted here.
lol, some "official fix". Reminds me of the iPhone 4 antenna "fix" - just don't hold the phone that way! ::)
Hm...I noticed at the bottom that you can mail your SD card to Nintendo and they'll fix your save.
Is there any chance we could hack an app that would parse the save file from an SD card and fix the door? This could be something that we release to the public so people don't need to mail their shit to Nintendo.
I think saves are encrypted, but don't we already know all the keys? The only problem would be if the save was encrypted with a key that is different for each Wii.
http://www.wiibrew.org/wiki/FE100 (http://www.wiibrew.org/wiki/FE100)
I believe that program can be used to decrypt Wii save files, although I have never used it.
Also, the Savegame Extractor (http://www.wiibrew.org/wiki/Savegame_Extractor) can be used to copy an unencrypted save file to your SD card. I have used that homebrew application successfully in the past. I'm not sure if it works on "3.3V2" or higher, though.
In addition, dumping the FS of your Wii will also give you the decrypted files. On the FS, they would be located at "/title/00010000." More information can be found from the link below...
http://www.wiibrew.org/wiki/Flash_filesystem (http://www.wiibrew.org/wiki/Flash_filesystem)
I'm not real knowledgeable on keys, so I can't say much on that. However, based on the numerous savegame exploits, along with software like Datel's Wii Powersaves (http://us.codejunkies.com/Products/Wii-Powersaves-1GB___EF000740.aspx), I would assume that it could be done. Here is a HackMii blog post that may help with the keys, as well...
http://www.hackmii.com/2008/04/keys-keys-keys/ (http://www.hackmii.com/2008/04/keys-keys-keys/)
I poked around the hackmii post you linked. It looks like you may need homebrew to do this sort of thing; Once you have homebrew you might as well just use Gecko OS to bypass the problem. I was hoping to make a tool that even non-homebrew types could put their save through.
At first, it looks good. There's an AES SD Key that's used to sign things as they go out to the SD card. AES is good, it's symmetrical so we know the key.
Unfortunately, there's an "MS" (Master Key?) RSA key that's used to sign the Wii's ECC key, which is then appended to the save data. RSA is assymetrical, unfortunately, so we will likely never know the necessary private key.
Now, it could be the case that we can alter the save data and re-encrypt it with the SD key, and leave the MS-encrypted ECC key alone...
EDIT: if someone wants to provide a save game that has the glitch, and an otherwise identical save game that isn't glitched, we could decrypt the saves with the SD key and diff them to see where the bit that sets the lock on the door is.
Well... It's not a fantastic plug but Joystiq linked to the video in the middle of this article:
http://www.joystiq.com/2010/09/27/nintendo-offers-impractical-solution-to-metroid-other-m-bug-in-japa/
*shrugs* lol
But yeah, there's some people who mod the crap out of save files- especially for Animal Crossing.
I don't know anything about it but that would indeed be a great solution. Especially if it only fixed that bug and didn't have any other cheating options. (though those would be the next logical thing to come and should be in another project)
http://metroid.jp/info/index.html
Quote症状ãŒç™ºç"Ÿã—ã¦ã—ã¾ã£ãŸå ´åˆã¯å¼Šç¤¾ã«ã¦ã,»ãƒ¼ãƒ–デーã,¿ã,'修復ã•ã›ã¦ã,,ãŸã ãã¾ã™ã®ã§ã€èª ã«ãŠæ‰‹æ•°ã§ã™ãŒã€
下記宛å...ˆã¾ã§ã,»ãƒ¼ãƒ–デーã,¿ã®ã,³ãƒ"ーãŒå...¥ã£ãŸSDã,«ãƒ¼ãƒ‰ï¼ˆã¾ãŸã¯Wii本ä½")ã,'ã"é€ä»˜ã,,ãŸã ãã¾ã™ã,ˆã†ã,ˆã,ã—ããŠé¡˜ã,,ã,,ãŸã—ã¾ã™ã€,
Our company will restore the save data, and, indeed sorry to trouble you, but,
send the SD card that the copy of the save data enters the following address
(Or, main body of Wii), please when the symptom occurs.
Actually, MOM has its own encryption routine. I've been looking into it for a couple of days or two.
I'll post the progress later on :-*