Hacking Gamecube Games?

[giantpune]

if i had any idea how these tools were meant to be used, id give it a try.  i have the geckoclient.exe and it can connect to my usb gecko fine.  but i have no idea what app it expects to be running on the wii.   it came with geckoregionfree 1.3 and a main.dol.
ive tried these...
geckoRF 1.3 --  (packaged with the exe file im trying) code dumps when trying to load a GC game
geckoOS 1.7 (wii) -- talks with geckoclient.exe enough to dump GC saves.  but doesnt respond to me trying to start any type of game
geckoOS 1.7 (GC) -- doesnt respond to commands from the exe
GeckoOS 1.9.3.1  -- doesnt respond to commands from the exe

im sure that if i could figure out which app needs to be running to get it to hook the games and load them, i could find the hooks in it.

[biolizard89]

Done. My loader supports Ocarina on gamecube games now, but the non backup related release is taking a while.

Nice, thanks for your work on this.

I don't know much about hooks, but I believe that GCNrd was able to hook using the pad read.  Not 100% sure on that, but if that is correct, I could take a RAM dump of a GameCube game and post it along with a decrypted AR hook code that I made with a GCNrd hook a few years ago.  I assume that would get you what you need, at least for that hook type?  (I'd also post the CodeJunkies AR hook code, which is different, so you'd possibly get 2 hook types.)

Let me know if you're interested.

[111]

Thanks for this!  Been hoping for something like this for awhile.

A somewhat unrelated question, but I was wondering how difficult it would be to make a version of the Twilight Hack for the GameCube version of Twilight Princess, that would boot into a program like the GameCube version of GeckoOS?  I remember that Nuke had talked about this a long time ago, but it apparently never came to be.  Perhaps it could be installed to a GameCube Memory Card by using one of those Wii homebrew applications, or even something like a USB device to connect the Memory Card to a computer.  This could potentially allow two things...

1.  To run it, and use codes, without a custom MIOS.  (I personally prefer not to install many "custom" things to the Wii, although I wouldn't have a problem in this case.)

2.  It would potentially allow you to run homebrew code on an actual GameCube console.

One negative that I see is that you would need to have something like an SD Gecko, to connect an SD card to the Memory Card slot.  Anyway, just curious about how difficult it may be to create a GameCube version of the Twilight Hack.

[biolizard89]

Nice, thanks for your work on this.

I don't know much about hooks, but I believe that GCNrd was able to hook using the pad read.  Not 100% sure on that, but if that is correct, I could take a RAM dump of a GameCube game and post it along with a decrypted AR hook code that I made with a GCNrd hook a few years ago.  I assume that would get you what you need, at least for that hook type?  (I'd also post the CodeJunkies AR hook code, which is different, so you'd possibly get 2 hook types.)

Let me know if you're interested.

Actually, I just dug through my files and found what I think are the hooks that GCNrd uses.  There are 4 revisions of the PADRead routine that show up in games; I suppose you would need to try all 4 of them when booting the game to reliably hook PADRead.

Code Select Expand

#Data for ahook command
ahook.0 = {
#PADRead() #Kernel:  Jul 19 2001  05:43:42
38000000   #li      r0, 0
9815000A   #stb     r0, 0xA(r21)
A0150000   #lhz     r0, 0(r21)
5400066E   #rlwinm  r0, r0, 0,25,23
B0150000   #sth     r0, 0(r21)
3AF70001   #addi    r23, r23, 1
2C170004   #cmpwi   r23, 4
3B7B0004   #addi    r27, r27, 4
3B5A0002   #addi    r26, r26, 2
3B39000C   #addi    r25, r25, 0xC
3AB5000C   #addi    r21, r21, 0xC
4180FD38   #blt     label_up
7EC3B378   #mr      r3, r22
BAA1001C   #lmw     r21, 0x48+var_2C(sp)
8001004C   #lwz     r0, 0x48+arg_4(sp)
38210048   #addi    sp, sp, 0x48
7C0803A6   #mtlr    r0
}
ahook.1 = {
#PADRead() #Kernel:  Oct  2 2001  11:02:22
38000000   #li      r0, 0
981F000A   #stb     r0, 0xA(r31)
A01F0000   #lhz     r0, 0(r31)
5400066E   #rlwinm  r0, r0, 0,25,23
B01F0000   #sth     r0, 0(r31)
3AB50001   #addi    r21, r21, 1
2C150004   #cmpwi   r21, 4
3B18000C   #addi    r24, r24, 0xC
3BFF000C   #addi    r31, r31, 0xC
4180FCC0   #blt     label_up
7EC3B378   #mr      r3, r22
00000000   #bl      OSRestoreInterrupts
7E83A378   #mr      r3, r20
BA810018   #lmw     r20, 0x48+var_30(sp)
8001004C   #lwz     r0, 0x48+arg_4(sp)
38210048   #addi    sp, sp, 0x48
7C0803A6   #mtlr    r0
}
ahook.2 = {
#PADRead() #Kernel:  Jun  5 2002 02:09:12  -  Sep  5 2002 05:34:25  -  Mar 17 2003 04:20:41
38000000   #li      r0, 0
981F000A   #stb     r0, 0xA(r31)
A01F0000   #lhz     r0, 0(r31)
5400066E   #rlwinm  r0, r0, 0,25,23
B01F0000   #sth     r0, 0(r31)
3AB50001   #addi    r21, r21, 1
2C150004   #cmpwi   r21, 4
3B18000C   #addi    r24, r24, 0xC
3BFF000C   #addi    r31, r31, 0xC
4180FCC8   #blt     label_up
7EC3B378   #mr      r3, r22
00000000   #bl      OSRestoreInterrupts
7E83A378   #mr      r3, r20
BA810020   #lmw     r20, 0x50+var_30(sp)
80010054   #lwz     r0, 0x50+arg_4(sp)
38210050   #addi    sp, sp, 0x50
7C0803A6   #mtlr    r0
}
ahook.3 = {
#PADRead() #Kernel:  Jul 23 2003 11:27:16
38000000   #li      r0, 0
9817000A   #stb     r0, 0xA(r23)
A0170000   #lhz     r0, 0(r23)
5400066E   #rlwinm  r0, r0, 0,25,23
B0170000   #sth     r0, 0(r23)
3B390001   #addi    r25, r25, 1
2C190004   #cmpwi   r25, 4
3B9C000C   #addi    r28, r28, 0xC
3AF7000C   #addi    r23, r23, 0xC
4180FD6C   #blt     label_up
7F43D378   #mr      r3, r26
00000000   #bl      OSRestoreInterrupts
7F03C378   #mr      r3, r24
BAC10018   #lmw     r22, 0x40+var_28(sp)
80010044   #lwz     r0, 0x40+arg_4(sp)
38210040   #addi    sp, sp, 0x40
7C0803A6   #mtlr    r0
}

Hope this helps!