Month: August 2024

Posted on

Telescope Bag Reinforcement

Good Morning from my Robotics Lab! This is Shadow_8471, and today I am reinforcing my telescope carry bag. Let’s get started!

I got a telescope last Christmas. As part of caring for it, I got it a travel bag to take it to local dark spots. A comment on the bag’s store page recommended reinforcement – possibly with the cardboard box the bag arrived in. I wanted a frame. Metal and wood can be expensive and heavy, so I went with PVC piping. My father and I bought supplies and started the project late January, but time constraints and busy schedules halted progress until now.

We measured the bag as 40”x12”x9”. The store sold half inch diameter pipe in 10 foot/120 inch segments. My intuition said to buy two pipes, but a quick mental estimate came up 4 inches too short: 2x(120-(40+12+9))=-4. Accounting for the diameters of perpendicular segments affords the needed margin: 3x8x.5”-4”=8”.

The base went together nicely, but the bag got really tight once the first two vertical supports went in. News flash: the bag is ever so slightly trapezoidal in shape. When we came back to finish the project this week, we re-measured from the top of the bag, but those measurements would have been too short for the interior dividing wall running lengthwise along the bag. In the end, we trimmed the pipes to fit outside this wall and lowered the height until the bag could zip closed over the frame.

One future improvement remains: my accessories are currently loose in a cardboard box that barely fits in the telescope bag. It stretches the bag, making it difficult to access – especially if I’m after something without pulling out the whole telescope.

Takeaway

This project had an unusually long break in it. While I would have liked a shorter timetable, it is always a risk when working with someone else on a relatively minor project. Our schedules just happened to line up this week well enough to follow through when I pushed a little.

Final Question

What small projects do you have going on that shouldn’t take long to finish? Might now be the time?

Posted on

Sonic 3 AIR (Linux, Wii/Mega Collection Method)

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am using a hacked Wii and Linux to rip Sonic Mega Collection for a ROM to play Sonic 3 AIR. Let’s get started!

I am not a lawyer, nothing in this blog post is legal advice.

Say what you like about the GameCube, it was my sister’s and my first video game console. Among our initial collection was Sonic Mega Collection, a library of Sonic’s Sega Genesis titles. The games played poorly with an analogue stick, and I lost interest after never getting past a second zone.

Years later, a university friend re-introduced me to classic Sonic games through the world of emulation. I found myself browsing Sonic Retro and trying out several ROM hacks of base games I owned back home. Of note: fan content is a legal gray area some companies like Sega happily leave gray – letting fans explore their IP (Free advertising, anyone?) while leaving themselves room to threaten troublemakers. That said, the unwritten code of conduct for handling hacked/leaked prototypes is:

  1. No selling hacks.
  2. No advocating piracy.
  3. No redistributing raw ROM’s.
  4. Don’t ask, don’t tell.
  5. Own a legit copy if available.
  6. Support quality official ports.

That said: Sega has hired Sonic Retro talent to port their classic games.

Sonic 3 Fan Projects

Most ROM hacks on Sonic Retro are outright love letters to their respective base games, but my hands-down favorite was Sonic 3 Complete (S3C) [1]. This hack aimed to restore the game’s original vision before time constraints split it into Sonic 3 (S3) and Sonic & Knuckles (S&K) with the option to combine their cartridges into Sonic 3 & Knuckles (S3&K). S3C added a game select, custom level transitions, fine tweaks to revert assets, and an option to move Flying Battery Zone to just before Ice Cap so Sonic can snowboard down on a hatch he knocked off in a cutscene. Polishing continued until it approached the Genesis’s ROM size limit.

When the S3C team signed off in 2013, they named another project as their successor: Sonic 3 Angel Island Revisited (Sonic 3 AIR/S3AIR). In addition to similar polish to S3C, Sonic 3 AIR uses a newer engine with widescreen and 60 fps support. Mods are also supported. The catch is it requires an original S3&K ROM for game files. This used to be available from Steam, but I had to dump my physical copy using the Wii I hacked last week.

Following a tutorial as can be found on GameBananna (linked in Works Cited) [2], I installed CleanRip and backed up four of my GameCube disks – Sonic Mega Collection among them. Each game gave me three files: GAME-dumpinfo.txt, GAME.bca (data about the copy protection), and GMAE.iso (the game data itself). The .iso doesn’t mount, but Dolphin emulator lets you browse its file system anyway. I located S3&K’s .dat file and set that aside.

GameBananna’s tutorial breaks on the next step. It calls for a converter by GreyRouge [3], but the link is broken and the forum has been abandoned since early 2023.

https://zenhax.com/viewtopic.php?t=695

Instead of finding four good captures on WaybackMachine, I the topic number into a working URL [3]:

https://zenhax.com/viewtopic.php@t=695.html

But I wasn’t done yet. GrayRouge used an old version of Visual Studo, but some research, I got it working in normal C++ by making the following changes:

Replace: #include "stdafx.h"
with: #include <iostream>
and #include <string>

Replace: int _tmain(int argc, _TCHAR* argv[])
with: int main(int argc, char* argv[])

The compiled program worked got S3&K loading in an emulator. I posted my modifications to Reddit where my hope is to be of help to someone. S3AIR was stubborn about looking for the ROM in my Steam files, so I gave it a link.

~/path/to/Sega\ Classics/uncompressed\ ROMS/Sonic_Knuckles_wSonic3.bin

Takeaway

My original motive for following through on this project was on the off chance my PinePhone could run it on the go. Yeah, no. I tried my best on a time crunch, but I did spot a warning in S3AIR’s documentation that it wasn’t going to run on ARM processors.

Also: the full program code is on Reddit. Someone re-uploaded it after the original link broke, but I lost the link to that.

Final Question

Are you on a journey similar to mine? If I was of any help, please feel free to let me know in the comments below or on my Socials!

Works Cited

[1] Sonic Retro, “Sonic 3 Complete,”Sonic Retro, Jan 12, 2022.[Online]. Available: https://info.sonicretro.org/Sonic_3_Complete. [Accessed: Aug. 19, 2024].

[2] Tyranger, NickyFan7, “Ways to get a Sonic 3 & Knuckles ROM (Post-Delist),” gamebananna.com, Apr. 30, 2022. [Online]. Available: https://gamebanana.com/tuts/14939. [Accessed: Aug. 19, 2024].

[3] GrayRouge, “Sonic Mega Collection (GC) dat files,” zenhax.com, Mar. 7, 2015. [Online]. Available: https://zenhax.com/viewtopic.php@t=695.html. [Accessed: Aug. 19, 2024].

Posted on

Finally Passing Wii Hacking 101

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am actually hacking my Wii. Let’s get started!

!!ALERT!!

THIS BLOG POST ABOUT WII HACKING IS UNMAINTAINED!! While unmaintained documentation can be entertaining or contain useful hints not found anywhere else, it often lacks nuance and is best treated as unauthoritative. Be careful with it. Be responsible with it. This applies to all media forms – especially YouTube.

As of writing in August, 2024, the authoritative site is https://wii.hacks.guide/ [1].

Seriously. As with installing Linux or any activity that disregards OEM walled gardens, you take a risk by hacking your Wii. Many generous people have put years of effort into minimizing these risks, but at the end of the day, the only one to blame for bricking your device is you. The community may back you up on a volunteer basis with no obligations. You own your hardware. Have fun!

With that out of the way…

Recap

A video game console must be built like a castle to protect company profits. Security must stop pirates while being as invisible as possible to legitimate customers. The Homebrew community doesn’t cleanly fit into either category; it climbs the castle walls for fun, but in ways that aim to complement the original product.

I bought a Wii from someone in my area a couple years back with the intention of hacking it. I’ve researched it sporadically since then, building confidence, then backing out each time. Last time, I made it so far as to install the Homebrew Channel on Dolphin Emulator. This time, I make it all the way.

The Homebrew Channel

All video game consoles are just specialized computers. The Wii just didn’t hide this fact as much as most previous consoles. Its operating system boots to a menu with sever channels I mostly ignored, but nonetheless shaped the system’s identity. Perhaps the most [in]famous channel is The Homebrew Channel, a menu for 3rd party software and the primary objective for this week.

There is no direct way to install the Homebrew Channel, so an exploit must be used. The Wii has a rich history of exploits that rely on specially corrupted saves of specific games, but the three in use today only require an SD card formatted to FAT32 (LetterBomb and Wilbrand) or an Internet connection (str4hax). The idea is to load HackMii and install The Homebrew Channel from there.

Glossary of Terms

The Wii uses a lot of abbreviations. Refer to this section if you see any.

  • Brick v. – to mess up software so bad, the system won’t start. It may as well be a clay brick.
  • CIOS – Custom IOS
  • IOS – Acronym unknown. Pertains to files in Wii’s firmware (Has nothing to do with Apple’s iPhones)
  • NAND – System memory
  • NUS – Nintendo Update Server
  • NUSD – NUS Downloader
  • WAD – Wii Application Distribution
  • YAWMM – Yet Another Wad Manager ModMii Edition

Groundhog Exploits

First of all, what kind of Wii am I hacking?

  1. White with GameCube adapters
  2. US Serial number
  3. Firmware upgraded to 3.3U to play Animal Crossing: City Folk (U for US region)
  4. Bought 2nd hand, but presumably stock (unmodded)

As part of my setup, I joined the r/Wiihacks Discord server. The community was friendly enough, but I let myself be pressured into updating to firmware version 4.3U, but only once I’d confirmed my serial number matched US region. Updating to or past 4.2 carries a slight chance of bricking in exchange for simplified research. I was OK, but I strongly advise you to research how to update to 4.1 and hack from there.

I started with str4hax, which aims the Wii’s DNS at a special server that replaces the User Agreement with Dashie (Rainbow Dash from My Little Pony: Friendship is Magic) and takes one to two minutes to glitch the system into loading a script that boots the Wii into BootMii. I saw the exploit performed on a YouTube video, so I knew to expect rainbow static with green flashes. BootMii hung (got stuck) on its anti-scam warning, so I tried it around a dozen times in total.

What I didn’t understand at the time was the difference between exploit and payload. This difference was more apparent after running Wilbrand, a Wii Message Board based exploit named after the inventor of TNT. Using a bunch of special information including a Wii’s MAC address, it generates a special letter stored on a properly formatted SD card. When this letter is opened, the Wii crashes and loads boot.elf from the SD card. It took several tries to format my SD card, but once I had Wilbrand working, it was a much faster turn around. When it works correctly, HackMii should load quickly.

Neither of these were perfectly consistent:

  • str2hax hung on Dashie for me once and a few times the script to load HackMii failed trying to change Internet settings.
  • Wilbrand sometimes gave me a black screen and a blinking blue disk drive (.5 sec. on/.5 sec. off). I also had it drop TV signal in a different fail state.

HackMii Being Stubborn

Whichever exploit you use, when HackMii loads correctly, it puts a scam warning on screen, and after 30 seconds (or until HackMii finishes loading) it should tell you to press 1 to continue on to installing The Homebrew Channel and BootMii.

In my experience though, HackMii hung on this screen with no visual feedback besides the remote being stuck on (working correctly, HackMii does disconnect the remote). I was stuck here for over a day. Wisdom gleaned from community documentation and forum posts say this error is caused by one or more cIOS (or custom IOS) present on the Wii, which can be an indicator of piracy. The accepted diagnostic tool is SysCheck, but its documentation says to load it from The Homebrew Channel I haven’t installed yet!

Under advisement, I was directed to try using ModMii, a tool intended exclusively for Windows. Running under WINE, the CLI edition of version 7.0.2 wants to update to the latest version: 7.0.2. It also failed to set up its download list. The GUI edition was slightly less buggy in that it recognized it was up to date. I tried a few versions of WINE/Proton using Lutris to switch between them, but nothing worked. I was not desperate enough to explore trying .net to see if that made ModMii run. WINE rating: Garbage

Exploring on my own, I felt silly when I found a file called installer.log:

HackMii v1.2 installer starting up
PVR = 00087200
running under IOS 38 rev 0xe19
52 titles are installed
Found IOS 16: revision: 0x200.
Found IOS 10: revision: 0x300.
Found IOS 80: revision: 0x1b20.
Found IOS 38: revision: 0xe19.
Found IOS 37: revision: 0x161f.
Found IOS 36: revision: 0xe18.
Found IOS 35: revision: 0xe18.
Found IOS 34: revision: 0xe18.
Found IOS 33: revision: 0xe18.
Found IOS 31: revision: 0xe18.
Found IOS 30: revision: 0xb00.
Found IOS 28: revision: 0x70f.
Found IOS 22: revision: 0x50e.
Found IOS 20: revision: 0x100.
Found IOS 17: revision: 0x408.
Found IOS 15: revision: 0x408.
Found IOS 14: revision: 0x408.
Found IOS 13: revision: 0x408.
Found IOS 12: revision: 0x20e.
Found IOS 11: revision: 0x100.
Found IOS 21: revision: 0x40f.
Found IOS 2: revision: 0x201.
Found IOS 9: revision: 0x40a.
Found IOS 4: revision: 0xff00.
launching IOS 38 for the installer…

IOS launched…

IOS versions: Installer: 38, HBC: 0
starting preparations

Acting under the assumption I might have a bad cIOS hiding in that list, I converted the revision hexadecimal numbers into decimal looked up each one up on wiibrew.org [2]. All I found was that IOS2 was a false positive and actually part of the system menu. After bringing this back to r/WiiHacks’ Discord, I was advised about an odd line:

IOS versions: Installer: 38, HBC: 0

HackMii usually works better exploiting another IOS, like IOS58, which was either absent or incorrectly loaded during the 4.3 update (I never was properly convinced either way). Discounting ModMii or technical piracy, my last chance at obtaining IOS58 was NUSD. While it is a Windows tool, I found NUSD runs perfectly in WINE on Linux. Platinum rating.

From there, I loaded a WAD file for IOS58 on my SD card alongside a WAD manager called YAWMM, and copied/renamed its boot file to <SD_card>/boot.elf as the payload in place of HackMii. Installation was straightforward from there, and HackMii was repaired.

A blow for blow description of the solution that worked for me can be found here: https://www.rwiihacks.com/tutorials/hackmiiscamstuckfix/index.html#method-3 [3]

“Press (1) to continue” appeared, and I used it to install both The Homebrew Channel and BootMii as an IOS.

BootMii and Priiloader

The Wii has three boot stages: boot0, boot1, and boot2. boot2 can be written to, but only early hardware revisions will brick if boot2 is homebrewed. HackMii detected a patched motherboard and didn’t let me install BootMii to boot2.

BootMii can backing up and restoring the Wii’s internal NAND memory. If you can install it to boot2, it gives you a low-level option to recover from a brick. I don’t get that though.

My next obstacle is SD card size. A stock Wii can only use a 2GB or 32GB SD card depending on if it is running firmware version 4.0 or later. It is recommended to have something a bit bigger than 256MB, as I have been using so far. I sacrificed my Manjaro ARM 32GB microSD for the cause, but I got a NAND backup through BootMii.

Priiloader loads after boot2 and before the System Menu and thereby is a powerful tool from recovering from a brick (though it is second to BootMii boot2 edition). It also offers a bunch of customization options to research another day, but following the wii.hacks.guide tutorial, I disabled disk/online updates and disabled an anti-flicker feature intended for tube TV’s.

D2x and cIOS

As a general rule, wisdom gleaned from the community says cIOS should be avoided, as they’ve learned how to do most things they want to do without changing firmware. However, the wii.hacks.guide checklist does install four cIOS files. Published details are vague, but I gather they do things like allow loading games off USB instead of the DVD drive and using unofficial online services. Wiibrew.org wasn’t particularly helpful when I looked each base IOS up, but then again this is my first time customizing firmware.

Diving deeper, D2x patches official IOS files during installation. This process went smoothly even if it was nerveracking. I double or triple checked each of the four ISO’s to be installed. But even if something did go wrong, that’s what doing a NAND backup early is for.

Loading Homebrew Apps

One more touch, and I can consider my Wii fully hacked for now: the Homebrew Browser. If The Homebrew Channel doesn’t find apps on the SD card (or optionally a USB drive), it shows nothing but bubbles your pointer can pop on contact. The Homebrew Browser can load and update apps to SD (or USB), but itself must be loaded manually. I installed a few recommended utilities, but further tinkering will have to wait for another topic.

Takeaway

Unfortunately, the channel I was working in/using for notes was deleted once I had gotten to The Homebrew Channel. I am mad because by then I had only written my disclaimer and half the recap by then. By God’s grace, I forgive the one[s] responsible, but my hope is that our shared lesson be the value of the footprints we leave behind when working in niche community support topics.

Final Question

Have you ever tried hacking/soft modding a Wii or any other game console? I look forward to hearing from you in the comments below or on my Socials!

Works Cited

[1] Nintendo Homebrew, “Wii Hacks Guide,” wii.hacks.guide, 2024. [Online].Available: https://wii.hacks.guide/ [Accessed Aug. 12, 2024].

[2] wiibrew.org,Nov. 18, 2021. Available: [Online]. https://www.wiibrew.org [Accessed Aug. 12, 2024].

[3] u/WiiExpertise, “HackMii Scamstuck Fix,”rwiihacks.com, 2023. [Online]. Available: https://www.rwiihacks.com/tutorials/hackmiiscamstuckfix/index.html#method-3 [Accessed Aug. 12, 2024].

Posted on

MotionEye: One Step Closer to a Critter Cam

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am revisiting my naughty critter cam again. Let’s get started!

Project Recap

Earlier this year, I spent a week learning about DietPi, a lightweight OS for “System On a Chip” computers — notably Raspberry Pi, and Motion, an open source home surveillance platform. These fit great into my Raspberry Pi 3B+. I burned out after getting it to stream video to a webpage.

Version numbers have marched on since, and updates were in order. Long story short, it was simpler to reinstall and relive the week in the span of one day. I set the standard “new install” settings, and installed motion from within DietPi’s “hedged garden.” I copied a default config file at /etc/motion/motion.conf to /root (I am approaching this as a short-term/low security project) and struggled against the documentation. It led me to mess with mmalcam_params when all I needed was:

rotate 180
webcontrol_localhost false
stream_localhost false

These lines rotate the image and unlock Motion’s webUI.

MotionEyeOS

The final deciding factor to reinstall started when I came across a new command for listing ports Linux will respond on:

ss -list

I found port 8765 with a login I couldn’t get in. Only after a total reinstall did I look up motionEye and find the default login is “admin” with an empty password. It’s a nice webUI, but it won’t share the camera with motion proper, and it took me a while to cycle through the different options to find the feed. My favorite feature is that it passed the “Oops, it lost power” test.

Push Notifications

MotionEye can run a commands when it sees something move, which can be anything from object detection to filter false positives to an automated squirt gun when it recognizes naughty behavior. My next major milestone though should be push notifications. On Linux, I can use notify-send over ssh, but I’d need to research an equivalent way for it to show up on Windows, Mac, and Android for other family members. In the long run, it will be simpler to dust off my Discord bot skills and give a LAN address.

So, that’s what I did. I made a bot that sends a hard coded message to a hard coded channel and closes itself as part of its startup function.

#!/usr/bin/python3

import os
import discord

intents = discord.Intents.default()
client = discord.Client(intents=intents)

#On startup: send message to and close program
@client.event
async def on_ready():
channel = client.get_channel(<channel_ID>)
await channel.send(f"Motion Detected!\nhttp://192.168.0.50:8765")
exit()

client.run('<Bot_Login_Token>')

MotionEye could run the bot once I placed it in /mnt/dietpi_userdata/, gave it permission to execute, and ensured it belonged to the dietpi user. Before too long, I had notifications through Discord to check Motion, and the hardest part of deployment was turning on the Pi’s power switch. For my “Show & Tell,” my father and I rigged up a cat tower and an LED work light on a stand to watch the stairs.

Takeaway

This temporary setup remains incomplete. For starters, the Discord bot wastes around four seconds logging in. I will eliminate this delay once I can get a signal from MotionEye into a running bot. Also of concern is that I want the bot ignoring humans – which means object detection, a field I’m not far into yet.

Final Question

Am I missing anything obvious on my road map? Let me know in the comments below or on my Socials!

Privacy Policy