Eri HaKawai (v2)
by giantpune 


This is another wii exploit.  This time for "Tales of Symphonia: Dawn of the New World"  (RT4EAF).
Copy the "private" folder from this archive to the root of your SD card and merge it with any existing folder.  And install the save to your Wii just like any other save game.
Put some homebrew you want to start on the root of your SD card (not SDHC) as boot.elf.
Then start the game, and load the save data.   If your game is version "RVL-RT4J-0A-0　JPN" use the top save, if you have "RVL-RT4J-0A-1　JPN" use the second save.  if you have any other version of the disc, it probably won't work.
Once the game starts ( and you see a retarded dog waving at you ), press PLUS to enter the game's menu.
Scroll down to "Status" and press A.
Then scroll down till you see the character named "Giantpune".  Highlite him, and press A.
Hopefully everything works out like it should and the boot.elf is loaded from your SD card.



Source code is included that I used to make the exploit ( all of it is licensed under GPLv2 ).  heres how i made it...

1) enter the "/loader" directory and build 2 versions of the loader.  in loader.lds, you can change the entrypoint.  make loader.bin with the entrypoint for v1, and loader2.bin with the entrypoint for v2.
 
2) use the Qt SDK to build the .pro and main.cpp.  it will give you a program that will take a base save, inject the loader into it, and create the exploit

3) run the program you just built   "./ToSHack_jap ./000100005254344a/".  this will create all the files necessary for the exploit.

4) pack it up with segher's tools.   "twintig 000100005254344a ./data.bin"


credits...
team twiizers - savezelda elf loader
Pierre "delroth" Bourdon - originally found the buffer overflow & managed to turn it into a working exploit (for the PAL version of the game).  checksum code for PAL which was a great start when i was doing the USA checksum stuff
giantpune - the USA version of this exploit.  including - but not limited to - disassembling, poking, breakpointing, hex editing, checksumming, artworking, twintigging, tachtigging

And big thanks to...
Segher - really useful save packing/unpacking tools
nuke, link, dcx2, brkirch, Y.S, Frank Willie, et al - usb gecko, geckoOS, vdappc, geckoDotNET
megazig, dcx2 - lots of useful knowledge concerning ASM, registers, PPC behavior, and other similar low-level stuff

