« TriiForce, a VC / Channel NAND emu Launcher, Walkthrough
Creating a Multi Game GameCube ISO / DVD »

New Super Mario Bros. Wii Copy Protection Info and Crack *Update 3 Everything fix*

The New Super Mario Brothers Wii contains a new copy protection that hasn’t been seen as of yet in the Wii. This copy protection not only protects against USB loaders and Disc launchers, but it also effects modchips, which is a first. As of right now no modchips will read a 1:1 copy of NSMB, a hex patch must be applied to the main.dol. The hex edit fix is actually pretty interesting because it’s based on an old PC game cracker’s trick. Also of interest it’s the first Wii game to my knowledge that contains a  System menu update of 4.0 or higher (it’s 4.1). For the 3.2 users, don’t worry it works on 3.2.

*UPDATE 3* Using VKI PPF patch on the main.dol you should now be able to launch NSMB FROM DVD, cIOSCORP, USB LAUNCHER, MODCHIP, ETC. Use PPF-O-Matic to patch your Dols. What this patch does is the standard fix that I’ve posted in previous updates and changes the offset locations 0×001CED53 AND 0X001CED6B in the main.dol from DA to 71. See Links for Wiikey 2 v1.3 firmware.

*Update* Some USB loaders have now included the patch into their code and don’t require a patched main.dol for NSMB to run.  Such as CFG-Loader, OpenWiiFlow, etc… Also Wiikey is going to release an update in order to resolve the copy protection issue with Wiikey modchip owners, see comment. Also see my Comment about DVD launching below. DriveKey has also posted an update on there website see comments. Check the comments from Insider about the Wiikey 2 v1.3 update video, which will fix NSMB.

*Update 2* The offset in the main.dol for hex editing the NTSC version is: 0×001AB610 – 0×001AB613 . Change that section from 9421ffd0 to  4e800020 with your hex editor.

Tools;
WiiScrubber 1.4
Hex editor
New Super Mario Bros. Wii game
Pal Main.dol – For the lazy. If I’m harassed by Nintendo about this link it will be removed. Looks like Nintendo harassed Mediafire.

Links;
Main NSMB Post on GBATemp
Technical Posting on the NSMB Hex patch – I linked to the second page as it has the best info, specifically WiiPower and Neversoft’s posts.
A9VG.com – The site / thread that first reported the fix, great post on it but it’s in chinese so I used a Google Translator link.
Wiikey 2 v1.3 firmware - Wiikey 2 Firmware v1.3 that fixes New Super Mario Bros. Finally Out.

The Technical;
The following is from WiiPower’s post on GBATemp;

“Since the game did not work for modchip users who reached the following requirements:

- Correct region
- Updated via disc
- Did not patch the disc in any way. (at least there are people claiming they tested with a real 1:1)
- Played via disc channel

The only thing left I can imagine that it uses some new dip command. Well nintendo can’t just develop a new dip command, since the drive’s firmware can’t be updated, ALL drives have to handle ALL dip commands correctly. It could be some dip command the drives understood from the beginning, but were never used or it’s a dip command that is used all the time, but the problem is a little detail. A dip command usually returns a buffer and a return value, und it could be that everything only checked for the return value until now, but NSMB also checks the buffer. Since that was ignored anyways until now, it could be that modchips and cIOS return something wrong here.

In short, to me it looks like the modchips and cIOS will get an update the sooner or later and NSMB and all games using the same protection will instantly work without any patches. Ok, that’s just my theory, i could be wrong

In more detail about the patch. I heard that it patches the error function in the game, where it already knows that something is “wrong”, to just continue the game instead of throwing the error message. The game is not an IOS Reloading game! It really looks like nintendo did not see that this would make playing backups at least more difficult.

And about future patching. We could even be lucky that the same patch code that is implemented in the most recent loaders would work on new games.(if it would try to do them, NeoGamma checks for the disc id) Even if not, if it’s the same protection, there will always be somebody finding how to patch it the same way as NSMB and all loader teams will be able to put that patch in within 10 minutes.”

The following is from NeverSoft’s post on GBATemp;

“Yep, I’m not too knowledgeable on Wii stuff but I used to crack “back in the day” and know a fair bit of assembler on various systems so I’ve got a little insight into this stuff which meant I could at least understand the crack a little after some fevered Googling

The hex edit basically injects a “BLR” instruction (”4e 80 00 20″ in hex) into the code at an offset of 0×1ab750 in the main.dol file. A BLR is a Branch to Link Register in PPC assembler (I think). Basically, it modifies a instruction so that when the code branches to the error routine, the BLR means it jumps straight back to the code that called the error routine in the first place (the address that called the routine is stored in the Link Register).
Basically, a good old-fashioned patch and EXACTLY the same shit that’s been cracking games since the 1980s and almost as common as a “NOP”. ”

The Process;
The following is from Blue-K post on GBATemp;

For USB-Loader Users:
-Try NeoGamma R8Beta7, Coverfloader or OpenWiiFlow, which both should be able to run the Game without any patches needed (Thanks to WiiPower!)
-Or put the fixed ISO on your Drive, using your Favorite Manager, and play it with any Loader
-Or use CFG-Loader and the Alt.dol Trick (rename the fixed .dol to SMNP.dol and place it under /usb-loader/. Then select Alt.dol from SD and play the game)

For Disc-Loader Users:
**See Update 3**

For ModChip Users:
-Try NeoGamma R8Beta7, which should be able to run the Game without any patches needed (Thanks WiiPower!)
-Or download and Install IOS53 and your System IOS (3.2-IOS30, 4.0/4.1= IOS60, 4.2=IOS70) and patch them with the Trucha Patch. Use DOP-IOS for this, and play the fixed ISO. You’ll need a Wii that is connected to the Internet!

For cIOSCORP Users:
**See Update 3**
Patching/Fixing the ISO:

1) Download the WiiScrubber 1.40 Package
2) Run the “MakeKeyBin.exe”
3) Open WiiScrubber, and select your ISO (PAL ONLY!!!)
4) Search for the main.dol ->right click -> Extract
5) Open the main.dol in a Hex Editor of your Choice
6) Search and modify to 4e 80 00 20 from 0×1ab750 to 0×1ab753 in main.dol and save.
This is the patched main.dol that you can use for alt.dol-Loading. If you want to patch the ISO, read further.
7) Back in WiiScrubber, search again for the main.dol, right klick -> Replace and select the patched main.dol
8) Done. Exit WiiScrubber, and enjoy!

If using the main.dol from Mediafire you don’t need to do steps 4 -> 6.

Final Thoughts;

Even though technical this new copy protection was beat in less then 72 hours after the game was released (2 days before the AU, 6 days before the US, 11 days before the EU and 22 days before JP office releases … damn leaks), kudos still go to Nintendo for being creative. Now modchip users will have to use Homebrew (install trunc bug ISOs) to play games, which is a win(?) for Nintendo…

-FTen

Tags: ,

This entry was posted on Tuesday, November 10th, 2009 at 3:23 pm and is filed under Backups, News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

55 Responses to “New Super Mario Bros. Wii Copy Protection Info and Crack *Update 3 Everything fix*”

  1. wiikey wiikey Says:
    November 12th, 2009 at 9:41 pm

    wiikey will release an update soon

  2. Ften FTen Says:
    November 13th, 2009 at 3:29 pm

    Good to hear.

  3. modchip modchip Says:
    November 14th, 2009 at 8:53 am

    is there a way to make it work on a modchip

  4. Roberto Gadelha Roberto Gadelha Says:
    November 14th, 2009 at 12:25 pm

    [quote]Wiikey Says:
    wiikey will release an update soon[/quote]
    For WiiKey 1 users too? PLEASE?

  5. Ften FTen Says:
    November 15th, 2009 at 4:46 am

    It does work with mod chips once the main.dol is patched. Also from what I’ve read recently CIOS rev15 has been reported to make the game usable through disc launchers. Try Uloader

  6. Ften FTen Says:
    November 20th, 2009 at 4:23 pm

    UPDATE 3 in the above post should make the New Super Mario Bros. Wii work in any situation, well as long as your IOS 53 and system IOS have the Trucha bug. If you have any issues with it, shoot me an email I may have another patch for you to try.

  7. Ften FTen Says:
    November 20th, 2009 at 4:31 pm

    I’ve clean up this post, who knew, quote blocks… only took me a year to see that option.

  8. John John Says:
    November 21st, 2009 at 6:04 pm

    Hey, is it possible to get this game working on a DVD-R with a modchipped wii, without installing anything on the wii? (not installing trucha bug).

  9. Ften FTen Says:
    November 21st, 2009 at 7:37 pm

    Not unless you modchip maker patches their firmware. Wiikey said they where going to make a patch and D2pro has ignored my emails to ask if they where going to make an update. So your best bet is to email your Modchip company and ask. Flatmii (link)and WODE already work with the NSMB.

  10. Chris Chris Says:
    November 22nd, 2009 at 8:57 pm

    Hi.
    First of all, thanks for some really good information. It’s great to have all the important information filtered out.

    Do you know if there is any further development from Team Cyclops (Cyclowiz)? Do you know any 3rd party firmwares I should keep an eye with (Cyclowiz is an open platform)

  11. Ften FTen Says:
    November 23rd, 2009 at 4:06 am

    As of right now Flatmii is the only “modchip” to have an update and WODE works because it runs on fairy dust and our dreams, lol.
    I don’t know of any other modchip makers who have provided (or even promised to, besides Wiikey) an updated firmware. It looks like Team Cyclops hasn’t put out a new firmware in 2 years, so I wouldn’t hold my breath.
    If I was to bet on a 3rd party firmware to watch it would be YAOSM, because it’s open source so someone smart with a Yaosm flashed chipset could make a patch in a few minutes as all the information for whats being blocked is already floating around the Internet.
    Although right now, patching the main.dol and using a trucha bugged ISO53 / System ISO is your best bet right now.

  12. Jason Jason Says:
    November 23rd, 2009 at 6:13 pm

    Any idea where wiikey will be announcing the release? THey don’t seem to announce on their website.

    Also, have you heard if it will be wiikey 2 only? Or will it also be wiikey 1?

  13. Roberto Gadelha Roberto Gadelha Says:
    November 23rd, 2009 at 9:30 pm

    I’m like Jason, just waiting for WiiKey 1 firmware update.
    I’m using HBC and NeoGamma but I prefer booting from the game channel.

  14. stephen stephen Says:
    November 23rd, 2009 at 9:57 pm

    I have been searching for wiikey’s email contact so I can ask for the update and be another voice although I cannot find it anywhere. What is it or where did you find it? Thanks

  15. Ften FTen Says:
    November 23rd, 2009 at 10:33 pm

    http://www.wiikey.cn/en/feedback/ is there form file to leave comments and questions.
    I’ve emailed Wiikey to ask them to elaborate on which products will receive an update and when this update can be expected.
    As of right now I only know what Wiikey has said in their comment on this post and what I’ve read on a different forum which is they will put out an update soon. If everyone takes the time to email them, someone should get a more in-depth response.

  16. Spaz Spaz Says:
    November 25th, 2009 at 6:24 pm

    When can we expect this wikey v2 update.

  17. Ften FTen Says:
    November 26th, 2009 at 11:45 pm

    According to what I’ve seen in another thread with a Wiikey “insider” end of December there will be an update beginning of January. This “insider” is also saying that a Wasabi update is coming out in Jan/feb.
    Link
    If anyone is a beta-tester or becomes one can you just shoot me a comment to confirm the above info?

  18. Ften FTen Says:
    November 28th, 2009 at 3:06 pm

    DriveKey has a fix for the New super Mario Bros;
    http://www.drivekey.com/news/

    All DriveKey’s shipped after Nov. 30th will come with the fix and they will be releasing the firmware for there JTAG programmer. They will also be releasing a way to appending BCA data at the end of the ISO image, so in the future you won’t need to wait for a chip update.
    This is pretty good news as this should help force other Modchip makers to release there updates.

  19. Ften FTen Says:
    November 29th, 2009 at 2:00 pm

    The modchip brand D-right has stated to Wiinewz that they will be releasing an update to their chips next week to fix NSMB. You’ll need an Injectus (which makes D-Right anyway) programmer to program the chip.

    http://www.d-right.biz/download.html

  20. Jason Jason Says:
    December 2nd, 2009 at 7:07 pm

    It would be nice if Wiikey would post a short news blurb on their website. All I’ve seen anywhere is someone calling himself Wiikey saying there is an update coming. I’m pretty sure I could have called myself Wiikey when posting here. Just curious why they aren’t bragging about pending updates.

  21. Jason Jason Says:
    December 2nd, 2009 at 7:07 pm

    BTW I’ve emailed them twice now over the last couple weeks and have had no responces.

  22. Ften FTen Says:
    December 2nd, 2009 at 8:46 pm

    I agree it would be nice if they posted something on there main site.
    I did check to see if there where any similar postings from Wiikey in other forums before allowing that comment.
    I’d imagine the initial response from Wiikey about providing an update was made before they realized they where going to have to deal with the wider issue of BCA (Burst Cutting Area) copyright protection. Check out this POST and OneUp’s .NFO on the subject.

  23. Insider Insider Says:
    December 3rd, 2009 at 7:23 pm

    Wiikey Update will come beginning 2010, it will use the same DriveKey Tools, so you can update your ISO with the BCA Code yourself. Stay tuned.

  24. Spaz Spaz Says:
    December 4th, 2009 at 5:49 pm

    I hope you are right about the wiikey,as they don’t seem to want to reply to emails that are sent to them.

  25. Ften FTen Says:
    December 10th, 2009 at 4:47 am

    Well the Sunkey has received an update to deal with the NSMB issues;
    http://www.d2sun.com/download.htm

  26. Insider Insider Says:
    December 10th, 2009 at 2:01 pm

    Update for Wiikey 2 coming this Month:
    http://www.youtube.com/watch?v=lh4GtlDiV9I

  27. Ften FTen Says:
    December 10th, 2009 at 5:00 pm

    Awesome, thanks for the info.

  28. Nitro Nitro Says:
    December 10th, 2009 at 5:18 pm

    Will wiikey 1 get an update, seems like this chip unsupported

  29. Spaz Spaz Says:
    December 10th, 2009 at 6:10 pm

    That’s great news.

  30. MiKER MiKER Says:
    December 10th, 2009 at 8:01 pm

    Any word on Wiikey 1 updates?
    I hope they dont leave us hanging…

  31. Ften FTen Says:
    December 11th, 2009 at 7:21 am

    I haven’t heard/read anything specifically on the Wiikey 1. If you remember with Smash Brothers I think it was a few months before they released an update, so hopefully this time it will be shorter because they already have a fix for Wiikey 2.

  32. Insider Insider Says:
    December 11th, 2009 at 1:03 pm

    Sorry Guys, technically no permanent Fix possible for Wk1! With Wk2 and DK you guys can update your ISO with BCA Informations so, every game with this protection will work. This is NOT Possible with WK1, but probably a last Fix for NSMB will come out, but just for this game, no other game with this Protection will work. Till now i diden’t get any Beta or Informations from Wiikey-Team about it.

  33. MiKER MiKER Says:
    December 12th, 2009 at 7:38 pm

    If this is true, I am very diasppointed as a consumer. Wiikey 2 was needed because of the change in Wii hardware. The v1 and v2 chips are very similar in operation. If they can release a update to make NSMB playable, then all games requiring BCA should work (after BCA is inserted into DVDR of course).

  34. Insider Insider Says:
    December 13th, 2009 at 1:12 pm

    @MiKer: No spi and JTag handling is completely different on Version 1 and 2. it is not possible to read BCA-Code out of an ISO, like DriveKey and WK2 are doing. you just can hard-code it, but than you need to update or flash it for every game (from amount of RAM not more than 6 games with BCA-Code possible). What is more interesting is, that i could get my hands on a Wii FW 5 pre-alpha. this looks really bad for softmod guys.

  35. Ften FTen Says:
    December 13th, 2009 at 9:09 pm

    If you do get you hands on the FW 5 alpha, be sure to post some pics and vids… WADs, lol. I’ll gladly host any pics/vids.

  36. Insider Insider Says:
    December 15th, 2009 at 7:01 am

    Beta Version (EU/PAL) of Wiikey 2 FW 1.3:
    http://bit.ly/wiikey2fw13

  37. Ften FTen Says:
    December 15th, 2009 at 10:12 am

    Thanks for the link, hopefully this should make a lot of people happy. I’ve re-hosted the file for anyone who wants it, check out the link section in the main post.

  38. Spaz Spaz Says:
    December 15th, 2009 at 3:41 pm

    Is that beta file the 1st or second beta test file.

  39. Ften FTen Says:
    December 15th, 2009 at 4:17 pm

    I believe it is RC1, or at least that’s what I’ve read. See Insider’s comment below.

  40. Insider Insider Says:
    December 15th, 2009 at 5:27 pm

    @Spaz: Second!

    Wasabi update out now!:

    http://www.wasabi.net.cn/downloads.html

  41. Mister Mister Says:
    December 15th, 2009 at 10:17 pm

    I have been watching this blog for a while since it seemed to be a great centralized location for data instead of reading through forums and seeing the same thing over and over again.

    I have a D2Pro and it looks like there are not going to be any updates for it so I just wanted to share the alternative solution that I found:

    1) http://bootmii.org/download – get this and put it on an SD card, you can install the homebrew channel (can also be uninstalled the same way very easily so when a better fix is out so this really can be just temporary)

    2) Get the Gecko OS and codes to start NSMB from the following thread and run it from your SD card:

    http://forums.afterdawn.com/t.cfm/f-154/nsmb_gecko_os_cheat_code_by-pass_guide-820425/

    The only reason I bring this method up is because it can easily be undone (uninstall hombrew and take out the SD card) and does not require changing/upgrading cios since a mod chip is already installed that takes care of all of that stuff.

    Since it can be removed easily you can run the patch/update for your mod chip if one is coming. But for those of us with D29Pro and others this should work in the meantime.

    Did this yesterday and it is working perfectly fine!

  42. Fragger Fragger Says:
    December 16th, 2009 at 8:44 am

    Wiikey have released v1.3 (Odyssey).
    http://www.wiikey.cn/en/legacy/

  43. Insider Insider Says:
    December 16th, 2009 at 9:36 am

    Wiikey 2 FW 1.3 Final out now. check http://www.wiikey.cn !
    My work is done here =) Happy Holidays

  44. Ften FTen Says:
    December 16th, 2009 at 11:14 am

    @Insider
    Thanks for your postings and updates.

  45. Ften FTen Says:
    December 16th, 2009 at 11:21 am

    @Mister
    Yeah I also own a D2Pro and agree, If we see an offical D2Pro update I’ll be suprised as the firmware was released open source. I’m hoping someone much smarter then me will make an unoffical update to the source, so I can finally use my d2prog.

  46. Spaz Spaz Says:
    December 16th, 2009 at 3:17 pm

    Thanks for everything.Happy Christmas to all.

  47. MiKER MiKER Says:
    December 16th, 2009 at 8:06 pm

    No don’t go!!! Bring us a Wiikey1 update :)

  48. Ften FTen Says:
    December 17th, 2009 at 1:10 am

    Someone just pointed this out, the Wiikey 2 fix is a hardcoded BCA fix for NSMB. That means that if another game comes out with the BCA protection this patch potentially (most likely) won’t work for the new game and everyone will be waiting for a new patch again.

  49. MiKER MiKER Says:
    December 17th, 2009 at 6:00 pm

    Also, just as an FYI, Drivekey is currently hardcoded as well, but they will eventually append the data to the end of the ISO. Flattmii currently appends the BCA data to the end of the ISO. Wasabi uses offset $100 to start to store BCA data. So much for a single standard for all chips.

  50. vicster vicster Says:
    December 17th, 2009 at 9:44 pm

    Hey Folks,

    well i just put the latest Wiikey fw 1.3 on my machine to night, but the new SNMB on super mario still wont run an unwanted message appears on the screen and i have to reset by pulling the plug on the machine. anyone seen this problem pop up anywhere else?

    im on 4.2 + Homebrew (banner + hackmii)
    with wiikey2 1.3

    best regards.
    vic

  51. Spaz Spaz Says:
    December 18th, 2009 at 3:56 pm

    Victor are you using an upatched iso?

  52. mrmedic mrmedic Says:
    December 28th, 2009 at 4:47 pm

    .text2:801AB6F0 sub_801AB6F0: # CODE XREF: sub_80173F80+80p
    .text2:801AB6F0 # .text2:801CB984p …
    .text2:801AB6F0
    .text2:801AB6F0 .set arg_0, 0
    .text2:801AB6F0 .set arg_4, 4
    .text2:801AB6F0
    .text2:801AB6F0 stwu %sp, -0×20(%sp)
    .text2:801AB6F4 mflr %r0
    .text2:801AB6F8 stw %r0, 0×20+arg_4(%sp)
    .text2:801AB6FC addi %r11, %sp, 0×20+arg_0
    .text2:801AB700 bl sub_802DD060
    .text2:801AB704 mr %r26, %r3
    .text2:801AB708 mr %r28, %r5
    .text2:801AB70C mr %r27, %r6
    .text2:801AB710 mr %r29, %r7
    .text2:801AB714 mr %r31, %r8
    .text2:801AB718 mr %r30, %r9
    .text2:801AB71C bl sub_801B1280
    .text2:801AB720 stw %r31, 0×1C(%r26)
    .text2:801AB724 mr %r31, %r3
    .text2:801AB728 mr %r4, %r27
    .text2:801AB72C mr %r3, %r28
    .text2:801AB730 stw %r29, 0×18(%r26)
    .text2:801AB734 bl sub_801B6160
    .text2:801AB738 stw %r3, 0×20(%r26)
    .text2:801AB73C mr %r3, %r26
    .text2:801AB740 mr %r7, %r30
    .text2:801AB744 li %r6, 0
    .text2:801AB748 stw %r4, 0×24(%r26)
    .text2:801AB74C li %r5, 0
    .text2:801AB750 bl sub_801AB430
    .text2:801AB754 mr %r3, %r31
    .text2:801AB758 bl sub_801B12C0
    .text2:801AB75C addi %r11, %sp, 0×20+arg_0
    .text2:801AB760 bl sub_802DD0AC
    .text2:801AB764 lwz %r0, 0×20+arg_4(%sp)
    .text2:801AB768 mtlr %r0
    .text2:801AB76C addi %sp, %sp, 0×20
    .text2:801AB770 blr
    .text2:801AB770 # End of function sub_801AB6F0

    they also check for known config files of softmodded wii’s , nintendo must have some shit programmers ;)

  53. Insider Insider Says:
    December 29th, 2009 at 8:26 am

    @FTen: This is not true, the BCA-Code is hard-coded for NSMB, but you can add, like for DriveKey, BCA-Code to your ISO. Wiikey team will release a Program for this in near future.

  54. Linkzee Linkzee Says:
    January 12th, 2010 at 1:58 pm

    How do i play it on the usb loder dx

  55. Ften FTen Says:
    January 12th, 2010 at 5:23 pm

    It should just work if your using a new version of the loader.

Leave a Reply