Thus far, we’ve covered my first run-in with game-manipulating technologies and my initial adventures in Emulation. These threads converged when I first encountered a viral video of Mickey fighting Sephiroth—a true testament to the chaos one can unleash with a few lines of hex. The clip came from Kh-Vids, which soon became my personal digital apprenticeship.

Kh-Vids hosted dedicated forums for the exploration and exploitation of Kingdom Hearts using Game Sharks and Action Replay devices. Functionally, these were sophisticated versions of the old Game Genie, allowing you to inject manipulated values into a video game’s memory. The principle was beautifully simple: find the correct hexadecimal location where, say, your HP value was held, and edit it. Voila, infinite health. Of course, at the time, discovering those correct combinations was less science and more arcane art, an ever-evolving game of digital hide-and-seek.

I used my meticulously saved mowing money to purchase an Action Replay Max for PS2, complete with a cool steel tin and a USB flash drive for save backups. (That USB drive, as we will see, was the faintest premonition of my future.)

I entered the scene just as seismic discoveries were emerging. Replacing party members was relatively new, and I became one of the many digital archeologists testing values to map out the character registers. The results were a spectrum of stability: some worked fine, others crashed the game with theatrical efficiency, and others were simply hilarious—like replacing Donald and Goofy with perfectly rendered rocks. This wasn’t just cheating; it was an exercise in understanding the incredibly complex, interwoven systems that make a game function. We were figuring out the entire schema, line by line, in a time long before modern ports and randomizers made the original PS2 titles trivial to manipulate. I spent untold hours chasing the legendary “Play as Riku” code—a goal that is now utterly moot, but which felt like the Holy Grail at the time.

In the midst of this PS2 deep dive, I was still playing other games, namely Twilight Princess on the Wii. Back then, my routine included browsing old cheat code sites for secrets. One favorite was Midnight Club 2, a high-octane underground racer set in metropolitan cities. Paris, in particular, offered the pleasure of hearing Thomas Bangalter of Daft Punk fame while exploring the City of Lights.

In that very same city, you could use the infinite health and weapons cheat to exploit a couple of very generous collision errors. By facing two specific walls in the arena area and firing the missile launcher, you could launch your vehicle straight upward. Execute the maneuver correctly, and you land on an invisible platform, gaining access to an internal, hidden section of the building. It was here I’d try to battle my brother, the infinite health cheat suddenly feeling quite finite when facing a fully automatic machine gun. (I may need to upload a video on this—surprisingly, this tiny, niche exploit hasn’t survived on YouTube.)

This obsession with geometry glitches led me to wonder if Twilight Princess held similar secrets. My search for Wii glitches eventually led me past the bizarre (like resetting the game at the perfect frame while drowning in quicksand to load a playable title screen) and directly to something called the “Twilight Hack.”

The Nintendo Wii is, at its core, a GameCube with motion controls, Bluetooth, and an SD card reader—a marvel of engineering cost-cutting. This was great news for the underground modding scene because the GameCube, while not a commercial powerhouse, had already been thoroughly prodded.

Nintendo had attempted to secure its Panasonic DVD drive by using smaller media, but the attempt failed. Back in 2004, hardware hackers had already discovered how to reactivate the factory debug mode, which allowed the use of backups. The required password to unlock it? A hilariously predictable “MATSHITA DVD-GAME” on the GameCube, and then “matshita dvd-game” in all lowercase on the Wii. Evidently, Panasonic believed security through capitalization was a robust defense.

While microcontrollers could allow you to run GameCube backups, accessing the new Wii hardware was the real challenge. The older GameCube processes and the new Wii components were mashed together via a piece of hardware called the I/O Bridge. Nintendo, clearly paranoid, decided to hide this crucial security controller inside the famed “Hollywood” GPU. Modders, with their signature blend of technical insight and pop culture wit, affectionately dubbed this hidden chip “Starlet.”

This Starlet was the bouncer at the door, ensuring that when you booted a GameCube game, it cut off virtually all Wii functionality. The question was, how do you bypass a Starlet? Believe it or not, you needed to bust out your grooming kit.

While Starlet ensured you only had access to 1/4 of the Wii’s power, the remaining 3/4 of the Wii’s memory was still stored—just not actively wiped. This left 75% of the security keys, normally locked down with SHA-1 and AES encryption, laid bare.

By the fall of 2007, a dedicated team discovered a way to exploit this oversight. They opened the console and began bridging connections on the memory chips using a simple pair of tweezers. This allowed for bank-switching on the fly, effectively letting them collect the final 25% of the security keys. With all the keys freed, Team Twiizers could now sign their own modified software, making it look legitimate to the Wii hardware.

In February 2008, the Twilight Hack was released. The trick was simple and elegant: The Legend of Zelda: Twilight Princess checked the character limit for Link’s horse, Epona, only at the time of name creation, not when the game loaded it. Exploiting this oversight, the team used the freed signing key to create a malicious save file. When the game tried to access the horse’s name, the oversized string caused a buffer overflow, which forced the system to execute a file titled “boot.elf” stored on a user’s SD Card. (This, I would soon discover, would become the first of many buffer overflows I would use to force a machine to execute my will.)

Soon, the team bundled their efforts into the Homebrew Channel, a permanent, signed application. Instead of performing the Twilight Princess name-change trick every time, you could now install a channel that acted as a hub for all custom software.

This was my open door. It wasn’t just a cheat code; it was a blueprint for console hacking, a technical manifesto, and I ate it up. The chapter may have been technical, but the lesson was clear: If a machine trusts you with a name, you can force it to run a revolution.

Next up, we will dive deeper into the Wii hacking scene before moving on to some equally delightful PlayStation goodness.