Hacking Successfully added corrupt Mii to WiiU

[blinkzane]

Do miis import as favorites? If not, you would have to be able to edit the corrupt me to set it as such, otherwise it won't appear in NL's menus.

it should show up as if you went to play a two player game and selected a second mii. I'm gonna try to play with this tonight.

Actually your post is what gave me the idea at first! So I decided to do some research on it then try it!

that's what I thought lol, I'm glad that you ended up trying it.

 

[maxsnipez]

Do miis import as favorites? If not, you would have to be able to edit the corrupt me to set it as such, otherwise it won't appear in NL's menus.

When I customized the mii (through XML on my Mac) there was a option to force favorite, I set that to false... I wonder what would happen if I set it to true..? Ill get back to you on that here... Im going to go test it on Nintendoland if I can get it a Favorite.

that's what I thought lol, I'm glad that you ended up trying it.

Yeah, we got some smart people here at gbatemp thats for sure!

 

[blinkzane]

Yeah, we got some smart people here at gbatemp thats for sure!

haha, although this is nothing. next step will be crashing it and pulling up a menu. I'll dig a bit deeper into this tonight

 

[maxsnipez]

haha, although this is nothing. next step will be crashing it and pulling up a menu. I'll dig a bit deeper into this tonight

Yeah that sounds about right, Im pretty sure if used correctly this Mii could prove to be useful, I think we just need to find a way to imitate the Twilight hack, causing a crash from a longer string. (I know theres more than just that in a exploit) Once thats done in-game I believe it could be used to boot up a menu, that is, if the wiiu can boot .elf or .dol and if it will still read .wad. Also the twilight hack is open source, so it wouldn't hurt to look through that. I might now actually. I wonder if @marcan42 would take interest on this..

 

[blinkzane]

When I customized the mii (through XML on my Mac) there was a option to force favorite, I set that to false... I wonder what would happen if I set it to true..? Ill get back to you on that here... Im going to go test it on Nintendoland if I can get it a Favorite.

correct me if I'm wrong, we treat MII files as XML, correct?
I have no idea how to edit the file, im using windows 7

 

[maxsnipez]

correct me if I'm wrong, we treat MII files as XML, correct?

Normal MII Files appear unreadable. Normally they consist of small amounts of text if opened in a text editor

1†edDPeAU</@@ÄÄ_¬BâòB@1Ä(¢å@H∏çää%<Miinamehere>

Have to find a special program to convert it.
Being a developer for apple Mac programs, and Jailbreak iOS apps, tweaks, ports, etc I just made a program that connects to a separate website that understands the mii file contents.
***EDIT***
Of corse the Mii file contents I provided are from my corrupt Mii without its name. (for possible exploit security. If this becomes important, I can not release anything to possibly reveal this to nintendo anymore than it already has.)

 

[blinkzane]

Normal MII Files appear unreadable. Normally they consist of small amounts of text if opened in a text editor

1†edDPeAU</@@ÄÄ_¬BâòB@1Ä(¢å@H∏çää%<Miinamehere>

Have to find a special program to convert it.
Being a developer for apple Mac programs, and Jailbreak iOS apps, tweaks, ports, etc I just made a program that connects to a separate website that understands the mii file contents.
***EDIT***
Of corse the Mii file contents I provided are from my corrupt Mii without its name. (for possible exploit security. If this becomes important, I can not release anything to possibly reveal this to nintendo anymore than it already has.)

yeah you beat me to that part, thus the reason I threw the idea out there, so someone like you could figure this out. lol

 

[maxsnipez]

XD Yeah I tend to do that a lot, find something interesting, get it done fast. (if I dont fail at it that is)

Anyway here is a Miis XML Content

<?xml version="1.0" ?>
<?xml-stylesheet type="text/xsl" href="/xml/avatar.xsl" ?>
<!DOCTYPE avatar-collection SYSTEM "/xml/avatar.dtd" >
<id>***REMOVED</id>
<clientID>***REMOVED***</clientID>
<name>***REMOVED***</name>
<creatorName>***REMOVED***</creatorName>
<birthDay>1</birthDay>
<birthMonth>4</birthMonth>
<gender>1</gender>
<mingles>0</mingles>
<Beard>
<type>0</type>
<color>4</color>
</Beard>
<Body>
<height>126</height>
<weight>56</weight>
</Body>
<Eye>
<type>10</type>
<color>5</color>
<x>3</x>
<y>5</y>
<size>3</size>
<rotation>1</rotation>
</Eye>
<Eyebrow>
<type>12</type>
<color>7</color>
<x>12</x>
<y>3</y>
<size>0</size>
<rotation>1</rotation>
</Eyebrow>
<Face>
<type>7</type>
</Face>
<Glasses>
<type>0</type>
<color>2</color>
<y>6</y>
<size>0</size>
</Glasses>
<Hair>
<type>41</type>
<color>4</color>
<part>1</part>
</Hair>
<Head>
<type>5</type>
</Head>
<Mole>
<type>1</type>
<x>4</x>
<y>7</y>
<size>4</size>
</Mole>
<Mouth>
<type>16</type>
<color>2</color>
<y>4</y>
<size>5</size>
</Mouth>
<Mustache>
<type>0</type>
<y>3</y>
<size>7</size>
</Mustache>
<Nose>
<type>9</type>
<y>1</y>
<size>5</size>
</Nose>
<Shirt>
<color>6</color>
</Shirt>
<Skin>
<color>3</color>
</Skin>
</Miiav>

 

[maxsnipez]

 

[blinkzane]

XD Yeah I tend to do that a lot, find something interesting, get it done fast. (if I dont fail at it that is)

Anyway here is a Miis XML Content

<?xml version="1.0" ?>
<?xml-stylesheet type="text/xsl" href="/xml/avatar.xsl" ?>
<!DOCTYPE avatar-collection SYSTEM "/xml/avatar.dtd" >
<id>***REMOVED</id>
<clientID>***REMOVED***</clientID>
<name>***REMOVED***</name>
<creatorName>***REMOVED***</creatorName>
<birthDay>1</birthDay>
<birthMonth>4</birthMonth>
<gender>1</gender>
<mingles>0</mingles>
<Beard>
<type>0</type>
<color>4</color>
</Beard>
<Body>
<height>126</height>
<weight>56</weight>
</Body>
<Eye>
<type>10</type>
<color>5</color>
<x>3</x>
<y>5</y>
<size>3</size>
<rotation>1</rotation>
</Eye>
<Eyebrow>
<type>12</type>
<color>7</color>
<x>12</x>
<y>3</y>
<size>0</size>
<rotation>1</rotation>
</Eyebrow>
<Face>
<type>7</type>
</Face>
<Glasses>
<type>0</type>
<color>2</color>
<y>6</y>
<size>0</size>
</Glasses>
<Hair>
<type>41</type>
<color>4</color>
<part>1</part>
</Hair>
<Head>
<type>5</type>
</Head>
<Mole>
<type>1</type>
<x>4</x>
<y>7</y>
<size>4</size>
</Mole>
<Mouth>
<type>16</type>
<color>2</color>
<y>4</y>
<size>5</size>
</Mouth>
<Mustache>
<type>0</type>
<y>3</y>
<size>7</size>
</Mustache>
<Nose>
<type>9</type>
<y>1</y>
<size>5</size>
</Nose>
<Shirt>
<color>6</color>
</Shirt>
<Skin>
<color>3</color>
</Skin>
</Miiav>

interesting, i need to figure out how to open this on windows, so far any XML viewer will say its out of format.

 

[maxsnipez]

interesting, i need to figure out how to open this on windows, so far any XML viewer will say its out of format.

I believe if you are willing to edit the XML given I can make it back into a .mii for you.
And I agree the XML is very interesting, lots of areas which can be changed to an invalid value. Which might also be helpful in the future. Since its XML there is no security system to validate the values and make sure they are legit once in a .mii file. While the console may be able to do this (unconfirmed) there is still a big opportunity here if the console doesnt.
***EDIT***
One thing I must point out is that NO ONE SHOULD UPLOAD/USE THIS MII IN MIIVERSE!

Not only will it most likely cause unwanted results, possibly a ban maybe even worse, it will also give nintendo online access to the entire corrupt file! Causing a much easier way for nintendo to investigate the file.

 

[blinkzane]

I believe if you are willing to edit the XML given I can make it back into a .mii for you.
And I agree the XML is very interesting, lots of areas which can be changed to an invalid value. Which might also be helpful in the future. Since its XML there is no security system to validate the values and make sure they are legit once in a .mii file. While the console may be able to do this (unconfirmed) there is still a big opportunity here if the console doesnt.

thats for sure, I just feel like there would be an issues in the "client id' and "id" fields here while trying to load in my my vWii. if there's any way you could send me a corrupt mii file I could try testing it with different games. I can give you my email (via pm of course) to see if any results differ.

 

[maxsnipez]

thats for sure, I just feel like there would be an issues in the "client id' and "id" fields here while trying to load in my my vWii. if there's any way you could send me a corrupt mii file I could try testing it with different games. I can give you my email (via pm of course) to see if any results differ.

Once a Mii is edited via XML the client id and id fields will still be in the mii, which the vwii may or may not read. What I can do is create a webserver on my Virtual private server, and make a .mii upload area from php, allowing me to corrupt a uploaded mii then give it back to you.

 

[blinkzane]

Once a Mii is edited via XML the client id and id fields will still be in the mii, which the vwii may or may not read. What I can do is create a webserver on my Virtual private server, and make a .mii upload area from php, allowing me to corrupt a uploaded mii then give it back to you.

the most I got out of this was that I send you an uploaded mii and you corrupt it for me lol. I already have an uploaded mii ready to go. most of what you're saying is well out of my field.

 

[maxsnipez]

the most I got out of this was that I send you an uploaded mii and you corrupt it for me lol. I already have an uploaded mii ready to go. most of what you're saying is well out of my field.

that is correct. Ill give you a IP in a PM and you just connect to that, upload the .mii into my web server, and ill take over from there. Then after ill send you your mii.

 

[blinkzane]

that is correct. Ill give you a IP in a PM and you just connect to that, upload the .mii into my web server, and ill take over from there. Then after ill send you your mii.

shweet, it worked.
went ahead and deleted. dont need id #s accessible

 

[maxsnipez]

shweet, it worked.

Got it, ill tweak it now.

 

[ßleck]

I like where this is going.

 

[maxsnipez]

I like where this is going.

who wouldn't.

 

[Ray Lewis]

So are you guys trying to figure out a way to hack the WII U side? I don't know if Marcan would be interested AND I don't think he has publicly shared the exploit(s) they have. You could tweet him (Hector Martin) and find f0f twitter account. Comex on here and twitter is extremely friendly (PM him). You COULD go to efnet and the channel is #wiiudev (unless it has changed).

OH, probably the best way although this is already out in the open now, is to email him on the failoverflow website (startpage.com it). I think I gave anyone interested some definitive ways to reach Marcan (and others). IF Megazig is on #wiiudev he is friendly (mostly). No matter what anyone says, keep it private, NO MATTER WHAT.

Mistake I made I cannot get back (plus flaming, plus doing anything to get people interested, etc). Good luck, I will be watching this. MIGHT not be anything BUT you never know.