I've been thinking about the DVD drive softmod lately, and the fact marcan has admitted they can read DVD-R's without a drive chip, and the fact that bushing has posted a nice note for Nintendo on his blog.
As I've explained before there's basically 2 ways for getting a working DVD softmod:
1) Disable Starlet from blocking the FF and FE commands
2) Find a way to exploit the DVD drive with the allowed commands
Now the fact that bushing wants to talk to Nintendo is something special.
If they found a way to disable the Starlet debug command filter (this would be done through an IOS hack or similar), then they would not be knocking on Nintendo's door to fix this.
The reason is that we would simply call this disable method ourselves from the Starlet (IOS) side, because it's already possible to fully control IOS (see patchmii, IOS5 and Waninkoko's custom IOS), and Nintendo cannot patch this (unless they patch homebrew unsigned code alltogether, which I doubt is bushing's goal).
Then, there's only one other reason left:
There's a bug in the DVD firmware, and they want Nintendo to fix it for future retail Wii's.
There's one thing which bothers me, and that's the fact that Nintendo seems to be checking the caller UID on the video enable command for any possible security breach (and they are not doing this for any other command):
"(%s) (diIoctl) Video enable returning security error - callerUid = %u; inLen = %u\n"
In any case, the DVD is not the only method for playing backups.
I am doing a thorough and complete reverse engineering of the DI module in IOS31, and the ultimate idea is to silently relay all requests which are being sent from PPC to "/dev/di", internally in Starlet to the SD card. It will "emulate" the DVD drive (status responses etc), but the data will be coming from the SD card.
As I've explained before there's basically 2 ways for getting a working DVD softmod:
1) Disable Starlet from blocking the FF and FE commands
2) Find a way to exploit the DVD drive with the allowed commands
Now the fact that bushing wants to talk to Nintendo is something special.
If they found a way to disable the Starlet debug command filter (this would be done through an IOS hack or similar), then they would not be knocking on Nintendo's door to fix this.
The reason is that we would simply call this disable method ourselves from the Starlet (IOS) side, because it's already possible to fully control IOS (see patchmii, IOS5 and Waninkoko's custom IOS), and Nintendo cannot patch this (unless they patch homebrew unsigned code alltogether, which I doubt is bushing's goal).
Then, there's only one other reason left:
There's a bug in the DVD firmware, and they want Nintendo to fix it for future retail Wii's.
There's one thing which bothers me, and that's the fact that Nintendo seems to be checking the caller UID on the video enable command for any possible security breach (and they are not doing this for any other command):
"(%s) (diIoctl) Video enable returning security error - callerUid = %u; inLen = %u\n"
In any case, the DVD is not the only method for playing backups.
I am doing a thorough and complete reverse engineering of the DI module in IOS31, and the ultimate idea is to silently relay all requests which are being sent from PPC to "/dev/di", internally in Starlet to the SD card. It will "emulate" the DVD drive (status responses etc), but the data will be coming from the SD card.