Hacking WiiU Processor Speeds Revealed?

[crono141]

That´s what the hacker known as 'Hector Martin' claims, anyway
https://twitter.com/marcan42
Wii U codenames worth knowing: system Cafe, CPU Espresso, GPU/SoC/etc. Latte, ARM secure processor Starbuck (we made that one up).

1.243125GHz, exactly. 3 PowerPC 750 type cores (similar to Wii's Broadway, but more cache).

GPU core at 549.999755MHz.

we're calling the WiiU security processor the Starbuck (vs. Starlet on Wii). And it seems to be about equally vulnerable, too

sorry, I'd rather not talk about how I got that yet. It doesn't involve leaks, it involves Wii U hacks

Any truth to this, you think?

 

[Carl Rivest]

We can thrust marcan, he his the creator of the homebrew channel. Can't wait to get more info about how he did that! So don't update your WiiU if a update comes out in the next days

 

[crono141]

That's what I thought. I'm also wondering about what kind of hack allowed him access to this information. There's one of 2 possibilities:

1) He hacked into WiiU mode, and wrote homebrew to report the clock speeds of CPU and GPU.

2) He used the already vulnerable vWii and made the same query.

Both situations have a very interesting big picture meaning. If 1) is true, then WiiU mode is hackable and possibly heavily exploitable. But if 2) is true, it means that the vWii isn't a secure sandbox and that access to the extra hardware features are possible from within Wii mode.

Either are exciting prospects. I wonder if this could allow for Wii games running in WiiU mode, or for upscaling and using the Pad screen in he vWii. Very exciting.

 

[DeadlyFoez]

I hope you realize that even if hacks are possible in Wii U mode, don't expect to pirate games or even for an HBC-U release anytime soon.

One of the few people that will try to make pirating games possible is Waninkoko after he steals a bunch of code from other devs and bricks about 2,000 Wii U's

 

[crono141]

I'm not a pirate, and I fully understand that this stuff takes time. And I also know that if either case is true, it will become an arms race between hackers and Nintendo, similar to the PS3 firmware arms race. But you have to agree that the hacking potential by itself is exciting.

 

[Supercool330]

I wouldn't care at all if we had a USB loader for Wii U games, you can already purchase most games through the eShop and store them to USB (actually, it would suck as it would disincentivize developers from creating new Wii U games), but I do want to be able to use the Wii USB loaders since I want to get rid of my Wii, but don't want to have to switch disks EVER.

 

[Taleweaver]

Was also mentioned here.


I'm not sure what to think of this tendency to be excited about hacks. I suspect this "interest" for hacking will fade for the far majority of people the second illegal loaders become a reality.

 

[B.alpha]

I think this depends once again on the people.
I don't have any interest in the Wii U, but when I'm thinking about homebrew and the possibilities which comes with it I would gladly buy one without giving it second thought.
But once again these are songs for the future till the wii u is hacked

 

[lovewiibrew]

Does anyone know how to disable updates on the Wii U? As far as I can tell, there isn't a way to do it.

 

[DeadlyFoez]

Does anyone know how to disable updates on the Wii U? As far as I can tell, there isn't a way to do it.

disconnect it from the internet. Simple.

 

[keine]

My hero. HuzzzAH! When I grow up I wanna be just like Hector.

 

[Deltaechoe]

Sounds like we're closer to an HBC-U than I thought, yay, and his tweets give me a hint at what to play with :B

 

[Treeko]

That last line"Equally vulnerable too"seems interesting why the big N didn't secure the Processor more than the Wii.

 

[Rydian]

'Cause it's not much more complex (other than having more cores on the die, of course). It's not capable of emulating the whole Wii inside it.

If it was, it'd be much more expensive hardware.

 

[Maxternal]

I must say that tueidj got it pretty close. He said that with that architecture and that size process in NM it probably wouldn't get much over 1.5ghz.

Although all too tempting to compare the clock speed to the 360, it being also a Power processor architecture, just it's lack of out of order processing on the 360 kills it (think about the Atom processor ... same thing killed it and hyper threading didn't save either the Atom or the 360.)

 

[crono141]

It makes me wonder if Nintendo isn't under some sort of contractual agreement with IBM to use the PowerPC in X number of console iterations. From what I can tell (from rumor and speculation only), we've had essentially the same chip in Nintendo consoles since 2001. Gamecube ran at 400+ mhz, Wii at 729 mhz, and now WiiU at 1.2 ghz X3. It doesn't make sense unless IBM offered them a great deal (hence profitable or near profitable out the gate), or Nintendo's hands were tied.

 

[Supercool330]

They are likely using the same chips so that they can keep backwards compatibility. The only solution if they switched architecture would be emulation, or to do what the PS3 did and put a previous gen console in your new one.

 

[DeadlyFoez]

Although I am no dev, nor do I have such in depth knowledge as anyone like marcan, bushing, crediar, sven, megazig, tuiedj, or anyone else great that I am forgetting, but it seems like N is comfortable with the approach that they have done for quite some time. I see that N realizes that there is always going to be some level of piracy that happens on their console and they accept it. Whereas Sony bitches and cries like a little pregnant douche bag and does whatever they can to fuck people over which hurts them way more in the long run.

Hell, I just met someone today who is a techie type of person, he had no clue that console modification even existed. His eyes lit up when I showed him Wiiflow and WiiMC on my Wii. He's soon to be another happy ModMii user.

My point to this is pleasing the general user with backwards compatibility for their console is a big plus, even if that means some of the flaws of the previous console leads to their current one being hacked. They are still making money, and lots of it. So if they have to spend less time and money in R&D using the previous generations base, but expanding upon it, it helps to cut costs in the area of hardware production and software development.

I only wish N made a way to allow homebrew while keeping the security of their console. Sony tried that with otherOS, but failed very hard. Auyo looks rather promising, and I know at least one dev that is looking forward to it. Hopefully GBAtemp will make an Auyo subforum.

 

[Maxternal]

As I understand it, the fact that the PROCESSOR is vulnerable or not just means if it has stuff like execute disable bit or not which limits (but does not eliminate) the variety of KINDS of exploits that can appear in the SOFTWARE. Now, if Ninty (and the people they contract) were actually really good about writing rock solid firmware and software for their console it wouldn't matter how secure or not the processor was. The exploits that the processor makes possible wouldn't be there anyhow.

We'll just have to see how good they are at learning from their mistakes on that side

Another point is how good they are at hiding they keys to sign their software with and decrypt the internal memory and stuff. I think that's one of the reasons the 3DS was taking so long to hack and they're actually having to try to decap it ... because the software approach is slow going at finding those.

 

[Supercool330]

Well the trick is to find the common key (which is present on the system) which is used to decrypt binaries, then read through the binaries and try to find something exploitable (an unsafe sprintf or strcpy is is a good bet) that a buffer overflow attack can attack to load arbitrary code as the current process. From there, you need to find an exploit in the system code that will allow you to install a custom more permissive version of the system (which allows for unsigned code execution or arbitrary peek/poke operations for example). There are lots of ways marcan could have gotten information about the processor, but I suspect that he used some custom hardware to get them. This does not necessarily mean that the system is easily exploitable, although his later comment would seem to indicate that the security is not that good (I foresee something like the twiizer attack being done except from Wii mode to Wii U mode instead of GC mode to Wii mode in order to get the Wii U common key). On the other hand, I still have no idea how anybody will get around the fact that Wii U doesn't read any data from an unencrypted device (except of course in Wii mode). It seems to me that unless Wii U mode is exploitable from Wii mode code (this is extremely unlikely), the only option is a hardware exploit in order to at least get the per console USB drive encryption keys (or waiting for a game that reads something unencrypted from SD like smash bros brawl does).