# Wii Exploit found in Zelda.



## Edgedancer (Jan 27, 2008)

Quoted from TheSkeen.com

"Yes, that's right - an exploit for the Nintendo Wii has been discovered and it allows you to run custom code. The method is pretty simple. Copy over a save file for Zelda, load it and the code runs. Don't get too excited yet. They have only been able to run 4 lines of code, but this is in a days work.

Segher was the one to find the exploit and Bushing has been testing it out with the aid of the USB Gecko. The process is far from simple as once you modify a save game it requires it be to signed with 3 keys. Here's some info from Bushing.

"Once the Wii decrypts the save game, it checks its signature. Every Wii has its own private key which is used to sign save games, and when you save a game, the Wii actually saves three bits of data:

* The encrypted save game
* The signature for the save game (using your console's private key)
* A copy of your console's public key, signed by Nintendo."

Of course, the end user wouldn't have to go through this process unless they were wanting to inject their own code into the save game, but that shouldn't be necessary because when I asked Bushing what his goal was he answered:

"Assuming we don't run into a wall, it should be able to lead to a homebrew loader. I hope. No promises. "


----------



## Reduxed (Jan 27, 2008)

homebrew ftw!


----------



## FireEmblemGuy (Jan 27, 2008)

Well, now I'm glad I didn't sell Zelda after I finished it.


----------



## Foie (Jan 27, 2008)

Awesome! I might be able to finally stop wasting my money on the VC... at least for the older games.


----------



## Dylaan (Jan 27, 2008)

Oh yeah! 
	

	
	
		
		

		
		
	


	




 Hopefully it doesn't get patched before something good can be done. I'd love to see something tangible to play with, it's so frustrating just waiting.


----------



## rhyguy (Jan 27, 2008)

Which reigon is this for?


----------



## Edgedancer (Jan 27, 2008)

I have no idea. This is all the information that has been given out.


----------



## Dirtie (Jan 27, 2008)

If only the coders ever actually went into details about their findings, then I could have a play around - it wouldn't result in anything, but at least I could gain a better understanding of how these things work


----------



## TaMs (Jan 27, 2008)

hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.


----------



## Gus122000 (Jan 27, 2008)

ZOMG I WANT IT NOWWWWWWWW!


----------



## Deleted User (Jan 27, 2008)

QUOTE(Dirtie @ Jan 27 2008 said:


> If only the coders ever actually went into details about their findings, then I could have a play around - it wouldn't result in anything, but at least I could gain a better understanding of how these things work


looking at the first post, the only possible way they could inject some code would have been by extracting the private key of their console, and use it to sign code. Once you have a proper save that can act as a loader, you can give it to other people like one can share a save file. The dev giving info would either require you to have dumped you wii private key, which will not be that useful considering how hard it could be to dump it, or have them give theirs, which will expose them quite directly by the fact that the private key is directly linked to a console serial number. The way the exploit work should be fairly simple, something like a uber long char name where the game store it in a finite sized buffer.


----------



## Renegade_R (Jan 27, 2008)

QUOTE(TaMs @ Jan 27 2008 said:


> hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.



Same goes for the PS3...so long without an ISO loader or homebrew.  Linux doesn't count.


----------



## Scorpei (Jan 27, 2008)

QUOTE(TaMs @ Jan 27 2008 said:


> hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.


Hardly, the original hack was fairly easy to patch for the big N (afaik) thus they didn't want to release anything specific as that would plug the hole for them to search for more exploits. Patching the save (though possible, it is signed with a specific key from the console that made the save) is slightly less important as once HB runs everyone could make a similar save (could be run through your own Wii to get it encrypted and signed) so then every Wii would have to be covered/blocked. Everyone COULD make their own save once HB runs and thus this is harder to block.

Don't quote me on this btw 
	

	
	
		
		

		
		
	


	




. Only written with my limited knowlidge of encryption, signing and etc. (so I could be really wrong ;p).


----------



## Neko (Jan 27, 2008)

It's basically the same like the GTA Hack for the PSP...

YES!
Finally! 
	

	
	
		
		

		
		
	


	



I hope that they will make a ISO loader , that would be soo great!


----------



## Maikel Steneker (Jan 27, 2008)

If they can make a homebrew loader with this I'll buy Zelda


----------



## DjoeN (Jan 27, 2008)

If Nintendo goes the Sony way, all zelda's will be removed and replaced with an updated release so the save exploit will be closed 
	

	
	
		
		

		
		
	


	




 (but by then it' s to late, most Wiiowners do have an original zelda game for it (don't we ??, I do!)


----------



## [Truth] (Jan 27, 2008)

QUOTE(TaMs @ Jan 27 2008 said:


> hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.


of course many are interested in it and they are working hard on it, but most of the hb developers don´t make their proceedings public until they are working stable, like bushing and segher now do.


----------



## Jax (Jan 27, 2008)

QUOTE([Truth said:
			
		

> @ Jan 27 2008, 12:30 PM)]
> 
> 
> 
> ...



FAIL!

That's the GC version!


----------



## Twilight (Jan 27, 2008)

the picture is a fake.....A button is an evidence


----------



## yuyuyup (Jan 27, 2008)

This news didn't mention "without a modchip."


----------



## Hit (Jan 27, 2008)

I don't care about exploit reports without a proof anymore


----------



## MiloFoxburr (Jan 27, 2008)

Sounds interesting, will have to pick up Zelda if this actually does lead to a homebrew loader


----------



## platypusrme427 (Jan 27, 2008)

Doesn't that datel save file decyptor program sign the save files so they can be used?


----------



## wiithepeople (Jan 27, 2008)

umm...could someone fill me in? I don't really get this. Does this mean you can now run homebrew through Zelda?


----------



## gaboumafou (Jan 27, 2008)

QUOTE(wii_will_rule @ Jan 27 2008 said:


> umm...could someone fill me in? I don't really get this. Does this mean you can now run homebrew through Zelda?


Not right now, but it's something that might be possible soon.


----------



## teonintyfive (Jan 27, 2008)

How can you edit the save file?
By importing it into an SD card and plugging it in the PC?


----------



## ZeWarrior (Jan 27, 2008)

QUOTE(Renegade_R @ Jan 27 2008 said:


> QUOTE(TaMs @ Jan 27 2008 said:
> 
> 
> > hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.
> ...




Then neither should GC Homebrew on the Wii.


----------



## slacker99 (Jan 27, 2008)

From their code repository check-in logs

"Makefile rule trigger on Makefile

changes, too."

I think that log comment should say

"Makefile Hyrule trigger on Makefile changes, too."

Anyway that image is from the GameCube version, so maybe you have to run the GameCube version in your Wii to get to the exploit.

Based on their logs it appears they have actually been working on it for the past 6 weeks. So if this is a fake, they spent a good long time to set up a trail to make it look real.


----------



## wiithepeople (Jan 27, 2008)

QUOTE(gaboumafou @ Jan 27 2008 said:


> QUOTE(wii_will_rule @ Jan 27 2008 said:
> 
> 
> > umm...could someone fill me in? I don't really get this. Does this mean you can now run homebrew through Zelda?
> ...


Wow really? How? Boot up Zelda and there will be a "homebrew" option?


----------



## Dirtie (Jan 27, 2008)

QUOTE(deufeufeu @ Jan 27 2008 said:


> QUOTE(Dirtie @ Jan 27 2008 said:
> 
> 
> > If only the coders ever actually went into details about their findings, then I could have a play around - it wouldn't result in anything, but at least I could gain a better understanding of how these things work
> ...


Yeah those were my thoughts also - even so more details would have been nice.


----------



## FAST6191 (Jan 28, 2008)

Does this mean in 2 or 3 weeks time finding a copy of zelda will be like lumines was a couple of months back?


----------



## Twiffles (Jan 28, 2008)

QUOTE(FAST6191 @ Jan 28 2008 said:


> Does this mean in 2 or 3 weeks time finding a copy of zelda will be like lumines was a couple of months back?


Like trying to find an unpatched LCS, more or less. That is, if an ISO loader or homebrew actually becomes working with this "exploit".


----------



## ocarson (Jan 28, 2008)

It *seems* like this exploit is for the *gamecube* version of Zelda:TP, with a modified save game. Still, progress is progress. Its also likely that when, and if, a save game file is released, it will likely only be for the version of the game the hackers have, probably the American version of the game.

Edit

Strangely, some screenshots appear to show the Wii version of the game also, which just leaves me confused. The usage of a usb gecko would suggest gamecube, I guess we'll have to wait for more info.


----------



## g4jek8j54 (Jan 28, 2008)

QUOTE(ocarson @ Jan 28 2008 said:


> It *seems* like this exploit is for the *gamecube* version of Zelda:TP, with a modified save game. Still, progress is progress. Its also likely that when, and if, a save game file is released, it will likely only be for the version of the game the hackers have, probably the American version of the game.
> 
> Edit
> 
> Strangely, some screenshots appear to show the Wii version of the game also, which just leaves me confused. The usage of a usb gecko would suggest gamecube, I guess we'll have to wait for more info.



The exploit apparently works on both the Wii and the GameCube versions of Twilight Princess.  From my understanding, the exploit was discovered on the GameCube version with use of the USB Gecko.  They then used a modified save file for the Wii, and found that the exploit also exists in the Wii version.


----------



## ocarson (Jan 28, 2008)

Well that explains everything then.


----------

