# Wii Browser Exploit Found



## Opium (Jan 7, 2007)

*Wii Browser Exploit Found*

Opera browser exploit crashes Wii







An Opera browser exploit has been found which crashes the Wii and supposedly would allow the execution of code. No code has yet been run but you can try out the exploit for yourself by pointing your Wii browser to this link.


​

After details about new Opera vulnerabilities were released, one was tested that crashed the Wii. Here's what the founder, lbradeen, says about the exploit:




			
				QUOTE said:
			
		

> I saw the new Opera vulnerabilities disclosed yesterday and decided to try them out on my Wii. It seems that the Wii is vulnerable to the createSVGTransformFromMatrix vulnerability as it crashes the system. The disclosure describes the vulnerability as being able to be used to execute code. Don't update your Wii's any time soon!!!




Although this is certainly interesting we advise you not to get too excited, nothing has been done with this exploit so far.







lbradeen's Website


----------



## phoood (Jan 7, 2007)

YAY for exploits!

I wonder when any of these will finally become useful.  Time will tell... =D


----------



## Opium (Jan 7, 2007)

It is nice to see that some forms of exploits are being found 
	

	
	
		
		

		
		
	


	




I tried out the exploit myself, what it seemed to do was freeze the Opera browser. It no longer responded and the Mouse pointer disappeared and no input from the Wiimote worked. I dunno, perhaps this crash can be exploited.


----------



## Samutz (Jan 7, 2007)

Yay Viirus!


----------



## fischju_original (Jan 7, 2007)

QUOTE(Opium @ Jan 6 2007 said:


> It is nice to see that some forms of exploits are being found




no its not. now nintendo can patch it easily


lawl, this crashes opera on my pc too


----------



## angelfly (Jan 7, 2007)

QUOTE(fischju @ Jan 6 2007 said:


> QUOTE(Opium @ Jan 6 2007 said:
> 
> 
> > It is nice to see that some forms of exploits are being found
> ...



good thing updates are done manually so it can't be forced


----------



## fischju_original (Jan 7, 2007)

This early in the wii lifespan, it pretty much is forced


----------



## EarthBound (Jan 7, 2007)

The Wii can update itself right?I dont think i ever turned it off,but good thing its unpluged.Ill just unplug my Wifi-Max =D


----------



## cruddybuddy (Jan 7, 2007)

Just change your setting so the Wii will not automatically update.


----------



## fischju_original (Jan 7, 2007)

Have you seen how much space is available for new channels? Nobody is going to want a wii with just the weather channel so they can run homebrew


----------



## Opium (Jan 7, 2007)

QUOTE(fischju @ Jan 7 2007 said:


> Have you seen how much space is available for new channels? Nobody is going to want a wii with just the weather channel so they can run homebrew



To the end user running homebrew code through a browser crash isn't the ultimate goal here. If indeed this browser crash can allow people to run their own homebrew code then they may be able to access Wii system files. Things like dumping the firmware and whatnot are not out of the realm of possibility. From that other exploits can be found.

But this is just speculation of course, providing that the browser crash can actually let you run code.


----------



## DaRk_ViVi (Jan 7, 2007)

It would be nice to allow new channels to be installed on the Wii, like a "Wii Backup Channel" and "GC Backup Channel" or a "*Insert Homebrew name here* Channel".

Who cares about "Weather Channel"? XD


----------



## TheStump (Jan 7, 2007)

i pretty much have no idea what this means, but im sure its great news.


----------



## kersplatty (Jan 7, 2007)

could this be backdoor number 2!!!!


----------



## accolon (Jan 7, 2007)

According to heise Security, Opera Software "argues that it is not easy to exploit the heap overflow consistently". "Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights."

Because of Opera's architecture, using buffer or heap overflows was never very successful with this browser. Additionally, nobody knows what rights the Wii Opera has. Since it does not seem to have access to the flash memory and SD slot (you can't save/load data), it might be hard to use this exploit for anything, even if you could execute your own code.


----------



## Scorpei (Jan 7, 2007)

QUOTE(accolon @ Jan 7 2007 said:


> According to heise Security, Opera Software "argues that it is not easy to exploit the heap overflow consistently". "Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights."
> 
> Because of Opera's architecture, using buffer or heap overflows was never very successful with this browser. Additionally, nobody knows what rights the Wii Opera has. Since it does not seem to have access to the flash memory and SD slot (you can't save/load data), it might be hard to use this exploit for anything, even if you could execute your own code.


Hmm, doesn't it have acces to its own save file? I noticed there was a save file for the browser.....If it does, and if it's big enough and (I like variables 
	

	
	
		
		

		
		
	


	




) it has the proper rights, it should be feasable?

*additional question: Is the browser Wii locked? Can one exchange the binaries between Wii's?


----------



## flai (Jan 7, 2007)

Hmm, I'll give this a go just now. 

EDIT - Does work, but expect to see a plethora of Wii viruses in the near future...


----------



## Athlon-pv (Jan 7, 2007)

QUOTE(fischju @ Jan 7 2007 said:


> QUOTE(Opium @ Jan 6 2007 said:
> 
> 
> > It is nice to see that some forms of exploits are being found
> ...



Doesnt crash under Opera 9.10 atleast not under linux


----------



## Scorpei (Jan 7, 2007)

QUOTE(Athlon-pv @ Jan 7 2007 said:


> QUOTE(fischju @ Jan 7 2007 said:
> 
> 
> > QUOTE(Opium @ Jan 6 2007 said:
> ...


That's because they fixed it in 9.10.


----------



## Athlon-pv (Jan 7, 2007)

I know but the other guy didnt


----------



## lookout (Jan 7, 2007)

Opera browser beta going end later this march and you might need to update your Wii's to used Opera to browser in futures,
anyway I hope this not a wii brick exploit.....


----------



## imgod22222 (Jan 7, 2007)

I tried it and it completely stopped everything. I feel bad. My Wii broke trying to display a little blue brick. (I ran i on firefox later)

If this can be used to execute code, the only way i see is the homebrew being streamed from the net onto your wii. And then if that specific homebrew has any save type function, it would have to save onto a server. Meaning that even if this is a way to execute code, that to most, if not all homebrewers this will not turn into anything big, because few people will go out and buy a server and buy huge upload rates from their ISP for homebrew.

Im not very familiar with browsers.. 
	

	
	
		
		

		
		
	


	




 However everyone lately is talking about just using ROMs and not homebrew. Thinking a little, The only homebrew that i can see being a major success like Moonshell is, is a program that can make the Wii act as a DVR, which would record to SD media, or to USB after a bootloader is made.

"One small step for the scene, one itty-bitty tip-toe/large leap for the Wii"


----------



## ssj4android (Jan 7, 2007)

QUOTE(kersplatty @ Jan 7 2007 said:


> could this be backdoor number 2!!!!Â
> 
> 
> 
> ...



It would be "backdoor number 1", as you could possibly send an unlock command to the DVD drive so it would run copies.


----------



## OrR (Jan 7, 2007)

There isn't too much incentive for people to write Wii homebrew games because you can simply use the Wiimote on your PC and play Flash games on the Wii browser... That said, a nice video & DVD player would be a good thing.


----------



## Critical_Impact (Jan 7, 2007)

I dont think flash games really substitute proper homebrew


----------



## OrR (Jan 7, 2007)

Well... Coders mainly interested in pointing can reach most people that way so it's the way to go if it's not very complex. The more complex things and motions on the other hand can simply be done on a PC with GlovePIE etc. so why go through all the difficulties of coding for the Wii? Of couse, some people will still do it when it's possible, some even for a reason, but it's a lot less attractive than for example coding for the DS.


----------



## INTERNETS (Jan 8, 2007)

QUOTE(OrR @ Jan 7 2007 said:


> Well... Coders mainly interested in pointing can reach most people that way so it's the way to go if it's not very complex. The more complex things and motions on the other hand can simply be done on a PC with GlovePIE etc. so why go through all the difficulties of coding for the Wii? Of couse, some people will still do it when it's possible, some even for a reason, but it's a lot less attractive than for example coding for the DS.



yeah and why bother writing homebrew for xbox when the sdk is illegal. and also it's just a computer so why don't we write programs for the computer instead


----------



## OrR (Jan 8, 2007)

Simple: Because for most people the 360 is the most powerfull computer they own.  Also most people don't care if something is illegal, they care about if it's easy to do.


----------



## TheSeeker (Jan 9, 2007)

The game is on...

http://wiihacks.blogspot.com/2007/01/resta...ra-browser.html


----------

