Hacking Mario Kart 8 Mods

[marcan_troll]

I don't believe you guys ever stated if you did some hardware tricks along the way to a working exploit like:
fuzzing the usb ports
slowing the ppc chip down (externally)
"tweezering" the ram
etc

Nope, all software (unless you count the vWii mode HRESET hack as "hardware"). We tried some hardware tricks but what we tried didn't yield useful results yet.

Also,I'm assuming you guys took virgin backup copies of launch day nand/emmc/and serial flash was there anything interesting hidden in there?

We didn't as far as I recall. It's not like we could do much until we had an exploit to get the keys anyway.

And finally given your quote "The Wii hardware has been either kept as-is or replaced with compatibility shims" do you consider what Chadderz and MrBean did trivial? or slightly impressive?

The game hacks are trivial (and I'm sure they agree). The kernel exploit is presumably interesting, though I obviously don't know any details about their approach.

 

[Bug_Checker_]

Nope, all software (unless you count the vWii mode HRESET hack as "hardware"). We tried some hardware tricks but what we tried didn't yield useful results yet.

Spoiler

We didn't as far as I recall. It's not like we could do much until we had an exploit to get the keys anyway.


The game hacks are trivial (and I'm sure they agree). The kernel exploit is presumably interesting, though I obviously don't know any details about their approach.

The team had to do some hardware otherwise GPIOGECKO would not have been possible. Someone had to find the gpio testpoints and registers so you could bit bang the miso mosi clk cs (4 pins). (6 pins total w/ vcc and gnd)

 

[Sammi Husky]

Nope, all software (unless you count the vWii mode HRESET hack as "hardware"). We tried some hardware tricks but what we tried didn't yield useful results yet.

The team had to do some hardware otherwise GPIOGECKO would not have been possible. Someone had to find the gpio testpoints and registers so you could bit bang the miso mosi clk cs (4 pins). (6 pins total w/ vcc and gnd)

gahh, im so super in to this stuff. The enjoyment out of solving a puzzle, out of pushing the hardware to it's appropriate limits, reverse engineering etc etc. I wish i could help, if nothing else for the fun of digging through code for those little breakthroughs..but alas i have no experience in this level of things. Out of curiosity, would anybody know a good place to start learning? resources maybe?

 

[Deleted User]

Soooooooo... Is the video legit? Sorry, didn't want to read through 9 pages.

 

[the_randomizer]

Soooooooo... Is the video legit? Sorry, didn't want to read through 9 pages.

Yes, it is legit, as these people are reputable hackers, however due to various circumstances, it would be released at this time.

 

[ShonenJump]

Yes, it is legit, as these people are reputable hackers, however due to various circumstances, it would be released at this time.

you mean it wouldn't right?

 

[Chadderz]

The game hacks are trivial (and I'm sure they agree). The kernel exploit is presumably interesting, though I obviously don't know any details about their approach.

Yes, game hacks are totally trivial, they were just done to prove a point in a way our followers understand.

From where we got, the next step would be to get persistence working (think "untethered jailbreak" - something that allows the Wii U to load a hack on boot without having to use the browser every time), and possibly an exploit vector that doesn't involve the browser (e.g. a media-based exploit).

I have to say I quite strongly disagree with the idea of ever making a persistent exploit. I personally really didn't like the fact that the Homebrew Channel was persistent on Wii as it greatly increases the risk of bricking to go anywhere near the file system, and worse it's trivially detectable leading to a lot of paranoia about warranties or detection on the vWii for example. As far as I'm concerned, now we have a ppc kernel exploit we can do anything we would want to do with legitimate homebrew, loading an application as if it were a real one. Going any deeper just makes it easier for pirates for the sake of the slight convenience of having a Homebrew button on the menu. I'm not even particularly fussed about the common key, I've certainly not had access to it or any decrypted binaries (though I know the team behind the browser exploit did). I would much rather sit through the 20 extra seconds it would take to go into the browser and click a bookmark, so I'm certainly not looking for an IOSU exploit.

 

[jammybudga777]

but then for example someone releases wiicraft u!!! that means to play it we have to use the browser exploit and then run another exploit just to run the app/game?? sounds silly to me and i think majority would rather convience and full controll of the console's hardware and voided warrenty. i mean how do people expect things to be developed for homebrew when everything is on lock down or controlled. also if the wiikeu and cobra are being released soon?? wouldnt somebody want to burst there bubble (profit)?? it kinda seems even tho every developer critisize's ode devices they still seem to hold out which in turn helps them. its a crzy worlddd

 

[Chadderz]

Not so; if going to the browser and clicking a bookmark triggered the launch of the desired homebrew stored on the SD, the only difference in terms of time would be that you had to go into the browser first, rather than clicking an option straight on the menu. Even with a menu button, you still need a Homebrew loader interface, harvesting the browser's bookmarks for this purpose seems equally efficient.

 

[crediar]

A homebrew channel might not even happen this time around.

On the Wii IOS only verified the content during installation, so you just had to patch the checks during install.

This changed on Wii U each channel is now verified every time it is launched, so making a persistent loader this time is much much harder.

 

[jammybudga777]

Not so; if going to the browser and clicking a bookmark triggered the launch of the desired homebrew stored on the SD, the only difference in terms of time would be that you had to go into the browser first, rather than clicking an option straight on the menu. Even with a menu button, you still need a Homebrew loader interface, harvesting the browser's bookmarks for this purpose seems equally efficient.

okay with that said that makes it alot better then what i was half expecting lol.

A homebrew channel might not even happen this time around.
On the Wii IOS only verified the content during installation, so you just had to patch the checks during install.
This changed on Wii U each channel is now verified every time it is launched, so making a persistent loader this time is much much harder.

okay i can understand it being much harder to keep persistant through updated firmwares. but if a new breaking exploit is released on firmware 4.++ then surely if you have the correct keys from this firmware then you have a way of signing a "homebrewU" channel the same as an application and then it would verify each time you load it? which means no updating the same as most things that are new. obviously it would be more like ps3scene in a sence of how firmwares would gradually be taken apart. or even better some sort of cfw

 

[the_randomizer]

you mean it wouldn't right?

Chadderz explained why he wouldn't be the one to release it now, but it's an inevitability, someone else is bound to do something similar.

 

[crediar]

The Wii U doesn't have the private key that is required to sign content (you might want to read up on how crypto works a bit).

 

[the_randomizer]

The Wii U doesn't have the private key that is required to sign content (you might want to read up on how crypto works a bit).

Who was that directed to if you don't mind me asking? So if it doesn't have that key, how would exploits be ran like in the video? Surely it's a matter of time, if they don't do it, someone else will.

 

[Arras]

Who was that directed to if you don't mind me asking? So if it doesn't have that key, how would exploits be ran like in the video? Surely it's a matter of time, if they don't do it, someone else will.

It was directed at jammybudga777 . Without the key (and we're never getting it unless they seriously fucked up) we can't create something that passes the checks. The only option is to remove or spoof all of the checks - and it wouldn't surprise me if you were to permanently patch the checks in one file, there'll be something else checking that file.

 

[the_randomizer]

It was directed at jammybudga777 . Without the key (and we're never getting it unless they seriously fucked up) we can't create something that passes the checks. The only option is to remove or spoof all of the checks - and it wouldn't surprise me if you were to permanently patch the checks in one file, there'll be something else checking that file.

So, you're saying that one way or another, there will be a means of doing so, just that we can't use the key method, right?

 

[Arras]

So, you're saying that one way or another, there will be a means of doing so, just that we can't use the key method, right?

I'm only saying that's the alternative, not whether it's possible or not (besides, I only know about general encryption stuff, nothing about the WiiU specifically). I don't know how feasible it is. Even if it is impossible though, things will just have to be loaded through the web browser, which is not THAT bad.

 

[crono141]

Yes, game hacks are totally trivial, they were just done to prove a point in a way our followers understand.


I have to say I quite strongly disagree with the idea of ever making a persistent exploit. I personally really didn't like the fact that the Homebrew Channel was persistent on Wii as it greatly increases the risk of bricking to go anywhere near the file system, and worse it's trivially detectable leading to a lot of paranoia about warranties or detection on the vWii for example. As far as I'm concerned, now we have a ppc kernel exploit we can do anything we would want to do with legitimate homebrew, loading an application as if it were a real one. Going any deeper just makes it easier for pirates for the sake of the slight convenience of having a Homebrew button on the menu. I'm not even particularly fussed about the common key, I've certainly not had access to it or any decrypted binaries (though I know the team behind the browser exploit did). I would much rather sit through the 20 extra seconds it would take to go into the browser and click a bookmark, so I'm certainly not looking for an IOSU exploit.

Won't this mean that the ability to run homebrew will be entirely dependent on the browser exploit not being patched?

 

[Chadderz]

Won't this mean that the ability to run homebrew will be entirely dependent on the browser exploit not being patched?

True, but it's not like we'd be free to leave updates on either way, just like Wii. For the longest time there was no Homebrew on 4.3. Furthermore we could stockpile Browser and other medium exploits ready for the next update. I really don't think it puts us in a bad position, you're at the mercy of updates regardless.

 

[Rinnux]

Chadderz, I agree that it only takes a few second to access the browser. However remember that it requires an internet connection of some sort, plus common users interested in homebrew will not know to block updates by their router. And yeah I know the exploit can be used with actually connecting to the internet, but again most common users will not know how to set that up.