Good news is I tried this on 3.2U and it works there too! Thanks for the great work!
Bad news is this exploit's reliability strangely seems to be based on the network speed of the HTML file, anyone else experience this? I tried the provided HTTP server 5 times, and it only worked twice. I hosted the files on my LAN like so:
downloaded the files like so:
Code:
curl -v4A 'Opera/9.00 (Nintendo Wii; U; ; 1038-58; en)' --http1.1 http://cfh.wapp.wii.com/eula/049/en.html -o index.html http://cfh.wapp.wii.com/eula/049/rd.png -O http://cfh.wapp.wii.com/eula/049/payload.png -O
nginx configuration:
Code:
server {
listen 192.168.1.1:80;
server_name cfh.wapp.wii.com;
root /var/www/htdocs/cfh.wapp.wii.com/;
rewrite "(?i).*\.html$" "/index.html" last;
rewrite "(?i).*/payload\.png$" "/payload.png" last;
rewrite "(?i).*/rd\.png$" "/rd.png" last;
}
And redirected to my nginx server with this dnsmasq config:
Code:
host-record=cfh.wapp.wii.com,192.168.1.1,6000
And tried this about 20 times over 2 days and it NEVER worked once, finally worked out the only difference between our servers was yours was slower than mine, so I added this to the nginx config:
Code:
location = /index.html {
limit_rate 50k;
}
And so far I've tried this about 10 times across 2 different Wii's (one 4.3U one 3.2U) and it's worked 100% of the time. I tried 300k a few times and it only worked once, so I'm sticking with 50k I guess.
I can't imagine why this would be the case, but it seems to be and I'm curious if anyone has a guess as to why.
Thanks!
edit: when I say "did not work" *most* of the time it locked up on the EULA page, every now and then I saw the black print complaining it couldn't find the payload, it never once got to the stage where it tried to resolve hbc.hackmii.com (whenever it got that far, it always worked)