Hacking The Wii, officially hacked

GrimLord · Dec 28, 2007

I love the guys accent at the end of the video. Var vhar vany vestions?

genx · Dec 28, 2007

For all those that are skeptical, I am gonna present this youtube video of last year CCC's event which they revealed the security holes of the Wii.

http://www.youtube.com/watch?v=uTx2MAOspS4

Now this year's event, they reveal the possibility of functional homebrew in Wii mode.

Below is the official website for the CCC and it would list the dates for the event for those that believed it didn't happen.

http://events.ccc.de/congress/2007/Main_Page

shaunj66 · Dec 28, 2007

QUOTE(cubin' @ Dec 28 2007 said:
If this was demonstrated from someones home I would be suspect that it would be fake. Since this was shown at a prestigious hacking convention I'm guessing that it's real.

It's real. Unless someone staged the entire show in their bedroom or garage.

It's the real deal folks

The 24C3 guys are talented folk

ssj4android · Dec 28, 2007

So, when are we getting details about this?
Did they really leave in the ability for the Wii to run unsigned code? Or are they using an exploit?
They tied one of the Gamecube addressable address lines to one of the higher order lines and dumped memory using that? What keys were recovered?

xcalibur · Dec 28, 2007

what does this mean exactly?
Running homebrew in wii mode..
Does that mean that you don't need a modchip anymore?

Sinkhead · Dec 28, 2007

QUOTE(JayPea @ Dec 28 2007 said:
To the non-believers : Why would someone go to one of the biggest, most high profile hacker events around and lie? Think about it before answering.

Also, remember the hoodie showing the 360 linux penguin hack at the same conference last year.....

And you personally know that this was at said event. If you go on the event's website and so a CTRL+F find for 'Wii', nothing comes up. I don't have time to look through the whole list, so I might be wrong, but I think 'Wii' would be in the event name somewhere...? That seems to be the only thing that guy's presentation was on.

Just for the record, I believe this is real, I'm just trying to check that everything that can be proved true is proved true.

King Zargo · Dec 28, 2007

Wut! I hope there will be an mp3 homebrew for the wii and an DivX player. homebrew gcos channel would be also nice.

raulpica · Dec 28, 2007

QUOTE(shaunj66 @ Dec 29 2007 said:
QUOTE(cubin' @ Dec 28 2007 said:

If this was demonstrated from someones home I would be suspect that it would be fake. Since this was shown at a prestigious hacking convention I'm guessing that it's real.

It's real. Unless someone staged the entire show in their bedroom or garage.

It's the real deal folks

The 24C3 guys are talented folk

Yeah

We have Wii drivechips thanks to their convention last year.

QUOTE(xcalibur @ Dec 29 2007, 12:19 AM)what does this mean exactly?
Running homebrew in wii mode..
Does that mean that you don't need a modchip anymore?

Click to expand...

I think that you'll still need a modchip. They have injected code after the execution of Star Wars, but for us simple users, the best way is to burn the homebrew on a disc. But the Wii can't read DVDs normally, so you would still need a modchip.

This until someone entirely cracks the Wii open (if ever someone manages to do it), then maybe we could have something like an Utopia Bootdisc... Or something commercial like Swapmagic.

Movi · Dec 28, 2007

Ok, just to close down the rambling. No, YOU STILL NEED A MODCHIP. At the moment they haven't really "hacked" as in changed anything in the console firmware-wise. They only got the encryption keys to sign their own code.

This means that the Wii firmware STILL asks the DMS/D2A/D2B/D2C chip for the disc authentication and this will FAIL if you dont have a modchip installed.

Maybe in the far-away future IF they even attempt at modyfying the firmware MAYBE they can remove that check, but i seriously doubt it. So stop whining about your wii beeing chipped. As far as i can see youre still going to need it.

Also, this probably will NOT remove region checks at all. All those things COULD be possible if they hack and replace the firmware, which from my point of view isn't happening soon (and if it were up to me, it wouldn't happen at all, but maybe months from now i'll stand corrected).

raulpica · Dec 28, 2007

QUOTE(Movi @ Dec 29 2007 said:
Also, this probably will NOT remove region checks at all. All those things COULD be possible if they hack and replace the firmware, which from my point of view isn't happening soon (and if it were up to me, it wouldn't happen at all, but maybe months from now i'll stand corrected).

Why not? Something like GCOS should make the trick.

Monkey01 · Dec 28, 2007

QUOTE(Movi @ Dec 29 2007 said:
Also, this probably will NOT remove region checks at all. All those things COULD be possible if they hack and replace the firmware, which from my point of view isn't happening soon (and if it were up to me, it wouldn't happen at all, but maybe months from now i'll stand corrected).

They modified a commercial game to run unsigned code from it, what prevents them from modifying a commercial game to stop the region checking? It's not firmware related, because many games already can be patched to be region free. So the protection should be in the game, and if the game can be modified, I don't think it's impossible to cut the region protection from it...

jalaneme · Dec 28, 2007

awesome, now the waiting game for some very cool homebrew.

Deadmon · Dec 28, 2007

congrats to them!
can't wait for the first homebrew!

Markuf · Dec 28, 2007

Finally wii homebrew!!! I have some ideas about what they can do whit the wiimote

Movi · Dec 28, 2007

Because on the Gamecube the firmware wasn't an important part for the software that was running, not so on the Wii (im talking out of my ass right now but it is possible that with each update a new set of "drivers" is installed, which differ between region).

What i think is the best thing that could be done is a way to access the internal structure of the firmware, to for example remove duplicate channels for people that have them

**Totally off-topic**

How does one get out of the game and back into the main menu in Snes9XGX? L+Z doesn't work, it drives me crazy..

raulpica · Dec 28, 2007

QUOTE(Movi @ Dec 29 2007 said:
Because on the Gamecube the firmware wasn't an important part for the software that was running, not so on the Wii (im talking out of my ass right now but it is possible that with each update a new set of "drivers" is installed, which differ between region).

What i think is the best thing that could be done is a way to access the internal structure of the firmware, to for example remove duplicate channels for people that have them

D2CKey has better region free compatibility than others, that's because the way it interfaces with the drive. So it's a drive thingy, nothing firmware related. A GCOS clone should work

For removing duplicate channels, a Homebrew that interfaces with the Wii internal memory should be enough. Now we just need some uber-talented programmers

FAST6191 · Dec 28, 2007

QUOTE(Linkiboy @ Dec 28 2007 said:
QUOTE(Ackers @ Dec 28 2007 said:

I thought Ninty were gonna allow homebrew for Wii anyways?

No.

It seems the link has mysteriously vanished from nintendo's website but records still exist around the internet:
http://www.boingboing.net/2005/05/19/ninte...romises-a-.html (this was around the same time sony was harping on about their homebrew commitments)

QUOTE(Movi @ Dec 28 2007 said:

Ok so this is my take on this topic. I'll state from the beggining : im not a GC programmer, but i did some work of Systems Programming in General.

So here goes my speculation:

From what he said, it seems the hollywood has a built-in Hypervisor (or at least something that resembles it), and when booting the gamecube mode it cuts off the higher regions of the memory (and also all the extra Wii hardware).

Click to expand...

Yeah that would seem to be it more or less.

QUOTE(Movi @ Dec 28 2007, 10:53 PM)

Click to expand...

What i _think_ they did was forcefully change the memory region (as in switching address lines by cables or something equally barbaric ;]) of the CPU so that it could read the higher memory, in hope of finding something valuable (like temporary encryption keys or whatnot). It would seem they somehow managed to do just that - the got all of the memory and dumped its contents, and found the needed keys to sign code. This kinda means that the Ninty doesnt use any kind of memory scrambling or encryption, and also means that the hypervisor is kinda sloppy

.

What a security hole? This coming from the people who used a nominally more complex method based on the previous widely understood and broken security measures (I am sure the last years video is still around). I guess the concept of however smart you are there is always someone as smart the other side of the fence with the luxury of infinite time applies.
I am quite amused at the fact the signing key was included though, you would have thought it would have been verification only.

As for the future I guess time will tell, I expect some decent homebrew will appear fairly quickly though if the existing libraries can be ported up. The glut of GC homebrew with Wii intentions that appeared probably will help with this. I would like to see the USB ports and SD slot be coded for though in fairly short order so as to facilitate fun things like expanded memory.

Either way I guess I will be keeping my Wii with original firmware and modchip free for a few months to see how this plays out.
I predict the usual expensive implementation (Neoflash, wiinja, memorcard32......) or not very workable (same three examples probably will do although possibly a "homebrew only" chip) followed by a cheap/clone implementation (ndspatcher/loadme, clones and wiikey) and finally the current leaders catching up.

What I do like however is the fairly standardised nature of the wii which will hopefully mean no repeats of the preDLDI days.
If it does pan out allow me to be one of the first to throw my hat into the ring for any rom hacking that wants to be done.

cubin' · Dec 28, 2007

WiiMediaCenter with DS used as a remote anyone?

Hopefully they can get the Wii-Ds connection happening. I'm sure someone will come up with something very creative.

Hacking the virtual console games would be amazing

imagine a hacked hard drive filled with all those perfectly emulated nintendo, sega etc. games

This could be the best homebrew platform ev0r.

Movi · Dec 28, 2007

I wouldn't call this a security hole, more like false security logic in terms of "No one will ever get this memory region without gaining authentication so it's ok we don't protect this data in this region at all". This was more like hardware hacking, which by my standards is utter-hard, so kudos to these guys for doing it (also the WAB guys wanted to hack the Wii using this method, but they dissappeared).

No love for my Snes9X-GX question?

adgloride · Dec 29, 2007

With nintendo being able to write firmware updates to the wii. Maybe we will see hacked firmware, so they'll be no need for swaping discs. I don't think too many people will be bothered about being banned from online, if they ever decided to do it on the wii.

Hacking The Wii, officially hacked

Banned!

Active Member

GBAtemp Administrator

Well-Known Member

Gbatemp's Chocolate Bear

yay p1ngpong.

I'm a Star

With your drill, thrust to the sky!

Well-Known Member

With your drill, thrust to the sky!

Well-Known Member

Female Gamer

A Temper

Member

Well-Known Member

With your drill, thrust to the sky!

Techromancer

Well-Known Member

Well-Known Member

Its A Wii Wario

Similar threads

Popular threads in this forum