A Possibel Exploit?

Discussion in 'Wii - Hacking' started by kryptonianpimp, Jun 13, 2009.

Jun 13, 2009

A Possibel Exploit? by kryptonianpimp at 7:36 AM (2,695 Views / 0 Likes) 19 replies

  1. kryptonianpimp
    OP

    Member kryptonianpimp GBAtemp Regular

    Joined:
    Oct 20, 2008
    Messages:
    131
    Country:
    United States
    Is it possible to create an exploit using a mii? there are just xml's renamed to a ".mii". Why is it not possible to add a hack-mii (litteraly) that would overload the wii so it would load a boot.dol from the sd? or even the wiimote itself! Why is there no hacks that involve channels yet?

    If someone makes this then DO NOT RELEASE IT!

    It should be able to be done,

    exploits so far
    1 Twi Hack
    2 banner bomb
    3 mario galaxy

    Just saying, has any one thought about this?
     
  2. Riley

    Member Riley GBAtemp Maniac

    Joined:
    Mar 9, 2009
    Messages:
    1,123
    Location:
    BC Canada
    Country:
    Canada
    i dont think thats possible, since the mii channel checks if the mii is normal or not. unless someone made a custom mii channel that is copyable........

    And no one knows if SMG has an exploit or not. Theres no real proof.
     
  3. kryptonianpimp
    OP

    Member kryptonianpimp GBAtemp Regular

    Joined:
    Oct 20, 2008
    Messages:
    131
    Country:
    United States
    Fair enough about the SMG exploit... but its funny you say that about a copyable mii channel because I was the first person to actually make one.

    PM for info.
     
  4. Helsionium

    Member Helsionium Alpha and Omega

    Joined:
    Jul 18, 2008
    Messages:
    348
    Location:
    Innsbruck, Austria
    Country:
    Austria
    I, too, believe that the Mii format is not hackable. The file format is very easy and well understood and it seems that Nintendo didn't screw up with this.
    If there was the possibility of a Mii exploit, we would already have it, we would even have had it before/instead of the Twilight Hack.

    EDIT: Having a custom Mii channel defeats the purpose of such an exploit, doesn't it? Homebrew/hacking methods would already have to be in place.
     
  5. kryptonianpimp
    OP

    Member kryptonianpimp GBAtemp Regular

    Joined:
    Oct 20, 2008
    Messages:
    131
    Country:
    United States
    not necessarily because until the first exploit opened the door for homebrew we weren't able to extract or modify a Mii.
     
  6. Helsionium

    Member Helsionium Alpha and Omega

    Joined:
    Jul 18, 2008
    Messages:
    348
    Location:
    Innsbruck, Austria
    Country:
    Austria
    You got a point there. But homebrew is still needed to modify Mii data or install custom channels, so the exploit would be a bit pointless.
     
  7. Tichinde925

    Member Tichinde925 Marth Ditto Money Match?

    Joined:
    Jul 14, 2008
    Messages:
    1,096
    Location:
    Warwick, Rhode Island
    Country:
    United States
    Your forgetting the Brawl exploit.
     
  8. WiiPower

    Member WiiPower GBAtemp Guru

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Germany
    Well you are able to store Miis on the wiimote, so you would need some way to get the Mii to the wiimote. You are able to connect the wii mote after the game started, so the system menu or whatever can't patch this. You "only" have to find 1 game that does not parse the .mii file correctly. If you succeed, this exploit would be similar to the SSBB exploit.

    Or if you transfer a mii to the wii mote, it might be even possible to let the mii channel crash, but i see bigger chances for games, but still very low ones.
     
  9. Helsionium

    Member Helsionium Alpha and Omega

    Joined:
    Jul 18, 2008
    Messages:
    348
    Location:
    Innsbruck, Austria
    Country:
    Austria
    The memory inside the Wii remote is only 16 KB, that is probably too little memory for any functional exploit (the Twilight Hack had about 120 KB if I'm correct).
    Most of this memory can be used by games, the Mii Channel only uses 740 bytes (one Mii is 74 bytes and you can store 10 on the Wii remote).
    Furthermore, the Mii parsing code and Mii data is apparently distributed to all developers as a library, so all games probably use the same code, which probably does not have any security flaws.
     
  10. nolimits59

    Member nolimits59 GBAtemp Regular

    Joined:
    Apr 25, 2008
    Messages:
    268
    Country:
    France

    and forget the SSBB exploit ? [​IMG] =)
     
  11. linkinworm

    Member linkinworm GBAtemp Maniac

    Joined:
    May 30, 2008
    Messages:
    1,326
    Location:
    Birmingham (England)
    Country:
    United Kingdom
    you could transfer if you had bluetooth on your pc using the wiimote, but miis are only about 1kb in size and i think the wii accepts it if its abnormal anyway
     
  12. SanGor

    Member SanGor Witchhunter

    Joined:
    Aug 21, 2008
    Messages:
    993
    Country:
    United States
    you don't need much space for the code at all since you can use nintendos functions from the game so less than 1kB should be easily possible.
    And with the SSBB exploit we have a very very good exploit which is next to impossible to fix.
     
  13. Adr990

    Member Adr990 To boldly go where no man has gone before!

    Joined:
    Apr 22, 2007
    Messages:
    1,469
    Location:
    The Netherlands
    Country:
    Netherlands
    Unless they make a new Disc game version. (just like in Zelda. which they never released in Europe. [​IMG] )
     
  14. Helsionium

    Member Helsionium Alpha and Omega

    Joined:
    Jul 18, 2008
    Messages:
    348
    Location:
    Innsbruck, Austria
    Country:
    Austria
    I believe you don't understand much of what you're talking about, sorry.
    All exploits abuse flaws in Nintendo's functions, but they can't use functions from the games, instead they must execute their own code. For example, you can't load executable files from an SD card with Nintendo's functions, because there simply are no such functions. If you had ever taken a look on the Twilight Hack source code, or anything else programmed for Wii, you would surely understand that no such code can be written whose binary is smaller than 16 or even one kilobyte.

    And the SSBB exploit is not even remotely impossible to fix. Assuming there is only one weakness in the stage-loading code of SSBB, Nintendo should be able to fix that in a new version of IOS36, which is the operating system used by SSBB. Even if there are several weaknesses, a fix is probably possible. If you ever read that games can't be patched - and game bugs can therefore not be fixed - that is only partially true: Yes, game code can't be replaced, but every game runs on an IOS, which can be patched easily. IOS acts as a operating system, and as such, lies between the game and the hardware. Any exploit dependent on modified data (i.e. virtually every plausible exploit that might ever be found) can be fixed by patching the corresponding IOS.
     
  15. Omega Knight

    Member Omega Knight GBAtemp Regular

    Joined:
    Jul 29, 2007
    Messages:
    137
    Country:
    United States
    I don't think it can be patched in the IOS, remember brawl isn't the only game that uses IOS36. Remember Zelda wasn't fixed in the IOS, they fixed it in the sysmenu, but this exploit doesn't use the sysmenu. Just think about it, nintendo doesn't even know what's wrong with their stage loading code. And just FYI, the Galaxy exploit is fake, a hoax.
     
  16. Helsionium

    Member Helsionium Alpha and Omega

    Joined:
    Jul 18, 2008
    Messages:
    348
    Location:
    Innsbruck, Austria
    Country:
    Austria
    eh... Galaxy exploit? I've not even been talking about that. I know it's fake.
    Nintendo chose to fix the Twilight Hack in the System Menu, because it was easier. The System Menu, being PPC code, is probably much easier to manage than IOS, which is ARM code. But as IOS knows or can know the Game ID of the currently running game, game-specific fixes can surely be made without breaking compatibility. As soon as the exploit is released, Nintendo will know what the problem is (don't underestimate their reverse-engineering strength!). The problem for Nintendo is, it is SLOW. It can apparently not fix any bug within three months, and even then, a new version of the exploit might still be possible. I'm only saying that fixing such a bug is in theory not too hard. Nintendo will have troubles with their own quality assurance and testing procedures, though.
     
  17. Sonic4Ever

    Member Sonic4Ever GBAtemp Regular

    Joined:
    Apr 21, 2008
    Messages:
    249
    Country:
    France
    You're wrong. You could do it just with a bluetooth dongle. It was that easy.

    Still I don't get your logic. Mii informations are just some stupid xml files, and any modification that goes beyond the limits of the Mii channel will make the Mii unrecognizable.
     
  18. Omega Knight

    Member Omega Knight GBAtemp Regular

    Joined:
    Jul 29, 2007
    Messages:
    137
    Country:
    United States
    Doing game specific fixes in the IOS's would be an ugly hack. IOS's are region free, the games are not, it would make the code really messy. And it would take them even longer to test it. And remember the file is on the SD card, they aren't allowed to touch your SD card without your permission. I personally don't think they could fix it like that, but I'm not saying it's unfixable, I just won't be discussing the _real_ ways to fix it here, where they could be watching.
     
  19. Helsionium

    Member Helsionium Alpha and Omega

    Joined:
    Jul 18, 2008
    Messages:
    348
    Location:
    Innsbruck, Austria
    Country:
    Austria
    Miis are not XML files, they are stored in a custom, but very easy, binary format for minimized file size.

    @Omega Knight:
    While IOS is region-free, this is no problem in this case, as the stage format is also region-free. It wouldn't have to mess with files on the SD card, which is obviously not allowed, but it could easily reject any file in the stage folder that does not conform to the stage file format. I agree that this will be a very ugly hack, but I still believe it's the only possibility they have if they want to fix the exploit.

    I am aware that Nintendo technicians may be following these boards, but I am respectful enough to not claim that I know of solutions that Nintendo techs will not alredy know. If anyone actually knows anything about the IOS or the Wii architecture in general, it will be the Nintendo techs, not some random forum user on GBAtemp, sorry.
     
  20. Omega Knight

    Member Omega Knight GBAtemp Regular

    Joined:
    Jul 29, 2007
    Messages:
    137
    Country:
    United States
    Correct you are that Nintendo technicians would know more about their system than any of us, but while the stage format might be region free, take into consideration that the different regions of the game aren't y the same game but just region patched, there are differences, an example of this would be how you need different wiird codes on every region.
     

Share This Page