Hacking "Emulating"/redirecting Wii Update server

[IceIceBird]

Someone has probably already tried this before but I would be very happy if these people could share their experiences and thoughts in this subject. Achieving this and it should be possible to emulate Nintendo's update service to install already patched IOS's (or old IOS's that has trucha bug and is signed) and Channels of your own choice. Even on newer upcoming systems that has no exploits.


-========================= In easy theori terms =========================-

• 1 - Redirecting your Wii (router) to a server hosted on your local computer (or public).
• 2 - Cause the server to respond as it would be Nintendo's own and tell the Wii there is a new update available.
• 3 - Simulate Nindendo's file transfers and responses from the fake server.
• 4 - Updating your Wii with the files of your choise.
• 5 - Done!

-===============================================================-


Just like people say there will be problems because your own selected files probably won't be correctly signed.

But..

This could be solved by already having the System Menu use a trucha patched IOS.
or
The first time you run an update against the fake server you downgrade the system menu and its IOS to the old versions that has the trucha bug and is properly signed by nintendo. Then the problem shouldn't exist anymore, am I wrong? (or make a newer System Menu run through an older IOS)

 

[Masterpaul]

Sounds interesting.
Stimulating will require some research though, decrypting data transfers etc. But if it is possible, nintendo wouldn't have nothing on us, until they update again and change the key to wii's data encryption.

 

[giantpune]

no. you still need a patched ios already on your wii to install other unsigned/fakesigned titles. you can redirect you router all you want, but if you are not running a ios that allows installation of unofficially signed stuff, you are pissing in the wind.

if you DO have an ios that allows you to install this altered code, then you can just use wad manager, dop-mii or whatever alse tickles your pickle to install it. no need setting up a server and redirecting your wii to some other server.

 

[Masterpaul]

If think he ment, the pc would tell the wii that there would be a new update. Then it could be downloaded. In essence it would patch the wii ios, by installing its own firmware?

 

[giantpune]

shit just doesnt work that way. the wii is already running 1 IOS. you cannot patch this IOS to allow installing whatever you want just by connecting to some server.

 

[Fudge]

I think you would have to edit something in the SYSCONF or settings.txt for that to work.

 

[Masterpaul]

Dam, would had been cool and pretty cheap.

And really embarrassing for Nintendo at the same time.

 

[techboy]

Like giantpune said, you need a patched IOS (specifically, a patched SM IOS) for this to work.

Aside from that, it would be an interesting (and likely prettier) alternative to bulk wad installation, especially when you deal with consoles from several regions.

I could see using something like this:
* Use an exploit to launch app which restores bug and patches the SM IOS.
* Connect wii to your network and update it. Wii connects to fake server, sees there is an update, and proceeds to install it. The update can consist of whatever titles you want installed.

 

[s3phir0th115]

I was considering looking into this to try to bypass Riivolution's protections, but decided it wasn't worth the time and that Riivolution probably checks signatures to prevent it. And sneek is easier.

That said it might be a convenience if you have an already modded wii. But I'd rather just use wad manager. This would be going way out of my way for little gain.

 

[IceIceBird]

shit just doesnt work that way. the wii is already running 1 IOS. you cannot patch this IOS to allow installing whatever you want just by connecting to some server.

Not just "a server" an emulated (by reading logs and such) update server hosted localy (or remotly for that matter). It could just be an tunnel that switches some files or such. Or just updates one iso/channel for that matter. If you log an wii updates network data, couldnt you just send the commands back to the wii that it needs for an succesfull update. And if you skipp the channels and just focus on installing one prepatched IOS.
What checks are made ON THE WII against the downloaded data.
Isn't the checksum for the files also recived from the server side and easily changed?
How does the installation precidure work on the downloaded data details etc, is there any diffrents in intalling a channel or a IOS?

 

[tueidj]

http://en.wikipedia.org/wiki/RSA#Signing_messages

 

[smf]

What checks are made ON THE WII against the downloaded data.
Isn't the checksum for the files also recived from the server side and easily changed?
How does the installation precidure work on the downloaded data work in details etc?

The checksums are signed, you need the private key.
If you have hacked your Wii to allow trucha signing then you might be able to do it.
Or if you somehow get the private key.

 

[IceIceBird]

What checks are made ON THE WII against the downloaded data.
Isn't the checksum for the files also recived from the server side and easily changed?
How does the installation precidure work on the downloaded data work in details etc?

The checksums are signed, you need the private key.
If you have hacked your Wii to allow trucha signing then you might be able to do it.
Or if you somehow get the private key.

But the OLD IOS:es have the trucha bug and is signed...
"Two step" Update maybe

First time you Update it's to an older SM IOS (maybe also the SM itself, if your wii suports it) with trucha bug and the next update you could install whatever you want.
Just thinking out load

 

[IceIceBird]

I think you would have to edit something in the SYSCONF or settings.txt for that to work.

Anything you think of in particulary? I'm curious how you think.

 

[smf]

First time you Update it's to an older SM IOS (maybe also the SM itself, if your wii suports it) with trucha bug and the next update you could install whatever you want.

You can't downgrade like that, so no.

 

[IceIceBird]

First time you Update it's to an older SM IOS (maybe also the SM itself, if your wii suports it) with trucha bug and the next update you could install whatever you want.

You can't downgrade like that, so no.

What checks are made for stopping this? If you trick the wii to think it's downloading a newer version (old one in disguise of the new).
Does the wii make an extra version check after it's been donloaded as well? I thought it only did that before.

 

[techboy]

Does the wii make an extra version check after it's been donloaded as well?

Yes it does. Official IOSes check versions while installing titles. The installation will fail with a -1035 error if you attempt to install an older version over a newer one.

The only way to downgrade is TBR, MMM, or another such homebrew tool.

 

[ChuckBartowski]

Eh,MMM does bulk wad installs fast and easily. Combined with something like ModMii, theres not much point.