Fake Update Server

Discussion in 'Wii - Hacking' started by digitydogs, Jan 7, 2009.

Jan 7, 2009

Fake Update Server by digitydogs at 6:36 AM (6,231 Views / 0 Likes) 56 replies

  1. digitydogs
    OP

    Member digitydogs 404 Error: Member Not Found

    Joined:
    Oct 19, 2008
    Messages:
    1,352
    Location:
    Md,US
    Country:
    United States
    I figured that if in three days we can figure out to alter every ios on the system to the dip module maybe we can work this out too.

    the idea is to develop a method of making the wii think our pc's are the update servers and pull updates from there.
    This will allow a new way to hack systems as we can bypass the need for a twilight hack by simply replacing the channel(s) the update would normally install with HBC or anything else. Also we could make a 3.4 update that has all the original unpatched IOS's within.

    It could also be usefull in cases where an update is needed (and the system settings can be accessed) but the system is already on the latest firmware. We'd just alter the version number on an official update and install over the old.


    Tomorrow i am going to begin examining the updates from nintendo servers and the method of transfer to the wii.
    Anyone who wants to throw some info my way, or help in any way please do.... and if someone with advanced knowledge of how this works already knows its not feasible or is already being worked on please let me know so i don't waste the time.
     


  2. Quincy

    Member Quincy Your own personal guitarist :3

    Joined:
    Nov 13, 2008
    Messages:
    1,435
    Location:
    Your house, robbing your stuff
    Country:
    Netherlands
    That probably isnt possible
     
  3. digitydogs
    OP

    Member digitydogs 404 Error: Member Not Found

    Joined:
    Oct 19, 2008
    Messages:
    1,352
    Location:
    Md,US
    Country:
    United States
    why do you think that? the hardest part will probably be modifying the updates as it is easy to configure a proxy on the local network to redirect the wii to any ip you want, and someone obviously knows how the update server works since we can access it without a wii.
     
  4. Quincy

    Member Quincy Your own personal guitarist :3

    Joined:
    Nov 13, 2008
    Messages:
    1,435
    Location:
    Your house, robbing your stuff
    Country:
    Netherlands
    This was asked before thy that IronMask(or something) dude
     
  5. digitydogs
    OP

    Member digitydogs 404 Error: Member Not Found

    Joined:
    Oct 19, 2008
    Messages:
    1,352
    Location:
    Md,US
    Country:
    United States
    Well no offense quincy but until i hear a technical reason why its impossible im going to work on it. After all backup loaders were impossible. Call it instinct or delusion but i know this is possible, dangerous yes but possible.
     
  6. Quincy

    Member Quincy Your own personal guitarist :3

    Joined:
    Nov 13, 2008
    Messages:
    1,435
    Location:
    Your house, robbing your stuff
    Country:
    Netherlands
    well...good luck


    sidenote

    i passed 500 posts
     
  7. icefireicefire

    Member icefireicefire GBATemp Fails.

    Joined:
    Dec 19, 2008
    Messages:
    961
    Country:
    United States
    ITS POSSIBLE. twiizers already considered it, but it requires illegal nintendo code, so nothing from them.

    would be very hard though.
     
  8. dlxowhd

    Member dlxowhd GBAtemp Fan

    Joined:
    Dec 7, 2008
    Messages:
    382
    Country:
    United States
    that's what dark alex did with psp.
    psp connects to the 'server' to update to the newest custom firmware.. brilliant.
     
  9. remixer

    Newcomer remixer Advanced Member

    Joined:
    Oct 10, 2008
    Messages:
    64
    Country:
    United States
    this could be easier than everyone is thinking..
    hear me out.. i'm no expert.. just a guy with an idea !

    on windows it pays attention to a HOSTS file.. wikipedia it.
    i'm also led to believe that linux looks for this file too (though i may be wrong here)
    HOSTS can redirect web traffic .. now if the wii implents a similar system.. we just have to find the HOSTS File and change it to redirect ninty traffic to us !
     
  10. remixer

    Newcomer remixer Advanced Member

    Joined:
    Oct 10, 2008
    Messages:
    64
    Country:
    United States
    Nope you just made 500 .. you didn't pass it yet [​IMG]
     
  11. riddle43

    Member riddle43 GBAtemp Fan

    Joined:
    Nov 21, 2008
    Messages:
    374
    Location:
    Mich USA
    Country:
    United States
    this idea works on the psp and i bet with a little work and some bricking it can be done.


    keep fighting the good fight!!!!!!!!!!!!!!!!!!!!!!!!!!!
     
  12. pelago

    Member pelago Member

    Joined:
    Feb 20, 2006
    Messages:
    879
    Country:
    United Kingdom
    Redirecting to another site will be easy enough, but you'll probably have problems with signatures/certificates and so on.
     
  13. 20clarky08

    Member 20clarky08 Official Wii Freak

    Joined:
    Oct 29, 2008
    Messages:
    844
    Location:
    ScouseLand
    Country:
    United Kingdom
    i gotta cisco switch right here i could setup to re-direct all Wii traffic to another machine.

    i personally don't believe certificates will be an issue, seems as we can access the servers via our browsers.

    now unless the Wii downloads extra files we dont know about this is gotta be possible, however we need someone to perform a update for the team and monitor the url's access with dsniff/urlsnarf or something along those lines to see where exactly the Wii goes.
    am already on 3.3e and i dont fancy the risk of messin with downgrading.

    this is just my theory anyway...

    20clarky08
     
  14. joda

    Member joda GBAtemp Fan

    Joined:
    Jul 12, 2007
    Messages:
    436
    Location:
    UmeƄ
    Country:
    Sweden
    Yup. I could more or less bet my left testicle on the fact that they have a web of trust with either the updates beeing signed or the update fetching thingie only accepting HHTPS-connection with a particularly signed cert.

    You can of course spoof a lot of this, and make your already jailbroken (read homebrew channel:ed) Wii get updates from an alternate source, but I doubt getting an unmodded Vanilla-Wii to install faked updates would be practically feasible. This of course, unless they use a reaaaaaally old and bugged/broken openssl or the like for verification. Remember that what makes the Twilight Hack, and thus homebrew install, work is not the first step beeing a broken Wii, but a broken Wii-game.

    (Of course, seamingly foolproof solutions have time after another been shown to be bugged enough to exploit, so please prove me wrong someone.)


    EDIT
    To clarify; I don't doubt you can make the Wii download an incorrect update file, but I doubt it just applies it without checking some signature or doing some other sanity checks. That would be brick heaven ...
     
  15. 20clarky08

    Member 20clarky08 Official Wii Freak

    Joined:
    Oct 29, 2008
    Messages:
    844
    Location:
    ScouseLand
    Country:
    United Kingdom
    what your saying is true Joda there must be some type of check in place for a vanilla Wii, but i personally believe been that we are able to access the N servers thats its not a HTTPS/SSL system

    to be honest it looks to me like it may be as simple as a CRC or a hash check.

    gettin back to the "Jailbroken" Wii's (i like that term been a iphone owner lol) has Fors not already stated that he plans to implent something along these lines with completion of cSM??

    am sure he mentioned something about updates.
     
  16. linuxares

    Member linuxares GBAtemp Maniac

    Joined:
    Aug 5, 2007
    Messages:
    1,387
    Country:
    Sweden
    Remember, nothing is impossible. It's just a mather of time (or death).

    What might work is actually some sort of "direct connect" to your computer or router. Or you make a CIOS that force the update to connect to an IP instead of the normal Wii database.

    Or edit our routers (if YOU have one that have that possibility) to redirect everything that goes against Nintendos servers to your IP.

    That will say, you must someway trick the Wii.
     
  17. ether2802

    Former Staff ether2802 we have the techno...!!

    Joined:
    Oct 14, 2007
    Messages:
    4,350
    Location:
    Pto. Vallarta
    Country:
    Mexico
    You know, I have a Wii that it's already kind of broken and it can acces to updates, so if there is any kind of test, I would do it without even think on the consecuences, unluckly it is at 3.4 and it doesn't have anything else beside the factory channels, so the test have to be for a Vanilla-Wii at 3.4 and only messing around with the normal Wii Settings...!!! [​IMG]
     
  18. ether2802

    Former Staff ether2802 we have the techno...!!

    Joined:
    Oct 14, 2007
    Messages:
    4,350
    Location:
    Pto. Vallarta
    Country:
    Mexico
  19. Slimmmmmm

    Member Slimmmmmm GBAtemp MoNkEeE

    Joined:
    Nov 1, 2007
    Messages:
    1,687
    Location:
    the land of lol
    Country:
    United Kingdom
    This can be done.

    There are even a few people out there doing/trying this as we speak. Forsaeken (soz I typo everything [​IMG] ) for example mentioned doing exactly this in his custom menu thread. Try finding that through all the spam though [​IMG]

    Anyway, on WiiBrew there used to be a few pages detailing some of the web stuff etc, but it seems to have gone now.
    I'm sure the concept was maybe even proved by patching an update that contained server details and installing it (to make changes to a couple of files on NAND), but finding details is very hard.

    I think imho, that the newly formed "blasters team" [​IMG] might get this working to some degree as you are all dumping and examining nands just now anyway, so why not change some other features.

    This is very brick dangerous imo, and normal unbricking steps may not be enough so tread carefully.

    Good luck on this [​IMG]
     
  20. Forsaekn

    Member Forsaekn GBAtemp Regular

    Joined:
    Sep 27, 2008
    Messages:
    260
    Country:
    United States
    technically you *could* fake an update server, as NUS only uses Axis/SOAP, both easily found open source. using some of the wii's packet data already found online in some documentation, by imitating the handshake / connection its very possible to fake the update server. That and i've already located and redirected the update functions in the system menu to wherever i want (ie, a subdomain of my server, nus.csm.safe-leek.com)

    Anywho, the main issue with this is hosting copyright update files on the server for the wii to download. the way the PSP does this is checks his update server for the patch file written for a particular firmware version, which then proceeds to download the official firmware from sony's server's and patch/install them from there. This way you can't be slapped with a lawsuit.

    we pretty much have 90% of the things we need already available to us:
    - We know the exchange protocols they use
    - We have official files available on NUS
    - We have a server able to handle AXIS/SOAP requests that can contain the patches for the official files
    - We have patchmii to apply said patches before the installation of system files
    - Success.

    Fors
     

Share This Page