Hacking Fake Update Server

digitydogs

404 Error: Member Not Found
OP
Member
Joined
Oct 19, 2008
Messages
1,352
Trophies
0
Location
Md,US
Website
Visit site
XP
55
Country
United States
I figured that if in three days we can figure out to alter every ios on the system to the dip module maybe we can work this out too.

the idea is to develop a method of making the wii think our pc's are the update servers and pull updates from there.
This will allow a new way to hack systems as we can bypass the need for a twilight hack by simply replacing the channel(s) the update would normally install with HBC or anything else. Also we could make a 3.4 update that has all the original unpatched IOS's within.

It could also be usefull in cases where an update is needed (and the system settings can be accessed) but the system is already on the latest firmware. We'd just alter the version number on an official update and install over the old.


Tomorrow i am going to begin examining the updates from nintendo servers and the method of transfer to the wii.
Anyone who wants to throw some info my way, or help in any way please do.... and if someone with advanced knowledge of how this works already knows its not feasible or is already being worked on please let me know so i don't waste the time.
 

digitydogs

404 Error: Member Not Found
OP
Member
Joined
Oct 19, 2008
Messages
1,352
Trophies
0
Location
Md,US
Website
Visit site
XP
55
Country
United States
why do you think that? the hardest part will probably be modifying the updates as it is easy to configure a proxy on the local network to redirect the wii to any ip you want, and someone obviously knows how the update server works since we can access it without a wii.
 

Quincy

Your own personal guitarist :3
Member
Joined
Nov 13, 2008
Messages
1,516
Trophies
1
Age
27
Location
Your house
Website
youtek.net
XP
857
Country
Netherlands
digitydogs said:
why do you think that? the hardest part will probably be modifying the updates as it is easy to configure a proxy on the local network to redirect the wii to any ip you want, and someone obviously knows how the update server works since we can access it without a wii.
This was asked before thy that IronMask(or something) dude
 

digitydogs

404 Error: Member Not Found
OP
Member
Joined
Oct 19, 2008
Messages
1,352
Trophies
0
Location
Md,US
Website
Visit site
XP
55
Country
United States
Well no offense quincy but until i hear a technical reason why its impossible im going to work on it. After all backup loaders were impossible. Call it instinct or delusion but i know this is possible, dangerous yes but possible.
 

Quincy

Your own personal guitarist :3
Member
Joined
Nov 13, 2008
Messages
1,516
Trophies
1
Age
27
Location
Your house
Website
youtek.net
XP
857
Country
Netherlands
digitydogs said:
Well no offense quincy but until i hear a technical reason why its impossible im going to work on it. After all backup loaders were impossible. Call it instinct or delusion but i know this is possible, dangerous yes but possible.
well...good luck


sidenote

i passed 500 posts
 

dlxowhd

Well-Known Member
Member
Joined
Dec 7, 2008
Messages
382
Trophies
0
XP
96
Country
United States
that's what dark alex did with psp.
psp connects to the 'server' to update to the newest custom firmware.. brilliant.
 

remixer

Well-Known Member
Newcomer
Joined
Oct 10, 2008
Messages
64
Trophies
0
XP
91
Country
United States
this could be easier than everyone is thinking..
hear me out.. i'm no expert.. just a guy with an idea !

on windows it pays attention to a HOSTS file.. wikipedia it.
i'm also led to believe that linux looks for this file too (though i may be wrong here)
HOSTS can redirect web traffic .. now if the wii implents a similar system.. we just have to find the HOSTS File and change it to redirect ninty traffic to us !
 

remixer

Well-Known Member
Newcomer
Joined
Oct 10, 2008
Messages
64
Trophies
0
XP
91
Country
United States
quincy_xD said:
sidenote

i passed 500 posts

Nope you just made 500 .. you didn't pass it yet
smile.gif
 

riddle43

Well-Known Member
Member
Joined
Nov 21, 2008
Messages
381
Trophies
0
Age
45
Location
Mich USA
XP
417
Country
United States
this idea works on the psp and i bet with a little work and some bricking it can be done.


keep fighting the good fight!!!!!!!!!!!!!!!!!!!!!!!!!!!
 

pelago

Member
Member
Joined
Feb 20, 2006
Messages
1,019
Trophies
0
XP
530
Country
Redirecting to another site will be easy enough, but you'll probably have problems with signatures/certificates and so on.
 

20clarky08

Official Wii Freak
Member
Joined
Oct 29, 2008
Messages
844
Trophies
0
Age
36
Location
ScouseLand
Website
20clarky08.googlepages.com
XP
59
Country
i gotta cisco switch right here i could setup to re-direct all Wii traffic to another machine.

i personally don't believe certificates will be an issue, seems as we can access the servers via our browsers.

now unless the Wii downloads extra files we dont know about this is gotta be possible, however we need someone to perform a update for the team and monitor the url's access with dsniff/urlsnarf or something along those lines to see where exactly the Wii goes.
am already on 3.3e and i dont fancy the risk of messin with downgrading.

this is just my theory anyway...

20clarky08
 

joda

Well-Known Member
Member
Joined
Jul 12, 2007
Messages
436
Trophies
0
Location
Umeå
XP
119
Country
pelago said:
Redirecting to another site will be easy enough, but you'll probably have problems with signatures/certificates and so on.

Yup. I could more or less bet my left testicle on the fact that they have a web of trust with either the updates beeing signed or the update fetching thingie only accepting HHTPS-connection with a particularly signed cert.

You can of course spoof a lot of this, and make your already jailbroken (read homebrew channel:ed) Wii get updates from an alternate source, but I doubt getting an unmodded Vanilla-Wii to install faked updates would be practically feasible. This of course, unless they use a reaaaaaally old and bugged/broken openssl or the like for verification. Remember that what makes the Twilight Hack, and thus homebrew install, work is not the first step beeing a broken Wii, but a broken Wii-game.

(Of course, seamingly foolproof solutions have time after another been shown to be bugged enough to exploit, so please prove me wrong someone.)


EDIT
To clarify; I don't doubt you can make the Wii download an incorrect update file, but I doubt it just applies it without checking some signature or doing some other sanity checks. That would be brick heaven ...
 

20clarky08

Official Wii Freak
Member
Joined
Oct 29, 2008
Messages
844
Trophies
0
Age
36
Location
ScouseLand
Website
20clarky08.googlepages.com
XP
59
Country
what your saying is true Joda there must be some type of check in place for a vanilla Wii, but i personally believe been that we are able to access the N servers thats its not a HTTPS/SSL system

to be honest it looks to me like it may be as simple as a CRC or a hash check.

gettin back to the "Jailbroken" Wii's (i like that term been a iphone owner lol) has Fors not already stated that he plans to implent something along these lines with completion of cSM??

am sure he mentioned something about updates.
 

linuxares

I'm not a generous god!
Global Moderator
Joined
Aug 5, 2007
Messages
10,408
Trophies
2
XP
13,329
Country
Sweden
Remember, nothing is impossible. It's just a mather of time (or death).

What might work is actually some sort of "direct connect" to your computer or router. Or you make a CIOS that force the update to connect to an IP instead of the normal Wii database.

Or edit our routers (if YOU have one that have that possibility) to redirect everything that goes against Nintendos servers to your IP.

That will say, you must someway trick the Wii.
 

ether2802

we have the techno...!!
Former Staff
Joined
Oct 14, 2007
Messages
4,349
Trophies
0
Age
39
Location
Pto. Vallarta
XP
292
Country
Mexico
You know, I have a Wii that it's already kind of broken and it can acces to updates, so if there is any kind of test, I would do it without even think on the consecuences, unluckly it is at 3.4 and it doesn't have anything else beside the factory channels, so the test have to be for a Vanilla-Wii at 3.4 and only messing around with the normal Wii Settings...!!!
smile.gif
 

Slimmmmmm

GBAtemp MoNkEeE
Member
Joined
Nov 1, 2007
Messages
1,770
Trophies
0
Location
the land of lol
XP
528
Country
This can be done.

There are even a few people out there doing/trying this as we speak. Forsaeken (soz I typo everything
tongue.gif
) for example mentioned doing exactly this in his custom menu thread. Try finding that through all the spam though
frown.gif


Anyway, on WiiBrew there used to be a few pages detailing some of the web stuff etc, but it seems to have gone now.
I'm sure the concept was maybe even proved by patching an update that contained server details and installing it (to make changes to a couple of files on NAND), but finding details is very hard.

I think imho, that the newly formed "blasters team"
tongue.gif
might get this working to some degree as you are all dumping and examining nands just now anyway, so why not change some other features.

This is very brick dangerous imo, and normal unbricking steps may not be enough so tread carefully.

Good luck on this
smile.gif
 

Forsaekn

Well-Known Member
Member
Joined
Sep 27, 2008
Messages
260
Trophies
0
Age
35
XP
67
Country
United States
technically you *could* fake an update server, as NUS only uses Axis/SOAP, both easily found open source. using some of the wii's packet data already found online in some documentation, by imitating the handshake / connection its very possible to fake the update server. That and i've already located and redirected the update functions in the system menu to wherever i want (ie, a subdomain of my server, nus.csm.safe-leek.com)

Anywho, the main issue with this is hosting copyright update files on the server for the wii to download. the way the PSP does this is checks his update server for the patch file written for a particular firmware version, which then proceeds to download the official firmware from sony's server's and patch/install them from there. This way you can't be slapped with a lawsuit.

we pretty much have 90% of the things we need already available to us:
- We know the exchange protocols they use
- We have official files available on NUS
- We have a server able to handle AXIS/SOAP requests that can contain the patches for the official files
- We have patchmii to apply said patches before the installation of system files
- Success.

Fors
 

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3N1 @ K3N1: https://mobile.twitter.com/TheActMan_YT/status/1622834647121145857?ref_src=twsrc%5Etfw%7Ctwcamp%5...