Hacking Installing VC/WiiWare from NUS

[cwstjdenobs]

Sorry I've got friends round.

I never claimed this was totally legal. I guess this would be like the cIOS installers, legal to have, illegal to use.

To everyone who's offered to help I will get back to you in the next couple of hours. Thank you.

Edit: Sorry I fell asleep. I'm just sending people pm's now.

 

[WiiUBricker]

Well, since it sounds very interesting I would like to test it too

 

[cman1783]

Add me for testing (if available)!

 

[Jys072595]

Sounds interesting. And faster then installing wads. I'd love to test it out.

 

[longtom1]

I'll try anything got bootmii boot2

Any chance of a Pc app to create wads like nusd-mod

 

[djbubba2002]

cwstjdenobs , I just pm you .. read it please thanks

 

[atomikramp]

well. actually sooner or later this thing would have happened.

the wii online store biggest point of failure was, since the beginning, that the whole application and security check is done localy on the wii.

nintendo did a BIG mistake to create a simple passive download server, couse you can actually access the content, encrypted or not, and once you have access to the content, the encryption is only a metter of time.

btw i think that if nintendo is smart enaugh, they will rework the wii shop channel in a more secure way soon.
and i think they will deal with this exploit in two different phases
1) they will prepare a quick workaround wich will temporarely prevent or will make it extremely difficult to use this tool.
2) in the meanwhile they will rework the wii shop with an active server-side web application wich will check directly on the server if a console is authorized to access a particular content or not.

and the second part, despite the backend is pretty easy to implement since all the necessary parts for identifying a wii in an unique way are already in place.
it's enaugh for nintendo to create a database to store the wii console codes that purchased a content, associated to that content.
when you try to download such content, the remote server application will check in the DB for the autorization and will then grant or deny the access to the files.

btw nice exploit, i'm really interested, more then in the software itself, in some documentation explaining the ticket forging process.
i'm not a big fan of piracy, but i like to know how stuff work, so in the hope that you will disclose this vulnerability to the public, i hope, for the sake of nintendo and all the indie software house out there that relay on wiiware to provide low cost quality software, that this bug will be fixed as soon as possible.

@cwstjdenobs: I'm really looking forward to a message from you related to the ticket forging process and the vuln you exploited to accomplish this. even without the software, since as i explained below, i don't really care on pirating wiiware/vc games, can you send me a PM with some infos? or tell me how can i contact you to talk about this topic?

thnx in advice

 

[djbubba2002]

they didnt fix it yet , and you got a scene group out there downlaoding all the song for DLC for free... they didnt chagne it yet ..

 

[atomikramp]

i didn't say they have fixed it, i said they will fix it soon,
or well, i hope they'll do.

after all, dealing with online security checks has always been a sort of taboo, and N won't stand still watching milions of users stealing software directly from their servers.

it's also a metter of reputation
wii shop is not secure -> wiiware developers will stop publishing to wiiware ->loss of income directly for nintendo.

 

[tueidj]

@cwstjdenobs: I'm really looking forward to a message from you related to the ticket forging process and the vuln you exploited to accomplish this. even without the software, since as i explained below, i don't really care on pirating wiiware/vc games, can you send me a PM with some infos? or tell me how can i contact you to talk about this topic?

It's the same old fakesigning process that's been around forever. Go look at the source code for any wadpacker or even patchmii.

 

[Mark McDonut]

i didn't say they have fixed it, i said they will fix it soon,
or well, i hope they'll do.

after all, dealing with online security checks has always been a sort of taboo, and N won't stand still watching milions of users stealing software directly from their servers.

it's also a metter of reputation
wii shop is not secure -> wiiware developers will stop publishing to wiiware ->loss of income directly for nintendo.

Alright dude seriously, which wiiware developer or branch of one do you work for?

Or are you trying to be some software white knight trying to make a name for himself showing off someone else's research and exploits to nintendo?

Be more obvious, why don't you. Maybe we all don't want a forced firmware upgrade to yet another fucking shop channel just to access shit I already bought.

 

[Leathl]

I'll try anything got bootmii boot2

Any chance of a Pc app to create wads like nusd-mod

would be easy as long as you have kinda database with the title keys. You could grab them from nand for any purchased title.

 

[quepaso]

There aren't any Wiiware games worth stealing anyway.

 

[techboy]

There aren't any Wiiware games worth stealing anyway.

Can't agree more here.

There are some VCs though, at least for me. I own original Sonic 2, Sonic 3, Vectorman, and more, and do not want to pay for them a second time.

 

[thesund0g]

This is cool and all, but it's been thought of before.

People requested that the ability to do basically this be built into NUSD, and the author refused for this exact reason. You could already fstool them in once the wad was already installed, I believe.

And yes, it isn't legal. The ticket is Ninty property as well, as the law sees it.


ediut: Maybe this thing could be used for some type of "safer" cioscorp installer? Install all the content, then just throw the tickets in place?

 

[SFenton]

This is a very, very bad idea. Just like the RB2 DLC tools that were originally released, if people start attacking the servers, bad things will happen. STICK WITH WADS IF YOU'RE GOING TO PIRATE. You're still using a fakesigned ticket.

/my three cents

 

[caster62003]

This is a very, very bad idea. Just like the RB2 DLC tools that were originally released, if people start attacking the servers, bad things will happen. STICK WITH WADS IF YOU'RE GOING TO PIRATE. You're still using a fakesigned ticket.

/my three cents

I'd give it a quarter

I see this as killing any sort of current hacks that are out there today. N will see that people are getting into these waters, and will release some super update that will update all IOSs, somehow update boot2 and 1, I know this should not be possible, but you never know. If the update detects any sort of modification, it will mess up the install of boot1, and cause the system to be a white paper weight, then again, I always did want one of those . Either way, do what you need to, I'm just not going to be getting my feet wet here, wads are easy enough anyways.

 

[cwstjdenobs]

I'll try anything got bootmii boot2

Any chance of a Pc app to create wads like nusd-mod

would be easy as long as you have kinda database with the title keys. You could grab them from nand for any purchased title.


That's about it. This actually started out quite legit, but when I realised this could be done with what I was making, I didn't want too see torrents of tickets on p2p sites. It would have being funny, but I'm not that cruel.

QUOTE(techboy @ Jan 15 2010, 10:55 PM)

A legal way to redistribute illegal content...this could be interesting.

If this ever becomes a full fledged app, it might just be the next generation of piracy. Instead of downloading illegal code (read: WADs), we'll download a more-legal app that then performs the piracy by downloading the title from a public server run by Nintendo. I like it.

Uh, it's not legal at all. It uses stolen ticket files, which are meant to be sent to your wii when you actually purchase a title. The data for the title is downloaded from "NUS" (hosted on akamai) and decrypted using that ticket. It's no more legal than WAD files, and has the disadvantage that your IP will be logged when you download the files.

Sort of true. I really think on the legality side the needed files would be like the HD-DVD key, legal to have, even legal to pass about, but put it together with an app that can use the info it's illegal.

And I've got to agree with the last statement too, but IP being logged is only an issue for those few with static addresses. What are ISP's going to say if they get a letter from Nintendo wanting the powerword of a customer who is not distributing pirated data, but downloading something Nintendo themselves make free for anyone to download?

And to the holders of the moral high ground, this might not even get released. I might, after chatting to people, decide to rip out everyone else's code, and make a closed source tool that actually checks against itself being abused like this. Though I'd rather let others use there own brains to come to their own stance. I'll probably not use this myself you know, and this is just one possible use of a small bit of what I was working on.

 

[tueidj]

Sort of true. I really think on the legality side the needed files would be like the HD-DVD key, legal to have, even legal to pass about, but put it together with an app that can use the info it's illegal.

But the big difference there is you need to have the disc to access the content (which normally means you've paid for it anyway), whereas this content is easily accessible.

 

[cwstjdenobs]

tueidj I think you'd be surprised how much I agree. This is as wrong as me downloading a wad and installing it.

I do like discussing technicalities though, and that's what the law works on, not what's right or wrong unfortunately. But with that being said, I'm not a lawyer, so I'm going to stick to saying using this is just as illegal as dl'ing wads.