Potential Wii malware/brickers being shared

[emilydaemon]

I know I'm just giving this script kiddie attention, but it's better to be safe than sorry.
Also apologies if this is badly written, I'm not good at using forums.
Basically, there's a guy who I won't name going around writing Wii brickers disguised as harmless WADs (such as a Golden Axe VC WAD) or homebrew applications.
Their biggest project, which I won't name either, is a fork of KoreanKii that just installs the korean key onto your Wii's SEEPROM. This by itself wouldn't be difficult to recover from, but here's the catch; it also deletes EVERYTHING off your SD card and USB drive.
They're planning on sharing malicious WADs and applications right here on GBATemp, which is why I finally made a post about this.
They're also claiming to have written WiiGPT, and that RiiConnect24 and WiiLink have been "stealing their hard work", which just isn't true and is them trying to make up some sort of rationale for doing these awful things.

TL;DR don't install random WADs or run random homebrew apps, test on dolphin first!

 

[master801]

Another SilicaAndPina? lol

 

[Disorarara]

Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?



Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

 

[master801]

Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?



Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

That definitely looks like the person in question.

Especially considering the comments in this one:

Also, looks like they're using the same bogus ass argument SilicaAndPina tried using when he released that malicious PS Vita app.
The: "I'm doing this malicious action to totally raise awareness about <X> problem!"


Raise awareness, my ass.

 

[emilydaemon]

Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?



Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

Yep, it's that guy.
I don't think WiiGPT has been posted on Wiibrew or any forums, but it's on Open Shop Channel. It's what it says on the tin, a ChatGPT client for the Wii.

 

[Disorarara]

The: "I'm doing this malicious action to totally raise awareness about <X> problem!"

Raise awareness, my ass.

To be fair, the Wii is a very weak attack vector given how old it is and the lack of any actual substantial damage that can be done to it due to the ability to restore NANDs via bootmii and priiloader (as well as the ability to run things in Dolphin). I'm willing to be more charitable and at least entertain the idea that this person is shit-testing the open shop channel as well as the wider homebrew community via inconveniencing people with malicious code.

 

[emilydaemon]

[...] due to the ability to restore NANDs via bootmii and priiloader (as well as the ability to run things in Dolphin).

They're trying to add code to remove Priiloader and BootMii@Boot2, after which the only way to recover would be a hardware NAND programmer.

I'm willing to be more charitable and at least entertain the idea that this person is shit-testing the open shop channel as well as the wider homebrew community via inconveniencing people with malicious code.

Every binary released onto the OSC goes under moderation and testing, and while there is a worrying number of people running untrusted code all willy-nilly, there is definitely a better way to teach such a lesson than actually going out and attempting to irrecoverably brick consoles. What was preventing them from displaying an info blurb about how it's dangerous to run untrusted software?
They've also been harassing me in DMs, which I don't think is necessary for seeing if people will run their malicious code.
(apologies if any of this comes off as passive-aggressive, I'm not intending to do that. I'm just bad at speaking with people )

 

[KleinesSinchen]

Independent from actual cases. No matter if there is some actual threat right now:

the lack of any actual substantial damage that can be done to it due to the ability to restore NANDs via bootmii and priiloader

Sadly it is not hard to interrupt the boot process early. Trashing boot1 or, if the first sector on NAND has some kind of write protection, trashing both copies of boot2 will render the Wii useless until restored with hardware flasher (which is just not gonna happen for an average user)

(as well as the ability to run things in Dolphin)

This should be done. But note that Dolphin is not a 100% accurate emulator. There are possibilities to detect being run on Dolphin… followed by playing innocent (PC malware sometimes does this when detecting a VM in an attempt to slow down analysis).

There is no 100% safety. If you have full control over a device without possibility to reinstall the operating system/firmware from zero, your device can be perma-bricked by malware. Unfortunately one strong point of homebrew is being able to try out things… so "Don't run unknown software" is often the opposite of what one wants to achieve with using homebrew/CFW.

 

[emilydaemon]

Funny story:
They just tried to harass me on Discord with 2 of their accounts, and resorted to using GBATemp to harass me.
What they probably didn't realize is that we now have their GBATemp account username.
The username is "xenos69", mods, do your magic
EDIT: Please note that this is them impersonating another user who goes by "xenos" and "sysoverdrive", that person is completely innocent.

 

[idkwhereisthisname]

not to mention they reverse engineered almost every homebrew wii app

 

[LiveAndLearn]

They are probably doing this to be regarded as a menace to the Wii Community and publicity. His actions have been brought to light, but haven't been burnt by it.

Be aware. Be safe. Play fair. Play safe.

 

[AncientBoi]

I don't own a Wii, but this is sad for the community of gamers. Be safe guys.

 

[idkwhereisthisname]

Funny story:
They just tried to harass me on Discord with 2 of their accounts, and resorted to using GBATemp to harass me.
What they probably didn't realize is that we now have their GBATemp account username.
The username is "xenos69", mods, do your magic

fun fact: iirc xenos69 became that guy alt

 

[LiveAndLearn]

I don't own a Wii, but this is sad for the community of gamers. Be safe guys.

Me too. But the Wii Community has helped me in a plethora of ways. I hate someone would try to do this.

 

[idkwhereisthisname]

Me too. But the Wii Community has helped me in a plethora of ways. I hate someone would try to do this.

same, i own a wii and im a bit worried about it

Post automatically merged: Sep 7, 2023

also a word from "fin"
also sorry for the file name that it is in Italian

 

[sysoverdr1ve]

hey, im Xenos, this dude is going around using a former profile picture of myself that i had on github as well as my username to spread these wads. Just wanna clear up my name because i actually make legitimate homebrew and dont do stuff like this. emily can vouch for me, weve had conversations about this guy/homebrew in general.

 

[LiveAndLearn]

Their GitHub has been terminated!

Post automatically merged: Sep 8, 2023

This is great

Post automatically merged: Sep 8, 2023

hey, im Xenos, this dude is going around using a former profile picture of myself that i had on github as well as my username to spread these wads. Just wanna clear up my name because i actually make legitimate homebrew and dont do stuff like this. emily can vouch for me, weve had conversations about this guy/homebrew in general.

We already knew that. Why would he impersonate you if he wanted you to unblock him though? Just saying.

 

[finthesecond]

hi my name is fin

 

[sysoverdr1ve]

Their GitHub has been terminated!

Post automatically merged: Sep 8, 2023

This is great

Post automatically merged: Sep 8, 2023

We already knew that. Why would he impersonate you if he wanted you to unblock him though? Just saying.

the only reason he is impersonating me is because he has a picture of what i actually look like. i dont know his reasoning for lots of things, besides the fact that hes just a simple troll. i was the person that reported his github. he had a malicious .exe in one of his repositories so I reported it and got him banned

 

[idkwhereisthisname]

the only reason he is impersonating me is because he has a picture of what i actually look like. i dont know his reasoning for lots of things, besides the fact that hes just a simple troll. i was the person that reported his github. he had a malicious .exe in one of his repositories so I reported it and got him banned

u mean this?