Potential Wii malware/brickers being shared

emilydaemon · Sep 6, 2023

I know I'm just giving this script kiddie attention, but it's better to be safe than sorry.
Also apologies if this is badly written, I'm not good at using forums.
Basically, there's a guy who I won't name going around writing Wii brickers disguised as harmless WADs (such as a Golden Axe VC WAD) or homebrew applications.
Their biggest project, which I won't name either, is a fork of KoreanKii that just installs the korean key onto your Wii's SEEPROM. This by itself wouldn't be difficult to recover from, but here's the catch; it also deletes EVERYTHING off your SD card and USB drive.
They're planning on sharing malicious WADs and applications right here on GBATemp, which is why I finally made a post about this.
They're also claiming to have written WiiGPT, and that RiiConnect24 and WiiLink have been "stealing their hard work", which just isn't true and is them trying to make up some sort of rationale for doing these awful things.

TL;DR don't install random WADs or run random homebrew apps, test on dolphin first!

master801 · Sep 6, 2023

Another SilicaAndPina? lol

Disorarara · Sep 6, 2023

Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?

Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

master801 · Sep 6, 2023

Disorarara said:
Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?

Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

That definitely looks like the person in question.

Especially considering the comments in this one:

Also, looks like they're using the same bogus ass argument SilicaAndPina tried using when he released that malicious PS Vita app.
The: "I'm doing this malicious action to totally raise awareness about <X> problem!"

Raise awareness, my ass.

emilydaemon · Sep 6, 2023

Disorarara said:
Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?

Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

Yep, it's that guy.
I don't think WiiGPT has been posted on Wiibrew or any forums, but it's on Open Shop Channel. It's what it says on the tin, a ChatGPT client for the Wii.

Disorarara · Sep 6, 2023

master801 said:
The: "I'm doing this malicious action to totally raise awareness about <X> problem!"

Raise awareness, my ass.

To be fair, the Wii is a very weak attack vector given how old it is and the lack of any actual substantial damage that can be done to it due to the ability to restore NANDs via bootmii and priiloader (as well as the ability to run things in Dolphin). I'm willing to be more charitable and at least entertain the idea that this person is shit-testing the open shop channel as well as the wider homebrew community via inconveniencing people with malicious code.

emilydaemon · Sep 6, 2023

Disorarara said:
[...] due to the ability to restore NANDs via bootmii and priiloader (as well as the ability to run things in Dolphin).

They're trying to add code to remove Priiloader and BootMii@Boot2, after which the only way to recover would be a hardware NAND programmer.

Disorarara said:
I'm willing to be more charitable and at least entertain the idea that this person is shit-testing the open shop channel as well as the wider homebrew community via inconveniencing people with malicious code.

Every binary released onto the OSC goes under moderation and testing, and while there is a worrying number of people running untrusted code all willy-nilly, there is definitely a better way to teach such a lesson than actually going out and attempting to irrecoverably brick consoles. What was preventing them from displaying an info blurb about how it's dangerous to run untrusted software?
They've also been harassing me in DMs, which I don't think is necessary for seeing if people will run their malicious code.
(apologies if any of this comes off as passive-aggressive, I'm not intending to do that. I'm just bad at speaking with people :wacko:

)

KleinesSinchen · Sep 6, 2023

Independent from actual cases. No matter if there is some actual threat right now:

Disorarara said:
the lack of any actual substantial damage that can be done to it due to the ability to restore NANDs via bootmii and priiloader

Sadly it is not hard to interrupt the boot process early. Trashing boot1 or, if the first sector on NAND has some kind of write protection, trashing both copies of boot2 will render the Wii useless until restored with hardware flasher (which is just not gonna happen for an average user)

Disorarara said:
(as well as the ability to run things in Dolphin)

This should be done. But note that Dolphin is not a 100% accurate emulator. There are possibilities to detect being run on Dolphin… followed by playing innocent (PC malware sometimes does this when detecting a VM in an attempt to slow down analysis).

There is no 100% safety. If you have full control over a device without possibility to reinstall the operating system/firmware from zero, your device can be perma-bricked by malware. Unfortunately one strong point of homebrew is being able to try out things… so "Don't run unknown software" is often the opposite of what one wants to achieve with using homebrew/CFW.

emilydaemon · Sep 6, 2023

Funny story:
They just tried to harass me on Discord with 2 of their accounts, and resorted to using GBATemp to harass me.
What they probably didn't realize is that we now have their GBATemp account username.
The username is "xenos69", mods, do your magic

EDIT: Please note that this is them impersonating another user who goes by "xenos" and "sysoverdrive", that person is completely innocent.

idkwhereisthisname · Sep 7, 2023

not to mention they reverse engineered almost every homebrew wii app

LiveAndLearn · Sep 7, 2023

They are probably doing this to be regarded as a menace to the Wii Community and publicity. His actions have been brought to light, but haven't been burnt by it.

Be aware. Be safe. Play fair. Play safe.

AncientBoi · Sep 7, 2023

I don't own a Wii, but this is sad for the community of gamers. Be safe guys.

idkwhereisthisname · Sep 7, 2023

emilydaemon said:
Funny story:
They just tried to harass me on Discord with 2 of their accounts, and resorted to using GBATemp to harass me.
What they probably didn't realize is that we now have their GBATemp account username.
The username is "xenos69", mods, do your magic

fun fact: iirc xenos69 became that guy alt

LiveAndLearn · Sep 7, 2023

AncientBoi said:
I don't own a Wii, but this is sad for the community of gamers. Be safe guys.

Me too. But the Wii Community has helped me in a plethora of ways. I hate someone would try to do this.

idkwhereisthisname · Sep 7, 2023

LiveAndLearn said:
Me too. But the Wii Community has helped me in a plethora of ways. I hate someone would try to do this.

same, i own a wii and im a bit worried about it

Post automatically merged: Sep 7, 2023

also a word from "fin"
also sorry for the file name that it is in Italian :rofl2:

sysoverdr1ve · Sep 7, 2023

hey, im Xenos, this dude is going around using a former profile picture of myself that i had on github as well as my username to spread these wads. Just wanna clear up my name because i actually make legitimate homebrew and dont do stuff like this. emily can vouch for me, weve had conversations about this guy/homebrew in general.

LiveAndLearn · Sep 8, 2023

Their GitHub has been terminated!

Post automatically merged: Sep 8, 2023

This is great

Post automatically merged: Sep 8, 2023

sysoverdr1ve said:
hey, im Xenos, this dude is going around using a former profile picture of myself that i had on github as well as my username to spread these wads. Just wanna clear up my name because i actually make legitimate homebrew and dont do stuff like this. emily can vouch for me, weve had conversations about this guy/homebrew in general.

We already knew that. Why would he impersonate you if he wanted you to unblock him though? Just saying.

finthesecond · Sep 8, 2023

hi my name is fin

sysoverdr1ve · Sep 8, 2023

LiveAndLearn said:
Their GitHub has been terminated!

Post automatically merged: Sep 8, 2023

This is great

Post automatically merged: Sep 8, 2023

We already knew that. Why would he impersonate you if he wanted you to unblock him though? Just saying.

the only reason he is impersonating me is because he has a picture of what i actually look like. i dont know his reasoning for lots of things, besides the fact that hes just a simple troll. i was the person that reported his github. he had a malicious .exe in one of his repositories so I reported it and got him banned

idkwhereisthisname · Sep 8, 2023

sysoverdr1ve said:
the only reason he is impersonating me is because he has a picture of what i actually look like. i dont know his reasoning for lots of things, besides the fact that hes just a simple troll. i was the person that reported his github. he had a malicious .exe in one of his repositories so I reported it and got him banned

u mean this?

Potential Wii malware/brickers being shared

Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Member

GBAtemp's Backup Reminder + Fearless Testing Sina

Member

Attachments

Active Member

Member

THEE GAY WARLORD™ - Defender of GAY Rights

Active Member

Member

Active Member

Attachments

Member

Member

Attachments

Member

Member

Active Member

Attachments

Similar threads

Popular threads in this forum