Potential Wii malware/brickers being shared

emilydaemon

Member
OP
Newcomer
Joined
Aug 11, 2023
Messages
18
Trophies
0
Website
donut.eu.org
XP
123
Country
Finland
I know I'm just giving this script kiddie attention, but it's better to be safe than sorry.
Also apologies if this is badly written, I'm not good at using forums.
Basically, there's a guy who I won't name going around writing Wii brickers disguised as harmless WADs (such as a Golden Axe VC WAD) or homebrew applications.
Their biggest project, which I won't name either, is a fork of KoreanKii that just installs the korean key onto your Wii's SEEPROM. This by itself wouldn't be difficult to recover from, but here's the catch; it also deletes EVERYTHING off your SD card and USB drive.
They're planning on sharing malicious WADs and applications right here on GBATemp, which is why I finally made a post about this.
They're also claiming to have written WiiGPT, and that RiiConnect24 and WiiLink have been "stealing their hard work", which just isn't true and is them trying to make up some sort of rationale for doing these awful things.

TL;DR don't install random WADs or run random homebrew apps, test on dolphin first!
 

Disorarara

Well-Known Member
Member
Joined
Sep 12, 2012
Messages
621
Trophies
1
Age
29
XP
1,274
Country
Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?



Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.
 
  • Like
Reactions: Felold

master801

Well-Known Member
Member
Joined
Feb 24, 2011
Messages
1,192
Trophies
1
XP
2,608
Country
United States
Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?



Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

That definitely looks like the person in question.

Especially considering the comments in this one:

Also, looks like they're using the same bogus ass argument SilicaAndPina tried using when he released that malicious PS Vita app.
The: "I'm doing this malicious action to totally raise awareness about <X> problem!"
Screenshot_99.png

Raise awareness, my ass.
 
Last edited by master801,

emilydaemon

Member
OP
Newcomer
Joined
Aug 11, 2023
Messages
18
Trophies
0
Website
donut.eu.org
XP
123
Country
Finland
Not to potentially besmirch someone's good name but I'm guessing this is the individual you're referring to?



Also what's WiiGPT? I've not seen it posted about here or on Wiibrew.

Yep, it's that guy.
I don't think WiiGPT has been posted on Wiibrew or any forums, but it's on Open Shop Channel. It's what it says on the tin, a ChatGPT client for the Wii.
 
  • Like
Reactions: LiveAndLearn

Disorarara

Well-Known Member
Member
Joined
Sep 12, 2012
Messages
621
Trophies
1
Age
29
XP
1,274
Country
The: "I'm doing this malicious action to totally raise awareness about <X> problem!"

Raise awareness, my ass.

To be fair, the Wii is a very weak attack vector given how old it is and the lack of any actual substantial damage that can be done to it due to the ability to restore NANDs via bootmii and priiloader (as well as the ability to run things in Dolphin). I'm willing to be more charitable and at least entertain the idea that this person is shit-testing the open shop channel as well as the wider homebrew community via inconveniencing people with malicious code.
 

emilydaemon

Member
OP
Newcomer
Joined
Aug 11, 2023
Messages
18
Trophies
0
Website
donut.eu.org
XP
123
Country
Finland
[...] due to the ability to restore NANDs via bootmii and priiloader (as well as the ability to run things in Dolphin).
They're trying to add code to remove Priiloader and BootMii@Boot2, after which the only way to recover would be a hardware NAND programmer.
I'm willing to be more charitable and at least entertain the idea that this person is shit-testing the open shop channel as well as the wider homebrew community via inconveniencing people with malicious code.
Every binary released onto the OSC goes under moderation and testing, and while there is a worrying number of people running untrusted code all willy-nilly, there is definitely a better way to teach such a lesson than actually going out and attempting to irrecoverably brick consoles. What was preventing them from displaying an info blurb about how it's dangerous to run untrusted software?
They've also been harassing me in DMs, which I don't think is necessary for seeing if people will run their malicious code.
(apologies if any of this comes off as passive-aggressive, I'm not intending to do that. I'm just bad at speaking with people :wacko:)
 

KleinesSinchen

GBAtemp's Backup Reminder + Fearless Testing Sina
Member
GBAtemp Patron
Joined
Mar 28, 2018
Messages
4,537
Trophies
2
XP
15,379
Country
Germany
Independent from actual cases. No matter if there is some actual threat right now:

the lack of any actual substantial damage that can be done to it due to the ability to restore NANDs via bootmii and priiloader
Sadly it is not hard to interrupt the boot process early. Trashing boot1 or, if the first sector on NAND has some kind of write protection, trashing both copies of boot2 will render the Wii useless until restored with hardware flasher (which is just not gonna happen for an average user)



(as well as the ability to run things in Dolphin)
This should be done. But note that Dolphin is not a 100% accurate emulator. There are possibilities to detect being run on Dolphin… followed by playing innocent (PC malware sometimes does this when detecting a VM in an attempt to slow down analysis).

There is no 100% safety. If you have full control over a device without possibility to reinstall the operating system/firmware from zero, your device can be perma-bricked by malware. Unfortunately one strong point of homebrew is being able to try out things… so "Don't run unknown software" is often the opposite of what one wants to achieve with using homebrew/CFW.
 

emilydaemon

Member
OP
Newcomer
Joined
Aug 11, 2023
Messages
18
Trophies
0
Website
donut.eu.org
XP
123
Country
Finland
Funny story:
They just tried to harass me on Discord with 2 of their accounts, and resorted to using GBATemp to harass me.
What they probably didn't realize is that we now have their GBATemp account username.
The username is "xenos69", mods, do your magic :rofl:
EDIT: Please note that this is them impersonating another user who goes by "xenos" and "sysoverdrive", that person is completely innocent.
 

Attachments

  • stop_hiding_xenos69.png
    stop_hiding_xenos69.png
    73.1 KB · Views: 79
Last edited by emilydaemon,

LiveAndLearn

Member
Newcomer
Joined
Nov 15, 2022
Messages
5
Trophies
0
XP
47
Country
India
They are probably doing this to be regarded as a menace to the Wii Community and publicity. His actions have been brought to light, but haven't been burnt by it.

Be aware. Be safe. Play fair. Play safe.
 

idkwhereisthisname

Active Member
Newcomer
Joined
Aug 20, 2023
Messages
44
Trophies
0
Location
???
Website
idkwhereisthisname.github.io
XP
146
Country
Italy
Funny story:
They just tried to harass me on Discord with 2 of their accounts, and resorted to using GBATemp to harass me.
What they probably didn't realize is that we now have their GBATemp account username.
The username is "xenos69", mods, do your magic :rofl:
fun fact: iirc xenos69 became that guy alt
 
Last edited by idkwhereisthisname,
  • Like
Reactions: AncientBoi

idkwhereisthisname

Active Member
Newcomer
Joined
Aug 20, 2023
Messages
44
Trophies
0
Location
???
Website
idkwhereisthisname.github.io
XP
146
Country
Italy
Me too. But the Wii Community has helped me in a plethora of ways. I hate someone would try to do this.
same, i own a wii and im a bit worried about it
Post automatically merged:

also a word from "fin"
also sorry for the file name that it is in Italian :rofl2:
 

Attachments

  • Immagine 2023-09-07 201515.png
    Immagine 2023-09-07 201515.png
    131 KB · Views: 74
  • Like
Reactions: AncientBoi

sysoverdr1ve

Member
Newcomer
Joined
Sep 7, 2023
Messages
10
Trophies
0
Age
14
XP
76
Country
United States
hey, im Xenos, this dude is going around using a former profile picture of myself that i had on github as well as my username to spread these wads. Just wanna clear up my name because i actually make legitimate homebrew and dont do stuff like this. emily can vouch for me, weve had conversations about this guy/homebrew in general.
 

LiveAndLearn

Member
Newcomer
Joined
Nov 15, 2022
Messages
5
Trophies
0
XP
47
Country
India
Their GitHub has been terminated!
Post automatically merged:

This is great
Post automatically merged:

hey, im Xenos, this dude is going around using a former profile picture of myself that i had on github as well as my username to spread these wads. Just wanna clear up my name because i actually make legitimate homebrew and dont do stuff like this. emily can vouch for me, weve had conversations about this guy/homebrew in general.
We already knew that. Why would he impersonate you if he wanted you to unblock him though? Just saying.
 

Attachments

  • Screenshot_20230908-121659_Discord.jpg
    Screenshot_20230908-121659_Discord.jpg
    214.4 KB · Views: 62
Last edited by LiveAndLearn,
  • Like
Reactions: Felold

sysoverdr1ve

Member
Newcomer
Joined
Sep 7, 2023
Messages
10
Trophies
0
Age
14
XP
76
Country
United States
Their GitHub has been terminated!
Post automatically merged:

This is great
Post automatically merged:


We already knew that. Why would he impersonate you if he wanted you to unblock him though? Just saying.
the only reason he is impersonating me is because he has a picture of what i actually look like. i dont know his reasoning for lots of things, besides the fact that hes just a simple troll. i was the person that reported his github. he had a malicious .exe in one of his repositories so I reported it and got him banned
 

idkwhereisthisname

Active Member
Newcomer
Joined
Aug 20, 2023
Messages
44
Trophies
0
Location
???
Website
idkwhereisthisname.github.io
XP
146
Country
Italy
the only reason he is impersonating me is because he has a picture of what i actually look like. i dont know his reasoning for lots of things, besides the fact that hes just a simple troll. i was the person that reported his github. he had a malicious .exe in one of his repositories so I reported it and got him banned
u mean this?
 

Attachments

  • what.png
    what.png
    33.8 KB · Views: 66

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: https://store.epicgames.com/en-US/p/maid-of-sker-2ae24e