Wii Exploit found in Zelda.

Edgedancer

Director of Moon based operations
OP
Member
Joined
Oct 2, 2006
Messages
2,633
Trophies
0
Age
31
Location
Canberra
Website
Visit site
XP
494
Country
Quoted from TheSkeen.com

"Yes, that's right - an exploit for the Nintendo Wii has been discovered and it allows you to run custom code. The method is pretty simple. Copy over a save file for Zelda, load it and the code runs. Don't get too excited yet. They have only been able to run 4 lines of code, but this is in a days work.

Segher was the one to find the exploit and Bushing has been testing it out with the aid of the USB Gecko. The process is far from simple as once you modify a save game it requires it be to signed with 3 keys. Here's some info from Bushing.

"Once the Wii decrypts the save game, it checks its signature. Every Wii has its own private key which is used to sign save games, and when you save a game, the Wii actually saves three bits of data:

* The encrypted save game
* The signature for the save game (using your console's private key)
* A copy of your console's public key, signed by Nintendo."

Of course, the end user wouldn't have to go through this process unless they were wanting to inject their own code into the save game, but that shouldn't be necessary because when I asked Bushing what his goal was he answered:

"Assuming we don't run into a wall, it should be able to lead to a homebrew loader. I hope. No promises. "
 

Attachments

  • zeldacrash0.jpg
    zeldacrash0.jpg
    50.1 KB · Views: 1,091

Dylaan

Well-Known Member
Member
Joined
Jul 5, 2007
Messages
384
Trophies
0
XP
287
Country
Oh yeah!
biggrin.gif
Hopefully it doesn't get patched before something good can be done. I'd love to see something tangible to play with, it's so frustrating just waiting.
tongue.gif
 

Dirtie

:'D
Former Staff
Joined
Sep 9, 2003
Messages
3,704
Trophies
0
Age
35
Location
Zealer
Website
Visit site
XP
359
Country
New Zealand
If only the coders ever actually went into details about their findings, then I could have a play around - it wouldn't result in anything, but at least I could gain a better understanding of how these things work
frown.gif
 

TaMs

Randomizer
Member
Joined
Nov 15, 2006
Messages
1,129
Trophies
0
Age
32
XP
340
Country
Finland
hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.
biggrin.gif
 
D

Deleted User

Guest
If only the coders ever actually went into details about their findings, then I could have a play around - it wouldn't result in anything, but at least I could gain a better understanding of how these things work
frown.gif
looking at the first post, the only possible way they could inject some code would have been by extracting the private key of their console, and use it to sign code. Once you have a proper save that can act as a loader, you can give it to other people like one can share a save file. The dev giving info would either require you to have dumped you wii private key, which will not be that useful considering how hard it could be to dump it, or have them give theirs, which will expose them quite directly by the fact that the private key is directly linked to a console serial number. The way the exploit work should be fairly simple, something like a uber long char name where the game store it in a finite sized buffer.
 

Scorpei

Well-Known Member
Member
Joined
Aug 21, 2006
Messages
1,295
Trophies
0
Website
scorpei.com
XP
263
Country
Netherlands
hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.
biggrin.gif
Hardly, the original hack was fairly easy to patch for the big N (afaik) thus they didn't want to release anything specific as that would plug the hole for them to search for more exploits. Patching the save (though possible, it is signed with a specific key from the console that made the save) is slightly less important as once HB runs everyone could make a similar save (could be run through your own Wii to get it encrypted and signed) so then every Wii would have to be covered/blocked. Everyone COULD make their own save once HB runs and thus this is harder to block.

Don't quote me on this btw
tongue.gif
. Only written with my limited knowlidge of encryption, signing and etc. (so I could be really wrong ;p).
 

[Truth]

Well-Known Member
Member
Joined
Mar 21, 2006
Messages
918
Trophies
0
Location
Mushroom Kingdom
XP
1,769
Country
Germany
hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.
biggrin.gif
of course many are interested in it and they are working hard on it, but most of the hb developers don´t make their proceedings public until they are working stable, like bushing and segher now do.
2222046163_e76513996e_o_d.jpg
 

Jax

Pip Pip Cheerioink!
Member
Joined
Jul 31, 2006
Messages
4,132
Trophies
0
Age
34
Location
L.A.V.
XP
1,047
Country
Portugal
QUOTE([Truth said:
@ Jan 27 2008, 12:30 PM)]
hmh it's weird how long it takes to make homebrew for wii, even though it's "hacked" already. This is exploit a good add, but it really seems that no one is interested in wii.
biggrin.gif


of course many are interested in it and they are working hard on it, but most of the hb developers don´t make their proceedings public until they are working stable, like bushing and segher now do.
2222046163_e76513996e_o_d.jpg

FAIL!

That's the GC version!
rofl2.gif
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    KenniesNewName @ KenniesNewName: 10 year old hardware now still emulates switch pretty decently