Hacking Wii U Brew Coming Soon

[pwsincd]

They have acheived exactly what they set out to do . Knowing full well it;ll gain this sort of a reaction.

 

[crono141]

how do you know they don't have these keys? lets just wait and see what happens instead of fake, Fake, FAKE, FAKE!!!!!!! all over the board

Only Nintendo have the signing keys. Those keys are not found on the console.

 

[jammybudga777]

Questions:

1.) Dev gamepad. People say it can be used on retail unit. True?
2.) Dev box can be used for developing hack. True?
3.) Marcan still has not said if this type of hack is plausible (to him).

i cant say that i no the actuall answers to this but im guessing
1.) probable not
2.) was a question i wanted to ask. and i think is a do-able approach (maybe)
3.)marcan has come across skeptical about this hole thing. would be interesting to hear more from the top bods

 

[jammybudga777]

Only Nintendo have the signing keys. Those keys are not found on the console.

would the keys not be stored obviously on the console itself?? same as ps3 exc. so if havin a devkit you could access more stuff..... would there not be a chance of finding these keys (eventually)

 

[Ray Lewis]

If you can run unsigned code via exploit then who needs keys? Marcan posted about keys. I believe hbc would not run on launch check? Hack needs to do more than to install a banner/channel. Dev kit and sdk could be used to make hbc I think. Delivery of exploit? The dev gamepad does not really prove this is a farce.

Release and people apologize (giving more proof helps also) or don't and they only built interest for 30c3 and became the first trolling homebrew hack claim.

 

[crono141]

would the keys not be stored obviously on the console itself?? same as ps3 exc. so if havin a devkit you could access more stuff..... would there not be a chance of finding these keys (eventually)

You are confusing the common key with the signing key. Common key is used to determine if code is signed. Signing key does the signing. Different keys. As far as I know, PS3 signing keys were never found. And if they were, it was because Sony screwed up and allowed the signing key to be *calculated*. Wii's signing key was never determined, unsigned code runs through an exploit. Dev kits don't sign code, they just are able to run unsigned code for debug purposes. Once a developer has finished their game they send it to nintendo for nintendo to sign and publish.

 

[Ray Lewis]

If you have exploit, sdk, dev unit, and common key then what else do you need?

Exploit essentially eliminates the need for private key/signature unless I am wrong here.

So I guess there is no proof (yet)

 

[crono141]

If you have exploit, sdk, dev unit, and common key then what else do you need?

Exploit essentially eliminates the need for private key/signature unless I am wrong here.

Correct. I was merely explaining that just because we have video of a homebrew channel running on a dev kit does not in any way, shape, or form indicate that it can be done on a retail unit because dev kits can run unsigned code. In order to run unsigned code on a retail unit, you need an exploit. In other words, the video above offers no proof or evidence of an exploit, only that if there ever is an exploit found/released they have a homebrew channel ready to install.

 

[Jackalus]

Just wait for fail0verflow.

 

[marcan_troll]

Speculating on the details is retarded because there is no further information. Devkits do not use retail keys. Retail signing keys are held by Nintendo only and cannot be "calculated" (the PS3 thing was an exception, because Sony made a monumental epic failure of a crypto mistake. That's the only time that has ever happened in video game console history, and don't expect it to ever happen again.). Having a devkit might make investigation more convenient but it provides nothing essential to developing a retail exploit - there is no magic difference between having a devkit and not, other than perhaps it being harder to brick. Devkits don't use the retail common key as far as I know (which has nothing to do with signing and everything to do with encryption, by the way), so you can't extract it from them. Even with the common key, you still can't sign anything for retail (dev signing keys are available to devkit users but only work for devkit consoles). Console security doesn't rely on people not having access to devkits.

Note that you can't just "install HBC using an exploit" on the Wii U like you could on the Wii. The Wii U checks signatures on launch. To make that work you need a persistence exploit in system configuration data that can trigger on boot (think untethered vs. tethered iPhone jailbreaks). So, again, what they show can't work on a retail unit seamlessly without having a persistence exploit (which they don't show and which there's no evidence they have). Otherwise you'd have to perform some action (i.e. trigger an exploit, similar to BannerBomb or LetterBomb) every time you boot in order to break in and disable signature checks (which is also not shown). Meanwhile, all of this requires no exploit on a devkit... because it's a devkit.

Guys, that video is of a trivial demo app written on a devkit. It proves nothing. It would've been interesting had it been on a retail console, but the fact that we discovered that it was a devkit (and the towel/etc hiding the top of the controller all adds up) completely invalidates any claimed proof. Anyone who thinks there is anything more to the demo is just acting on faith. The video serves no purpose. Treat this as you would any random idiot saying "HAI GUYZ I HAZ DEVELOPED WII U HOMEBRU YO!". If you think that deserves trust, well, I have a shiny bridge to sell you.

Little-known fact: version 1.0 of the HackMii Installer (and a few earlier ones, IIRC, though not the latest one) does NOT use an exploit on Wii devkits. If you use it on a Wii development system, it detects that and installs The Homebrew Channel, signed with devkit signing keys, and encrypted with the devkit common key - exactly the same thing that is demoed on this video for Wii U. We did this to troll Nintendo, so if they ran it on a devkit to try to figure out the exploit, it wouldn't use an exploit at all (but it would still work).

Ray, shut up. You're rambling nonsense again.

 

[Ray Lewis]

Asking questions is how you learn and being told how something works clarifies and takes out the need for speculation. "Persistent" exploit would suffice to answer my question on "What else do you need?"

 

[the_randomizer]

Just wait for fail0verflow.

And then what?

 

[rednekcowboy]

Considering that no one knows either way, all of this fighting back and forth is basically useless. The video didn't show enough information to make a decision on whether or not it is fake. They said that more is coming, we will just have to wait and see.

Marcan, I do respect your opinion however there are too many unknowns. We have no idea that they are running anything on a devkit, only thing we have is a devkit gamepad, which is syncable to a retail console. I do agree that it is suspicious, but as you stated--it could have been done that way to throw Nintendo off as anything can be run on a devkit.

Only time will tell. I am very skeptical as well, even if I don't come across that way. I'm just saying that jumping to conclusions either way is a wrong move as we don't have enough information to make that decision.

 

[obcd]

So I suggest, let it rest. If they are seeking attention and that dries up, they will have to come with something new to get our attention again.

And why for Godsake would they sync a develop gamepad with a retail console?
If I would have a development unit, I would keep it's pieces together.

 

[rednekcowboy]

So I suggest, let it rest. If they are seeking attention and that dries up, they will have to come with something new to get our attention again.

And why for Godsake would they sync a develop gamepad with a retail console?
If I would have a development unit, I would keep it's pieces together.

I don't know why, maybe they broke their retail gamepad in frustration trying to get an exploit to work?

I didn't say that's what they did or even that is likely what they did, I just said it's possible to do, from what I'm told.

 

[DiscostewSM]

They can do whatever they want and demonstrate what they want with a devkit, but that does us little good. Until we see evidence of it running on retail hardware, I'm going to count this as deceptive.

 

[Skeet1983]

I hope it is legit, just have to wait and see.

 

[the_randomizer]

I didn't know a so-called "development" team needed a video to prove that they were douchebags .

 

[Kargaroc]

Extremely surprised that this thread isn't locked yet. There's basically 0% chance of this being real now.

 

[Cyan]

If I close it, users will create a new thread to post any new information they'll find.
At least, this thread (even if full of offtopic comments) can be used to focus all the comments to a single place until it's "released" and things calm down.