29/01/2008, 08:41 PM
AtomicMPC Wrote:The Wii has been hacked. While wee were sleeping, a team of dedicated hackers finally got the homebrew ball rolling on Nintendo’s latest console. The trick, which was perfected last night, lets anyone execute their own code by utilising a savegame hack on a modified console. There’s no reason why it won’t work on an un-modded console, it just hasn’t been tested: unsurprisingly, none of the hackers own an unmodified Wii console.
It all started about a month ago with a pair of tweezers and a heavily modified Wii. The tweezer attack involves bridging pins of the Wii’s memory module whilst in Gamecube mode in order to access chunks of isolated Wii system memory. During Gamecube mode, the Wii’s 64MB of memory is split into two chunks: a 16MB chunk is allocated for Gamecube operation. The hack, however, tricks the system into allocating the Gamecube memory over the top of the restricted Wii memory. The memory is then dumped through a controller port, and it was this data dump that made what you’re about to read possible.
Inside this data dump was Nintendo’s public key, which is used to decrypt all of Nintendo’s game releases. Then another major discovery was made: It became apparent that an undocumented processor, nicknamed ‘Starlet’ by its discoverers, is located inside the graphics chip. This processor controls the Wii’s memory, security and cryptography, as well as almost all the peripherals. With the public key and some information on how Wii cryptography works, the Wii game discs can be decrypted and their contents harvested.
The holy grail of Wii hacking is a system exploit: finding where code can be injected into the system to gain low level access. Wee’re not there yet, although an alternative software based exploit where you examine existing game code for vulnerabilities and inject your own code into them has been written.
The main group in the homebrew scene is run by some hackers known as Bushing, Segher, and Tmbinc, who came up with the software hack. At the 24C3 hackers’ conference, they successfully modified an existing game with custom code and ran it through a modded Wii without it balking. Using this groundwork, they have been looking for exploits within the code of existing games.
And they found one. Within Zelda: Twilight Princess, a vulnerability exists in the savegame handling which allows a very small amount of arbitrary code to be executed from an SD card. Now fresh code can be executed from the SD slot – even on an unchipped Wii, say the hackers.
This shows that if you make the name too long, it will also pick up the horse's name, too. This means they're not properly checking the length of that string before copying it.
In the last 12 hours a major breakthrough has been made. ‘Hello World’ (or rather, ‘Hello Bushing’, a shout out to one of the hacking group’s members) was successfully being run and displayed. This is to date the first non-trivial piece of entirely custom code executed, running from an SD card and an original copy of Zelda. It may have been run on a modded Wii, but according to the hackers, it should also run on an un-modded Wii. The fact that this has been done means that homebrew isn’t just in the air. With this exploit, it exists, and with a bit of refinement it might even be user friendly.
You’re probably asking “What’s in it for me?” around about now. Well, at this stage, not an awful lot: these are still very early days reserved for the hardcore hackers. In the near future, however, as knowledge of the Wii system architecture starts to spread throughout the developer community, wee will start to see some really cool programs.
The existence of homebrew is a big event, possibly even huge, depending on how Nintendo responds to the news. If there is no response, wee will see a nice avenue for wringing more out of your Wii. Probably the worst way in which Nintendo could respond is to play the patching war – the same war now showing on a PSP near you -- a likely outcome if wee start to see chip-less piracy instead of pure homebrew. In an ideal world, however, they would respond in a similar manner to how Apple responded to hacks directed at the iPhone, by promising an SDK in coming months. Given the nature of the company, this situation is unlikely -- but wee can always live in hope.
It’s up to the community now. Let’s see some really great stuff that even Nintendo would be proud of!
- Source: [HERE]
Great news for the nintendo Wii scene :) I will be soon modding my friends Wii, he will be happy
Source: YouTube