#109727 - omaremad - Mon Nov 20, 2006 8:12 pm
Before we start, i do not have a wii, but from my reading of forum posts who have one i theorised a hack method.
Wii has virtual console games right? they can be downlaoded to the sd card and thus we can get the "packages" on our pc.
The reason i said packages is that they contain a manual too and they are allot larger than their respective rom images without the manual.
Now is that mannual seperately coded for each game? or is it just a bunch of image files automatically loaded by the wii os
if each manual has its own code, to run our own code would be like opening a hacked virtual console package and running the menu.
discuss.
I hope the Readme method materialises
#109734 - Dan2552 - Mon Nov 20, 2006 10:03 pm
Wouldn't people be be able to hack the actual rom part, therefore generating runnable script - or does that only allow access to the older console features?
#109748 - omaremad - Mon Nov 20, 2006 11:33 pm
The actual rom would contain legacy code (nes,snes etc...), Rom injection would allow old homebrew but if those things had a bit of wii code then the gates are open :)
#109757 - Techokami - Tue Nov 21, 2006 12:34 am
Just for clarification, you can't copy Virtual Console software to an SD card. You can copy the channel data, however. It seems to be one giant lump of data, called "content.bin". However it should be possible to reverse-engineer the data structure used, and then craft a Channel file that, when run, does something (probably an overflow, or a jump to some "malicious" code) that then executes a bootloader for homebrew software.
#109776 - tepples - Tue Nov 21, 2006 5:30 am
Unless there's a digital signature involved. Has anybody managed to send homebrew to an unflashed DS Lite without using anything in the DS or GBA slots yet?
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#109790 - cybereality - Tue Nov 21, 2006 7:31 am
I'm very excited about the possibility of homebrew titles on the Wii. My thought is that since the Wii shares architecture with the Gamecube, it may be easier to hack considering the documentation already available. I'm thinking this may be a good entry point for homebrew Wii. At least you could run some form of unsigned code using GC homebrew tools, although it will likely be restricted to a sandbox like playing GBA games on the DS. But just like the DS, this may allow running some sort of launcher that could play unsigned Wii executables. This would be my initial idea, although I'm not a hardware expert, so I'm just tossing out ideas at this point.
What Technokami said sounds very promising. If the data saved on the SD cards holds more than just a ROM file, it is likely it also contains some code specific for the Wii. It also seems a lot more useful to be able to run homebrew on an SD card rather than some proprietary device or even having to burn a DVD every time. This is why Im glad Nintendo went with a standard format like SD.
I really hope people are working on this right now, because I have some really cool ideas for some Wii games I'd like to make. Also, if there are any serious hackers who need a Wii, just toss up a donation link. I will definately send you a few bucks if you can make this happen.
_________________
// cybereality
#109817 - sgeos - Tue Nov 21, 2006 1:41 pm
I'm going to agree with tepples. I can't see unsigned Wii content. I'd actually be shocked if content is unsigned.
-Brendan
#109835 - omaremad - Tue Nov 21, 2006 5:26 pm
i would doubt that they would encrypt the whole binary, probably the first bit.
There might be check sums though to check if the binaries are "clean" and not corrupted since the games can be put on sd cards nintendo might have corruption detetction.
Put that content .bin in a hex editor and have a look around. Please :)
#109837 - keldon - Tue Nov 21, 2006 5:31 pm
It will not happen that easy. The encryption on the ds was small because it was being done in real time using low cost hardware that was being shipped inside every cartridge. It will be as hard to crack as the copy protection used by sky-by-broadband - which has been cracked, but there are much more people who want to watch films than there are who want to develop for nintendo wii.
#109857 - omaremad - Tue Nov 21, 2006 8:27 pm
Finding wii code will be a matter of diffing that content.bin after roms have been added to it or deleted. Too bad i dont have a wii yet, even if i had one i would be too busy plying rather than hacking.
#109897 - swimgod - Wed Nov 22, 2006 12:21 pm
from what i read online all that nintendo claims is capable of putting onto the sd card is Saves, (well atleast all the wii can put on it...)
otherwise people would be able to put their sd cards in someone else's wii and copy the game they downloaded...
im sure there is a way to overload the save buffer though and run unsigned code!
now thats an idea for a hack :)...
_________________
1x WII 2x remotes
2x NDS/L(FMv7-ORG:v4,FMv7-org:DSL)
1x GBAMP
2x 1gb (MicroDrive{typeII}&SanDisk{typeI})
1x SuperPass2
1x Supercard-CF
MoonShell skins
#109905 - omaremad - Wed Nov 22, 2006 5:07 pm
No vc games can be put on sd's as seen by the second poster here. They are locked to only your wii by using the unique wii code (one for every wii)
#109908 - PhoenixSoft - Wed Nov 22, 2006 6:17 pm
If this video is real, the GameCube SD card + Action Replay exploit still works:
http://www.kotaku.com/gaming/wii/bad-man-plays-emulators-on-his-wii-216551.php
#109919 - omaremad - Wed Nov 22, 2006 9:56 pm
but would be we be able to acess wii hardware and processing power in gc mode?
#109920 - dantheman - Thu Nov 23, 2006 1:48 am
| omaremad wrote: |
| but would be we be able to acess wii hardware and processing power in gc mode? |
Kind of funny how everything we're doing on the DS side has a chance of occuring on the Wii as well. First will come the PassWii, which will exploit the GCN backwards compatibility to run Wii homebrew, but then PassWii2 will arrive once a downloadable firmware update disables the original. Eventually NoWiis (hehe) will make running homebrew easier, and they will become integrated with Wii-slot devices that will be shunned by the homebrew community for catering too much to pirates. World War Thwii will then commence, the victor yet to be decided.
Not quite sure who first mentioned the phrase "PassWii" but I think it was tepples. Searching for it yields no results however.
#109922 - PhoenixSoft - Thu Nov 23, 2006 2:29 am
The guys over on GCDev were talking about the possibility of being able to write to a particular register and have the Wii switch from GameCube mode into full Wii mode. That would be nice, but nobody should get their hopes up like with the DS - the fact that Zelda: Twilight Princess ships in two SKUs hints that this isn't possible.
#109951 - pepsiman - Thu Nov 23, 2006 4:11 pm
| dantheman wrote: |
| Not quite sure who first mentioned the phrase "PassWii" but I think it was tepples. Searching for it yields no results however. |
That was "PassMii" http://forum.gbadev.org/viewtopic.php?p=109408#109408
#109957 - omaremad - Thu Nov 23, 2006 5:02 pm
the fake firmware thing is cool, we would divert the packet flow to a fake nintendo server and flash with a flashmii version of the os.
But we need to dump it first thats why i wnted to use the READMII method as you get the data easily via sd.
#109959 - tepples - Thu Nov 23, 2006 5:10 pm
| omaremad wrote: |
| the fake firmware thing is cool, we would divert the packet flow to a fake nintendo server |
And because you don't have Nintendo's private SSL key, the certificate will fail to verify. All three major console makers learned from the Phantasy Star Online fiascos on Dreamcast and GameCube.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#110013 - omaremad - Fri Nov 24, 2006 7:55 am
well the protection for the wii shop channels is pretty sloppy. its just a website, so who knows maybe the wii downloads stuff using http without any security codes.
http://mozy.org/wii/
#110022 - keldon - Fri Nov 24, 2006 9:57 am
| omaremad wrote: |
well the protection for the wii shop channels is pretty sloppy. its just a website, so who knows maybe the wii downloads stuff using http without any security codes.
http://mozy.org/wii/ |
I doubt it, come on. Even the most basic free packages like amsn know how to use secure authentication.
#110027 - omaremad - Fri Nov 24, 2006 12:42 pm
well according to the link i gave SSL is only used for credit card transfers.
#110058 - josath - Sat Nov 25, 2006 3:15 am
| omaremad wrote: |
| well according to the link i gave SSL is only used for credit card transfers. |
Authentication is separate from encryption. You can have one without the other.
#110122 - HyperHacker - Sat Nov 25, 2006 7:49 pm
Wait, what's this I hear about switching from GBA mode back to DS mode?
| tepples wrote: |
| Unless there's a digital signature involved. Has anybody managed to send homebrew to an unflashed DS Lite without using anything in the DS or GBA slots yet? |
There's been no need. I'm sure there's a second-stage loader that can be exploited (or does the DS check for extra data appended to the binary? Could try overflowing memory.) but hardware is so cheap nobody's bothered to try.
_________________
I'm a PSP hacker now, but I still <3 DS.