Better late than never.. Great for educational purposes.
I am also interested in the HBC source code. Integrating an FTP server would make it just perfect. I have understood that such things are absolutely off interest of Team Twiizers, but someone else would definitely be interested.
As I bothered to post, I’ll just say a big THANK YOU for ALL of you who made the homebrew on wii what it is today.
Shouldn’t this exploit work for all (or at least most) Wii games? If I remember it correctly, the team behind the Twilight Hack chose the Zelda game just because it was selling good. Can the same save-game-exploit work for Wii Sports/Play or any other game?
I believe there are other games which work with the hack (as stated by them), clearly not wii sports but they stuck with Zelda because ‘most people own it’ and it keeps the number of released hacks to a minimum.
They dont need to release those hacks though since bannerbomb has been released which needs no games at all.
Of course it won’t. It was designed with Zelda. To put it simply, it put’s epona’s name so long that the game can’t handle it and crashes. IF I remember correctly. Try that with Wii Sports. Of course something similiar could be done with other games.
@Vattu : sorry, this exploit is game specfic, but is sure that others games have exploit, zelda is not the only game to have a hole of security exploitable !
Vattu, as far as I know/remember, Twilight Princess has a bug in the Horse’s name, so if you made a name that was far too long for the program to handle it would cause a buffer overflow and crash, this allows the code to be run. This is why when you either talk to the guy (who mentions the horse’s name) or move backwards it crashes and runs the TP hack code + any boot.elf
That said, I’m pretty sure there is or will be another game that would bring back the same exploit concept as TP. But at least for now we have the BannerBomb.
If it were simply about game popularity I would have expected it to have been made in Wii Sports (as it is free with console) as well as Twilight Princess.
…
Love what HackMii is doing with homebrew! I have become able to trust the HackMii crew enough to use their code as I have seen proof that it is safe enough for general use – TP-Hack seems to have been a very nice safe exploit, HBC has been made to high standards that I have never expected to see from home brew. BootMii + HackMii Installer is awesome and hearing about the extensive sanity testing before install I have come to trust HackMii enough to use their software.
As soon as I see a home brew web browser (Firefox? WebKit-base?) and LibPurple client I see no reason why I shouldn’t have my Wii boot straight into the Homebrew Channel.
…Also, I suggest that there should be a couple of buttons at the bottom of the screen in HBC: a “Wii Menu” button like that of the SD Card menu in 4.0.
… Can someone point me to a forum I can’t remember where the main WiiBrew one is π
No, it wont work in any game. The code for the game must must be exploitable. The reason it worked for twilight is that the buffer wasnt checked for Eponas name, which allowed a buffer overflow exploit.
@pentolino: BootMii will dump out the keys at the end of the NAND dump.
@Vattu: No, it’s not that simple. There are probably similar exploits in many games, but I would not go as far as to say “all” or even “most”. Wii Sports is too simple to have any, alas.
Would it be possible to create an exploit out of a mii, and put it on the Wiimote over bluetooth? Has this been considered? I’m pretty sure you can change the name of said mii with a variety of currently available tools.
It would be great if more source code would be released, such as that for Homebrew Channel, and BootMii. However, I’m beginning to think that there may be more than just selfish motives preventing that from happening.
Is the reason for not releasing source code because it would assist Nintendo in preventing these things from working in the future? (The fact that the Twilight Hack source is released after it has been rendered useless would seem to support this) Or is the reason more to do with preventing people from exploiting these hacks for piracy purposes.
Anyway, in summary, it would be cool to know definatively why Team Twiizers don’t normally release source code. It’s not like there’s a profit motive — you don’t sell this software. Releasing source code would not deprive you of money. So why not do it?
I, for one, would love to see more software open-sourced.
>>Is the reason for not releasing source code because it would assist Nintendo in preventing these things from working in the future? Or is the reason more to do with preventing people from exploiting these hacks for piracy purposes.
Both, as seen on the Team Twiizers page on WiiBrew wiki.
I bet even on mswindows you can find a web browser that allows you to click around on the gitweb page a bit; there are links to help and stuff. If you cannot figure that out, there is Google. If you cannot figure _that_ out, try http://tinyurl.com/gittegittegit
You could also try the “snapshot” link on the gitweb page, but I suppose you won’t know how to handle a tarball either…
Another useful exploit that I believe I may have discovered is one in the Internet Channel. It seems that when rendering a large image and then resizing it within the HTML Canvas element causes the browser to stop responding. I had to hold down the power button for four seconds on my Wii to turn it off again. The Wii remote wouldn’t even turn off (when pressing and holding the power button on the remote)! This may allow for code to be executed directly from the Internet channel, and would be rather difficult for Nintendo to patch. This only took a 155 KB PNG image file, and it was a 1276 by 892 image file.
26 responses so far ↓
1 Suigintou // May 26, 2009 at 3:02 am
This could be useful for people wishing to make their own new expoits.
Any chance of releasing the source for the Homebrew Channel?
2 marcusw@cox.net // May 26, 2009 at 5:06 am
Yay!!!
Thank you!
3 marcusw@cox.net // May 26, 2009 at 5:47 am
Somebody should put an announcement in the news on wiibrew…
4 pentolino // May 26, 2009 at 7:18 am
Thank you very much.
Just one request: any hint on how to get the required keys for twintig? Maybe using something like FSToolbox?
5 djdynamite123 // May 26, 2009 at 7:56 am
I doubt any exploits will happen π
6 Henkka // May 26, 2009 at 8:29 am
Better late than never.. Great for educational purposes.
I am also interested in the HBC source code. Integrating an FTP server would make it just perfect. I have understood that such things are absolutely off interest of Team Twiizers, but someone else would definitely be interested.
As I bothered to post, I’ll just say a big THANK YOU for ALL of you who made the homebrew on wii what it is today.
7 Vattu // May 26, 2009 at 11:47 am
Shouldn’t this exploit work for all (or at least most) Wii games? If I remember it correctly, the team behind the Twilight Hack chose the Zelda game just because it was selling good. Can the same save-game-exploit work for Wii Sports/Play or any other game?
8 me.yahoo.com/a/UruqCUAlv… // May 26, 2009 at 12:28 pm
hello!!!! it was a really easy hack and with great support!!!! Thanks for it and for bootmii π
9 tech3475 // May 26, 2009 at 12:54 pm
I believe there are other games which work with the hack (as stated by them), clearly not wii sports but they stuck with Zelda because ‘most people own it’ and it keeps the number of released hacks to a minimum.
They dont need to release those hacks though since bannerbomb has been released which needs no games at all.
10 Henkka // May 26, 2009 at 1:00 pm
Of course it won’t. It was designed with Zelda. To put it simply, it put’s epona’s name so long that the game can’t handle it and crashes. IF I remember correctly. Try that with Wii Sports. Of course something similiar could be done with other games.
11 dumpcoco // May 26, 2009 at 1:09 pm
@Vattu : sorry, this exploit is game specfic, but is sure that others games have exploit, zelda is not the only game to have a hole of security exploitable !
12 Sephiroth // May 26, 2009 at 1:14 pm
@ Vattu:
I remember bushing saying that they (unfortunately) could not use the same exploit for wii sports.
but he also mentioned that they could adapt the exploit to other games, if nintendo stopped the twight hack.
seems like it isn’t neccessary anymore to release a “Brawl Hack” or whatever since bannerbomb does a fine job,even with firmware 4.0 ^^
13 master5o1 // May 26, 2009 at 2:08 pm
Vattu, as far as I know/remember, Twilight Princess has a bug in the Horse’s name, so if you made a name that was far too long for the program to handle it would cause a buffer overflow and crash, this allows the code to be run. This is why when you either talk to the guy (who mentions the horse’s name) or move backwards it crashes and runs the TP hack code + any boot.elf
That said, I’m pretty sure there is or will be another game that would bring back the same exploit concept as TP. But at least for now we have the BannerBomb.
If it were simply about game popularity I would have expected it to have been made in Wii Sports (as it is free with console) as well as Twilight Princess.
…
Love what HackMii is doing with homebrew! I have become able to trust the HackMii crew enough to use their code as I have seen proof that it is safe enough for general use – TP-Hack seems to have been a very nice safe exploit, HBC has been made to high standards that I have never expected to see from home brew. BootMii + HackMii Installer is awesome and hearing about the extensive sanity testing before install I have come to trust HackMii enough to use their software.
As soon as I see a home brew web browser (Firefox? WebKit-base?) and LibPurple client I see no reason why I shouldn’t have my Wii boot straight into the Homebrew Channel.
…Also, I suggest that there should be a couple of buttons at the bottom of the screen in HBC: a “Wii Menu” button like that of the SD Card menu in 4.0.
… Can someone point me to a forum I can’t remember where the main WiiBrew one is π
14 corez // May 26, 2009 at 2:16 pm
No, it wont work in any game. The code for the game must must be exploitable. The reason it worked for twilight is that the buffer wasnt checked for Eponas name, which allowed a buffer overflow exploit.
15 bushing // May 26, 2009 at 2:29 pm
@pentolino: BootMii will dump out the keys at the end of the NAND dump.
@Vattu: No, it’s not that simple. There are probably similar exploits in many games, but I would not go as far as to say “all” or even “most”. Wii Sports is too simple to have any, alas.
16 HyperHacker // May 26, 2009 at 2:52 pm
These exploits rely on the game programmers making mistakes. This particular mistake is easy to make, so it’s made pretty often, but not always.
17 pentolino // May 27, 2009 at 2:10 am
Thanks bushing for the reply; I’ll wait for “ceiling cat” sources (or your next release of course) to go on with my experiments π
18 kevind23 // May 27, 2009 at 7:45 am
Thank you!
19 Alex McKee // May 27, 2009 at 3:03 pm
Would it be possible to create an exploit out of a mii, and put it on the Wiimote over bluetooth? Has this been considered? I’m pretty sure you can change the name of said mii with a variety of currently available tools.
20 emailtoid.net/i/08cdb0b7/… // May 27, 2009 at 3:11 pm
It would be great if more source code would be released, such as that for Homebrew Channel, and BootMii. However, I’m beginning to think that there may be more than just selfish motives preventing that from happening.
Is the reason for not releasing source code because it would assist Nintendo in preventing these things from working in the future? (The fact that the Twilight Hack source is released after it has been rendered useless would seem to support this) Or is the reason more to do with preventing people from exploiting these hacks for piracy purposes.
Anyway, in summary, it would be cool to know definatively why Team Twiizers don’t normally release source code. It’s not like there’s a profit motive — you don’t sell this software. Releasing source code would not deprive you of money. So why not do it?
I, for one, would love to see more software open-sourced.
21 John_K // May 27, 2009 at 5:55 pm
@Suigintou: We are currently not planning on releasing the HomeBrew Channel source code.
@pentolino: We are currently not planning on releasing the “ceiling cat” source code.
We are planning to release an example project that executes on the PPC and talks to MINI.
22 master5o1 // May 28, 2009 at 3:52 am
>>Is the reason for not releasing source code because it would assist Nintendo in preventing these things from working in the future? Or is the reason more to do with preventing people from exploiting these hacks for piracy purposes.
Both, as seen on the Team Twiizers page on WiiBrew wiki.
23 tmkhank2 // May 29, 2009 at 3:08 pm
how do you download off git. i have a windows
24 Segher // May 30, 2009 at 1:26 pm
@tmkhank2
I bet even on mswindows you can find a web browser that allows you to click around on the gitweb page a bit; there are links to help and stuff. If you cannot figure that out, there is Google. If you cannot figure _that_ out, try http://tinyurl.com/gittegittegit
You could also try the “snapshot” link on the gitweb page, but I suppose you won’t know how to handle a tarball either…
25 IDWMaster // Jul 17, 2009 at 7:43 am
Another useful exploit that I believe I may have discovered is one in the Internet Channel. It seems that when rendering a large image and then resizing it within the HTML Canvas element causes the browser to stop responding. I had to hold down the power button for four seconds on my Wii to turn it off again. The Wii remote wouldn’t even turn off (when pressing and holding the power button on the remote)! This may allow for code to be executed directly from the Internet channel, and would be rather difficult for Nintendo to patch. This only took a 155 KB PNG image file, and it was a 1276 by 892 image file.
26 ghost // Aug 1, 2009 at 10:51 am
I don’t understand why Team Twizzers says Twilight Hack won’t work on v4.0, when I got it to work on a v4.0u. Can anyone explain that?
You must log in to post a comment.