July 25th, 2008 by bushing · 61 Comments
ChipD is a lean, mean, solderin’ machine — I have some of these TSOP sockets, and they are really really hard to solder down to a PCB that you actually care about. Also, they tend to melt if you breathe on them — but maybe that’s just me. I really like the way he made that slick cutout panel for the socket.
Around The World (ChipD’s 3-region Wii)
Beyond soldering a socket in place of the NAND flash chip, he programmed two spare flash chips with dumps from a PAL Wii and an NTSC/J Wii. He converted those two dumps to run on his Wii using an early version of some of my UnbrickMii project code (“betwiin”). No news yet on release plans; it still needs a lot of work, but it’s interesting to note that there are absolutely no hardware differences between Wiis from different regions.
Tags:
July 22nd, 2008 by bushing · 44 Comments
This isn’t the prettiest code I’ve ever written — it doesn’t have much of an interface, and I just threw this release together in a few minutes. However, it’s been exceedingly useful to me, and hopefully some of you will find it useful, too. I’ll quote the README here:
This program will do the following, automatically:
- Download IOS11 from the Nintendo Update Server
- Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
- Patch it to allow it to delete itself later using ES_DeleteTitle()
- Find an unused IOS slot (counting downward from IOS255)
- Install the hacked IOS11 there
- Reboot into the hacked IOS
- Copy the private key structure from the IOS address space into MEM1
- Reboot back into a sane IOS
- Delete the temporary, hacked IOS
- Display the keys on screen
- Try to write them to a file on the SD card — keys.txt
- Pause for 60 seconds to allow you to copy the keys down using pen and paper,if necessary
I wrote this a week or two after I killed a Wii trying to reproduce tmbinc’s original Tweezer Hack. May it rest in peace.
The first version of this code just used a patched version of IOS, which was an ugly hack. It’s still an ugly hack, but at least it no longer contains copyrighted code. You should only really need to run it once on any given Wii, but it should be safe to run as much as you want. If nothing else, it demonstrates the kinds of ways you can use PatchMii_core to do something useful (as opposed to just running it and then packaging the result up as cIOS).
(c) 2008 bushing / hackmii.com
Download: xyzzy-1.0.zip (source and binary)
Tags: · firmware, ios, keys
July 17th, 2008 by bushing · 13 Comments
As part of our efforts to understand how the Wii works, we believe we
have found a security issue that could allow pirated Wii games to be
played on an unmodified Wii console.
I would like to speak to an engineer about this — please have one contact me.
Sincerely,
bushing
Update: A representative from Nintendo has contacted me (see comment below). The rest of you can stop emailing me now. Assuming Nintendo acts in good faith, I don’t expect to be writing much more about this until it’s resolved.
Update 2: Apparently I presume too much of e.g. MaxConsole. The “comment below” was referring to comment 11. I listed the email in the order I received it.
The rest of the copycat emails can stop now. Srsly, guys. I did not post my email address here to invite you to debate this with me. Suffice it to say that I have put more thought into this than you have, and when you find your own exploits you can decide how to handle them.
Tags:
