Wii News
EasyIOS v0.1.2 (Wii Application)

This app is for browsing the device tree, and trying out quick IOS commands w/out doing builds.


+Fixed bug causing crash related to overrunning the log
+Added easy to use Byte (binary mode) adding interface
+Fixed debug messages going to log. (More useful/detailed)
+Speed improvements related to allocating memory
+Fixed padding of bytes so output is easier to read
+Added build flags so EasyIOS can build under cygwin, linux or osx
+Added new devices based on changes on the IOS wiki


By with 0 comments
Twilight Hack v0.1 (Alpha 2) (Wii Application)

Team Twiizers released an update to their Wii homebrew loader/exploit.

How to install:

Extract the zip archive into any folder.

Backup your old Zelda save if you want to, by copying data.bin out of *SD Card*/private/wii/title/RZDP or *SD Card*/private/wii/title/RZDE and into another folder.
If you have a PAL Zelda game (identified by the code “RVL-RZDP-0A-0 JPN” around the inside on the shiny side of the disc), copy the file rzdp.bin (from the zip archive you extracted) into *SD Card*/private/wii/title/RZDP/data.bin.

If you have an NTSC later revision Zelda game (identified by the code “RVL-RZDE-0A-2 USA” around the inside on the shiny side of the disc), copy the file rzde2.bin (from the zip archive you extracted) into *SD Card*/private/wii/title/RZDE/data.bin.

If you have any other NTSC revision Zelda game (usually identified by any other code involving the letters “RZDE” around the inside on the shiny side of the disc), copy the file rzde.bin (from the zip archive you extracted) into *SD Card*/private/wii/title/RZDE/data.bin.

Now, put the SD card and Zelda into your Wii and turn it on. Go into Wii Options –> Data Management –> Save Data –> Wii. Find your Zelda save, click on it, and click “Erase”, and click Yes. Now, go into SD card, and select the “Twilight Hack” save (the icon says “Wiibrew Loader”). Click copy, and yes. Now, go back out of that menu and start the game. Select the first save file (called Twilight Hack), complete the brightness setting, and talk to the man in front of you. What will later be the ELF loader will load.

If you are a PAL user and are experiencing a line of text lost off the bottom, try changing your TV type under Wii options –> Wii settings –> screen to 576i (50hz). Please could PAL users add a post to the right section to say whether they had this problem or not with non-576i settings, as I would like to know if everyone has this problem or if it’s just my TV.


By with 0 comments
Tetris (Wii Game)

Christian Auby aka Desktopman released a homebrew Tetris game for Nintendo’s Wii console. For the download check out the linked page below, if you are more likly interested in a video then you might be right here: http://www.auby.no/files/wii/tetris.wmv

Thanks to brakken for the news and the screenshot! – http://www.tehskeen.com


By with 0 comments
Twilight Hack v0.1 (Alpha 1) (Wii Application)

Seems Bushing, Tmbinc and Segher did it! The Wii is finally exploited.

As I (Kojote) know tmbinc from various demoparties in the past and he is really a talented guy, there is no doubt about it now… The Wii has been exploited!

Check the video: http://youtube.com/watch?v=zaRhyEUOk44


By with 0 comments
Wii-GC Raw Image Dumper v0.05 (Wii misc)

A new version of the first Dual Layer ISO image dumper that has been verified to work for the Nintendo Wii has been released ( http://nekokabu.s7.xrea.com/blog/2008/02/post_34.html ). Using Wii/GC Raw Image Dumper Ver.0.05 you can dump the “second” layer of dual layer Nintendo Wii discs and with a little work join them with the first layer to produce a working backup.

Thanks to brakken / http://www.tehskeen.com for the news.


By with 0 comments
Its all about money – Wiili.org (Wii misc)

Here is another brandnew article from brakken:

Wiili.org is generally known for its attempt to gain the public’s interest in getting Linux up and running on the Nintendo Wii. They have been featured on many mainstream news site and social media sites including Digg.com. What isn’t known and should be is the fact that they site administrator is copying its content from Wiibrew.org and there is turmoil going down surrounding the situation. To sum it up – Wiili.org is feeding off of others people work for profit.

[Read the rest at it’s release page]

Not only the Wii scene is affected by such people, but I suppose generating lots of profit with others free work is a common thing in the homebrew scene. Sadly.


By with 0 comments
Wii hacked it (Wii misc)

Another fine newsitem, which you can thank brakken ( http://www.tehskeen.com ) for… :)

tmbinc has released a hughe article about how he got the Wii to run code he wants.

Read on:

After bushing had shown the first homebrew exploit, a lot of stuff has happened in the Wii-world. The exploit was based on a hole in the disc hashing&verification, but the original finder (segher) decided that he doesn’t want the bug to be published. While this caused some controversy, the reason behind this was that the hole could be patched very easily in a future firmware version, as no original function relies on it. The next goal was to find a bug which could not be patched so easily, for example a savegame exploit. Patching such game exploits is considerable harder. Of course you could patch the game code when it is loaded (like some gamecube games are fixed in compatibility mode by the “gamecube compatibility IPL”), but we could just move on to another game. We wouldn’t lose that much power if a game bug is fixed, vs. a critical system bug. I can totally understand that people are annoyed by us not doing full disclosure. Nevertheless we try our best to balance our different interests. It’s not always easy, even inside a team. Still, the rule is: If you find a bug, it’s your choice what you do with it. If you don’t like that, find your own bug.

I’ve concentrated less on the high-level things, I’m generally more interested in the system design and security architecture. So I’ve digged into the bootloader.

What we knew before was that there is a fixed block of code called “boot1?, which is supposed to be the first code executed from flash. It’s ARM (”Starlet”) code, btw, the powerpc (Broadway) is booted much later. We didn’t knew how boot1 is encrypted (rumours ranged from an LFSR-based streamcipher to AES), nor if and how it was hashed. But what we had was a program called “BC” (title id: 1-100), extracted out of a system update. We are absolutely not sure why BC does even exist (it might be used to return from GC mode to Wii mode, but why would you want to do so?), but what BC is doing matches what boot1 could be doing: Reading a bunch of sectors from flash, decrypting them, and checking a signature against a previously decoded cert chain, then jumping there. Once we re-coded the algorithm, it was clear that this in fact decrypts boot2. Encrypting a new boot2 requires signing the new hash. Now it turned out that “BC” also contains “the bug” (well, a similar one), so chances were big that boot1 also does. But flashing a new boot2 is dangerous if you have no return – there is a backup mechanism to boot another copy of boot2, but we cannot count on that for several reasons (for example, if our new boot2 code hangs, the backup would not be tried, as boot1 thinks that everything is right).

It also became clear that once we are able to execute starlet code, it will be a lot of trial&error. So what I did was to revive my old FPGA-based NAND flash emulator, which I once built for the Xbox 360. I wired the Wii’s flash pins to the FPGA. Now the Wii flash has different properties (large block, larger size, different ECC algorithm used), but I could adapt it in a matter of hours. I had to fix the RESET handling (the Wii is waiting for R/#B to go low for a short moment of time), and some minor things, but then it worked! I could boot from my FPGA instead of the original Flashrom. So I could do code changes in a matter of seconds, instead of always reprogramming the flashrom (potentially external). Because my FPGA board has “only” 512MB of RAM, I couldn’t fit the whole flash contents into the RAM. As part of the NAND emulation happens on the embedded PowerPC core in the FPGA (a Virtex 2 Pro), I just added an ethernet MAC, and used lwip to fetch the flash pages from a TCP server. That made the development cycle even easier, as I could now just modify the virtual NAND content on my PC!

[Read the rest of the article by following the link, thank you]


By with 0 comments
Nintendo Wii Repair Disc in the Wild (Wii misc)

According to http://www.tehskeen.com there is something interesting in the “wild”.

Read on:

Some more news has surfaced from #wiidev on IRC/EFNET. A member of the channel released a screen capture from the “Gay Fish” Nintendo Wii disc. This disc is used to restore Nintendo Wii consoles to their factory state and allows you to change some internal settings.

Unlike other sites that say this disc isn’t *available* it is as the person in #wiidev had to have access to it to post the screen shot. Although, I wouldn’t go asking for the disc or you’ll be banned. Maybe they should write up a BAN list for noobs (it might take up 20KB of space in a plain text file).

Source: #wiidev / IRC / EFNET

Discuss here: http://www.tehskeen.com/forums/showthread.php?t=6179


By with 0 comments
Wii Zelda Exploit (Wii misc)

There seems to be an exploit for the Wii game Zelda.

Here is a quote from brakkens site http://www.tehskeen.com :

Here is a screen shot of an error in Zelda for the Nintendo Wii. So, what’s so important about this particular error? Well, let’s compare this to the GTA Exploit for the Sony PSP. Yes, that’s right.

Bushing along with Segher have been able to modify a save game from Zelda to crash the machine and to run their own code on it. Note that you won’t even need to “mod” your Nintendo Wii to run this exploit.

Yes, that’s right – an exploit for the Nintendo Wii has been discovered and it allows you to run custom code. The method is pretty simple. Copy over a save file for Zelda, load it and the code runs. Don’t get too excited yet. They have only been able to run 4 lines of code, but this is in a days work.

Segher was the one to find the exploit and Bushing has been testing it out with the aid of the USB Gecko. The process is far from simple as once you modify a save game it requires it be to signed with 3 keys. Here’s some info from Bushing.

“Once the Wii decrypts the save game, it checks its signature. Every Wii has its own private key which is used to sign save games, and when you save a game, the Wii actually saves three bits of data:

* The encrypted save game
* The signature for the save game (using your console’s private key)
* A copy of your console’s public key, signed by Nintendo.”

Of course, the end user wouldn’t have to go through this process unless they were wanting to inject their own code into the save game, but that shouldn’t be necessary because when I asked Bushing what his goal was he answered:

“Assuming we don’t run into a wall, it should be able to lead to a homebrew loader. I hope. No promises. :)”


By with 0 comments
Wab.com taken down (Wii misc)

Seems the first Wii release didn’t make it long…

Here is a quote from the page:

WAB.COM is now the property of the United States government.
The domain and web site were surrendered to U.S. law enforcement pursuant to a federal prosecution and felony plea agreement for conspiracy to violate criminal copyright laws.

Antonio Del Santos, a.k.a “AloneTrio” pled guilty in the United States District Court for the Eastern District of Virginia on January 25, 2008, to conspiring with others to violate federal copyright laws by illegally releasing copyrighted code illegally circumvent built-in security protections and allow individuals to run “homebrew” software on game consoles, such as the Sony PSP and Nintendo Wii. Del Santos and his co-conspirators used www.wab.com as the exclusive outlet to provide copyrighted code to individuals. As a result, the WAB website is now the property of the United States government. Individuals involved in this conduct face up to five years in federal prison and a fine of $500,000 for each count charged.

Piracy is the unauthorized, willful reproduction or distribution of copyrighted material, such as software, movies, music, and games. People who distribute pirated works over the Internet via IRC, FTP sites, web sites, or file-sharing networks, and people who download or reproduce pirated works are risking criminal prosecution. Piracy is a crime even when the works are distributed over the Internet for free or where the conduct does not involve monetary gain, such as the trading of pirated products for other pirated products.

The Department of Justice and federal law enforcement will continue to investigate and prosecute individuals and groups that violate the federal criminal copyright laws at home and abroad. For more information on these and other federal anti-piracy investigations, visit www.cybercrime.gov.

In fact the whole things smells a lot. The page claimed to have ripped graphics from a PSX game, which turned out to be a homebrew one. So the ones who don’t believe should check this video here: http://www.youtube.com/watch?v=u9sedsE4cxE

Also the grammar above seems fishy. Best is to forget the “first homebrew Wii” game for now. The US eagle, basically those two logos shown on the left and right are hosted right on wab.com plus its still the 24th in the eastern part of the states. Browsing for “similar” violation texts did not succeed. This all was way too fast for someone to react proper, even for a goverment institution. Also the mentioned http://www.cybercrime.gov/index.html does not mention any case of “WAB”. I am sure they would announce their heroic success, if there would have been any. (Those are partitially results by discussing with EvilDragon/GP2x.de and reading the Maxconsole webboard).

The coder AMOS, who created the original PSX game “Wartris”, is known to me in person. He might be very amused about this :) Oh “AMOS”, greetings to Vienna ;)

A stripped down version of Wartris can be found here: http://pdroms.de/files/1510/


By with 0 comments
Page 215 of 216« First...102030...212213214215216