News

Wii hacked it (Wii misc)
Added Jan 30, 2008, Under: Wii

Another fine newsitem, which you can thank brakken ( http://www.tehskeen.com ) for… ๐Ÿ™‚

tmbinc has released a hughe article about how he got the Wii to run code he wants.

Read on:

After bushing had shown the first homebrew exploit, a lot of stuff has happened in the Wii-world. The exploit was based on a hole in the disc hashing&verification, but the original finder (segher) decided that he doesnรขโ‚ฌโ„ขt want the bug to be published. While this caused some controversy, the reason behind this was that the hole could be patched very easily in a future firmware version, as no original function relies on it. The next goal was to find a bug which could not be patched so easily, for example a savegame exploit. Patching such game exploits is considerable harder. Of course you could patch the game code when it is loaded (like some gamecube games are fixed in compatibility mode by the รขโ‚ฌล“gamecube compatibility IPLรขโ‚ฌย), but we could just move on to another game. We wouldnรขโ‚ฌโ„ขt lose that much power if a game bug is fixed, vs. a critical system bug. I can totally understand that people are annoyed by us not doing full disclosure. Nevertheless we try our best to balance our different interests. Itรขโ‚ฌโ„ขs not always easy, even inside a team. Still, the rule is: If you find a bug, itรขโ‚ฌโ„ขs your choice what you do with it. If you donรขโ‚ฌโ„ขt like that, find your own bug.

Iรขโ‚ฌโ„ขve concentrated less on the high-level things, Iรขโ‚ฌโ„ขm generally more interested in the system design and security architecture. So Iรขโ‚ฌโ„ขve digged into the bootloader.

What we knew before was that there is a fixed block of code called รขโ‚ฌล“boot1?, which is supposed to be the first code executed from flash. Itรขโ‚ฌโ„ขs ARM (รขโ‚ฌยStarletรขโ‚ฌย) code, btw, the powerpc (Broadway) is booted much later. We didnรขโ‚ฌโ„ขt knew how boot1 is encrypted (rumours ranged from an LFSR-based streamcipher to AES), nor if and how it was hashed. But what we had was a program called รขโ‚ฌล“BCรขโ‚ฌย (title id: 1-100), extracted out of a system update. We are absolutely not sure why BC does even exist (it might be used to return from GC mode to Wii mode, but why would you want to do so?), but what BC is doing matches what boot1 could be doing: Reading a bunch of sectors from flash, decrypting them, and checking a signature against a previously decoded cert chain, then jumping there. Once we re-coded the algorithm, it was clear that this in fact decrypts boot2. Encrypting a new boot2 requires signing the new hash. Now it turned out that รขโ‚ฌล“BCรขโ‚ฌย also contains รขโ‚ฌล“the bugรขโ‚ฌย (well, a similar one), so chances were big that boot1 also does. But flashing a new boot2 is dangerous if you have no return – there is a backup mechanism to boot another copy of boot2, but we cannot count on that for several reasons (for example, if our new boot2 code hangs, the backup would not be tried, as boot1 thinks that everything is right).

It also became clear that once we are able to execute starlet code, it will be a lot of trial&error. So what I did was to revive my old FPGA-based NAND flash emulator, which I once built for the Xbox 360. I wired the Wiiรขโ‚ฌโ„ขs flash pins to the FPGA. Now the Wii flash has different properties (large block, larger size, different ECC algorithm used), but I could adapt it in a matter of hours. I had to fix the RESET handling (the Wii is waiting for R/#B to go low for a short moment of time), and some minor things, but then it worked! I could boot from my FPGA instead of the original Flashrom. So I could do code changes in a matter of seconds, instead of always reprogramming the flashrom (potentially external). Because my FPGA board has รขโ‚ฌล“onlyรขโ‚ฌย 512MB of RAM, I couldnรขโ‚ฌโ„ขt fit the whole flash contents into the RAM. As part of the NAND emulation happens on the embedded PowerPC core in the FPGA (a Virtex 2 Pro), I just added an ethernet MAC, and used lwip to fetch the flash pages from a TCP server. That made the development cycle even easier, as I could now just modify the virtual NAND content on my PC!

[Read the rest of the article by following the link, thank you]

http://debugmo.de//?p=59

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
Pandora Proof Motherboard (PSP misc)
Added Jan 30, 2008, Under: Playstation Portable

According to brakken ( http://tehskeen.com/modules.php?name=News&file=showarticle&threadid=6245 ) Dark_Alex, famous for his custom PSP Firmware M33, has discovered PSP’s not capable of creating a Pandora battery.

Read on:

Dark_Alex has discovered the TA-85 v2 motherboard which has been created with Pandora users in mind. How so? You can’t create a Pandora Battery with it. However, batteries that have already been turned into “service mode” will still work so you’ll still need a buddies older modded PSP or buy one of Datel’s batteries.

“New alarming news arrives from Dark_Alex. It seems in fact that or in circulation a new model of PSP SLIM & ARGUMENT with firmware 3,73 of factory and a new one mobo, called TA-085 v2.

This type of card mother would prevent in fact the creation of pandorizzate batteries, inhibiting therefore the access to the writing of the eeprom of the battery.
This new way will not prevent I use but it of batteries already pandorizzate, and therefore it will not prevent the possibility to install a Custom Firmware.

Al moment does not exist methods in order to go around such new system, does not remain to us that to attend ulterior developments.”

http://psp-ita.com/?module=news&id=11658&view_reply=1

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
TehSkeens New Years SkeenTest (misc)
Added Jan 30, 2008, Under: Miscellaneous

TehSkeen.com are having a sort of “guide writing competition”.

Details:

Contest Details

The details are pretty straight forward. Thanks to dCiSo’s suggestion this will be a “Guide Making Contest”. That means the best five guide authors will win. Guides? Yeah, you know – How to install this, how to run this, how to dump this, how to build this, etc … Of course the guides must be “scene modification” related. We don’t really care how to build your own giant rat trap.

Guides will be judged on their content including photography, screen-shots, layout, spelling and if they actually guide a user through a process that works. Guides must be original and can’t be copied from another site even if it’s your own work. Guides must be in MS Word, HTML or PDF format. If they are in PDF format they must not be password protected. Once you submit a guide it becomes our property, but we won’t go removing your name and credits or anything from it. You can submit as many guides are you like.

Example

Here is an example of an excellent guide ->
http://modyawii.psx-scene.com/index.php?url=pages/externalwiikey.php

Not you will help the homebrew / modification scene with your knowledge, you will also have the ability to win one of those prizes:

1st Place

Memor32 USB PS2 Memory Card
M3DS Real Nintendo DS Entertainment Unit
D2CKey Nintendo Wii Chip
$50 Gift Certificate for Extreme-Mods

2nd Place

Memor32 USB PS2 Memory Card
M3DS Real Nintendo DS Entertainment Unit
D2CKey Nintendo Wii Chip

3rd Place

Memor32 USB PS2 Memory Card
M3DS Real Nintendo DS Entertainment Unit

4th/5th Place

Memor32 USB PS2 Memory Card

Head over to theskeen.com for details!

http://www.tehskeen.com/forums/showthread.php?t=5958

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
Pointless Pacman v1 (PSP Game)
Added Jan 30, 2008, Under: Playstation Portable

Art goes game programming (kind of).

Release notes:

This is “Pointless Pacman” a 2D Pacman clone for 1.50 kernel PSPs. This version was completed within 36 hours of starting which includes time spent on non programming related activities that are required to keep the Human body functioning.

http://forums.qj.net/showthread.php?t=133888

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
iPhone Hackers IRC Channel (iPhone misc)
Added Jan 30, 2008, Under: iOS

Here are some news from Ste:

A few of us have gotten together and created a channel, on freenode, called #iphone-hackers. This is a place where devs can come and hang out with each other to exchange ideas and work together, in what we hope will be a productive environment for all.

The channel is not for general iPhone or iPod Touch questions – there is an already-established channel, ##iphone, on freenode for that.

So, developers, feel free to come join us. We welcome you.
-ste

http://blog.psmxy.org/2008/01/29/iphone-and-ipod-touch-developers-come-join-us/

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
Jewel Thief v0.25 (PSP Lua Game)
Added Jan 30, 2008, Under: Playstation Portable

Andy released an updated version of Jewel Thief. Make sure you steal all appearing jewels on the screen, before someone is catching you!

Changes:

–Can now control player with d-pad as well as analog nub
–Code overhauled: now just one, much more efficient script
–Backgrounds appear randomly
–Unlimited levels
–Gradually increasing difficulty up to level 20
–Pause function

http://forums.qj.net/f-psp-development-forum-11/t-releasejewel-thief-v025-133862.html

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
Penguin Panic (iPhone Game)
Added Jan 30, 2008, Under: iOS

jakarpinsk1 ( http://modmyifone.com/forums/showthread.php?t=27964 ) found a new game called “Penguin Panic” on NewAttiPhone.com. Based off of the game Avalanche, you are a penguin and you have to dodge the icicles. The NewAttiPhone Dev team made it so you can submit your scores to there site.

http://newattiphone.com/showthread.php?t=14

This article is over 2 years old — the linked page may have changed, moved, or been taken over since then.

By · 0 comments
  1. Pages:
  3. 1
  4. ...
  5. 2228
  6. 2229
  7. 2230
  8. 2231
  9. 2232
  10. 2233
  11. 2234
  12. ...
  13. 3094