The Wii has been hacked. While we were sleeping, a team of dedicated hackers finally got the homebrew ball rolling on Nintendo’s latest console. The trick, which was perfected last night, lets anyone execute their own code by utilising a savegame hack on a modified console. There’s no reason why it won’t work on an un-modded console, it just hasn’t been tested: unsurprisingly, none of the hackers own an unmodified Wii console.
It all started about a month ago with a pair of tweezers and a heavily modified Wii. The tweezer attack involves bridging pins of the Wii’s memory module whilst in Gamecube mode in order to access chunks of isolated Wii system memory. During Gamecube mode, the Wii’s 64MB of memory is split into two chunks: a 16MB chunk is allocated for Gamecube operation. The hack, however, tricks the system into allocating the Gamecube memory over the top of the restricted Wii memory. The memory is then dumped through a controller port, and it was this data dump that made what you’re about to read possible.
Inside this data dump was Nintendo’s public key, which is used to decrypt all of Nintendo’s game releases. Then another major discovery was made: It became apparent that an undocumented processor, nicknamed ‘Starlet’ by its discoverers, is located inside the graphics chip. This processor controls the Wii’s memory, security and cryptography, as well as almost all the peripherals. With the public key and some information on how Wii cryptography works, the Wii game discs can be decrypted and their contents harvested.
The holy grail of Wii hacking is a system exploit: finding where code can be injected into the system to gain low level access. We’re not there yet, although an alternative software based exploit where you examine existing game code for vulnerabilities and inject your own code into them has been written.
For full story:
http://www.atomicmpc.com.au/article.asp ... IID=102072