Nintendo Wii Fanboy

Yes, it would be a disaster, but it could also cause the lowering of VC prices

Reply

I think Datel's Wii Doctor is more prone to bring emulators to the Wii than this hack would, as it'll probably be patched by the time Mario Galaxy comes around.

Reply

The Wii can already use emulators in the form of GC emulators. I got one dvd with 1000's of roms.

And I still bought a few vc titles, they're just nice to have right there.

Reply

I'd personally be more interested in possible homebrew options. I really don't mind buying games from the VC, so long as I'm able to pay. The only emulators I might use are for systems the VC doesn't even handle, like the PS1.

Reply

As far as i know, it would be perfectly possible to modify ROMS of all supported platforms to "create" homebrew

Since it is possible to copy/paste things to and from an SD Card, i would think you could mod PC ROMs of the supported platforms to the wii (although you would have to install the DRM, which could prove tricky at best)

It seems there are a lot of exploitable homebrew windows

Reply

@5: If it were as simple as wrapping the ROM with a header and some simple DRM checksum, it would be done already. Either the ROM is encrypted in storage, or the DRM process is complicated enough that brute force breaking it isn't a good option. Getting homebrew from the PC to the Wii isn't the issue.

Something like this gives the hackers a way to get a little better access to the DRM process. Since the Wii has to be able to lock the game in to that given console it has to know how to lock the game in as well. If they get access to that, viola. This assumes that the Wii console itself is some how matching the game to the console, and it isn't downloading a game that is already tied to the console by Nintendo's server. If that's the case, it's going to be really interesting to see how the Wii is hacked into running homebrew.

Reply

Your lolcats references quota has now been filled for the year. No more are necessary to win your island vacation prize. Congratulations!

Reply

I see

I was wondering about the loophole i spoke of ever since they announced non-proprietary storage devices (way before actual release). But i've never seen anyone take apart VC titles before and break down the encryption style. I mean if it was just a particularly virulent DRM program that they just added on, it wouldn't be too hard to just pull a copy/paste with a source editor

But i suppose that was just a pipe-dream, and me underestimating "piracy makes us scared of our own shadow" Nintendo

Reply

I believe I read that the VC games are hashed when they are downloaded, which is the best way to lock it to the console before it is even available to the user. Here's how to break the Wii VC games to allow ROMS:

Download both the source copy of a VC game (before it is encrypted with a hash function to lock it to a console) and the copy that is on the Wii console.

Reverse engineer the hash function and develop a program to rip the hash from a VC game that a gamer provides on SD

Then let the gamer use this hash function (specific to their console) to encrypt any ROM to match the scheme the gamer's Wii is expecting

PROFIT!

The problem is - one cannot obtain a source copy without access to Nintendo's servers and a hash function is, by definition, not reverseable. There are some tricks that could be applied here but I don't want to go into detail. These things are tricky, to see the least. To give you an idea, I have yet to see a Windows login password that can withstand a proper brute force attack for more than five minutes. A 128bit hash function could be brute forced, as was shown when MD5 was broken, but it's very difficult - MD5 was (and still is) consider by the COURTS as technically sound and "unbreakable". SHA1 hashes take more passes and are much more difficult to break.

Point is, even with the best hackers in the world working on this, there are many obstacles to work around. Nintendo put a smart system in place.

Reply

The system could be different than that, too. Nintendo could be using a standardized hash function with a combination of keys. One key could be your Wii's serial number, mac address, or friend code. Another could be the datestamp of your download. Apply all three and bam, you've got a strong hash with many pieces.

Lot's of variables makes things worse. If they were bike locks, Windows passwords would have 4 number codes and a proper hash function would have, let's say, 256!

Reply

This has nothing to do with getting emulators to run, the exploit allows for arbitrary code to be ran, whitch in this case could be none other that actionscript. Through that you might be able to crash some1's wii at most, nothing more then that. People who are interested in this sort of business allready own modchips anyway, so they can run every emulator they'd ( or should I say we'd ) want allready, so I don't think it would turn out to be that much of a disaster.

Reply

@ Mr. Kahn:

Even if it were possible( modifying pc roms ), it still wouldn't be Wii homebrew but GC homebrew. Why? Because there is no way to boot unsigned code in Wii mode yet, only in GC mode. And in GC mode, wii controller support or any other bluetooth device is turned off. Or would you also like to put some bluetooth drivers for gc in the rom ;)

Reply