QUOTE said:
Â
QUOTE(The_Pope @ Nov 21 2006, 04:17 AM)
Generally, hacking is done via a buffer overflow. A buffer overflow allows editing of the current memory. From what I understand, previous softmod methods have simply restarted the booting sequence while bypassing the copy check. However, until the firmware for the Wii is dumped, it is unlikely that a exploit will be found. I may investigate the theory of man in the middling Nintendos servers, too see if unsigned code is sent over. However, I believe that the code sent from Nintendo will be signed. The Wii isn't even being released here till the 7th of December, so I won't be able to Wireshark some data until then.
*
erm... not quite. buffer overflows are when it feeds to much data to a specified variable, or in this case, validity check. this isn't always the case, as we have seen with the nds nopass cards literally spoofing the actual data.
and as for whoever said the wii dvd update will be firmware based,
http://www.engadget.com/2006/11/14/nintend...bled-wii-in-07/ .
I'm not sure, but I think you're both kind of right about buffer overflows.My understanding is you feed too much data to a variable, thus overwriting the next instruction with your own command to jmp to somewhere else in the code (i.e. where you've put your own code to do whatever you want). meh, whatev, in any case it will be an interesting avenue to look into.
And i really like the idea of investigating possible networking based attacks on the Wii. Ultimately we may not find a vulnerability like we're looking for, but just knowledge of how the networking works will definitely help in eventual wii developement.
I think the man in the middle attack sounds like a very cool idea the_pope. one question though; when I think man in the middling, i think of arp cache poisoning and sniffing out the packets between the wii and the nintendo servers; is this what you were thinking too, or do you have some other way to try? Which leads to the question, does the wii use some sort of arp tables that can be modified?
but i'm sure this is much more complicated than need be since we have full access to the target wii, the router, and our man in the middle. Dosn't the wii have a wired ethernet connection? could you just run the wii to a computer, do internet connection sharing, and sniff out the traffic on the NIC the wii's connected too?
Oh yeah, and before i get ahead of myself, does anyone know if the wii uses standard tcp/ip protocol? or is it like the ds that uses some weird proprietary format?
And could anyone explain how what internet enabled functions the wii has currently? (like, downloading virtual console games, i think someone said something about wii channels...). actually, does anyone know of an article or something that explains it? i guess listing everything out would kind of be a waste of time...
haha, sorry for the abundance of questions; there's just so many tests i want to run and things i want to try... but I'll shut up for now as posing questions instead of providing answers probably isn't all that helpful... I think my friend's little brother stood in line for a wii... ha, maybe i can borrow his... ha, if not, i'll probably get anxious and pose more things to try until i get a wii of my own...