Hacking Ninty's workload

[WiiCrazy]

Ninty have a fair list of bugs at the moment to fix, this is an attempt to summarize them ...

#. Hole - Nature - Region - Status
1. Korean IOS workaround - IOS - PAL/NTSCU/NTSCJ (Reported as being fixed for NTSC-J both by wii shop update and through Metroid Other-M game update)
2. Unknown exploit used by hackmii installer - IOS - All regions - Not fixed
3. Indiana Pwnz exploit - PPC - PAL/NTSCU - Not fixed
4. SmashStack exploit - PPC - NTSCU - Not fixed
5. Yu-gi-oh exploit - PPC - PAL/NTSCU/NTSCJ - Not fixed
6. Bootmii@boot2 - PPC+IOS - PAL/NTSCU/NTSCJ - Not fixed (Latest fix was through 4.2 update by boot2v4)

 

[dn_angel000]

u 4got MarioKart PWNS!! lol

 

[WiiPower]

Ninty have a fair list of bugs at the moment to fix, this is an attempt to summarize them ...

#. Hole - Nature - Region - Status
1. Korean IOS workaround - IOS - PAL/NTSCU/NTSCJ (Reported as being fixed for NTSC-J both by wii shop update and through Metroid Other-M game update)
2. Unknown exploit used by hackmii installer - IOS - All regions - Not fixed
3. Indiana Pwnz PPC exploit - PPC - PAL/NTSCU - Not fixed
4. SmashStack PPC exploit - PPC - NTSCU - Not fixed
5. Yu-gi-oh PPC exploit - PPC - PAL/NTSCU/NTSCJ - Not fixed
6. Bootmii@boot2 - PPC+IOS - PAL/NTSCU/NTSCJ - Not fixed (Latest fix was through 4.2 update by boot2v4)

1. is already fixed on new 4.3 JAP Wiis and Metroid Other M disc update. So we can expect them for 4.4 or 5.0.
2. That might take actually some time to reverse it and then block it. But i think someone from TT said it's just the 1st of a new kind of wii exploits.
3+5. Savegame exploit, should be easy to fix
4. Maybe never fixed, i think they could even fix it with a main.dol patch. (which is something nintendo does on gamecube games...)
6. Do you expect them to install a new boot2 version on every update? There's a chance of i don't know 0.1 / 1000 Wiis to brick a Wii by this. What advantage would this actually have for nintendo if they did it?

I'm curious if they will do at least the minimal stuff with the next update, and if the next update will take again ages, and if it will add no functionality again.

 

[WiiCrazy]

u 4got MarioKart PWNS!! lol

Well it's for chipped wiis and rely on an already existing exploited game listed above. So once the game that it depends fixed then you can use it with that game. To put it another way Ninty will not do anything to fix it directly.

 

[SifJar]

Ninty need to start adding functionality to updates, as it is, people who want homebrew simply won't update officially, and will just use an unofficial Shop Channel and IOS updater tool. And "legit" users will also start to complain I reckon if Ninty keep pushing updates with no feature updates.

 

[WiiCrazy]

Ninty somewhat works asynchronously so I don't expect they cover all the holes above in the next update in one go...

Definitely the first holes to fix are #1 & #2 as they are the widest... And it seems they already fixed #1 without issuing a new system menu update.

 

[WiiPower]

Blocking the korean IOS doesn't get nintendo anything, there's cBoot2 for ever a year now, and as long as you can get BootMii IOS, cBoot2 will work. Other methods are just easier to perform or are more legal in an easy to use package + instructions. Not to mention new versions of Dop-Mii or TBR with AHBPROT.

As far as i can see they need(in my eyes from top to low priority):
- To block to run code at all to prevent new Wiis being hacked, this would require to fix all game exploits including the "unpatchable" SSBB. And then they still would be screwed when a new game exploit arrives. -> So i guess that's next to impossible for nintendo.
- With an update to remove everything that allows to run any code, and to remove any patched IOS. So that one would need to "rehack" his Wii after an update. This would require to delete or overwrite EVERYTHING that is not nintendo signed. Should be easy, it's just a big step, and they would need to warn you about this. In some countries they can't legally delete stuff from your wii. -> To me it looks doable, they might just be too afraid to do it because of legal reasons or to screw it up
- To prevent that you can install anything you want when you have your foot in the door. I mean 1. prevent that all released hackmii installers are able to install anything. and 2. check signatures of IOS and channels when loading them. With (2) the hackmii installer would be teethless, what good does a HBC to you when you can only start it from the SSBB exploit? -> This has to be doable too, it will just slowdown IOS loading and channel loading by max 1 second.

 

[giantpune]

4. Maybe never fixed, i think they could even fix it with a main.dol patch. (which is something nintendo does on gamecube games...)

they would have to build that main.dol patch into IOS. because they can patch the game all they want when it is loaded in the system menu. but you can play one of the VC trials and it causes the main.dol to be reloaded again from the disc. they would need some 1337 magic to fix it otherwise.

 

[WiiPower]

4. Maybe never fixed, i think they could even fix it with a main.dol patch. (which is something nintendo does on gamecube games...)

they would have to build that main.dol patch into IOS. because they can patch the game all they want when it is loaded in the system menu. but you can play one of the VC trials and it causes the main.dol to be reloaded again from the disc. they would need some 1337 magic to fix it otherwise.

Did i mention that they put patch code at 0x1800 on gamecube mode for such stuff? There are some professionals working for nintendo, they could do it if they really wanted to. What was the number of confirmed unique HBC installs? 200.000? Even if you assume a very low pirate rate and that only a low rate of pirates would buy 1 title for 30 bucks per year if he couldn't pirate, you still get quite a sum of money in such a calculation. Which they could use to hire somebody who writes that code.

 

[mike333]

[...] all game exploits including the "unpatchable" SSBB.

I don't know, so please tell me.
What is current status about SSBB exploit for PAL consoles?
Game was fixed or exploit waits for its day?

 

[WiiCrazy]

Blocking the korean IOS doesn't get nintendo anything, there's cBoot2 for ever a year now, and as long as you can get BootMii IOS, cBoot2 will work. Other methods are just easier to perform or are more legal in an easy to use package + instructions. Not to mention new versions of Dop-Mii or TBR with AHBPROT.

Again cboot2 is a dependent hole.. you need bootmii for that... Note that hackmii installer released 3 weeks after 4.3 update (or was it 2, dunno)

As far as i can see they need(in my eyes from top to low priority):
- To block to run code at all to prevent new Wiis being hacked, this would require to fix all game exploits including the "unpatchable" SSBB. And then they still would be screwed when a new game exploit arrives. -> So i guess that's next to impossible for nintendo.

Yeah pretty tricky, even some companies might deliberately leave holes to boost sales.

- With an update to remove everything that allows to run any code, and to remove any patched IOS. So that one would need to "rehack" his Wii after an update. This would require to delete or overwrite EVERYTHING that is not nintendo signed. Should be easy, it's just a big step, and they would need to warn you about this. In some countries they can't legally delete stuff from your wii. -> To me it looks doable, they might just be too afraid to do it because of legal reasons or to screw it up

Well actually this is what they are trying to accomplish (stub stuff) but they are always a minute late for it..

QUOTE(WiiPower @ Sep 3 2010, 12:37 AM)

- To prevent that you can install anything you want when you have your foot in the door. I mean 1. prevent that all released hackmii installers are able to install anything. and 2. check signatures of IOS and channels when loading them. With (2) the hackmii installer would be teethless, what good does a HBC to you when you can only start it from the SSBB exploit? -> This has to be doable too, it will just slowdown IOS loading and channel loading by max 1 second.

Well once you exploit IOS and then PPC then you have full control. Just that everyone will resort to pesky business of patching / downgrading.. Good to break havoc among the users though, people bricking and stuff... There is one way though by putting more serious checks at boot2 level with a new boot2 update. Like the thing they did to region changed korean wiis... Messy...

 

[drhacknslash]

they would have to build that main.dol patch into IOS. because they can patch the game all they want when it is loaded in the system menu. but you can play one of the VC trials and it causes the main.dol to be reloaded again from the disc. they would need some 1337 magic to fix it otherwise.

Totally talking off the cuff here.... I wonder if they could somehow make SSBB require an updated version of its IOS that had a built in fix for Smash Stack. Or for that matter have a system menu come bundled with a patched or fixed version of the SSBB IOS.

 

[mauifrog]

Fixing Smash Stack is easy, just stub ios36 and recall SSBB, Mario Kart and Castelvania.

 

[KiiWii]

Castelvania

????

 

[OriginalHamster]

I asume that SuperWii is closer than ever though. =)

 

[mauifrog]

Castelvania

????

http://www.gamespot.com/wii/action/castlev...ment/index.html

 

[KiiWii]

duh i know of the game, but did you not imply there is an exploit?

 

[nano351]

duh i know of the game, but did you not imply there is an exploit?

it probably uses that ios to run. If they stub it it'd break the game

 

[KiiWii]

I see.

 

[mauifrog]

Yes, it runs on ios36. Just those 3 games AFAIK. They could just stub it on ntsc-u systems.

Edit, perhaps they could just remove sd card support from ios36, then add a SSBB custom stage channel to the wii to manage the custom stages, removing the ability of the disk from loading the exploit.