Wednesday, January 30, 2008

Interview with a Wii hacker

Interview with a Wii hacker

By Alex Bradner | January 29, 2008


Disassembling in the dark

Last night, Atomic talked to Wii hacker Bushing about every conceivable aspect of Wii hacking. To make things even more incredible, the first “Hello World” program to ever to run on a Wii was executed during our discussion.

Over the next four pages you’ll find all the details you could ask for about the world’s first proper Wii hack: no mod chips required. It's powerful stuff.


Atomic: First off, what's your programming background?
Bushing: I've been programming since age 8 (on an Apple IIc); I spent a lot of time growing up, hacking on Linux. I did Electrical Engineering and Comp. Sci in college, and now I do software development professionally.

Atomic: What was the appeal in hacking the Wii?
Bushing: Mostly that it hadn't been done. I don't play many video games, but I saw one at my boss's house at a party this summer, and it was fun, so I bought one. And I like to hack everything I own, and it was a big flashing target because I knew that nobody had yet been able to do it.

... check the source for the full version of the interview.

Again source is :

Wii Hacking - First Stages (P. 2)

Some more photos of the process:

Wii Hacking - First Stages

Finally the wii homebrew scene is more clear now, a better way to run code has been found though a game - The Legend of Zelda: Twilight Princess.

As wiki says:

This exploit takes advantage of a buffer overflow in the game "The Legend of Zelda: Twilight Princess".

Originally discussed on efnet in #wiidev then put tehsceen, "Bushing along with Segher ... [were] able to modify a saved game from Zelda to crash the [Wii] and run their own code on it".

The process requires than once you modify a save game it is signed with 3 keys!

Some info from Bushing:

"Once the Wii decrypts the save game, it checks its signature. Every Wii has its own private key which is used to sign save games, and when you save a game, the Wii actually saves three bits of data:

  • The encrypted save game
  • The signature for the save game (using your console's private key)
  • A copy of your console's public key, signed by Nintendo."

The best part is that no modchip is requited to try is out.
Try this at your own risk, theres no guarantee that something won't go wrong.
Good luck and dont brick your wii!