Wednesday, January 30, 2008

Wii Hacking - First Stages

Finally the wii homebrew scene is more clear now, a better way to run code has been found though a game - The Legend of Zelda: Twilight Princess.

As wiki says:

This exploit takes advantage of a buffer overflow in the game "The Legend of Zelda: Twilight Princess".

Originally discussed on efnet in #wiidev then put tehsceen, "Bushing along with Segher ... [were] able to modify a saved game from Zelda to crash the [Wii] and run their own code on it".

The process requires than once you modify a save game it is signed with 3 keys!

Some info from Bushing:

"Once the Wii decrypts the save game, it checks its signature. Every Wii has its own private key which is used to sign save games, and when you save a game, the Wii actually saves three bits of data:

  • The encrypted save game
  • The signature for the save game (using your console's private key)
  • A copy of your console's public key, signed by Nintendo."

The best part is that no modchip is requited to try is out.
Try this at your own risk, theres no guarantee that something won't go wrong.
Good luck and dont brick your wii!