Support NeoGAF

[la_briola]

Update: You can find the talk now on youtube: http://www.youtube.com/watch?v=NwKeVF-x3Og

-----------------------------

Today starts the annual Chaos Communication Congress in Hamburg Germany and fail0verflow is back again. This time for the Wii U.

The talk is primarily targeted at those who hack (or design) embedded system security, but gamers might also find it interesting. See the quoted event text below.

About a year ago Nintendo released their latest video gaming console, the Wii U. Since 2006, the Wii has led to one of the most active homebrew scenes after its security system was completely bypassed. This talk will discuss the improvements made in Wii U's architecture and explain how it was broken in less than 31 days. The talk is targeted at those who hack (or design) embedded system security, but gamers might also find it interesting.

The talk will consist of several parts. First, we will discuss the Wii U: what it is, what makes it tick, and how it compares to its predecessor, the Wii.

Next, we will cover two different approaches that we used to attack the Wii U system. The focus will be on how our results were achieved instead of on what those results are, so you can reproduce the attacks at home. Along the way we'll describe the Wii U's security architecture.

The third and final part of the talk will cover where to go from here: What is broken, what is yet to be broken, things that still have to be done to create a viable homebrew ecosystem, the balance between the effort required and the reward for users and hackers, and the potential upsides and downsides of different approaches.

Basic knowledge of embedded systems and CPU architectures is recommended for attendees, although we will try to explain required concepts as we go along.

Before and after the talk we will also be available in the hackcenter for those who would like to discuss further details or embedded security in general.

Source: http://events.ccc.de/congress/2013/Fahrplan/events/5290.html

Speakers: sven, marcan, Nicholas Allegra (comex)

The talk starts at 20:30 (GMT +1) in Saal 2.

Streams: http://streaming.media.ccc.de/wiki/

 

[test_account]

So they are releasing the method after all. I wonder if Nintendo can patch this.

 

[RaikuHebi]

It's basically the E3 of hacking. It's where they announced the PS3's software hack that negated the need for a USB device to push code to put the PS3 in a hacked state everytime.

 

[la_briola]

It's basically the E3 of hacking. It's where they announced the PS3's software hack that negated the need for a USB device to push code to put the PS3 in a hacked state everytime.

That talk was fun to watch. The Wii one was good too.

 

[BY2K]

Is it really wise to put so much exposure on this? If will only give Nintendo the chance to take note of this and patch it ASAP.

 

[Chaos]

Sounds interesting thanks for the heads up.

 

[test_account]

Is it really wise to put so much exposure on this? If will only give Nintendo the chance to take note of this and patch it ASAP.

I think Nintendo will pick up on it regardless, especially if piracy will be possible. It shall be interesting to see if Nintendo can patch this. If its possible to find the rootkeys with this method, i dont think that Nintendo can do anything, at least not with the currently sold WiiU consoles.

 

[Hasney]

Is it really wise to put so much exposure on this? If will only give Nintendo the chance to take note of this and patch it ASAP.

They're not bothered, the fail0verflow guys aren't even releasing code into the wild, just explaining it.

The Wii talk had me rolling. On the Gamcube, it was cracked when they found the password to the DVD drive to make it authenticate anything was "matshita dvd-rom" so what was it for Wii? Well, they changed it... To "MATSHITA DVD-ROM".

Nintendo probably left so many holes in that it would be difficult to patch in software again.

 

[BY2K]

I think Nintendo will pick up on it regardless, especially if piracy will be possible. It shall be interesting to see if Nintendo can patch this. If its possible to find the rootkeys with this method, i dont think that Nintendo can do anything, at least not with the currently sold WiiU consoles.

Do we know if it's the same kind of hack that was found for the PS3?

 

[July]

They're not bothered, the fail0verflow guys aren't even releasing code into the wild, just explaining it.

The Wii talk had me rolling. On the Gamcube, it was cracked when they found the password to the DVD drive to make it authenticate anything was "matshita dvd-rom" so what was it for Wii? Well, they changed it... To "MATSHITA DVD-ROM".

Nintendo probably left so many holes in that it would be difficult to patch in software again.

Wow.

 

[Uiki]

Do we know if it's the same kind of hack that was found for the PS3?

I highly doubt it.

 

[Cbajd5]

They're not bothered, the fail0verflow guys aren't even releasing code into the wild, just explaining it.

The Wii talk had me rolling. On the Gamcube, it was cracked when they found the password to the DVD drive to make it authenticate anything was "matshita dvd-rom" so what was it for Wii? Well, they changed it... To "MATSHITA DVD-ROM".

Nintendo probably left so many holes in that it would be difficult to patch in software again.

It probably would have worked if they made it "MATSHlTA DVD-ROM".

Spoiler

That's a lowercase l (L) instead of an uppercase I (i) if you can't see a difference. If you can see a difference then you're no fun.

 

[moltonasty]

jailbreaking/hacking the wii u just feels mean. with the way the console is bombing sales wise and all.

 

[BoboBrazil]

I think Nintendo will pick up on it regardless, especially if piracy will be possible. It shall be interesting to see if Nintendo can patch this. If its possible to find the rootkeys with this method, i dont think that Nintendo can do anything, at least not with the currently sold WiiU consoles.

Won't be possible to fix. They are using the same old powerpc processor tech with weak security from the Wii days. Once this is revealed it won't be able to be patched.

 

[Tenki]

So are they releasing any way to install homebrew? Could this lead to piracy (among other things)?

 

[la_briola]

So are they releasing any way to install homebrew? Could this lead to piracy (among other things)?

from the quoted text "[...] what is yet to be broken, things that still have to be done to create a viable homebrew ecosystem [...]"

 

[tinfoilhatman]

Here's my question.......how long until I can put a Wii-U disk in my PC and play N games?

 

[DeuceGamer]

I wonder what type of things the Homebrew scene could do with the GamePad. For example, would it be possible to play the Wii games on the GamePad without having to use a separate controller?

Edit: I'm speaking theoretically and not something being released tomorrow.

 

[test_account]

They're not bothered, the fail0verflow guys aren't even releasing code into the wild, just explaining it.

The Wii talk had me rolling. On the Gamcube, it was cracked when they found the password to the DVD drive to make it authenticate anything was "matshita dvd-rom" so what was it for Wii? Well, they changed it... To "MATSHITA DVD-ROM".

Nintendo probably left so many holes in that it would be difficult to patch in software again.

If they explain the method and process in detail, i guess that some others will be able to preform the same hack without having some code from them. Did fail0verflow release any code for the PS3 by the way? Unless i remember completely wrong, the PS3 was hacked very shortly after their PS3 presentation, and they didnt have any code released at that time.

Do we know if it's the same kind of hack that was found for the PS3?

No idea, but it seems to be a software hack at least (as in, no extra hardware needed (like a modchip) to use the hack).

Won't be possible to fix. They are using the same old powerpc processor tech with weak security from the Wii days. Once this is revealed it won't be able to be patched.

There are some extra security messures in the CPU this time around i think. But yeah, maybe it wont be enough to simply software patch it. It shall be interesting to see.

 

[OminoMichelin]

Here's my question.......how long until I can put a Wii-U disk in my PC and play N games?

10 to 15 years is my guess

 

[Gaogaogao]

Here's my question.......how long until I can put a Wii-U disk in my PC and play N games?

a long time

 

[RaikuHebi]

I wonder what type of things the Homebrew scene could do with the GamePad. For example, would it be possible to play the Wii games on the GamePad without having to use a separate controller?

Edit: I'm speaking theoretically and not something being released tomorrow.

Probably. Also DS games lol.

 

[tinfoilhatman]

a long time

Bummer.....think of all the additional revenue Nintendo could make if their games ran on PC via an official but "unsupported" emulator.

 

[Wrestlemania]

All I want is to use my GamePad to play PC games. That is all.

 

[scitek]

I wonder what type of things the Homebrew scene could do with the GamePad. For example, would it be possible to play the Wii games on the GamePad without having to use a separate controller?

Edit: I'm speaking theoretically and not something being released tomorrow.

I wonder if this could have any impact on the Gamepad with regards to using it on a PC. I want streaming of PC games to it like the Shield does. I wonder if it'd be possible to hack into the upcoming in-home streaming that Steam will be capable of and use that.

 

[Social]

Bummer.....think of all the additional revenue Nintendo could make if their games ran on PC via an official but "unsupported" emulator.

Almost none

 

[GulAtiCa]

As a developer, this makes me worried if this leads to piracy...

 

[OminoMichelin]

Bummer.....think of all the additional revenue Nintendo could make if their games ran on PC via an official but "unsupported" emulator.

They make more money through hardware. A lot more

 

[ambientmystic]

As a developer, this makes me worried if this leads to piracy...

I think piracy should be the least of your worries when it comes to the WiiU at the moment, albeit a justified one. I'd be more concerned about the disappointing userbase for whatever software I'd put on the console and how that'd affect my potential revenue/earnings.

Anyway, on topic, I'm greatly looking forward to this presentation, having seen what these fellas did with the Wii. Hope they go all out with the techninal details and this part in particular excites me:-

... what makes it tick, and how it compares to its predecessor, the Wii.

Hopefully we'll be able to put to rest all those darn speculations in the CPU/GPU related threads. I can't believe we still don't definitively know how the WiiU stands in relation to the PS4/XBone in terms of the numbers. Haven't seen no LINPACK comparisons either.

 

[scitek]

As a developer, this makes me worried if this leads to piracy...

Third parties aren't putting software on it, anyway.

 

[Throwaway123456789]

Bummer.....think of all the additional revenue Nintendo could make if their games ran on PC via an official but "unsupported" emulator.

They would lose millions upon millions.

 

[Hasney]

If they explain the method and process in detail, i guess that some others will be able to preform the same hack without having some code from them. Did fail0verflow release any code for the PS3 by the way? Unless i remember completely wrong, the PS3 was hacked very shortly after their PS3 presentation, and they didnt have any code released at that time.

I think the first CFW's came out after that talk, but the PS3 had already been hacked via USB dongles at that point I believe.

 

[test_account]

I think the first CFW's came out after that talk, but the PS3 had already been hacked via USB dongles at that point I believe.

That is true, i was thinking of CFW. I forgot to mention that, sorry

 

[Uiki]

Did fail0verflow release any code for the PS3 by the way? .

Geohot did.

 

[blu]

It probably would have worked if they made it "MATSHlTA DVD-ROM".

Spoiler

That's a lowercase l (L) instead of an uppercase I (i) if you can't see a difference. If you can see a difference then you're no fun.

I know you're being facetious, but just in case you weren't: that wouldn't have changed a single bit for the hack's success. It was a timing attack where they measured the time-to-response for the wrong symbols - something that would not fly in most cases, but the password check routine was implemented very naively on the drive side.

I think piracy should be the least of your worries when it comes to the WiiU at the moment, albeit a justified one. I'd be more concerned about the disappointing userbase for whatever software I'd put on the console and how that'd affect my potential revenue/earnings.

Are you suggesting no 3rd party title sells on the system?..

 

[la_briola]

I messed up. The talk starts 30 minutes earlier. 20:30 (GMT+1).

Timer is updated.

 

[Hasney]

Geohot did.

Oh you knows it

http://www.youtube.com/watch?v=9iUvuaChDEg

 

[Uiki]

Oh you knows it

http://www.youtube.com/watch?v=9iUvuaChDEg

JESUS CHRIST.

 

[Platy]

Interesting !

Love how Wii homebrew works ... some really awesome stuff there.

Also, I love how as more updated your wii firmware is, the easier it is to get homebrew working xD

Here's my question.......how long until I can put a Wii-U disk in my PC and play N games?

This has NOTHING to do with what will be discussed in the talk here.

This belongs to the Dolphin thread

 

[Hasney]

Ah, with the updated time of the presentation, I'll still be in the house. Hopefully the Wii U supports their streaming method so I can watch this

Spoiler

and see if their words magically enable homebrew on my Wii U

 

[redmetal86]

Didn't know this was happening. Thanks for the info.

 

[BumblebeeCody]

Thanks for the notice.

 

[Foffy]

Bummer.....think of all the additional revenue Nintendo could make if their games ran on PC via an official but "unsupported" emulator.

I'm not sure if this would really help them. I mean, they've been at a point where the GBA, DS, and Wii all had emulators developed enough to play a lot of their games day and date as they released. Have their sales really spiked because of that? Most of their sales are attributed to the success their platforms, not the fact they can all be played on the PC.

I'm sure some people eventually migrated to something like Dolphin a ways into the Wii's library, but I am willing to bet most of them already purchased the hardware.

 

[Cbajd5]

I know you're being facetious, but just in case you weren't: that wouldn't have changed a single bit for the hack's success. It was a timing attack where they measured the time-to-response for the wrong symbols - something that would not fly in most cases, but the password check routine was implemented very naively on the drive side.

If seeing the I/l difference was considered no fun, you are being very no fun.

It was a joke, and I thought pointing out how the joke worked would make it obvious.

I apologize for attempting to make a joke about such a serious issue.

 

[GulAtiCa]

I think piracy should be the least of your worries when it comes to the WiiU at the moment, albeit a justified one. I'd be more concerned about the disappointing userbase for whatever software I'd put on the console and how that'd affect my potential revenue/earnings.

Userbase numbers isn't as much as a concern to me currently. The activeness of the userbase will be however. I'm a small indie dev, so can only speak for myself. But the threat of the Wii U eventually being hacked and possibly leading to piracy scares me a little. The threat of someone being able to possibly steal my game is nerve wrecking. I'm sure this scares others. I know Jools of Renegade Kid has mentioned many many times that eventual piracy on any platform could them to stop making games for it.

Now, I don't need many units sold to equal a profit, as this is all on my side. But those that depend on this money to support themselves, could see themselves consider not making Wii U eShop games. I'm not talking about big 3rd party devs, I'm talking about indie devs, like Wayforward, Two Tribes, Neko Entertainment, Shin'en, etc.

Third parties aren't putting software on it, anyway.

I'm talking about myself though, as an indie wii u dev, who is about to release a game in a month or 2 for Wii U.

 

[Bulzeeb]

I'm not sure if this would really help them. I mean, they've been at a point where the GBA, DS, and Wii all had emulators developed enough to play a lot of their games day and date as they released. Have their sales really spiked because of that? Most of their sales are attributed to the success their platforms, not the fact they can all be played on the PC.

I'm sure some people eventually migrated to something like Dolphin a ways into the Wii's library, but I am willing to bet most of them already purchased the hardware.

it depends of where you live, around here if someone tells you that they are planning to use an emulator it also means they are not going to pay for anything, well, piracy is usually the number one factor people around here use to decide if they buy a console or not, I usually was told the "why do you buy your games instead of hacking/modding the console" talk, so annoying

 

[Respawn]

Is it really wise to put so much exposure on this? If will only give Nintendo the chance to take note of this and patch it ASAP.

Uhmm as they should?

 

[Village]

Uhmm as they should?

I have mixed feelings due to the variety of uses.

 

[phosphor112]

As much as I hate people take advantage of these things, I love the idea behind these hacking conventions. It teaches us so much about technology and things that we don't even know.

 

[Kokonoe]

Sweet.