Hackers have claimed to have found an exploit in the Wii U system browser which allows them to make small alterations to various assets, but believe that the security hole could enable them to make bigger changes, such as uploading custom tracks to Mario Kart 8.
The hack was announced on a 'homebrew' forum over a fortnight ago, but has come to wider attention more recently thanks to a video which shows track names and audio assets being toyed with in Nintendo's racer as well as fonts being altered in the Mii Plaza.
However, Nintendo's most recent firmware update, version 5.0, has already closed the loophole which enabled the hack.
"The bug is still in the browser, but when they added the quick boot menu in 5.0.0, it moved a bunch of code around and broke our ROP (Return Oriented Programming) chain that allows us to gain code execution," a post from the hacking group on the GBAtemp forum reads. "So it IS possible to get it working, we just need to find where the addresses are, which is difficult if you don't have any way to see (with the earlier versions we had binaries and so we could see where the code was), so it may take some time.
"This doesn't work on 5.0.0 since they changed stuff up on us, so first we'd need to port it to 5.0.0, and then our main priority is to start disassembling and looking for an exploit in the kernel which will allow us to do a lot more and allow for homebrew. As for a timeline for when this will happen, probably not anytime soon, since unless we get really lucky, it's gonna take a while to find the addresses for 5.0.0 blind and then finding an exploit in the kernel will probably be even harder, partially because it's a compiled binary and we have to go through the basic assembly which doubles and triples the work versus if we had the source.
"For the average person, this does nothing of significance other than it allows us access to basic functions that will allow us to see how the system works. We still need to port the code to 5.0.0 and find a kernel exploit which will allow us full access to the system, and then we need to understand how the system works before we do anything significant. So, we have quite a bit of work to do still."
The poster of the YouTube video has reassured watchers that the exploit isn't intended for use as a way to enable cheating or piracy, only the modding of assets like tracks or characters.
"Remember guys: We're not going to be encouraging cheating with this and won't let our work be used for it. Our goal is to make game mods; custom tracks, etc. Relax and enjoy what we come up with."
Nonetheless, other users have expressed concerns that the exploit will open the game's online modes up to cheating should the methodology be made public.
Until now, Nintendo has been pretty successful at maintaining the security of both the Wii U and 3DS with regular updates, having learned a painful lesson from the widespread piracy on the DS. The platform holder has been contacted for comment regarding the hack.