Close
Are you sure? Are you sure you want to report this comment? I understand, report it. Cancel

Hackers claim to have penetrated Wii U's defences

Hackers claim to have penetrated Wii U's defences

Mon 07 Jul 2014 8:27am GMT / 4:27am EDT / 1:27am PDT
Hardware

But exploit is already blocked by recent 5.0 firmware update

Hackers have claimed to have found an exploit in the Wii U system browser which allows them to make small alterations to various assets, but believe that the security hole could enable them to make bigger changes, such as uploading custom tracks to Mario Kart 8.

The hack was announced on a 'homebrew' forum over a fortnight ago, but has come to wider attention more recently thanks to a video which shows track names and audio assets being toyed with in Nintendo's racer as well as fonts being altered in the Mii Plaza.

However, Nintendo's most recent firmware update, version 5.0, has already closed the loophole which enabled the hack.

"The bug is still in the browser, but when they added the quick boot menu in 5.0.0, it moved a bunch of code around and broke our ROP (Return Oriented Programming) chain that allows us to gain code execution," a post from the hacking group on the GBAtemp forum reads. "So it IS possible to get it working, we just need to find where the addresses are, which is difficult if you don't have any way to see (with the earlier versions we had binaries and so we could see where the code was), so it may take some time.

"This doesn't work on 5.0.0 since they changed stuff up on us, so first we'd need to port it to 5.0.0, and then our main priority is to start disassembling and looking for an exploit in the kernel which will allow us to do a lot more and allow for homebrew. As for a timeline for when this will happen, probably not anytime soon, since unless we get really lucky, it's gonna take a while to find the addresses for 5.0.0 blind and then finding an exploit in the kernel will probably be even harder, partially because it's a compiled binary and we have to go through the basic assembly which doubles and triples the work versus if we had the source.

"For the average person, this does nothing of significance other than it allows us access to basic functions that will allow us to see how the system works. We still need to port the code to 5.0.0 and find a kernel exploit which will allow us full access to the system, and then we need to understand how the system works before we do anything significant. So, we have quite a bit of work to do still."

The poster of the YouTube video has reassured watchers that the exploit isn't intended for use as a way to enable cheating or piracy, only the modding of assets like tracks or characters.

"Remember guys: We're not going to be encouraging cheating with this and won't let our work be used for it. Our goal is to make game mods; custom tracks, etc. Relax and enjoy what we come up with."

Nonetheless, other users have expressed concerns that the exploit will open the game's online modes up to cheating should the methodology be made public.

Until now, Nintendo has been pretty successful at maintaining the security of both the Wii U and 3DS with regular updates, having learned a painful lesson from the widespread piracy on the DS. The platform holder has been contacted for comment regarding the hack.

19 Comments

Jeff Kleist
Writer, Marketing, Licensing

324 182 0.6
Popular Comment
"our work is not to be used for cheating and piracy, but since the stuff we have to break also enables piracy, totally not our fault"

I always find it hysterical that these "home brew" forums always claim they want to write software for these game systems, when they have a PC right in front of them with no obstacles, and that software comes under the heading of emulators, media managers for music and movie rips, cheat utilities and other similar activities.

Yes I know, one in a hundred, and I'm being generous, wants to write software. The rest are just pirates. A thousand copies of Mario Kart will be pirated for ECERY person who even starts a custom course.

I don't think I'm being pessimistic either. Who remembers what happened when PlayStation owners found out about the swap trick?

Posted:2 months ago

#1

Andrew Goodchild
Studying development

1,240 400 0.3
Popular Comment
Maybe Nintendo should respond by releasing a patch with a track editor.

Posted:2 months ago

#2

Klaus Preisinger
Freelance Writing

1,090 1,044 1.0
User created tracks are quite the step up from defeating a copyprotection flag and tinker with a few memory values. Hurray for youthful optimism.

Posted:2 months ago

#3

Daniel Hughes
Studying PhD Literary Modernism

436 496 1.1
Andrew, that's what I was thinking. For some people this is a legitimate endeavour, but as Jeff said, as soon as a system is cracked, piracy follows. If Nintendo could allow a track editor and even some light modding options for Kart 8, they'd remove some of the incentive. Of course, those interested in pirating software on the system would still attempt to find ways to do so.

Posted:2 months ago

#4

James Boulton
Tools & Tech Coder

133 170 1.3
Popular Comment
This is exactly how I got into programming a variety of consoles before I got into the games industry (albeit a long time ago). So what you've got a PC in front of you? What if you want to be programming on a console? There is a certain allure to using standard hardware and optimising the hell out of it in the knowledge it will work on every system... unlike the PC.

This sort of thing is where we get out next generation of techies from. You learn a lot from taking things apart...

Edited 1 times. Last edit by James Boulton on 7th July 2014 2:31pm

Posted:2 months ago

#5

Jeff Kleist
Writer, Marketing, Licensing

324 182 0.6
Well James, I see your poij to, but the good news is that the new generation are mini PCs, and very soon the X1 will allow you to code willy nilly on it, something I'm sure Sony will follow. Problem solved without cracking. I'm seriously curious how equipped the new systems are for patching those kind of security holes. It'll be interesting to see the response when one is inevitably cracked. Don't forget, Nintendo accidentally defeated this one, while a browser exploit should be easier to fix, what they learn for the next one probably won't be

Posted:2 months ago

#6

Christian Keichel
Journalist

671 918 1.4
Well James, I see your poij to, but the good news is that the new generation are mini PCs, and very soon the X1 will allow you to code willy nilly on it, something I'm sure Sony will follow.
It became awfully quiet about this feature and there is a reason for it, whenever any of the publishers would allow the use of the console as a development kit for a widespread public, it wouldn't take more then a week, before somebody would code an Iso launcher for the system. So I am pretty sure the XBox One can never be used as a development kit.

Edited 1 times. Last edit by Christian Keichel on 7th July 2014 10:35pm

Posted:2 months ago

#7

Andrew McFain
Journalist

14 1 0.1
I'm not sure why anyone would bother enabling piracy on the WiiU, anyway. There aren't many games available for it, as is, and if you've got the money to buy the console, in the first place, you're probably willing to throw down another hundred or two on the few games worth playing.

Posted:2 months ago

#8

Nick Wofford
Hobbyist

180 190 1.1
@Christian
That's an easy fix though for any console manufacturer. You just lock those features from people unless they request access, and require them to register the system in some way so that illegal software can be immediately traced. It's not so different from MS's original policies for the XB1.

On topic: There is always an easy solution to most illegitimate behavior; just stop the incentives. Seth Rogen (from Pineapple Express) rants about how no drug user likes dealing with drug dealers, and the same is true for most consumers in some way. Most people don't like screwing around with their system on their own, likely voiding warranties left and right. Give them a guaranteed option instead of a homebrew one, and you'll stop most people from seeking out alternative solutions.

Posted:2 months ago

#9

Paul Jace
Merchandiser

921 1,373 1.5
The poster of the YouTube video has reassured watchers that the exploit isn't intended for use as a way to enable cheating or piracy,
And yet those will stiill be the primary uses for it.

@Andrew McFain
and if you've got the money to buy the console, in the first place, you're probably willing to throw down another hundred or two on the few games worth playing
Thats not how pirates think at all. If they had $100 in their pocket and there were three Wii U games they wanted to play that only cost $20 each they would still pirate all three instead of paying for them legitly. Need more proof? Even mobile and tablet games costing 99 cents to $5 get pirated.....ALOT.

Edited 1 times. Last edit by Paul Jace on 8th July 2014 1:29am

Posted:2 months ago

#10

Shane Sweeney
Academic

365 291 0.8
Paul Jace, that's not how pirates think either. We are all pirates in one way or another I'm certain you have pirated at least television. Besides, we see it again and again, in the west pirates spend more money on media then any other non pirating demographic.

At this point piracy could even help the Wii-U platform.

Edited 1 times. Last edit by Shane Sweeney on 8th July 2014 6:24am

Posted:2 months ago

#11

Christian Keichel
Journalist

671 918 1.4
@Nick
That's an easy fix though for any console manufacturer. You just lock those features from people unless they request access, and require them to register the system in some way so that illegal software can be immediately traced. It's not so different from MS's original policies for the XB1.
This wouldn't prevent any kind of piracy. If you allow people to use the system as a Dev Kit, it means they can compile every code they want on the machine, even an Iso Loader, they downloaded from the net.
It doesn't help, when they have to register their system before doing so, because people would simply register their XBox One and download the Iso loader afterwards to start games from their external drive. Even if the XBox One is still connected to the Internet (and many console hacks on the 360 and PS3 meant you couldn't go online with you console any more), there is no way for MS to monitor every XBox One for "illegal" code, because the console is no a development kit and is expected to run "unknown" code.
The only way to prevent this is by restricting access to certain parts of the console, like Sony did with PS3 Linux, that gave no access to the main OS of the console, but even this feature was killed by Sony because of their fear it could be used for piracy (which ironically angered some people and made them look for holes in the PS3 protection, we all know where this ended).

Edited 1 times. Last edit by Christian Keichel on 8th July 2014 8:24am

Posted:2 months ago

#12

Neil Young
Programmer

296 369 1.2
Not convinced there is a case for nintendo to add a track editor to mk8. What percentage of players would actually use it? Given a key selling point is the well designed tracks, high framerate, and graphical quality, they may well prefer to retain that rather than be criticised because the game is less fun with fan made tracks.

Posted:2 months ago

#13

Paul Jace
Merchandiser

921 1,373 1.5
@Shane Sweeney--Actually thats exactly how pirates think. They want something for nothing, which is what piracy is--getting free stuff that you steal. I personally understand wanting things affordable as I am quite cheap(and I'm totally loving Microsoft's Ultimate Game Sale running all this week on Xbox Live). But I still pay for my media content, I don't steal it. Would it be nice to get everything for free? Sure but thats not how life works for the rest of us.

I also don't see how piracy could help the Wii U. The system is definitely in need of a savior(most likely a killer app) but that savior is absolutely not going to be piracy.

Edited 2 times. Last edit by Paul Jace on 9th July 2014 3:46am

Posted:2 months ago

#14

Christian Keichel
Journalist

671 918 1.4
I also don't see how piracy could help the Wii U. The system is definitely in need of a savior(most likely a killer app) but that savior is absolutely not going to be piracy
Since the PSX days the console with the most widespread piracy was also the console, that was the best selling in terms of hardware and software. It was the same on handhelds during the last generation, while hacking the PSP was extremely elaborate in it's first years, (you needed a special battery in order to do so - after the signature codes for the PSP were found on the PS3, it became easier), the flash carts for the Nintendo DS made piracy extremely easy. The same goes for the Wii, were a simple SD card was enough to softmod the console.
Both devices outsold their competition by a wide margin as the PSX and PS2 did, both were hacked very early in their life cycle unless the N64, Gamecube and XBox.
This doesn't mean whenever software can easily be pirated the system becomes is a success, just look at the Dreamcast (even if the problem of the console wasn't piracy, but more that Sega lost to much money with each console in a to short timeframe), but it clearly means, that piracy doesn't kill a console.

Edited 1 times. Last edit by Christian Keichel on 9th July 2014 6:49am

Posted:2 months ago

#15

Shane Sweeney
Academic

365 291 0.8
Once again. In the west pirates spend the most on media of any other sector. The top 20% especially spend over 300% more then honest customers. We see it again, again and again. The bigger you are a fan of media the more you want to surround yourself in it, whether borrowed, legally acquired, KickStarted or pirated.

The people who pirate the most are also going to be your cosplayers, your fan fiction writers, your viral marketing, your biggest KickStarter backers, your largest merchandise purchasers and your largest fans. The goal is to have a relationship with your audience and get them to pay for your content not to demonize them or they most certainly will.

The sheer amount of money people spend on private trackers just to even get access to some content is staggering.

Edited 2 times. Last edit by Shane Sweeney on 9th July 2014 7:01am

Posted:2 months ago

#16

Curt Sampson
Sofware Developer

596 360 0.6
I always find it hysterical that these "home brew" forums always claim they want to write software for these game systems, when they have a PC right in front of them with no obstacles...
I always find it hysterical that some people want to play video games, when they have real life right in front of them and could be doing something "real" (such as sailing or playing with a pet) or "productive" (such as writing software or helping the poor) instead.

While there are certainly quite a lot of people out there whose motivation is to get hold of a game without paying for it, even at the expense of the developer and publisher, the folks doing these sorts of hacks certainly do not fall in to that category. (After all, they have the skills to make enough money to buy plenty of games, and they probably do, in fact.) What they're driven by is the exact same thing that drives most video game players: the challenge. Hacking a console is just as much a game as Far Cry 3 or World of Tanks.

There are plenty of efforts people make that can be misused. Video games can be misused as civilian slaughter simulators to practice for another Columbine or Virginia Tech. I'm not saying that we should freely allow anybody to do anything here, but saying that people shouldn't be able to do things because others can misuse the results treads down a very dangerous path.

Anyway, regardless of where you fall on whether the bad side-effects of this activity outweigh the good of letting someone have fun the way he wants, it's important to understand what's really motivating these hackers if you want to deal well with the problems they cause. If you assume that they're out on some crusade to destroy the revenue of console manufacturers when they're not, you're very likely to do things that make the situation worse, not better.

Posted:2 months ago

#17

Andrew McFain
Journalist

14 1 0.1
Being a pirate myself, I don't see the worth in buying a console to play three games. That's where I'm coming from. I mean, if they already had the console, sure, but what the hell are they doing with it, in the first place?

Posted:A month ago

#18

Login or register to post

Take part in the GamesIndustry community

Register now