Hackers claim to have penetrated Wii U's defences

But exploit is already blocked by recent 5.0 firmware update

Hackers have claimed to have found an exploit in the Wii U system browser which allows them to make small alterations to various assets, but believe that the security hole could enable them to make bigger changes, such as uploading custom tracks to Mario Kart 8.

The hack was announced on a 'homebrew' forum over a fortnight ago, but has come to wider attention more recently thanks to a video which shows track names and audio assets being toyed with in Nintendo's racer as well as fonts being altered in the Mii Plaza.

However, Nintendo's most recent firmware update, version 5.0, has already closed the loophole which enabled the hack.

"The bug is still in the browser, but when they added the quick boot menu in 5.0.0, it moved a bunch of code around and broke our ROP (Return Oriented Programming) chain that allows us to gain code execution," a post from the hacking group on the GBAtemp forum reads. "So it IS possible to get it working, we just need to find where the addresses are, which is difficult if you don't have any way to see (with the earlier versions we had binaries and so we could see where the code was), so it may take some time.

"This doesn't work on 5.0.0 since they changed stuff up on us, so first we'd need to port it to 5.0.0, and then our main priority is to start disassembling and looking for an exploit in the kernel which will allow us to do a lot more and allow for homebrew. As for a timeline for when this will happen, probably not anytime soon, since unless we get really lucky, it's gonna take a while to find the addresses for 5.0.0 blind and then finding an exploit in the kernel will probably be even harder, partially because it's a compiled binary and we have to go through the basic assembly which doubles and triples the work versus if we had the source.

"For the average person, this does nothing of significance other than it allows us access to basic functions that will allow us to see how the system works. We still need to port the code to 5.0.0 and find a kernel exploit which will allow us full access to the system, and then we need to understand how the system works before we do anything significant. So, we have quite a bit of work to do still."

The poster of the YouTube video has reassured watchers that the exploit isn't intended for use as a way to enable cheating or piracy, only the modding of assets like tracks or characters.

"Remember guys: We're not going to be encouraging cheating with this and won't let our work be used for it. Our goal is to make game mods; custom tracks, etc. Relax and enjoy what we come up with."

Nonetheless, other users have expressed concerns that the exploit will open the game's online modes up to cheating should the methodology be made public.

Until now, Nintendo has been pretty successful at maintaining the security of both the Wii U and 3DS with regular updates, having learned a painful lesson from the widespread piracy on the DS. The platform holder has been contacted for comment regarding the hack.

More stories

Animal Crossing drives Nintendo Q1 profits up 500% to $1bn

New Horizons has sold more than 20 million units since March, Switch lifetime shipments passed 60 million units

By James Batchelor

Nintendo isn't throwing in the towel on mobile just yet

Annual report positions mobile business as a key target area in company's long-term strategy

By Rebekah Valentine

Latest comments (13)

Jeff Kleist Writer, Marketing, Licensing 6 years ago
"our work is not to be used for cheating and piracy, but since the stuff we have to break also enables piracy, totally not our fault"

I always find it hysterical that these "home brew" forums always claim they want to write software for these game systems, when they have a PC right in front of them with no obstacles, and that software comes under the heading of emulators, media managers for music and movie rips, cheat utilities and other similar activities.

Yes I know, one in a hundred, and I'm being generous, wants to write software. The rest are just pirates. A thousand copies of Mario Kart will be pirated for ECERY person who even starts a custom course.

I don't think I'm being pessimistic either. Who remembers what happened when PlayStation owners found out about the swap trick?
6Sign inorRegisterto rate and reply
Andrew Goodchild Studying development, Train2Game6 years ago
Maybe Nintendo should respond by releasing a patch with a track editor.
11Sign inorRegisterto rate and reply
Klaus Preisinger Freelance Writing 6 years ago
User created tracks are quite the step up from defeating a copyprotection flag and tinker with a few memory values. Hurray for youthful optimism.
0Sign inorRegisterto rate and reply
Show all comments (13)
Daniel Hughes Studying PhD Literary Modernism, Bangor University6 years ago
Andrew, that's what I was thinking. For some people this is a legitimate endeavour, but as Jeff said, as soon as a system is cracked, piracy follows. If Nintendo could allow a track editor and even some light modding options for Kart 8, they'd remove some of the incentive. Of course, those interested in pirating software on the system would still attempt to find ways to do so.
0Sign inorRegisterto rate and reply
James Boulton Owner, Retro HQ Ltd6 years ago
This is exactly how I got into programming a variety of consoles before I got into the games industry (albeit a long time ago). So what you've got a PC in front of you? What if you want to be programming on a console? There is a certain allure to using standard hardware and optimising the hell out of it in the knowledge it will work on every system... unlike the PC.

This sort of thing is where we get out next generation of techies from. You learn a lot from taking things apart...

Edited 1 times. Last edit by James Boulton on 7th July 2014 2:31pm

10Sign inorRegisterto rate and reply
Jeff Kleist Writer, Marketing, Licensing 6 years ago
Well James, I see your poij to, but the good news is that the new generation are mini PCs, and very soon the X1 will allow you to code willy nilly on it, something I'm sure Sony will follow. Problem solved without cracking. I'm seriously curious how equipped the new systems are for patching those kind of security holes. It'll be interesting to see the response when one is inevitably cracked. Don't forget, Nintendo accidentally defeated this one, while a browser exploit should be easier to fix, what they learn for the next one probably won't be
0Sign inorRegisterto rate and reply
Nick Wofford Hobbyist 6 years ago
That's an easy fix though for any console manufacturer. You just lock those features from people unless they request access, and require them to register the system in some way so that illegal software can be immediately traced. It's not so different from MS's original policies for the XB1.

On topic: There is always an easy solution to most illegitimate behavior; just stop the incentives. Seth Rogen (from Pineapple Express) rants about how no drug user likes dealing with drug dealers, and the same is true for most consumers in some way. Most people don't like screwing around with their system on their own, likely voiding warranties left and right. Give them a guaranteed option instead of a homebrew one, and you'll stop most people from seeking out alternative solutions.
1Sign inorRegisterto rate and reply
Paul Jace Merchandiser 6 years ago
The poster of the YouTube video has reassured watchers that the exploit isn't intended for use as a way to enable cheating or piracy,
And yet those will stiill be the primary uses for it.

@Andrew McFain
and if you've got the money to buy the console, in the first place, you're probably willing to throw down another hundred or two on the few games worth playing
Thats not how pirates think at all. If they had $100 in their pocket and there were three Wii U games they wanted to play that only cost $20 each they would still pirate all three instead of paying for them legitly. Need more proof? Even mobile and tablet games costing 99 cents to $5 get pirated.....ALOT.

Edited 1 times. Last edit by Paul Jace on 8th July 2014 1:29am

6Sign inorRegisterto rate and reply
Shane Sweeney Academic 6 years ago
Paul Jace, that's not how pirates think either. We are all pirates in one way or another I'm certain you have pirated at least television. Besides, we see it again and again, in the west pirates spend more money on media then any other non pirating demographic.

At this point piracy could even help the Wii-U platform.

Edited 1 times. Last edit by Shane Sweeney on 8th July 2014 6:24am

5Sign inorRegisterto rate and reply
Neil Young Programmer, Rebellion Developments6 years ago
Not convinced there is a case for nintendo to add a track editor to mk8. What percentage of players would actually use it? Given a key selling point is the well designed tracks, high framerate, and graphical quality, they may well prefer to retain that rather than be criticised because the game is less fun with fan made tracks.
4Sign inorRegisterto rate and reply
Paul Jace Merchandiser 6 years ago
@Shane Sweeney--Actually thats exactly how pirates think. They want something for nothing, which is what piracy is--getting free stuff that you steal. I personally understand wanting things affordable as I am quite cheap(and I'm totally loving Microsoft's Ultimate Game Sale running all this week on Xbox Live). But I still pay for my media content, I don't steal it. Would it be nice to get everything for free? Sure but thats not how life works for the rest of us.

I also don't see how piracy could help the Wii U. The system is definitely in need of a savior(most likely a killer app) but that savior is absolutely not going to be piracy.

Edited 2 times. Last edit by Paul Jace on 9th July 2014 3:46am

1Sign inorRegisterto rate and reply
Shane Sweeney Academic 6 years ago
Once again. In the west pirates spend the most on media of any other sector. The top 20% especially spend over 300% more then honest customers. We see it again, again and again. The bigger you are a fan of media the more you want to surround yourself in it, whether borrowed, legally acquired, KickStarted or pirated.

The people who pirate the most are also going to be your cosplayers, your fan fiction writers, your viral marketing, your biggest KickStarter backers, your largest merchandise purchasers and your largest fans. The goal is to have a relationship with your audience and get them to pay for your content not to demonize them or they most certainly will.

The sheer amount of money people spend on private trackers just to even get access to some content is staggering.

Edited 2 times. Last edit by Shane Sweeney on 9th July 2014 7:01am

3Sign inorRegisterto rate and reply
Curt Sampson Sofware Developer 6 years ago
I always find it hysterical that these "home brew" forums always claim they want to write software for these game systems, when they have a PC right in front of them with no obstacles...
I always find it hysterical that some people want to play video games, when they have real life right in front of them and could be doing something "real" (such as sailing or playing with a pet) or "productive" (such as writing software or helping the poor) instead.

While there are certainly quite a lot of people out there whose motivation is to get hold of a game without paying for it, even at the expense of the developer and publisher, the folks doing these sorts of hacks certainly do not fall in to that category. (After all, they have the skills to make enough money to buy plenty of games, and they probably do, in fact.) What they're driven by is the exact same thing that drives most video game players: the challenge. Hacking a console is just as much a game as Far Cry 3 or World of Tanks.

There are plenty of efforts people make that can be misused. Video games can be misused as civilian slaughter simulators to practice for another Columbine or Virginia Tech. I'm not saying that we should freely allow anybody to do anything here, but saying that people shouldn't be able to do things because others can misuse the results treads down a very dangerous path.

Anyway, regardless of where you fall on whether the bad side-effects of this activity outweigh the good of letting someone have fun the way he wants, it's important to understand what's really motivating these hackers if you want to deal well with the problems they cause. If you assume that they're out on some crusade to destroy the revenue of console manufacturers when they're not, you're very likely to do things that make the situation worse, not better.
2Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.