Posted By: wraggster
via Atomicpc
Last night, Atomic talked to Wii hacker Bushing about every conceivable aspect of Wii hacking. To make things even more incredible, the first “Hello World” program to ever to run on a Wii was executed during our discussion.
Over the next four pages you’ll find all the details you could ask for about the world’s first proper Wii hack: no mod chips required. It's powerful stuff.
We've also got some analysis and screenshots of the hack over here for you.
Enjoy!
Atomic: First off, what's your programming background?
Bushing: I've been programming since age 8 (on an Apple IIc); I spent a lot of time growing up, hacking on Linux. I did Electrical Engineering and Comp. Sci in college, and now I do software development professionally.
Atomic: What was the appeal in hacking the Wii?
Bushing: Mostly that it hadn't been done. I don't play many video games, but I saw one at my boss's house at a party this summer, and it was fun, so I bought one. And I like to hack everything I own, and it was a big flashing target because I knew that nobody had yet been able to do it.
Atomic: Is this your first gaming console hack?
Bushing: Yup. I'd done "mods" before -- installing chips, and stuff -- but this is the first original thing I've worked on.
Atomic: How did you get started on this particular hack?
Bushing: I mentioned to a co-worker that I was interested in Wii-hacking, and he introduced me to tmbinc and Costis, both of whom are already somewhat known for these things. We began talking online, trading code, and ideas.
Atomic: You mentioned some others, who is everyone in your team?
Bushing: Me, Segher, Tmbinc, and also Costis and Adhs have helped out.
Atomic: Now you’ve got your hands on a (presumably) small chunk of arbitrary code. What's its function? What can we do with it and gain from probing it?
Bushing: Well, it's not actually that small -- Nintendo includes the newest version of the system software on almost every Wii game. If you're running on an older version of the software, it will let you upgrade using the disc. So, we were able to get a (mostly) full copy of the software used to do, well, everything on the Wii.
But it was strange, because it didn't work at all when we tried to disassemble it as PowerPC code -- and then we discovered it was actually ARM code. We couldn't see this chip anywhere on the Wii board, so eventually figured out it's buried inside the graphics chip.
The graphics chip's name is "Hollywood", so one of us (segher) named it the "Starlet".
It performs all of the security for the Wii, and also controls almost all of the peripherals. It's "The Enemy".
Atomic: So how did you get at the code, and how is it being disassembled?
Bushing: I'm disassembling it using IDA Pro under VMware Fusion. tmbinc was able to use a "tweezer hack" to extract the encryption keys from the memory of his Wii, and then we were able to write software to decrypt games and firmware.