Nintendo recently updated their old original Wii firmware, and they also more recently announced they shutting-down the 'Internet' on the old outdated Wii's, as such some of current exploits will stop working so there is need for new easy 'entry point' @Fullmetal5 has detailed out his idea of attack plan using the fact that with the recent firmware update Nintendo added a nice 'spot' for us.
Alright, so with Nintendo shutting down the E-Shop there won't be a way of getting the Internet Channel anymore which means no more FlashHax. So we need another exploit that works without sd cards and now only works with whatever default channels are installed on the Wii. So what's the attack surface for the default channels?
Well luckily for us Nintendo decided to have their EULA for the Wii be updatable, and they decided to do this by making the EULA view actually just be Opera pointed at the page "http://cfh.wapp.wii.com/eula/XXX/YY.html
". Where XXX is the country code and YY is the language. And since they get the page over http that means if we change the dns servers then we can switch the page out for whatever we want.
The actual vulnerability being exploited here will be posted soon when the write up for it is done but the name of this exploit should give you a pretty good idea. (For anyone looking for a fun exercise try figuring this exploit out yourself.)
How to setup str2hax:
- Go to the Wii's settings the under Internet select Connection Settings and choose your currently active connection.
- Select Change settings and scroll to the right until you get to Auto-Obtain DNS
- Select No then select Advanced Settings.
- Change the Primary DNS to 22.214.171.124 and the Secondary DNS to 126.96.36.199.
- Select Confirm and then Save, you will be told you must run a connection test. (Select No to the system update prompt)
If the connection test doesn't work try running it one more time and if it still fails leave a post about it. (Please make sure you have a working internet connection in the first place.)
- Back out to the Internet panel and choose User Agreements. Select Yes to the question about the Wii Shop Channel/WiiConnect24.
- You will be taken to a screen telling you to review the User Agreements for the Wii. Select Next.
If you see a pony on screen telling you to wait then you have done everything correctly. The exploit takes 1-2 minutes (1:25 is usually how long mine takes), if it takes longer than 2 minutes then it probably failed. Just turn off your Wii and start again from step 6.
After a minute or two you should be booted into the HackMii Installer. If the Wii freezes on a with a bunch of white text on it please take a LEGIBLE
picture of the screen. I can't help you if I can't read it.
Click to expand...
If you got some use out of this and want to throw @Fullmetal5 some money you can do so
. (His College is expensive, so is IDA)