Wii

Hackers Discuss Wii Security Technology, Undocumented Chip

by Carmine Red - January 8, 2009, 4:14 pm PST
Total comments: 33 Source: 25th Chaos Com. Congress

Even Wii developers didn't know of the processor's existence. The presentation also touched on DVD playback, the possibility of subscription-based services, and the motivation behind hacking.

When the hackers composing Team Twiizers worked to bypass Nintendo's security measures on the Wii, they discovered several undocumented features of the Wii hardware.

One thing that they discovered was a previously undocumented processor in Nintendo's game player. This tiny processor, dubbed "Starlet" by the team of hackers, was embedded on the Hollywood graphics chipset and was described as a "full-fledged NEC ARM system-on-a-chip." Not even licensed Wii developers knew of the chip's existence or of its role in the Wii's security scheme. Nintendo's secrecy about the existence of the processor successfully hindered attempts to hack into the Wii until its discovery.

In hacking the Wii system, Team Twiizers also came across Nintendo's ticket scheme, which lets Nintendo authenticate whether software is allowed to run on the Wii or not. They pointed out that the tickets allowed Nintendo to save costs and distribute their downloadable software through conventional networks, since it prevented users from simply copying their virtual console titles and playing them on another console. Another thing they found was that these authorization tickets had an unused time-limit functionality. This functionality may be used in Hudson's upcoming Joysound Wii karaoke software in Japan, which offers timed subscriptions to its song library instead of permanent downloads.

Since the initial discovery of these tickets, they noted that Nintendo has released patches that have done a good job in preventing the specific problem of Virtual Console piracy.

Team Twiizers also discovered that Nintendo did support DVD playback in the console, but had disabled the functionality. Thinking that leaving the functionality in was an unintentional oversight, and since their goal did not involve DVD playback, they contacted Nintendo to warn them of the issue. However, Nintendo did not respond kindly to their attempts at communication.

Towards the end of the presentation, guest speaker Michael Steil took the stage to explain his beliefs on the motivation behind hacking into consoles. He feels that almost all initial attempts at bypassing the security measures of consoles are to run homebrew software on them. However, he also acknowledged that this has the harmful side effect of being used for piracy. He concluded by saying that console manufacturers would be best protected against hacks by making their systems open to hobbyist uses while still secured against outright piracy. He pointed out that the PlayStation 3, on which Sony openly allows users to install Linux, is the only current console that has not yet been hacked.

The full session video can be found here.

Talkback

AVJanuary 09, 2009

Quote from: Kairon

One thing that they discovered was a previously undocumented processor in Nintendo's game player. This tiny processor, dubbed "Starlet" by the team of hackers, was embedded on the Hollywood graphics chipset and was described as a "full-fledged NEC ARM system-on-a-chip." Not even licensed Wii developers knew of the chip's existence or of its role in the Wii's security scheme. Nintendo's secrecy about the existence of the processor successfully hindered attempts to hack into the Wii until its discovery. 

What does this mean ? I'm not a tech person.

does that mean Wii is MORE GRAPHICAL POWERFUL than previously thought ??

Quote:

Team Twiizers also discovered that Nintendo did support DVD playback in the console, but had disabled the functionality. Thinking that leaving the functionality in was an unintentional oversight, and since their goal did not involve DVD playback, they contacted Nintendo to warn them of the issue. However, Nintendo did not respond kindly to their attempts at communication. 

So basically whenever Nintendo wants they could make a DVD playback channel and it would work without hesitation.

Very interesting developments. I usually frown upon hackers because I fear it will lead to virus's of some kind. Also I don't want to constantly update firmware because of these fools who want to play around with the system. However these hackers seem to actually have a point and found some very cool and interesting stuff.

PLEASE DISCUSS THIS NEWS IN NEXT RFN PODCAST !!

No, this has nothing to do with processing power for the games themselves. This chip acts like a security guy at the airport, asking people to empty their pockets and show their ID. Once you make it through security, the security personnel don't make you get to your destination any faster. But yeah, it sounds like Nintendo could make a DVD Video channel if they wanted.

ShyGuyJanuary 09, 2009

Between this and the R4 card banner ads, Kairon is turning NWR into alt.2600

Which ARM chip was it? An ARM9 like the DS?

AVJanuary 09, 2009

Quote from: TheYoungerPlumber

No, this has nothing to do with processing power for the games themselves. This chip acts like a security guy at the airport, asking people to empty their pockets and show their ID. Once you make it through security, the security personnel don't make you get to your destination any faster.

I'm more confused now than ever.

SladeJanuary 09, 2009

Strange about the DVD ability, considering Nintendo originally said it needed to manufacture a new version of the Wii, as the current one couldn't be updated to do so. Though they decided against this later, it sounds like Nintendo wanted us to buy a second Wii.

Quote from: Mr.

I'm more confused now than ever.

The chip is used to check whether or not software that's being run on the Wii is pirated or not.  It looks for certain information in the game code, and if it isn't there it assumes the game is pirated and doesn't run it.

DjunknownJanuary 09, 2009

Cool stuff. I hope they can get 4gb SD cards working next.

steveyJanuary 09, 2009

Quote from: Mr.

Quote from: TheYoungerPlumber

No, this has nothing to do with processing power for the games themselves. This chip acts like a security guy at the airport, asking people to empty their pockets and show their ID. Once you make it through security, the security personnel don't make you get to your destination any faster.

I'm more confused now than ever.

http://www.wiibrew.org/wiki/Starlet

Quote:

The Starlet handles at least these tasks in the Wii

    * NAND access / filesystem
    * DVD subsystem
    * Authentication (RSA, EC, SHA1, HMAC-SHA1) and encryption/decryption (AES, RSA, EC)
    * USB HCD (generic USB interface), Keyboard driver, Ethernet driver
    * WiFi (both for networking and communication with Nintendo DS devices)
    * TCP/IP and UDP
    * SD card
    * GPIO (Sensor bar, drive LED, power LED, etc)
    * Audio/Video encoder (I2C) bus

Quote from: Mr.

Quote from: Kairon

One thing that they discovered was a previously undocumented processor in Nintendo's game player. This tiny processor, dubbed "Starlet" by the team of hackers, was embedded on the Hollywood graphics chipset and was described as a "full-fledged NEC ARM system-on-a-chip." Not even licensed Wii developers knew of the chip's existence or of its role in the Wii's security scheme. Nintendo's secrecy about the existence of the processor successfully hindered attempts to hack into the Wii until its discovery. 

What does this mean ? I'm not a tech person.

does that mean Wii is MORE GRAPHICAL POWERFUL than previously thought ??

Quote:

Team Twiizers also discovered that Nintendo did support DVD playback in the console, but had disabled the functionality. Thinking that leaving the functionality in was an unintentional oversight, and since their goal did not involve DVD playback, they contacted Nintendo to warn them of the issue. However, Nintendo did not respond kindly to their attempts at communication.  

So basically whenever Nintendo wants they could make a DVD playback channel and it would work without hesitation.

Yes, that was proved when they DID release a DVD channel

Quote from: Djunknown

Cool stuff. I hope they can get 4gb SD cards working next.

They did

BrandoggJanuary 09, 2009

Yep. The Wii can support SDHC (unoffically, and not for use by retail Wii software) no problem, but Nintendo themselves are holding this functionality back.

Quote from: Brandogg

Yep. The Wii can support SDHC (unoffically, and not for use by retail Wii software) no problem, but Nintendo themselves are holding this functionality back.

But WHHHHYYYYYY?!?!??! T_T

Quote from: Kairon

Quote from: Brandogg

Yep. The Wii can support SDHC (unoffically, and not for use by retail Wii software) no problem, but Nintendo themselves are holding this functionality back.

But WHHHHYYYYYY?!?!??! T_T

My guess is it's the same reason they switched the Photo Channel from MP3 to AAC, they didn't want to pay a licensing fee.

I will never upgrade to that AAC channel. *angry*

I don't use the feature but if I did I'd like the AAC, especially now that the iTunes Store is DRM-free.

vuduJanuary 09, 2009

Quote from: Kairon

Another thing they found was that these authorization tickets had an unused time-limit functionality. This functionality may be used in Hudson's upcoming Joysound Wii karaoke software in Japan, which offers timed subscriptions to its song library instead of permanent downloads.

Quick, get Ian in here for a crazy conspiracy theory that Nintendo is going to disable all our downloaded VC games sometime in the future!

CalibanJanuary 09, 2009

I loved watching that video. So many terms I didn't understand, yet I learned two facts. The Wii is hackable, and Nintendo should be nice to these guys that are considerate enough to tell Nintendo that there was an exploit that could really be used for piracy means. The PS3 isn't (or so they say) hackable, but nobody cares because they can run any app if they so choose so even if they're not running apps with full disclosure of the PS3's specifications.

Quote from: Caliban

I loved watching that video. So many terms I didn't understand, yet I learned two facts. The Wii is hackable, and Nintendo should be nice to these guys that are considerate enough to tell Nintendo that there was an exploit that could really be used for piracy means. The PS3 isn't (or so they say) hackable, but nobody cares because they can run any app if they so choose so even if they're not running apps with full disclosure of the PS3's specifications.

That's definitely their theories on their motivations and how vendors should co-opt them so that they don't do work that has piracy applications.

However, it's also worth wondering about the business aspects. If you let people make homebrew applications on your console... they'll start doing things on your console that doesn't give you a revenue stream at all..... and let's not forget, Sony is losing money with each PS3 sold.

CalibanJanuary 09, 2009

Quote from: Kairon

If you let people make homebrew applications on your console... they'll start doing things on your console that doesn't give you a revenue stream at all.

Somewhat like the PSP. A system that sells a lot, yet its software does not, but there sure is enough homebrew and piracy to make it sell? I think that the homebrew scene is small enough to not make any impact on whether Sony makes money off of software sales. Piracy is the biggest concern, and unfortunately Sony can't even use the act of piracy as an excuse for their poor sales, not even console wise because we can't forget how many PS2s are out there of which I would say that at least 50% were bought to play burned PS2 games. Heck even Nintendo doesn't have much of a problem with homebrew as long as the homebrew scene does not distribute material that then can be used for harmful means, piracy.

MorariJanuary 10, 2009

Homebrew? Suuure...

If I wanted homebrew games, then I'd pop in my Bluetooth dongle and use my PC.

Then again, piracy is just a scapegoat that developers like to throw around. It isn't a real problem. Spending obscene sums of cash on DRM is what looses them money.

WuTangTurtleJanuary 10, 2009

funny how the ad at the bottom of this page says "Play Backup Games on Your Wii Without Voiding the Warranty"......seriously can someone tell me how Google gets this stuff up and yet nobody seems to get in trouble?

NinGurl69 *hugglesMay 11, 2010

I like this DQ Spinoff Port controller better than any Classic Controller PS2 Clone Pro.

ToruresuMay 11, 2010

Wrong thread Pro?             

NinGurl69 *hugglesMay 11, 2010

It is so the right thread.  Brought to me by the Magickal Talkback Link on the main page.

I thought that Sony just axed LINUX support in their most recent firmware update?

ToruresuMay 11, 2010

Check the date on the article.

KDR_11kMay 11, 2010

RISE FROM YOUR GRAVE!

TYP is saying that there is a guy in a blue suit inside your Wii. If you don't show him your I'd he tazers you.

Kytim89May 11, 2010

Quote from: Crimm

TYP is saying that there is a guy in a blue suit inside your Wii. If you don't show him your I'd he tazers you.


I wonder if they have naked body scanners inside the wii for scanning software?

BlackNMild2k1May 11, 2010

Mine scan for hardware

http://www.nintendoworldreport.com/forums/index.php?action=dlattach;attach=1395;type=avatar

StratosMay 12, 2010

And here I thought that yet ANOTHER hidden chip was discovered deep in the bowels of the Wii.

NinGurl69 *hugglesMay 12, 2010

Like a Dorito.

I said no such thing! The blue-suited man just tells you to burn things.

GalfordMay 14, 2010

Sounds like "Starlet" was an i/o chip.  Kinda like the PS1 processor in the PS2.

steveyMay 14, 2010

Nah, it just slows everything down, increases cost, and does nothing but give Iwata/Nintendo a false sense of security. In one of Nintendo's boneheaded decisions, they made a kill starlet and let everything pass unchecked command (Not an exploit or glitch, it's something Nintendo did intentionally!) that gives full hardware access to anything without question whether the software has the right to do so. On the upside, WiiLinux became so much easy to develop for without the chip in the middle  .

Got a news tip? Send it in!
Advertisement
Advertisement
Advertisement