Wii Update 4.2 Tries (and Fails) To Block Homebrew

marcansoft writes "On September 28, Nintendo released a Wii update, titled 4.2. This update was targeted squarely at homebrew, performing sweeping changes throughout the system. It hardly achieved that goal, though, because just two days later a new version of the HackMii installer was released that brings full homebrew capabilities back to all Wii consoles, including unmodified consoles running 4.2. However, as part of their attempt to annoy homebrew users, Nintendo updated the lowest level updateable component of the Wii software stack: boot2 (part of the system bootloader chain). Homebrew users have been using BootMii to patch boot2 in order to gain low level system access and recovery functions (running Linux natively, fixing bricks, etc). The update hasn't hindered this, as users can simply reinstall BootMii after updating (it is compatible with the update). But there's a much bigger problem: Nintendo's boot2 update code is buggy." Read on for more details. "Boot2 had never been updated in retail consoles until now. During BootMii's development, its authors noticed that Nintendo's code had critical bugs and could sometimes permanently brick a console by writing incorrect or unchecked data to flash memory, so they decided to write their own, much safer flashing code. Now, Nintendo has pushed a boot2 update to all Wii users, and the results are what was expected: users are reporting bricks after installing 4.2 on unmodified consoles. Nintendo is currently attempting to censor posts and remove references to homebrew. It is worth noting that the new boot2 does not attempt to block anything or offer any additional protection or functionality. Its sole purpose is to simply replace current versions which may or may not have been modified with BootMii. Another interesting tidbit is that Nintendo is not believed to have any method to repair this kind of brick at a factory, short of replacing the entire motherboard."

DRM

[Techmeology]

DRM DRM DRM DRM DRM DRM DRM.
This is to updates as DRM is to using stuff. It's all a big commercialistic manipulation attempt. People don't like to be manipulated. Thus it fails miserably. There's also that warm fuzzy feeling when the hacked version solves bugs too:D Bonus "learn your lesson" points if they have to replace the bricked consoles (which, under most consumer law, they should).

Dear Nintendo,

[Narcocide]

Please stop making me cry.

Sincerely,
Your loyal non-modding customer.

P.S. Please spend all this time and effort addressing the cheating hackers plaguing the Mario Kart Network instead.

Re:Dear Nintendo,

We often look at the past with rose-tinted sunglasses.

When we were children, some of us grew up with Nintendo. The NES gave us incredible gameplay. We fell in love with the company.The SNES brought even more to the table. Many of us are also plagued by the Tetris theme, thanks to the Gameboy.

Unfortunately, the reality is much more bitter. Nintendo has done some pretty rotten things since the very first version of their system. Whether it was the 10NES lock-out chip, their censorship policies, their anti-competitive attitude (which landed them fines in the European Union in 2002 thanks to how they ran their business from 1991-1998), Nintendo has a long track-record of "doing evil". We only never realized it because, at the time, most of us were children and only cared about getting that next fun game.

Compared to the way things were then, all of this is unsurprising.

Re:Dear Nintendo,

[daid303]

Note that the cheating is done trough Homebrew software. And thus blocking homebrew could help in stopping cheating a bit. But stopping homebrew is like trying to stop the sun shining, the people who are working to hack the Wii are smart and persistent. And those people don't do it for the cheats or the piracy, they just want an open platform to toy with.

Cheating in online games is always hard to beat, but the current state of the Wii is like early counterstrike and UT. The games are not build with cheat protection in mind, and thus the cheaters can run free. Times will change, but Nintendo is not known to change fast.

It's a real shame that Homebrew is being (ab)used to cheat online and to pirate games.

-Daid (writer of the Guitar Hero clone GuitarsOnFire for the Wii homebrew)

What year is this?

[Waccoon]

No checksums before flashing? Really?

Even at launch I was hearing about bricking problems. Glad to see things are improving after taking in all that cash.

Two words: Virtual Console

[gmarsh]

I'll fess up. I've got a SD card in my Wii with old NES games, and I run Homebrew Channel and FCE Ultra on my Wii.

Mind you, I own most of the games (SMB games, Mega Man games, TMNT2, etc) on NES cartridges. I do have an old NES, but I just can't be arsed to drag the thing out, wire it up to my TV and spend 10 minutes wiggling cartridges until they work. And I couldn't be arsed to buy games I already own on Virtual Console so I can play them again. Even though they're only $5/game, it's a principle thing.

But not everyone has a closet full of old video game equipment to use as lame justification. And Nintendo is probably losing a good bit of money because of kids telling their friends how to exploit the Wii and install FCE Ultra so that they don't have to buy the Virtual Console games. So, I kinda understand the whole anti-homebrew thing from that direction...

How About Punkbuster Instead?

[Kartoffel]

How about some anti-cheat measures? Playing online Mario Kart is still fun, but it is less fun when there's some griefer with infinite red shells.

Re:Also why are they doing it?

[PhrostyMcByte]

I'm pretty sure they sell the Corn Syrup version in the US because we've got a huge tariff on importing sugar, not because of some sort of regional taste.

Re:They can probably recover at the repair depot

[marcansoft]

You tell me how they do that. Not software - the ROM bits have no recovery functionality. Hardware? Massive props for you if you can find any kind of JTAG or similar port on the board, because quite a few people have wasted lots of time trying and failing to do so. As far as we can tell, they preflash the NAND chips before soldering, and I'm not aware of anyone who hasn't just had their motherboard replaced after this kind of unrecoverable brick.

Here's a pinout diagram of the Hollywood with everything that's definitely not a recovery port marked. Let me know if you find any flashing/recovery functionality on the remaining pins ;)

Re:Why is that legal?

[commodore64_love]

You mean from the top.

The people sit at the top level of authority, and that power flows downward to the state government, then the continental government. By revolting the people are merely taking-back the powers/rights that were illegally stolen from them by the lower levels.

Re:Sitting on the fence

[Gramie2]

About the region locking: I used to live in Japan, and my kids have many Japanese games for the Wii. Now that we live in Canada, we were faced with not being able to play any games sold here. I got a chip that makes the Wii region-free, but to make Rock Band work, I had to replace the entire OS with the North American version (it can still play Japanese games, thanks to the chip).

We've never played games that we haven't bought or rented, so the only effect of trying to kill homebrew, to us, is to potentially destroy our machine (no, we haven't upgraded to 4.2).

Thanks, Nintendo.

Re:Sitting on the fence

[marcansoft]

FWIW, 4.2 is reported to completely kill modchip region-free functionality. If they've done what I think they've done (started to check the region on the TMD, which is cryptographically signed), region-free via modchip is dead and won't be coming back.

Re:Why is that legal?

[bleh-of-the-huns]

The problem is, the law does not say you cannot mess with your electronics, the law says you cannot bypass security measures in place that protect the intellectual property of the item you are messing with.

That said, I agree the law is stupid, vague, and consistently abused to stifle innovation and peoples rights, but currently, it is the law, and while I would love for it to be repealed, the odds of that ever happening are very very slim.

Re:Also why are they doing it?

[VGPowerlord]

We used to have a huge tariff on sugar, that is. I believe it was lifted in 2006.

Coke gradually switched from sugar to corn syrup during the late 70s/early 80s. By the time New Coke came around, Coke products were made exclusively with corn syrup. Snopes has more details in its New Coke article.

Re:Why is that legal?

[commodore64_love]

Actually your proposal is even dumber because you defrauded a store *in your own state* and *without the protection of Visa/Mastercard* to back you up, plus your standing *in their territory* where a security guard can grab you and drag you into a backroom for interrogation. My proposal which I did about a year ago when Sony bricked my HD Radio, and with no consequences, offers several layers of protection:

- interstate lines
- U.S. post office delivery confirmation ("Yes we returned the console")
- the law itself which states - if the consumer can provide proof-of-return, then the business must refund the money
- The credit card company

And if you used Paypal to make the credit card payment, then that's yet another layer of protection between you and the megacorp.

Re:They can probably recover at the repair depot

[marcansoft]

And what you're trying to say is...? Do you see a socket anywhere? I don't know about you, but we've never seen a repaired Wii with obvious signs of SMT reworking. Using a chip clip to program in-system is problematic and deinitely not the way the system was designed; see above reply.

Re:They can probably recover at the repair depot

[marcansoft]

I don't know about their hardware engineers, but my opinion of their software engineers has been steadily decreasing. Call me a dickhead if they want, but they fail at almost everything they do as far as system programming. Their system architecture is archaic and they've locked themselves out of many of the features and improvements that their compatitors are able to add. They tried twice to stop a certain savegame exploit and failed disastrously - yes, there were critical bugs in the anti-exploti code, as small as it is. I've disassembled a lot of their code and the list of WTFs would span hundreds of pages. Their "secure" IOS security is dismal. They implemented a homebrew crypto layer and completely screwed up the very core of RSA verification, resulting in the very first exploit to run homebrew. They appear to have never heard of things called "code reviews". They're using a scheme of forking IOS for each minor addition that makes it very difficult to maintain security fixes in the future, nevermind that older games will never get new features or improvements. Then there's the hugely botched boot2 update that this article is all about, and which they clearly didn't test well enough (I mean, come on, we can find it with a handful of Wiis and some minor testing and they can't?). They have to resort to stupid hacks like copying SD channels to NAND to play them because they never even attempted to develop an even slightly sane storage layer for IOS - access to everything goes through different APIs. The division of functionality between ARM and PPC code is chaotic: the USB stack is in IOS, the Bluetooth USB device driver is in the PPC but the Keyboard/mouse drivers are in IOS, the Bluetooth stack is in the PPC while the TCP/IP stack is in IOS, half of the SD driver is in IOS and the other half in the PPC, the NAND filesystem driver is in IOS but the FAT filesystem driver for SD is in the PPC, etc. The WiFi drivers are notoriously unreliable (Broadcom is probably to blame for that). They left in DVD-Video mode code and functionality that is what enables softmods - and when we tried to report it to them them before Wii piracy via homebrew existed, they harassed us and refused to let us speak with an engineer! Softmods, predictably, came later, when other people discovered that code.

As for their hardware engineers, they at least have horrible power management inside the Hollywood to blame for the WC24 heat issues causing GPU failures. The software guys also helped, though, by making IOS have a busy-wait idle thread. IOS uses 100% of the Starlet CPU during idle mode, while the fans are off and the system is slowly getting cooked.

Again, feel free to look for a flashing mechanism too, but our experiences and attempts, evidence from people who send in their Wiis for repair, and our generally bad opinion of Nintendo's engineers all point towards there not being one.

Re:They can probably recover at the repair depot

[marcansoft]

Good luck breaking the massive ground planes that connect every ground together.

Re:They can probably recover at the repair depot

[marcansoft]

And again, I'm saying we've looked for JTAG all over the place and can't find it. The Wii has a gazillion test points, yet none of them seem like candidates for JTAG. There's a set of 8 cutely arranged testpoints going straight to Hollywood, but those turned out to be a debug GPIO port (I've used it to drive an LCD display and the like). Everything else is spread around the board, and we've gone and mapped almost all of the Hollywood ball-out with no success. About the only thing I'd imagine they could have pulled off to throw us off would be to spread the JTAG testpoints around the board using traces buried into the inner layers, but I doubt they're that smart.

Re:Also why are they doing it?

[FireFury03]

THIS is the point of region locking. In some regions, that $50 disc is sold for the equivalent of $5. The region locking isolates each region so that shit like this can happen.

So let me get this straight - you think it's ok for vendors to prevent you importing their products in order to get them cheaper, but at the same time offshoring their workforce in order to get it cheaper?

They shouldn't be allowed to have it both ways - if a vendor wants to take advantage of the global employment market they shouldn't be allowed to restrict the global product market.