Wii Update 4.2 Tries (and Fails) To Block Homebrew

marcansoft writes "On September 28, Nintendo released a Wii update, titled 4.2. This update was targeted squarely at homebrew, performing sweeping changes throughout the system. It hardly achieved that goal, though, because just two days later a new version of the HackMii installer was released that brings full homebrew capabilities back to all Wii consoles, including unmodified consoles running 4.2. However, as part of their attempt to annoy homebrew users, Nintendo updated the lowest level updateable component of the Wii software stack: boot2 (part of the system bootloader chain). Homebrew users have been using BootMii to patch boot2 in order to gain low level system access and recovery functions (running Linux natively, fixing bricks, etc). The update hasn't hindered this, as users can simply reinstall BootMii after updating (it is compatible with the update). But there's a much bigger problem: Nintendo's boot2 update code is buggy." Read on for more details. "Boot2 had never been updated in retail consoles until now. During BootMii's development, its authors noticed that Nintendo's code had critical bugs and could sometimes permanently brick a console by writing incorrect or unchecked data to flash memory, so they decided to write their own, much safer flashing code. Now, Nintendo has pushed a boot2 update to all Wii users, and the results are what was expected: users are reporting bricks after installing 4.2 on unmodified consoles. Nintendo is currently attempting to censor posts and remove references to homebrew. It is worth noting that the new boot2 does not attempt to block anything or offer any additional protection or functionality. Its sole purpose is to simply replace current versions which may or may not have been modified with BootMii. Another interesting tidbit is that Nintendo is not believed to have any method to repair this kind of brick at a factory, short of replacing the entire motherboard."

Dear Nintendo,

[Narcocide]

Please stop making me cry.

Sincerely,
Your loyal non-modding customer.

P.S. Please spend all this time and effort addressing the cheating hackers plaguing the Mario Kart Network instead.

Re:Dear Nintendo,

We often look at the past with rose-tinted sunglasses.

When we were children, some of us grew up with Nintendo. The NES gave us incredible gameplay. We fell in love with the company.The SNES brought even more to the table. Many of us are also plagued by the Tetris theme, thanks to the Gameboy.

Unfortunately, the reality is much more bitter. Nintendo has done some pretty rotten things since the very first version of their system. Whether it was the 10NES lock-out chip, their censorship policies, their anti-competitive attitude (which landed them fines in the European Union in 2002 thanks to how they ran their business from 1991-1998), Nintendo has a long track-record of "doing evil". We only never realized it because, at the time, most of us were children and only cared about getting that next fun game.

Compared to the way things were then, all of this is unsurprising.

Two words: Virtual Console

[gmarsh]

I'll fess up. I've got a SD card in my Wii with old NES games, and I run Homebrew Channel and FCE Ultra on my Wii.

Mind you, I own most of the games (SMB games, Mega Man games, TMNT2, etc) on NES cartridges. I do have an old NES, but I just can't be arsed to drag the thing out, wire it up to my TV and spend 10 minutes wiggling cartridges until they work. And I couldn't be arsed to buy games I already own on Virtual Console so I can play them again. Even though they're only $5/game, it's a principle thing.

But not everyone has a closet full of old video game equipment to use as lame justification. And Nintendo is probably losing a good bit of money because of kids telling their friends how to exploit the Wii and install FCE Ultra so that they don't have to buy the Virtual Console games. So, I kinda understand the whole anti-homebrew thing from that direction...

How About Punkbuster Instead?

[Kartoffel]

How about some anti-cheat measures? Playing online Mario Kart is still fun, but it is less fun when there's some griefer with infinite red shells.

Re:Also why are they doing it?

[PhrostyMcByte]

I'm pretty sure they sell the Corn Syrup version in the US because we've got a huge tariff on importing sugar, not because of some sort of regional taste.

Re:They can probably recover at the repair depot

[marcansoft]

You tell me how they do that. Not software - the ROM bits have no recovery functionality. Hardware? Massive props for you if you can find any kind of JTAG or similar port on the board, because quite a few people have wasted lots of time trying and failing to do so. As far as we can tell, they preflash the NAND chips before soldering, and I'm not aware of anyone who hasn't just had their motherboard replaced after this kind of unrecoverable brick.

Here's a pinout diagram of the Hollywood with everything that's definitely not a recovery port marked. Let me know if you find any flashing/recovery functionality on the remaining pins ;)

Re:Why is that legal?

[commodore64_love]

You mean from the top.

The people sit at the top level of authority, and that power flows downward to the state government, then the continental government. By revolting the people are merely taking-back the powers/rights that were illegally stolen from them by the lower levels.

Re:Sitting on the fence

[marcansoft]

FWIW, 4.2 is reported to completely kill modchip region-free functionality. If they've done what I think they've done (started to check the region on the TMD, which is cryptographically signed), region-free via modchip is dead and won't be coming back.

Re:Also why are they doing it?

[VGPowerlord]

We used to have a huge tariff on sugar, that is. I believe it was lifted in 2006.

Coke gradually switched from sugar to corn syrup during the late 70s/early 80s. By the time New Coke came around, Coke products were made exclusively with corn syrup. Snopes has more details in its New Coke article.

Re:They can probably recover at the repair depot

[marcansoft]

I don't know about their hardware engineers, but my opinion of their software engineers has been steadily decreasing. Call me a dickhead if they want, but they fail at almost everything they do as far as system programming. Their system architecture is archaic and they've locked themselves out of many of the features and improvements that their compatitors are able to add. They tried twice to stop a certain savegame exploit and failed disastrously - yes, there were critical bugs in the anti-exploti code, as small as it is. I've disassembled a lot of their code and the list of WTFs would span hundreds of pages. Their "secure" IOS security is dismal. They implemented a homebrew crypto layer and completely screwed up the very core of RSA verification, resulting in the very first exploit to run homebrew. They appear to have never heard of things called "code reviews". They're using a scheme of forking IOS for each minor addition that makes it very difficult to maintain security fixes in the future, nevermind that older games will never get new features or improvements. Then there's the hugely botched boot2 update that this article is all about, and which they clearly didn't test well enough (I mean, come on, we can find it with a handful of Wiis and some minor testing and they can't?). They have to resort to stupid hacks like copying SD channels to NAND to play them because they never even attempted to develop an even slightly sane storage layer for IOS - access to everything goes through different APIs. The division of functionality between ARM and PPC code is chaotic: the USB stack is in IOS, the Bluetooth USB device driver is in the PPC but the Keyboard/mouse drivers are in IOS, the Bluetooth stack is in the PPC while the TCP/IP stack is in IOS, half of the SD driver is in IOS and the other half in the PPC, the NAND filesystem driver is in IOS but the FAT filesystem driver for SD is in the PPC, etc. The WiFi drivers are notoriously unreliable (Broadcom is probably to blame for that). They left in DVD-Video mode code and functionality that is what enables softmods - and when we tried to report it to them them before Wii piracy via homebrew existed, they harassed us and refused to let us speak with an engineer! Softmods, predictably, came later, when other people discovered that code.

As for their hardware engineers, they at least have horrible power management inside the Hollywood to blame for the WC24 heat issues causing GPU failures. The software guys also helped, though, by making IOS have a busy-wait idle thread. IOS uses 100% of the Starlet CPU during idle mode, while the fans are off and the system is slowly getting cooked.

Again, feel free to look for a flashing mechanism too, but our experiences and attempts, evidence from people who send in their Wiis for repair, and our generally bad opinion of Nintendo's engineers all point towards there not being one.

Re:They can probably recover at the repair depot

[marcansoft]

And again, I'm saying we've looked for JTAG all over the place and can't find it. The Wii has a gazillion test points, yet none of them seem like candidates for JTAG. There's a set of 8 cutely arranged testpoints going straight to Hollywood, but those turned out to be a debug GPIO port (I've used it to drive an LCD display and the like). Everything else is spread around the board, and we've gone and mapped almost all of the Hollywood ball-out with no success. About the only thing I'd imagine they could have pulled off to throw us off would be to spread the JTAG testpoints around the board using traces buried into the inner layers, but I doubt they're that smart.