*EXCLUSIVE* Interview with the Wii Exploit Author

[brakken]

With over 87,000 viewers of the YouTube video of the 24c3 Nintendo Wii Presentation plus the countless news articles on the Internet the world now knows the Nintendo Wii has been fully exploited allowing end users to run their own code in Wii Mode.

As this is ground breaking news I sought out Brushing the presenter (the guy in the video) for an exclusive scoop on the entire experience. If you haven't already heard check out this news article to get the details about the exploit and then click on the link below to read the Interview. Enjoy!

-=[ Wii Exploit Author Interview ]=-

You Digg? Then Digg!

[brakken]

So you attended the 24c3. Can you tell me briefly what the convention is all about?

> Sure. This was my first time attending -- I went this year because it sounds like fun, and a friend of mine (mist, who was one of the Xbox 360 presenters this year, and who also presented last year on IIRC Xbox stuff) suggested I come along.

> It's one of the longest-standing hacker conferences around -- it's almost as old as I am! -- and it has a great reputation for being open and bringing together a diverse group of people to talk about neat stuff, and, well, just sit down together and hack on stuff.

Yes, it does sound like a good time. So were you invited because Mist knew of your revolutionary discovery?

> Well, I don't know that I was really "invited" -- I just went as an attendee. Mist knew that I'd been working on the Wii stuff -- and actually, he had introduced me to some of the others I worked with (such as tmbinc). It seemed like a good opportunity to meet some like-minded people, and maybe get some ideas. I brought all of my "stuff" along, hoping I might be able to show *something*, but didn't know we'd have anything ready to show.

> So, Mist and tmbinc told me they'd lend me a little bit of their talk if I wanted, and that's what ended up happening. (at the very last moment, no less!)

So you basically compared ideas and found the exploit on the spot?

> It was a bit more involved than that. I've been working with tmbinc and a few others, on and off, for a few months -- I don't want to name them until I've asked them if they want to be named -- but I certainly had a lot of help. We'd managed to decrypt a lot of the Wii data within the past month, and had been looking for a way to run homebrew code.

> We had a few different ideas for things to do, but nothing really seemed to work -- I have so many DVDs that I burned that booted half-way and then froze -- but at the last minute (maybe 30 mins before the presentation), I managed to get one that I could reproduce reliably (at least for a demo)

Talk about timing! No wonder you were so excited! Now that you've been able to run code in Wii mode what are your plans?

> Heh, yeah, I was surprised to see so many comments about that on the YouTube posting. I was pretty excited and pretty nervous, sure, and not entirely positive it would actually work. I had hoped to get a little more polish on the demo -- like putting in some greets, etc -- but I ran out of DVDs at the last minute and had to run across the street to get some more. [...]

> The solution we found is still not very clean -- we intend to release a good solution, but it's going to take some time to do it right. I mostly wanted to show a proof of concept, that it could be done, and hopefully give people some ideas that they could pursue on their own.

> The immediate next goal is getting something like SDLoad working so that I can stop killing plastic trees -- after that, it'd be neat to have, say, a Linux Channel. :)

Yeah, Linux would be a great addition to the Wii. You mentioned giving people ideas they could pursue on their own? Do you mean people in your circle or do you plan on releasing the information to the public?

> No, I meant the public as a whole. I talked about the address line hack that we'd done -- well, really, tmbinc is the one who finally pulled it off correctly -- in the hopes that others would take that and run with that. I'm not sure it's a super-hot idea for me to go around giving away all sorts of keys -- and besides, I'm hoping others will come up with easier / better ideas. I wanna learn, too!

So do you plan on releasing the information used to create the demo or wait until you have a more viable solution like you mentioned?

> Unfortunately, we're going to have to wait for a more viable solution. It's pretty hacky right now -- really, we barely pulled it off. There's so much to learn about this system (the Wii in general), since it's been one big black encrypted box until recently.

That's understandable. So you're next goal is for a SD Load Wii Edition. Do you have an estimated time frame on when this would be released and what functionality would it include?

> It's hard to say -- the time frame on this has been so wacky already. We worked for months with no progress, then would make great strides in a weekend, then get busy with Real Life (tm), etc. As far as functionality goes, it will probably be pretty basic, similar to the original SDLoad -- it will still have to use a GC mem card / SD card adapter, and it will just load .dols. [,,,[

> Much of the file formats, etc, are similar to that of the GameCube (once decrypted, or so I'm told -- I never had one to play with), so people should be able to start with that. I'm not sure what immediate advantages we'll see, though. (vs just running in GC mode)

> The things that make the Wii special -- Wiimote, WiiConnect24, channels, etc -- are all different than the GC, and as always, there's no documentation whatsoever. :)

Yes, I'm sure a lot of work will have to be done to take advantage of the Wii's extra components. I'm sure there will be a lot of activity in the Wii community now. All in all it's a great start and you've made history. Would you like to say anything else?

> Only that I'm grateful for the friends that I've made doing this -- and it's been fun, too. I'm glad I was able to play a part. Oh, and tehskeen rulez.

Thanks, I didn't know you were a visitor.

> Sure, thanks for the chat. Yup, I've been around lurking a while, just taking it all in and trying to learn. Tehskeen's always been a nice source of actual real, helpful info when I was trying to figure out how this stuff works and what other people had already tried, so that I could find a way to contribute.

Okay, take it easy and good luck with your future endeavours.

> Thanks! I'll be around :)

[volsfan91]

Awesome. Nice job securing this interview and that's got some great info inside.

I'd like to hear more about what it's going to mean to the end user in terms of ease of use. Chipping a Wii is not a viable solution for lots and lots of people, so I hope that things become very easy to spread it to the masses.

Great work Brakken, you're the best there is.

[Don Giovanni]

Thanks for taking the time to answer a lot of questions! Nice to know you're a local here at tehskeen Keep up the good work!

[wraggy]

great interview, nice to know he checks out decent scene sites too

posted over at DCEmu /Wii News too, lets hope you get this on digg mainpage, btw make sure you submit to slashdot/engadget/joystiq/wiifanboy too brakken

[Odb718]

I personally think a hacked channel will NEVER happen. Hopefully I'm completely wrong on that point. It just seems way to easy to block/detect.
Though I wouldn't mind losing the news channel for homebrew.

It's good to see tmbinc's name again. Haven't seen it around in a long time. Might be looking in the wrong spots though.

I just hope some one at nintend0 will leak a good sdk so some homebrew can be built properly.

[[michael]]

nice one!

[svenk91]

is there some way to contact you? get to you on irc or just an email you quickply make (i suggest to not use an old one because you offcourse can get a lot of spam and stupid mails).

i have some questions still

[eke-eke]

very interesting, thanks brakken !
so, tmbinc is also involved in this, history is repeating itself

[brakken]

Quote:

Originally Posted by svenk91

is there some way to contact you? get to you on irc or just an email you quickply make (i suggest to not use an old one because you offcourse can get a lot of spam and stupid mails).

i have some questions still

MSN: admin@pxn-os.com

[comex]

In case brushing is watching this thread:

This exploit is EXCELLENT... but withholding the information that you got from a month's work on the Wii makes it a bit of a sour apple. Maybe i'm just a noob-- I utterly fail at exploits for one thing-- but, I think the more public things are, the faster they are. If you would right now publish a load of useless information and speculation, I would jump on it, and would fail to produce anything interesting, but so would other people, and interesting things... would be produced.

[ssj4android]

Can you at least tell us what the keys you found are to? I was under the impression that the Wii uses asymmetric keys, thus finding the public key stored in memory doesn't allow you to execute arbitrary code. Are executables not signed by Nintendo?

[kgonepostl]

Why isn't he presenting his findings to the public? That's really disappointing and weird!

[kgonepostl]

Quote:

Originally Posted by comex

In case brushing is watching this thread:

This exploit is EXCELLENT... but withholding the information that you got from a month's work on the Wii makes it a bit of a sour apple. Maybe i'm just a noob-- I utterly fail at exploits for one thing-- but, I think the more public things are, the faster they are. If you would right now publish a load of useless information and speculation, I would jump on it, and would fail to produce anything interesting, but so would other people, and interesting things... would be produced.

Exactly my thoughts I'm like "wtf dude"!

[PaulyQ]

If I had invented something(even an exploit), the first thing I would do is to NOT release it to the public. It needs to be stable and reproducible so there is no comebacks on the team responsible for this.

Give it time, these things don;t just happen overnight, but in time it will all become a reality.

[bushing]

Quote:

Originally Posted by Don Giovanni

Thanks for taking the time to answer a lot of questions! Nice to know you're a local here at tehskeen Keep up the good work!

Thanks for the support! This seems like a good place to assign proper credit -- although I did write the code that produced the modified disc used to run the demo, and I was the one who got up there to ramble about homebrew for five minutes, I would have had nothing to present if not for the work done by my teammates -- tmbinc, Sii, Costis and adhs. (Also, thanks to Mist for letting me "borrow" his spotlight!)

Quote:

Originally Posted by comex

In case brushing is watching this thread:

This exploit is EXCELLENT... but withholding the information that you got from a month's work on the Wii makes it a bit of a sour apple. Maybe i'm just a noob-- I utterly fail at exploits for one thing-- but, I think the more public things are, the faster they are. If you would right now publish a load of useless information and speculation, I would jump on it, and would fail to produce anything interesting, but so would other people, and interesting things... would be produced.

Generally, I agree with you. Someone with more patience would probably have waited until he had a nice slideset like tmb and mist had, or at least enough sleep to speak coherently, as well as a solid story. We'd been working on this for well over a month, and I was so surprised to see it start working about 30 mins before the Xbox360 presentation that I couldn't resist the opportunity to share with an audience that was both A. familiar enough with the subject of console hacking to appreciate the significance of our little shitty ASCII-art demo, and B. saavy enough that I wouldn't later be accused of having faked the whole thing.

I'm proud of the hack, but it's not yet what I'd call "excellent". It still needs a lot of work -- it requires the use of a modified game. It requires software which is not generally available. Building the image requires a considerable amount of trial and error -- I burned through at least 40 DVDRs before getting one that worked consistently. It's also fragile, because any mistakes in preparing the image cause the entire system to freeze (on purpose), and we don't full understand each field that we need to modify.

All of these flaws can be eventually fixed -- maybe I should have waited. Oh well.

[dsbomb]

Nah, it's wonderful that you got up there and wanted to share with the world this "Eureka!" moment. People on various forums are just impatient.

Normal folks know this process will take quite some time.

[adr990]

Great! Go on with this!
So .dol files can load in wii mode already?
or only run your own code in games?
Hope that the SD load comes quick for wii (and may via just the sd card slot of wii self)(but I have a sd gecko so don't care... only sould be cool)

[Mast3r Ch13f]

Excellent interview! I have to say that Brushing's presentation really got me anxious and hopeful to see homebrew on the Wii.

[Don Giovanni]

Quote:

Originally Posted by bushing

Generally, I agree with you. Someone with more patience would probably have waited until he had a nice slideset like tmb and mist had, or at least enough sleep to speak coherently, as well as a solid story. We'd been working on this for well over a month, and I was so surprised to see it start working about 30 mins before the Xbox360 presentation that I couldn't resist the opportunity to share with an audience that was both A. familiar enough with the subject of console hacking to appreciate the significance of our little shitty ASCII-art demo, and B. saavy enough that I wouldn't later be accused of having faked the whole thing.

I'm proud of the hack, but it's not yet what I'd call "excellent". It still needs a lot of work -- it requires the use of a modified game. It requires software which is not generally available. Building the image requires a considerable amount of trial and error -- I burned through at least 40 DVDRs before getting one that worked consistently. It's also fragile, because any mistakes in preparing the image cause the entire system to freeze (on purpose), and we don't full understand each field that we need to modify.

All of these flaws can be eventually fixed -- maybe I should have waited. Oh well.

I would say you shouldn't have any second thoughts on what you did or the way you did it. You guys had a breakthrough and showed us, that was exciting for everyone. Releasing to the general public would be rather pointless as from what I assumed from what you said in your talk, and confirmed here this is still pretty sketchy and hard to execute consistently. Had you released it loads of people would have complained it didn't work for them or didn't work well enough. This was proof of concept that it can be done.

The other important thing for people to remember is that tmbinc, and costis etc have been working with Bushing on this (as he stated). Most of what has come about for the Gamecube and Wii previously resulted from their work. I am sure that the other more established homebrew coders we all know and love, will be able to get their hands on this too shortly, if they haven't already.

[kgonepostl]

Bushing, are you ever going to release the information to the public?

[tiagobs]

First of all, congratulations for bushing and the other for discovering this "exploit". It is nice to think that we will be able to do anything we want with our loved little white box!

I am mainly a Windows coder, but I would love to do some Wii programming. I am impacientely waiting for you guys to release the info and/or tools to allows us to reproduce the exploit.

I also want some advice about programming for the Wii, so I can prepare myself while I wait for the release of the exploit. The Wii programming is really similar to the GC programming? I am learning how to program using the libOGC... Is there any developers discussion group or forum about the Wii/GC homebrew? I would love to join such group...

Thanks

[SoraK05]

Warm welcome to Bushing, and many thanks to you and everyone involved in the work that has been put into this exploit.

Many of us are very excited at the prospect of running homebrew in Wii Mode, since there are a lot of things that can be done, like making GameCube games run in Wii Mode for example, or importing custom channels that could load games on a USB Hard Drive whether Homebrew, GameCube or Wii all in Wii Mode, and even MP3s and Videos, etc. among a lot of other types of homebrew.

We do recognize that some more work will be needed, and you should know that you're all supported and can take as much time as you guys need without needing to feel like constant communication of progress is needed.. I'm sure when something concrete is out, you'll definately let us know, and that's enough for us.

[the byter]

I'm pretty excited about the exploit and developments. I will eagerly look forward to future information as it is refined.

[comex]

Quote:

Originally Posted by bushing

I'm proud of the hack, but it's not yet what I'd call "excellent".

What's excellent is that a hack exists. When I got my Wii for Christmas 2006 I expected that (like what has been done with the iPhone) some exploit would be found very quickly. But then a year passed, and it seemed like homebrew would never happen!

And so I am impatient

[gorevash]

I'm glad the forum works as it should, my main source on news for consoles.

[azeazezar]

Once you get the ability to sign code, would it be possible to put homebrew on an sd-card and play it on the wii as a channel?

I think that will same a lot of plastic trees, and allow ppl without modchips to run homebrew.

[brakken]

We've made it into various Japanese News Articles

http://headlines.yahoo.co.jp/hl?a=20...00006-vgb-secu
https://www.netsecurity.ne.jp/2_10751.html

[niuus]

Great news. As long as he releases the info later in time, i really don't mind waiting whatever it takes. The contribution to the scene would be incredible. Take your time Bushing, to make a great release