Wii Internet Connection Reverse Engineered

AlexTheBeast writes "By packet sniffing his Wi-Fi connection, this hacker has already begun to dig into the internet interactions of the new Nintendo Wii. Basically, by using Firefox and after setting the user agent correctly, anybody can easily browse many WiiShop pages including the WiiShop main page and startup manual. More advanced connections including binary and virtual console downloads are currently in the works. Come join the project."

That's what happens...

..when developers play with their Wii.

(Sorry, couldn't resist YAWJ (Yet Another Wii Joke))

Re:It's actually a very good name.

Wow.. interesting why anyone would want to think about pounded crap while drinking chocolate milk :s Yuck

Re:It's actually a very good name.

The Finns have a word for "bloody assrape"? I'm suddenly afraid to go to Finland.

Bad smell

I don't want to sniff out my wii. ;)

Re:Bad smell

well, I've been playing with my wii so much, my arm is sore

in fact, all my muscles are stiff. I'm in such bad shape, my wii makes me stiff.

Re:Bad smell

I'm in such bad shape, my wii makes me stiff.

I can't decide if this is a Soviet Russia joke in disguise...

So ... What's next

So ... what's next?

Will we be getting a news story about a Hacker who had installed the Wiis web-browser on his PC by going to http://www.opera.com/ [opera.com] ?

Re:So ... What's next

I was thinking that... Seriously today at work I sat in front of ethereal for two hours sniffing packets for regular network reports and just for general knowledge of what's going on and god knows what I saw go past. It isn't at all skillful to sniff out of a agent string and use a Firefox plugin to put in what ever you want - heck if you want to be 'uber leet' you can code your own agent string into Firefox! How awesome!

So in summery this isn't even remotely interesting. Go home script kiddies...and by home I mean digg! (Yes I do have the karma to burn.)

...Still four weeks till we get Wii's in Australia. :(

Already Locked Down

Apparently Nintendo has caught wind of this and has already set up redirects to the Wii root website from these links.

Correction

It seems that it redirects with links referred from other websites. After putting in the URL manually, I was able to view the pages. Pretty cool stuff.

Re:Correction

Given the number of consoles Nintendo must be anticipating serving those pages to, I'd expect them to be pretty much unslashdottable. A few people from slashdot? T'is but a scratch!

Roms! \o/

Once the Virtual Arcade system has been worked out, someone will put up a custom server where you can download the games for 0 points. All you'll have to do is point wii.com (or whichever A/AAA records are needed) to their server.

It seems like this system will be hacked rather easily. :/

Re:Roms! \o/

Once the Virtual Arcade system has been worked out, someone will put up a custom server where you can download the games for 0 points. All you'll have to do is point wii.com (or whichever A/AAA records are needed) to their server.

It seems like this system will be hacked rather easily. :/

Well, being that Nintendo is not stupid I suspect that ever virtual console game is signed to prevent copying; on top of that (being that each game is only usable on one particular system) it is possible that Nintendo signs the signed code for each console when you buy a game. Now, unless the system is physically cracked, I think that it is nearly impossible to break this system.

So when will the remote get hacked?

If it uses Bluetooth as it is supposed to, what is to stop the Wii remote being used on a PC or even a PS3 if you wanted to? What's the point you may ask - well it would make for useful mouse replacement for presentations, or just for couch surfing.

Squid proxy = Homebrew injection

Good news everyone!
By setting-up a squid proxy one could be able to make homebrews appear as games requiring 0 wii points before being sent to the wii, which will gladly accept it as a runnable executable!

Now we just have to reverse engineer the 'Virtual Game Console'. 100 say it will turn-out to be a Mame clone.

Can't wait till the Wii gets released in Europe. Oh my :)

Besides, we may even be able to stream a divx player using this technique.

Am I the only one who is impressed by.....

..... the fact that this doesn't look like some sort of custom solution that would be forever tied to the hardware. Instead it seems to be very "off the shelf" in nature from what I can see. I'm impressed that Nintendo would go that route. Many companies wouldn't.

Welcome to the New Console Hack-fest

Microsoft is really the only console maker that has ventured online in any substantial way. They locked down their hardware and sealed off the wild wild internet (no IE on the 360) for good reason.

I really think the Wii and/or the PS3 are going to be hacked to death. They have browsers, neither are experienced here and with Sony in particular, the whole thing seems kinda....rushed(?). I mean, with the media they are fine - people won't be burning blu-ray cheap enough soon enough. One click pirated downloads would be even worse though...it would be much easier. Given the cost & market for the PS3, a hack like this would be instant death for developer support.

Re:Welcome to the New Console Hack-fest

Yes. With potential security holes like this, I doubt it'll be long before we see some sort of crazy hack to run Linux on the PS3. Wouldn't that be great?

Re:Welcome to the New Console Hack-fest

Is this really such a terrible thing for the Wii?

Sure, some people may end up downloading pirated games instead of buying them from Nintendo, but as iTunes shows, people are perfectly willing to pay reasonable prices for things they can get free elsewhere.

And since the Wii hardware itself is actually profitable for Nintendo (as opposed to the PS3), they're still going to make money from people who buy a Wii with no intention of ever buying a legit Virtual Console game or even a real Wii game. And maybe once these hackers have a Wii they'll buy some games after all.

DNS redirection

Using DNS redirection you can get the Wii to any website you wish. Video [youtube.com]

DMCA violation...?

Isn't reverse engineering the Wii packets to figure out the proper browser user string a DMCA violation?

Re:DMCA violation...?

Isn't reverse engineering the Wii packets to figure out the proper browser user string a DMCA violation?

Depends. Reverse engineering is not a violation, but cracking encryption is.

Note I haven't ever read the DMCA, so am I am relying on what I have heard on forums and new sites.

why does this even work?

I am very surprised we are not seeing them use public key encryption here. If the wii has microsoft's public key, it can send encrypted requests which cannot be reverse engineered unless you are able to guess microsoft's private key. The way around this would be to disasemble the code on the wii. Since they are merely using packet sniffing, the traffic must not be encrypted. If someone were to have bet me if this would have been encrypted, well, I guess I would be out some money about now. Not that it's a bad thing for us, but what is microsoft thinking?? They had to know this would happen, and I can't believe they would sit idle and let it occur.

Though I suppose in a couple months we'll see a "software update" (i.e. they drop the portcullis) and that'll be the end of the tinkering without a screwdriver.

Re:why does this even work?

You appear to be under the misconception that the Wii is produced by Microsoft. It's not. It was created by Nintendo. Unlike Microsoft, they're not obsessed with encrypting everything under the sun. Why would they care if somebody figures out their network protocol?

How to setup for this (simple way)

This is for FF 1.5 (yeah lame..haven't updated yet, I assume will work for 2.0)
type
about:config
in FF Address bar
right click in window. New->String
use
general.useragent.override
for preferemce name, click ok
use
Opera/9.00 (Nintendo Wii; U; ; 1038-58; Wii Shop Channel/1.0; en)
as string value. click OK. you should now be able to hit the site without a redirect to wii.com

Reverse engineered?

!iiW

slask dotted

coralcdn copy at http://mozy.org.nyud.net:8080/wii/ [nyud.net]

Mirrors

Mirrordot Links:

This Hacker [mirrordot.com] How to view them [mirrordot.com]

The wii uses a browser to communicate. By emulating this browser with firefox, you can surf the wii shop.
1. Open Firefox
2. Install the User Agent Switcher [mozy.org]
The previous tech-recipes on the use of this tool is also killer.
3. Click Tools
4. Click User Agent Switcher
5. Click Options -> Options
6. Click User Agents
7. Click Add
8. Description: wii
9. User Agent: Opera/9.00 (Nintendo Wii; U; ; 1038-58; Wii Shop Channel/1.0; en)
10. Click OK X 2
11. Click Tools again
12. Select User Agent Switcher
13. Select wii
14. Copy and paste one of these links into firefox and visit it:

Main Channel:
http://oss.shop.wii.com/oss/common/vc/W_01.jsp?lan guage=en®ion=USA=US [wii.com]

Surf the Manual!
http://209.67.106.203/en_US/html/manual/USA/startu p.html [209.67.106.203]

My Nintendo Membership Link:
http://oss.shop.wii.com/oss/common/vc/S_02.jsp?lan guage=en [wii.com]®ion=USA=US&=init

Sonic The Hedgehog Page:
http://oss.shop.wii.com/oss/common/vc/B_05.jsp?tit leId=000100014D414845 [wii.com]

HTH, Monkeyboi (AC, I'm no karma whore...)

Where's the Opera browser download then?

It seems like they have it sort of working. When will they release it? And does this mean we won't be able to use USB keyboards and mice with the browser?

VC Question

Can you buy points directly from within the Wii, put in your credit card number and all? Or do you have to hit a store for the points cards and then redeem them on the Wii?

They'll Just Update It

They'll just update the Wii hardware so that all this will be encrypted.

Games section?

So why didn't this article get tagged for the games section? I can see that it's got enough technical detail to warrant being on the front page, but that doesn't mean it shouldn't be part of the games section as well.

You smell that?

If you're sniffing Wii packets and they smell funny, do you take it to the doctor?

Has anyone done this for XBL or Sony's PNP yet?

Serious question, I always wondered about the MS network.

Apache

The Wii shop uses Apache Tomcat/4.1, as see on it's 401 on page here:
http://oss.shop.wii.com/oss/common/vc/NaN [wii.com]

Opera lockin

Now isn't this ironic? All this time Opera changes their user agent to look like IE in order to get in sites that would otherwise block it. now we see Opera used to block everything else on Nintendo. Now aren't you glad that it is Firefox and not the closed source Opera that is gaining ground on Microsoft?

Nice hack, but...

Do you get to hear that cool music when shopping via Firefox? =)