worth a read.
I’ve ranted a bit about how we need to be responsible as coders and consider the effects that releasing software will have on the community — in terms of hardware damage. I didn’t think that I had to also point out the need to consider broader, longer-term effects.
Several people have send me links to a recent release — the first pirated VC game. No, I’m not posting any links, and please don’t post any in comments — it’s easy enough to find anyway, if you really care. It’s currently the raw decrypted files, and not yet in a form suitable to be installed on a Wii, but I give that another 24 hours.
This is a direct result of Waninkoko’s release of his NAND FS Dumper. This is not the same as his “NAND Dumper” that he released a few days ago, which dumped the raw, encrypted contents of NAND to an SD card. (That’s pretty easy to do — just do some reads from /dev/flash — and is based on like 6 lines of code that I gave him. It’s also mostly harmless.)
No, this uses a exploit in the NAND FS permission system on the Wii that lets it read all of the contents of all titles on the Wii — including decrypted VC games and anything else.
For what it’s worth, this is the reason we never released any tools or code after the 24c3 hack. Segher asked that we not, in the fear that this moment would come. So, we didn’t, and sure enough it happened anyway, although it took perhaps four months longer than it would have. There is only so much we can do.
Anyway, Waninkoko’s code is almost exactly the same as some code that dhewg released months ago — the Wiifuse server. What’s the difference? Dhewg didn’t want to enable this, so he left it to the end user to provide the authentication credentials that Wiifuse uses to read the contents of the NAND. Waninkoko’s program does the same thing, but it comes with a hacked TMD that enables “root access” (more or less).
Why is this a problem? Remember what happened when Datel released their Freeloader?
Piracy is morally wrong — developers need to eat, too. However, I don’t expect this to persuade everyone, so I will also offer a more pragmatic reason. Nintendo’s primary motive in patching security holes is strictly financial — in the same way that releasing firmware patches is dangerous for us because it requires careful testing, releasing firmware patches is expensive for Nintendo because it requires careful testing on their part, too. Consequently, they will not bother to fix bugs until they cause specific, identifiable monetary loss on their part.
We saw this with IOS37, which I believe was a reaction to Datel’s Freeloader. However, Nintendo has never bothered to activate IOS37 — why? I think it’s because they were specifically trying to prevent / discourage Datel from pressing discs for US and Japanese Wiis. All of the PAL discs have already been made, and Datel has already spent all of the money they need to spend to sell those discs. At this point, they will continue to sell the discs they made because they have nothing to lose by doing so — and when IOS37 comes, they will try to deal with it however they can.
On the other hand, they have not yet spent the money to make USA and NTSC/J discs. They now know there is a very real possibility their current software will stop working on updated Wiis at some future date, so they now have to sit and wait for that “shoe to drop” before proceeding. Nintendo released IOS37 to stall Datel.
Now, Nintendo needs to keep people from copying VC games. So what will they do? They have to patch all of the things that could enable this. So, they will now go ahead and patch all of the old versions of IOS, and they will probably go ahead and patch BOOT2.
I know that Waninkoko is not a bad guy — he and I have chatted a fair bit on IRC — but I think he is reckless and does not think through the consequences of his actions.
Oh, and another thing — people keep asking me “Will there be some way to downgrade our consoles once IOS37 has been released?” I hate that question. Why?
The answer will always be “Probably, but it will require finding a security hole which Nintendo hasn’t patched.” That’s why I don’t like to answer the question — because if I start talking about all of the security holes that could be used to downgrade a Wii, then they will get patched before we have a chance to use them.
Guess what? The hole that Waninkoko is using to read VC games out of the NAND FS is the same hole that I was planning on using (first) to be able to downgrade versions of IOS. So, when it takes another few months to be able to downgrade a Wii, you can say “Thanks, Waninkoko!”