Wii Homebrew Hack – No Game Discs Required

Jailbreaking hacks have come and gone for the Wii, ever changing as Nintendo tweaks their software to prevent homebrew from running. Piracy concerns aside, there is a legitimate Wii homebrew scene, and a  new, easy to use tool has been released for those looking to give it a try.

Many of the previous jailbreaks relied on bugs found within official Wii games, but there’s a new kid on the block that requires nothing more than an Internet connection and an SD card. LetterBomb is the latest jailbreaking tool, which was created by an individual named [blasty]. It seems incredibly easy to use, requiring little more than entering your Wii’s MAC address into a web form. The site generates a customized jailbreak file, which your run on your Wii via the SD card – that’s all there is to it!

If I had a Wii, I would be hesitant to enter any sort of globally-unique number that could identify my console into a random web site, but perhaps I am being overly paranoid. Either way, it would be great to see an open-source version of this tool released so that jailbreaks could be done offline, without any risk of having your MAC address recorded.

[Thanks, blurry]

50 thoughts on “Wii Homebrew Hack – No Game Discs Required

    1. From what I saw, Bannerbomb only works with System Menu versions 4.2 and older, whereas this one works with 4.3.

      I wasn’t aware of any other ‘no disc’ hacks for 4.3+ consoles.

      1. You’re right — this is the first no-disc exploit. Other savegame exploits (Indiana Pwns, Return of the Jodi, Stack Smash) were our only option until now.

        I like that installing the homebrew channel only allows homebrew — and that you aren’t immediately enabled to run warez from the go. After you install the homebrew browser, it’s super easy to download a bunch of useful apps (e.g. WiiMC) and hit the ground running!

      2. I was able to use bannerbomb on 4.3u; but I did have to downgrade the firmware in the process.

        Also you can easily brick your wii using these methods if you don’t backup the nvram and install a bootloader so you can get back if it becomes bricked.

  1. For the sake of conversation, I would challenge you to justify comment.

    Jailbreaking, according to Wikipedia, is defined as such: “Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.”

    Sounds exactly like what is being done here. Jailbreaking iOS allows you full access to the device in order to run homebrew. ___________ on the Wii allows you full access to the device in order to run homebrew.

  2. It shouldn’t hurt to try it out with randomly substituted two last bytes of the MAC address, right?

    also, not sure how Nintendo looks on MAC addresses but they are surely not globally-unique …

      1. fyi, mac addresses are almost never manufactured correctly.

        in fact, my teacher owns 2 nic cards with the exact same MAC address..(causing headaches with his network, good thing its easy to spoof)

        obviously the same manufacturer, or a knockoff posing as the brand(never heard of/seen this with nic cards)

        its possibly limited to just a few manufacturers not correctly assigning them.

      2. > Why would they be spoofed on a router in particular?

        Certain CPE devices, in my experence cable modems in my area are the worst, but a tech comes in to set things up and demands a Windows computer to do it.

        They connect the windows machine to the cable modem, issue it some (password protected) commands, and then the cable modem is locked to your PC’s MAC address.

        Want to use multiple computers? Or firewall that Windows box? Too bad, the cable modem won’t work with a different MAC on a different device.

        So routers now have the ability to spoof the MAC, so you can set it to match the Windows PC MAC that the cable modem was originally setup with.
        Then the router does some trickery so the PC with the cloned MAC will still function on your LAN and not confuse things.

        At that point the cable modem is happy, and you have a router/firewall that will then let you connect the rest of your computers to the internet.

        That’s one legit reason at least. Plenty of non-legit ones if you ponder about wifi MAC filters long enough… ;}

  3. Explain exactly what is different between this and a jailbreak. Let’s see: There’s an oppressive OS running on the device that uses crypto signatures and other methods to determine if you’re allowed to run OEM-blessed applications/games on a device and stop you from running custom homebrew. And this lets you subvert said oppressive OS to run your own code. That sounds exactly like a jailbreak on an iPhone, a root exploit on a driod, or this tool on a Wii. Can you explain the technical difference to me? Perhaps I missed something? The part that installs BootMii, HBC, etc, is the same SaveZelda utility from Team Twiizers that we’ve been fortunate to have for a long time — this mailbomb exploit is a chainloader to launch it basically but still the end result is a “jailbreak”.

    1. as much as i love the passion kid, remember this. There are two types of “experts”. Those who can, and those who just talk about it, or should I say in this case, type about it.

      P.S Your momma dont say much, does she? Well I guess That dispells the ” Women and multi-tasking ” theory anyway…….

      1. the source is going to be added to the savezelda source.
        so people will be able to do it themselves.

        though team twiizers don’t like doing this as it makes selling their work easier. see:team argon

    1. As stated already, seeing as how this is newer than Bannerbomb, it works on more modern System Menu versions. Bannerbomb hasn’t worked on current software versions in awhile.

      1. Yeah, I can confirm that bannerbomb stopped working with 4.3, but the HBC itself was only partially broken (I think it uninstalled all my extra layers of bug removal, but all I can really say is that now half my homebrew doesn’t work) It’s great to hear there’s a new exploit out there!

  4. That is a demand, not an argument. Why do you hate freedom, drew?

    Personally, I am NOW considering buying a Wii. I usually do not like closed consoles, but being able to run homebrew this way is appealing. The homebrew channel is very well done.

    All of the console makers would be wise to co-opt the homebrew community, allowing users to opt-in to the homebrew channels. Allowing end-users to make and share their own content is not in the interests of these console makers, unfortunately, but as open hardware gains momentum the console makers will be forced to relent and permit us more choice.

  5. staff meeting at nintendo:
    “piracy has run rampant on the wii, everyone is modifying their systems. so i propose a plan:
    step one:make an exploit that works on current firmware *i know what you are thinking but bare with me*
    step two: set up a site that requires them to enter the unique mac address of their wii to get the exploit
    step three: log all those mac addresses, cross reference with units sold for further analysis and possible legal action”

    1. Step 5 go back in time and force companies to write down the mac address of the device and the customer information and send it to us.

      I have 2 Wii’s and nither one at the time of sale had anything written down. they scan the barcode (that is for a Wii, not big enough to include a MAC address to those out there that know nothing about barcodes)

      SO nice try at creating FUD. too bad you did not do any research at all on it before you made it up.

      1. BUT… many of these are connected to the internet, where Nintendo could easily ‘search’ for those modded MAC addresses. Not that they could do a whole lot, but they could possibly do SOMETHING we know not what. What if they included something in 4.3 that allows them to push an update that could brick the console?

        I don’t believe they did, but it is a possibility.

      2. For many customers, they get that information, including stuff like credit card numbers, from the customers themselves. Most people tend to use real information to register for the shop channel. Especially when it comes to credit card numbers, this is also advisable as you would be commiting a crime.
        So if you think about it, austin’s comment is not that unrealistic.
        However, TT has been around for quite some time. So I believe, they can be trusted.

  6. OMG, Team Twiizers, might send me an email to my Wii, now that i have gave them my MAC address. Now I’m all for tinfoil beenies, but to what end. After years of hacking the Wii, i don’t think think they are going to turn round and brick everybody or spam their Wii’s.

    1. A MAC Address is not a Friend code. A MAC address is a (relatively) unchangeable number assigned to the networking hardware of your wii, and nintendo could very easily ban your console from their by simply checking for its MAC. In fact, I’m 85% certain this is how MS did the Modchip Live ban.

      However, Team Twiizers has had far greater opportunities, such as loading viruses into the HBC, and they never did, so I think they’re trustworthy.

      Just understand that sending an email is NOT the worst thing that could happen. Not even close.

  7. Yes it is, because it breaks the JAIL that keeps me from installing the home-brew channel.

    You seem to not understand hacking much and what the term “jailbreaking” means, that is ok, mainstream media makes people think that a term means something different than reality.

    the term jailbreaking has nothing to do with an iphone or ipad and has been in use by real hackers for quite a while now in reference to getting a unsigned app to run on a device. I jailbroke the Clarion AutoPC back in 1999 to get it to run unsigned software in the background as a service.

    1. Well, tbh, we (the iphone dev team) used the term jailbreak for the iphone, not because we were runing unsigned code, or because we were freeing the phone from a higher evil,, but because the file system was chrooted, and therefore “jailed”. The first iphone jailbreak was only rebasing the afp service on / instead of the mobile directory. Hence the term “jailbreak”.

      Nowadays, its use has drifted away from a technical point of view, to a “political”/philosophical point of view.

  8. Exactly on time, a friend asked me to help him hack his WII, we saw there was no hack for 4.3 and we were considering buying one of the games where we could exploit a bug, the day after I saw this and everything want super smoothly.

  9. You do not need to put your MAC into the website. That is just a ‘easy method’ to get you up and running quickly.

    The exploit uses the messaging system in the Wii, and the Wii uses your MAC to send messages between Wii’s and your Wii will only accept messages to it with it’s own MAC. Kind of like a mailing address, sort of in a way.

    There is absolutely NO REASON to consider it any more or less safe than any other jailbreaking method out there for anything–after all, you don’t look at the source code before you run it and they COULD be installing a backdoor into your system. So what is them having your MAC going to do to make you any less secure?

    1. Very true. Users are worried about entering a MAC address which could just be acquired by the post-exploit code anyway.
      And thanks for the info on how it works. Sounds neat. I’d like to see how these guys found this (or any other) exploit.

    1. It cannot work by sending it, it has to be on the SD card. If it worked by sending it then there would be an automated thing similar to jailbreakme.com where you could email from your Wii and get a reply with the exploit in it. That would, however, be pretty cool.

    1. I used Twilight Hack long long ago and it disappeared when Donkey Kong Country forced the 4.3u update. I used Indiana Pwns a few months ago and have HBC and other channels installed with no issues whatsoever. (and for some odd reason, the WiiMC app streams video over a SMB share with less hiccups that my PS3 does over DLNA from the same server… Maybe $0ny should stop wasting firmware release cycles on patching holes and focus on bugs that they haven’t addressed, like, ever. Such as poor buffering of streamed video content.)

  10. Thanks Matt, not only am I skeptical but sometimes, just downright snarky because this whole modern school reform movement is just repeating the errors of the past and creating a few novel ones along the way. First, just about NOeven if your we allow that your new system is working and will work in the long term, scaling it up for wider adoption will be impossible. Hurricanes 1) just aren’t that common, especially big ones that overwhelm a broken levee system and 2) are geographically constrained to subtropical to marginally extratropical locations. So, I think you’d have a really hard time imposing a charter school system outside of the southeastern US.

Leave a Reply to ewookieCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.