Wii homebrew hack – no game discs required

Jailbreaking hacks have come and gone for the Wii, ever changing as Nintendo tweaks their software to prevent homebrew from running. Piracy concerns aside, there is a legitimate Wii homebrew scene, and a  new, easy to use tool has been released for those looking to give it a try.

Many of the previous jailbreaks relied on bugs found within official Wii games, but there’s a new kid on the block that requires nothing more than an Internet connection and an SD card. LetterBomb is the latest jailbreaking tool, which was created by an individual named [blasty]. It seems incredibly easy to use, requiring little more than entering your Wii’s MAC address into a web form. The site generates a customized jailbreak file, which your run on your Wii via the SD card – that’s all there is to it!

If I had a Wii, I would be hesitant to enter any sort of globally-unique number that could identify my console into a random web site, but perhaps I am being overly paranoid. Either way, it would be great to see an open-source version of this tool released so that jailbreaks could be done offline, without any risk of having your MAC address recorded.

[Thanks, blurry]

Comments

  1. Koolguy007 says:

    I personally prefer the Bannerbomb method. Its easy to use and doesn’t require giving out ANY information.

    • Mike Nathan says:

      From what I saw, Bannerbomb only works with System Menu versions 4.2 and older, whereas this one works with 4.3.

      I wasn’t aware of any other ‘no disc’ hacks for 4.3+ consoles.

      • BLuRry says:

        You’re right — this is the first no-disc exploit. Other savegame exploits (Indiana Pwns, Return of the Jodi, Stack Smash) were our only option until now.

        I like that installing the homebrew channel only allows homebrew — and that you aren’t immediately enabled to run warez from the go. After you install the homebrew browser, it’s super easy to download a bunch of useful apps (e.g. WiiMC) and hit the ground running!

      • junkman says:

        I was able to use bannerbomb on 4.3u; but I did have to downgrade the firmware in the process.

        Also you can easily brick your wii using these methods if you don’t backup the nvram and install a bootloader so you can get back if it becomes bricked.

      • Mike Rogers says:

        @junkman, you were either previously modified, or mistaken. You did not use bannerbomb with 4.3

  2. Mike Nathan says:

    For the sake of conversation, I would challenge you to justify comment.

    Jailbreaking, according to Wikipedia, is defined as such: “Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.”

    Sounds exactly like what is being done here. Jailbreaking iOS allows you full access to the device in order to run homebrew. ___________ on the Wii allows you full access to the device in order to run homebrew.

  3. RooTer says:

    It shouldn’t hurt to try it out with randomly substituted two last bytes of the MAC address, right?

    also, not sure how Nintendo looks on MAC addresses but they are surely not globally-unique …

    • Bobby J says:

      MAC addresses are globally unique if they are properly created (and not spoofed like might be done on a router).

      • Dan says:

        Why would they be spoofed on a router in particular?

      • nagger says:

        fyi, mac addresses are almost never manufactured correctly.

        in fact, my teacher owns 2 nic cards with the exact same MAC address..(causing headaches with his network, good thing its easy to spoof)

        obviously the same manufacturer, or a knockoff posing as the brand(never heard of/seen this with nic cards)

        its possibly limited to just a few manufacturers not correctly assigning them.

      • Dissy says:

        > Why would they be spoofed on a router in particular?

        Certain CPE devices, in my experence cable modems in my area are the worst, but a tech comes in to set things up and demands a Windows computer to do it.

        They connect the windows machine to the cable modem, issue it some (password protected) commands, and then the cable modem is locked to your PC’s MAC address.

        Want to use multiple computers? Or firewall that Windows box? Too bad, the cable modem won’t work with a different MAC on a different device.

        So routers now have the ability to spoof the MAC, so you can set it to match the Windows PC MAC that the cable modem was originally setup with.
        Then the router does some trickery so the PC with the cloned MAC will still function on your LAN and not confuse things.

        At that point the cable modem is happy, and you have a router/firewall that will then let you connect the rest of your computers to the internet.

        That’s one legit reason at least. Plenty of non-legit ones if you ponder about wifi MAC filters long enough… ;}

  4. BLuRry says:

    Explain exactly what is different between this and a jailbreak. Let’s see: There’s an oppressive OS running on the device that uses crypto signatures and other methods to determine if you’re allowed to run OEM-blessed applications/games on a device and stop you from running custom homebrew. And this lets you subvert said oppressive OS to run your own code. That sounds exactly like a jailbreak on an iPhone, a root exploit on a driod, or this tool on a Wii. Can you explain the technical difference to me? Perhaps I missed something? The part that installs BootMii, HBC, etc, is the same SaveZelda utility from Team Twiizers that we’ve been fortunate to have for a long time — this mailbomb exploit is a chainloader to launch it basically but still the end result is a “jailbreak”.

    • andy says:

      as much as i love the passion kid, remember this. There are two types of “experts”. Those who can, and those who just talk about it, or should I say in this case, type about it.

      P.S Your momma dont say much, does she? Well I guess That dispells the ” Women and multi-tasking ” theory anyway…….

  5. CollinstheClown says:

    Maybe you could enter a MAC address of all zeros, then open the file and edit in your number?

    • wiisixtyfour says:

      Nope, it is signed with the MAC address, it’s not just something you can switch once you download it.
      I was thinking a better solution would be to release an offline program that signs it for you.

      • bno112300 says:

        the source is going to be added to the savezelda source.
        so people will be able to do it themselves.

        though team twiizers don’t like doing this as it makes selling their work easier. see:team argon

  6. Andrew Smith says:

    This is harder than banner bomb that’s been around for ages. Also hasn’t needed discs for ages.

  7. ScottInNH says:

    That is a demand, not an argument. Why do you hate freedom, drew?

    Personally, I am NOW considering buying a Wii. I usually do not like closed consoles, but being able to run homebrew this way is appealing. The homebrew channel is very well done.

    All of the console makers would be wise to co-opt the homebrew community, allowing users to opt-in to the homebrew channels. Allowing end-users to make and share their own content is not in the interests of these console makers, unfortunately, but as open hardware gains momentum the console makers will be forced to relent and permit us more choice.

  8. steve eh says:

    Sure…right after i spent $40 on one of the games needed…ahh well good to know this “jailbreak” is out there

  9. Setatx says:

    Very cool, always happy to see consoles ripped open!
    Personally, I found the smash stack much easier than any other option. Took me less than 10 min.

  10. austin says:

    staff meeting at nintendo:
    “piracy has run rampant on the wii, everyone is modifying their systems. so i propose a plan:
    step one:make an exploit that works on current firmware *i know what you are thinking but bare with me*
    step two: set up a site that requires them to enter the unique mac address of their wii to get the exploit
    step three: log all those mac addresses, cross reference with units sold for further analysis and possible legal action”

    • fartface says:

      Step 5 go back in time and force companies to write down the mac address of the device and the customer information and send it to us.

      I have 2 Wii’s and nither one at the time of sale had anything written down. they scan the barcode (that is for a Wii, not big enough to include a MAC address to those out there that know nothing about barcodes)

      SO nice try at creating FUD. too bad you did not do any research at all on it before you made it up.

      • andar_b says:

        BUT… many of these are connected to the internet, where Nintendo could easily ‘search’ for those modded MAC addresses. Not that they could do a whole lot, but they could possibly do SOMETHING we know not what. What if they included something in 4.3 that allows them to push an update that could brick the console?

        I don’t believe they did, but it is a possibility.

      • M-Byte says:

        For many customers, they get that information, including stuff like credit card numbers, from the customers themselves. Most people tend to use real information to register for the shop channel. Especially when it comes to credit card numbers, this is also advisable as you would be commiting a crime.
        So if you think about it, austin’s comment is not that unrealistic.
        However, TT has been around for quite some time. So I believe, they can be trusted.

  11. Slegiar says:

    i liked smash stack too. found a good tutorial with link for pre-loaded folders to load on the sd card and got it all done nice and fast. http://www.youtube.com/rvlhacks#p/a/u/0/CJ7qzU35Xrw if anyones interested

  12. Jakw says:

    OMG, Team Twiizers, might send me an email to my Wii, now that i have gave them my MAC address. Now I’m all for tinfoil beenies, but to what end. After years of hacking the Wii, i don’t think think they are going to turn round and brick everybody or spam their Wii’s.

    • Willrandship says:

      A MAC Address is not a Friend code. A MAC address is a (relatively) unchangeable number assigned to the networking hardware of your wii, and nintendo could very easily ban your console from their by simply checking for its MAC. In fact, I’m 85% certain this is how MS did the Modchip Live ban.

      However, Team Twiizers has had far greater opportunities, such as loading viruses into the HBC, and they never did, so I think they’re trustworthy.

      Just understand that sending an email is NOT the worst thing that could happen. Not even close.

  13. fartface says:

    Yes it is, because it breaks the JAIL that keeps me from installing the home-brew channel.

    You seem to not understand hacking much and what the term “jailbreaking” means, that is ok, mainstream media makes people think that a term means something different than reality.

    the term jailbreaking has nothing to do with an iphone or ipad and has been in use by real hackers for quite a while now in reference to getting a unsigned app to run on a device. I jailbroke the Clarion AutoPC back in 1999 to get it to run unsigned software in the background as a service.

    • IZsh says:

      Well, tbh, we (the iphone dev team) used the term jailbreak for the iphone, not because we were runing unsigned code, or because we were freeing the phone from a higher evil,, but because the file system was chrooted, and therefore “jailed”. The first iphone jailbreak was only rebasing the afp service on / instead of the mobile directory. Hence the term “jailbreak”.

      Nowadays, its use has drifted away from a technical point of view, to a “political”/philosophical point of view.

  14. Solenoid says:

    Exactly on time, a friend asked me to help him hack his WII, we saw there was no hack for 4.3 and we were considering buying one of the games where we could exploit a bug, the day after I saw this and everything want super smoothly.

  15. pencilneck says:

    Now is there going to be a lawsuit out of this? Hacking what you own is a crime.

  16. Alexander says:

    You do not need to put your MAC into the website. That is just a ‘easy method’ to get you up and running quickly.

    The exploit uses the messaging system in the Wii, and the Wii uses your MAC to send messages between Wii’s and your Wii will only accept messages to it with it’s own MAC. Kind of like a mailing address, sort of in a way.

    There is absolutely NO REASON to consider it any more or less safe than any other jailbreaking method out there for anything–after all, you don’t look at the source code before you run it and they COULD be installing a backdoor into your system. So what is them having your MAC going to do to make you any less secure?

    • Maave says:

      Very true. Users are worried about entering a MAC address which could just be acquired by the post-exploit code anyway.
      And thanks for the info on how it works. Sounds neat. I’d like to see how these guys found this (or any other) exploit.

  17. ewookie says:

    hmm…hope nobody sends a specially crafted ‘letterbomb’ to my wii…

    • wiisixtyfour says:

      It cannot work by sending it, it has to be on the SD card. If it worked by sending it then there would be an automated thing similar to jailbreakme.com where you could email from your Wii and get a reply with the exploit in it. That would, however, be pretty cool.

  18. Koolguy007 says:

    I checked and the my homebrew channel is no more :(.

    • BLuRry says:

      I used Twilight Hack long long ago and it disappeared when Donkey Kong Country forced the 4.3u update. I used Indiana Pwns a few months ago and have HBC and other channels installed with no issues whatsoever. (and for some odd reason, the WiiMC app streams video over a SMB share with less hiccups that my PS3 does over DLNA from the same server… Maybe $0ny should stop wasting firmware release cycles on patching holes and focus on bugs that they haven’t addressed, like, ever. Such as poor buffering of streamed video content.)

  19. Nice. i have a few systems to do this is great news

  20. wiisixtyfour says:

    It was actually created by tueidj, not blasty.

  21. Ryan says:

    Awesome! I have a Wii with System Menu 4.3 and a broken drive. Now maybe it will be possible to copy the save files off of it.

  22. I can verify that this exploit works perfectly. Took about 5 minutes start to finish to grt HBC back on my Wii after the 4.3u update was accidentally installed a few months back.

  23. MarshmallowGoat says:

    Great they will be releasing the source.. Definitely prefer to use this with an offline tool. Will wait till then.

  24. Pharaoh Tech says:

    Thanks Jeebus I never upgraded to 4.3+. The orignal homebrew hack saved me bookoo’s of money on crappy ass games.

  25. Thanks Matt, not only am I skeptical but sometimes, just downright snarky because this whole modern school reform movement is just repeating the errors of the past and creating a few novel ones along the way. First, just about NOeven if your we allow that your new system is working and will work in the long term, scaling it up for wider adoption will be impossible. Hurricanes 1) just aren’t that common, especially big ones that overwhelm a broken levee system and 2) are geographically constrained to subtropical to marginally extratropical locations. So, I think you’d have a really hard time imposing a charter school system outside of the southeastern US.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,439 other followers