It’s been just a bit over a year since the Wii U was released along with the extremely impressive Wii U controller. With a D-pad, analog sticks, accelerometer, gyroscope, magnetometer, camera and 6.2 inch touchscreen, this controller is ripe for a million and one projects ranging from FPV quadcopters and robots to things we can’t even think of yet. At this year’s Chaos Communication Congress, [booto], [delroth], and [shuffle2] demonstrated how they cracked open the Wii U controller’s encryption allowing for Wii U controller ’emulation’ and giving us full documentation on how the whole thing works.
The guys started on their reverse engineering journey by dumping all the flash chips found on the controller’s board. In those binary blobs, they found Nintendo used a truly ingenious way of obfuscating the WiFi keys used to connect the controller to the Wii: rotate left by three. To be fair to Nintendo engineers, it was secure until someone figured it out.
Connecting the controller to a PC over WiFi is only half the battle, though. Initial information from the Wii U launch suggested Nintendo used Miracast for all the I/O between the controller and the console. This isn’t the case; instead the video, audio, camera, and button input are non-standard but very simple protocols. The hardest to break into was the video display for the touchscreen, but the guys discovered it’s pretty much H.264. After getting around some Nintendo weirdness, it’s possible to display video on the controller.
The guys have put together a small, extremely alpha library that comes with all the demos, documentation, and reverse engineering information. There’s a large wish list of what this library should include, but now that the information is public, it might be the time to pick up a Wii U.