Nintendo Wii hacked -- homebrew games ahoy!

During yesterday's Why Silicon-Based Security is still that hard: Deconstructing Xbox 360 Security presentation at the 24th Chaos Communication Congress in Berlin, hackers Michael Steil and Felix Domke demonstrated a blown-wide-open hack for the Nintendo Wii. They've extracted the keys for signing Wii code, and now you can run anyone's code on your Wii, not just programs that Nintendo has sanctioned. Incredible as it may seem, there are still companies that think that they should have the right to tell you what you can and can't do with your hardware after you pay for it. Link (Thanks, waltbosz!)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: Copyfight • Gadgets • Games • Happy Mutants • If you don't like something change it • maker • Maverick Spirit

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

A New Challenger

What I’m interested in is being able to run my downloaded Virtual Console games off of the SD card. I still don’t see why that can’t be done since Nintendo lock the downloaded file to only be able to run on the console to which the game was downloaded.

There’s some interesting history about game consoles, third parties (software and hardware), lockout chips, and so on, including legal issues and court cases surrounding them. Having been delighted and awestruck by the release of the Game Genie as a kid, years later I found it quite interesting that that device was actually part of a Supreme Court case. See also: the 3DO console, the 1983 video game crash of 1983. I tried to find something about Atari suing Activision when they emerged as the first third-party game developer, but nothing substantive came up.

Also, if that Game Genie comment seemed familiar, hi Cory, I’m that guy from Mira Costa College and Comic Con.
A New Challenger

I promise I’ll learn to use the preview button eventually. Here’s the botched link from above: http://en.wikipedia.org/wiki/Lockout_chip .

I’ve never really followed homebrew for any console except the Dreamcast, which was stupidly easy and inexpensive to hack. If you have Internet access and a CD burner, people have written all kinds of stuff for the thing that you can take advantage of.

This is going to be like the updated firmware wars on the PSP. Which under-appreciated game will provide the key to breaking a later firmware update, and how much will its cost on eBay rise when this fact is discovered? Only time will tell.
Draconum

Awesome – homebrew is one of my favorite things to do with a console. There’s a couple of drawbacks:

- Since you’re doing things with your console that it wasn’t designed to do (for example, with the PSP, you might be flashing a firmware), there’s always a potential for screwing up your console. I, for example, bricked my PSP this way. (I also bricked a first-gen iPod installing linux on it, but it was worth it, truth be told.)

- The game companies can’t condone it because opening up the hardware means that they are basically opening the floodgates for people booting ISOs of the commercial games availible for the system.

At the very least, game companies should provide a legit means for writing custom code. If it means that Nintendo has to approve it, whatever – there are plenty of awesome games and apps that would be nice to see on the Wii.

Here’s actually the best solution – give people the SDK, and let people write the code on their computers (but remove functionality of booting commercial game ISOs, perhaps). Let people then submit their apps and games to Nintendo for inclusion for free on the Wii Shop as free downloads (or at the author’s option, as a pay download where the proceeds are split somehow between Nintendo and the author). That way, homebrew games/apps won’t require any kind of modifications, they will be available to the public, and won’t tempt people into breaking open their hardware and potentially breaking it.

Not saying that you SHOULDN’T be able to break into your hardware, but if you can avoid it, for the sake of not screwing it up, it’s probably a good idea.

Also, I support the notion that opening your stuff up should void your warranty. Nintendo shouldn’t have to do warranty hardware repairs on systems that have been purposely broken into (physically). But at least, don’t treat those people like criminals if they decide to do it!
DefMech

“At the very least, game companies should provide a legit means for writing custom code. If it means that Nintendo has to approve it, whatever – there are plenty of awesome games and apps that would be nice to see on the Wii.”

Nintendo does have a plan for this: WiiWare. It’s specifically for indie developers to get their work out to a huge audience without having to worry about all the red-tape and financial junk that goes along with full retail development. Nintendo checks for bugs and sets the price, but leaves everything else up to you, including getting your application rated by the ESRB. Unfortunately, they’ve released almost no further information on it.
Gallipoli

This is what will convince me to buy a Wii. I prefer to own the hardware I purchase to do with it what I wish.

The potential for piracy is pretty much a red herring. It is my understanding people are pirating Wii, Xbox360, etc. games right now with little difficulty. Homebrew for these platforms is really a separate issue and if anything is likely to increase demand in them. It certainly provides me a greater inclination to buy one.
Tom

@3: This kind of logic suggests that if I buy a car I’m expected to only drive it on roads because that is the only approved use. Or roads that are either free or whose owners agree to pay for every one of their cars driven on them.

Intellectual “property” is unlike real property in that it is intended to capture positive externalities for the owner, rather than forcing the owner to assume negative externalities (that is, with real property if you overgraze your land, you have to deal with the consequences.)

It seems to be the default assumption today that it is worth any amount of effort to capture every possible positive externality, which does not seem at all reasonable (and I say this as a producer of intellectual property.)
Pieps

@3,4: The major problem with any proprietary/locked-down platform allowing for homebrew isn’t necessarily IP-related – it’s that by opening up a platform, you’re allowing homebrew creators to run arbitrary code on your hardware. So, for example, it would be possible for a person to write a program to expose encryption keys, which Nintendo can’t legally condone. A malicious homebrewer could write code to brick someone’s Wii, or steal the credit card info saved to someoneâ€™s Xbox Live account.

I’m personally all for homebrew and open platforms (possibly with some sort of distinction between trusted and untrusted code implemented by the hardware manufacturer), but it’s understandable that the manufacturers don’t necessarily want to open up that can of worms. The current system allows for system manufacturers to hold game developers accountable for the products that they create; if Activision, for instance, were to ship a game with easter eggs that allowed a user to install Linux on an Xbox360, Microsoft could (among other things) refuse to digitally sign future Activision games. But by allowing anybody to push code onto a system, companies effectively would be giving up the ability to prevent people from uploading malicious or otherwise “bad” content. I think they understand that allowing for user-created content and homebrew is the future of these platforms â€“ thereâ€™s a lot of potential there, and the first company to provide some sort of support for this stands to make a not-insignificant amount of money. Also, looking at the success of things like Wikipedia, itâ€™s easy to see that the vast majority of content is not malicious. But this is the type of â€œfeatureâ€ that companies like Nintendo or Microsoft are going to take their time implementing since there are so many ways that they can shoot themselves in the foot with it.

In the meantime, long live unsupported homebrew. Itâ€™s vitally important that we have hackers to lead innovation and show folks theyâ€™re missing out on.
nex

Bullshit, plenty of people want to program for consoles. Among the hackers I know, handhelds (e.g. Nintendo DS) are particularly attractive nowadays, as it’s pretty nifty to work on a platform you can put in your pocket and take everywhere. Yes, doing something sophisticated is hard work, usually a bit harder than on platforms where amateur developers are supported very generously (e.g. GNU/Linux), but that doesn’t mean that no one wants to do that. To many hackers, the added challenge is part of the fun. If hard work was only done for profit, no one would make a PC from ’81 play full-screen video, write quines in Brainfuck, or solve tricky Su Dokus.

It’s certainly true that for every hacker who is genuinely interested in pulling off nifty stuff on proprietary gaming hardware, there are at least hundreds or thousands of other people who use ‘unlocking’ code for playing backups or plain illegitimate copies. But that doesn’t mean that guerilla development is but an alibi for ‘piracy’, and ‘homebrew’ is certainly not a code word for large-scale copyright infringement or profiteering. It’s very common among hackers to think, “Now that I have this nifty gadget, I’d like to write my own software for it.”
Jon

Nintendo does have a plan for this: WiiWare. It’s specifically for indie developers to get their work out to a huge audience without having to worry about all the red-tape and financial junk that goes along with full retail development. Nintendo checks for bugs and sets the price, but leaves everything else up to you, including getting your application rated by the ESRB. Unfortunately, they’ve released almost no further information on it.

Good luck with that. Go ahead and try and get a Wii dev kit as an amateur. They won’t sell it to you. They vet you just as much as a full blown developer, you need to form your own corporation with its own business address (can’t work from home), and you need experience with retail games. Then they’ll consider selling one to you for 2,000 dollars. The only other way to get one is to get the support of a well known publisher and before you go to Nintendo.
Jon

WiiWare info: http://www.warioworld.com/apply/wii.html
Mike Smith

In the linked video, the demonstrator is neither Michael Steil nor Felix Domke.
Crash

#5: Far from being a red herring, the issue of piracy is one of the major drivers for this kind of security in gaming consoles. To my knowledge there is not yet a means of duping retail 360 discs that runs on store-bought consoles.

There are a number of reasons why Microsoft, Sony, and Nintendo want to restrict what runs on their embedded platforms, of which the problems detailed in #7 are among the most important. Related to this is quality control: the manufacturer — let’s say Microsoft — wants customers to be assured of a certain level of quality in everything that runs on their 360, and there is an extensive manufacturer-driven QA process that every product has to go through. In addition to making sure that there is never any such thing as malware for the 360, it also means that all games meet a minimum standard of UI, integration with Live features, stability, usability. If you can’t pass Microsoft QA you don’t get to run on their 360, period. That’s how the non-techy consumer knows that if he buys something for the 360, it’ll run well and not trash his system. (If you as a third party dev manage to get a bluescreen crash or data-corrupting error past Microsoft QA, there is some unholy legal hell waiting for you behind the scenes.) As a customer I have no such assurance with open-source software, which makes me not want to pay for it.

Another big reason is cheating. A lot of games have some kind of multiplayer, and that’s only fun so long as every one is playing fair. If people can run any arbitrary code on their consoles, that means they can hack up their retail client to cheat in all kinds of ways, go online, and grief the heck out of everyone who legitimately paid for their copy. That’s fun for the griefers I’m sure, but it makes me not want to buy the next multiplayer Splinter Cell.

And piracy is still a major reason for hardware security — any argument otherwise is frankly Kool-Aid. Less than one third of games sold these days are multiplayer; hardly any are multiplayer-exclusive. If developers cannot sell copies of their single player games at a profit, they’re out of business. Retail sales of PC games have been on a precipitous decline for years now, and it’s only partly because of consoles cannibalizing their sales.

Now, for reasons that Mr. Doctorow has so astutely explained many times, it’s impossible to completely stamp out piracy when there are so many people around the world with their time entirely devoted to circumventing it, but by moving the security into the hardware you can at least make it difficult, costly, and dangerous to pirate. By forcing the would-be pirate consumer to crack open that white case and delicately sauter a chip onto the board (risking bricking the entire system), you create a barrier to entry that the majority of average customers would rather not hurdle. My car alarm may not be able to stop organized criminals with lots of tools from stealing my ride, but it sure as hell keeps your average garden-variety methhead from just jimmying the door and driving off.
Crash

#15 (Hypertime): So true, and moreso because homebrew developers really don’t want to be developing for the console itself anyway. Console development is a huge pain in the butt, for really not much benefit unless you’re planning on printing off 100,000 of your game and selling them at Wal-Mart: it’s just hard to program for. If you want to play around with programming the Wiimote, you can hook it up to your PC and work with it there, in a more familiar environment where there are lots of free development tools and much easier ways to distribute your game for free to all the world.
Gregory Bloom

One reason you’re not allowed to run whatever you wish on hardware you believe you’ve purchased is that you didn’t pay for all of it, so it isn’t entirely yours. Game consoles are sold at a loss, to make them affordable for consumers. The games are more expensive than their PC counterpart, in part to subsidize the cheap console hardware, and in part to pay for the royalty paid by the software maker to the console maker for the privilege of selling to the market the console maker has created. By subverting the protection, users are increasing the risk that the console maker will be unable to recover the cash they risked by selling consoles at a loss. (But I’d bet a nickel Nintendo has made out okay on the Wii).
certron

#11: What is to stop someone from reverse engineering the protocol and just setting up a transparent proxy to do the packet manipulation for them? Admittedly, it is easier to just patch the game, if it is possible.

#12: You are almost right in this case, the Xbox 360 and PS3 are sold at a loss by their respective manufacturers, but last I heard, every Nintendo Wii sold is generating a profit for the company.

Mostly, I want some homebrew apps because af all the awesome things being done by Johnny Lee. For the most recent awesomeness, view his head tracking demo: http://www.youtube.com/watch?v=Jd3-eiid-Uw
snwbrdwndsrf

@13: Because those packets are signed, and on-the-fly modification invalidates them.
wn

Gregory, the price of a console is irrelevant. The act of a sale, for $0.01, or $500, totally ends the rights of the seller regarding the goods.

Yes, console makers often sell at a loss. That’s their risk. You’re free to go into stores and buy just the sales (loss leaders). You’re allowed to buy new razors all the time and never spend for a blade refill. It’s the problem with that business model. But it’s not the consumer’s problem.
Hypertime McMultiverse

Homebrew is nerdspeak for free games. Remember all the awesome Dreamcast homebrew? Of course you don’t. You remember playing burned copies of Marvel vs. Capcom 2 and Propeller Arena. How about that five minute experimentation with PSP homebrew before you filled that frickin’ Memory Stick with CSO’s until it overflowed?

Of course, there is a legitimate and interesting niche of folks that genuinely do like to develop and play amateur games. What they do is interesting, but by no means do they have a right to distribute hacked, proprietary Wii code.

The right to fiddle with your own hardware is one thing, but once you start distributing stuff you shouldn’t, I think you deserve to get burned. Nintendo IP, GPL, whatever.
MikeyMikey

@#12:

| One reason you’re not allowed to run whatever you wish on hardware you believe you’ve purchased is that you didn’t pay for all of it, so it isn’t entirely yours.

False. Nintendo sells the units at a profit.

http://en.wikipedia.org/wiki/Wii#_note-wiisalesprofit