A message posted over at TehSkeen.com apparently details an exploit for the Nintendo Wii that can be run using The Legend of Zelda: Twilight Princess. The exploit basically involves crashing the game and then injecting code into it. So far, only four custom lines have been run but I have a feeling it won’t be long until this gets broken open even further.
The process goes something like this…
Bushing along with Segher have been able to modify a save game from Zelda to crash the machine and to run their own code on it. Note that you won’t even need to “mod” your Nintendo Wii to run this exploit…
Segher was the one to find the exploit and Bushing has been testing it out with the aid of the USB Gecko. The process is far from simple as once you modify a save game it requires it be to signed with 3 keys. Here’s some info from Bushing.
‘Once the Wii decrypts the save game, it checks its signature. Every Wii has its own private key which is used to sign save games, and when you save a game, the Wii actually saves three bits of data:
* The encrypted save game
* The signature for the save game (using your console’s private key)
* A copy of your console’s public key, signed by Nintendo.’Of course, the end user wouldn’t have to go through this process unless they were wanting to inject their own code into the save game, but that shouldn’t be necessary because when I asked Bushing what his goal was he answered:
‘Assuming we don’t run into a wall, it should be able to lead to a homebrew loader. I hope. No promises. :)’
So yeah. Have fun with that one, kids. This may ultimately lead to being able to load homebrew games off of SD cards or maybe even “backup discs” if you catch my drift.
Zelda Exploit – Run Unsigned Code w/o Modchip [TehSkeen] via Kotaku