Wii Mini: possible exploit?

I guess the only way software wise will be through a disc update :/ is there any info on usb based service gear for this thing?

Does the mini look for update data on the USB port?
Wonder if there is a service mode on this thing?

 

I understand the challenge of beating something, but is this battle actually worth it? Wii's are cheap enough these days to not spend your time, effort and money on hacking a failed product.

 

I am not sure if the Wii mini will end up as a rare item in the years to come due to its epic failure? Your thoughts?

 

not playing devil's advocate (because i still despise CHINTENDO at their present state) but it's NOT fair grounds to NOT hack something just because it largely fails most of us.
i mean, take the vita, self explanitory, but if i'm to believe the web, there's folks working on the vita.
it was hacked to a degree, but you have to meet VERY specific criteria to hack it. (psn BS) no HW card available...yet!
....
now the NEO (FKN) GEO, great system, get absolutely NO resistance on that, i had fond days in the coin-ops pissing around with the AES dips and copying the arcade rom to a 'smart card' of some description, was years ago and EVERY AES coin-op had this card socket next to the coin chute and i used to plug a blank in, and flash the card for home use, cept i didn't own an AES, a friend did. (i just got out more than him, so it made sense i did it) digressing..
folks want a fuckin flash-card for it, time for a wake-up-call.
GET REAL! (and thanks krikzz for SMASHING them back under their stones. +10000)
how many AES's are in the general public hands vs wii mini?
not a lot, FACT!
so, if you scream 'i want romzors on bank for NG' then you can scream that for the wii mini.
as hardware goes, it's fair game, as the vita is!
...
my two quid!
[edit]
typo.

 

I guess if something like that exists in the Wii Mini, it's probably also present in the regular Wii.
It would be nice if someone investigated the USB handling code in an already hacked Wii's firmware!

 

I never knew you could do that to AES systems and copy the arcade rom to a smart card and play it at home? What is it exactly? (just curious!)

 

Wii Mini - how it could be done.

I've contemplated the Wii Mini, and looked at several possible attack vectors.
The system is quite limited, having no WiFi, or SD card slot, however it's not completely foolproof.
Correct me if I'm wrong on any of these, I've only had a limited amount of time to play with a Wii Mini.

Here's what I've gathered so far.

• If you're not willing to take apart your console, there are three I/O interfaces which you can talk to: Bluetooth, USB, and the disc.
• All disc-based exploits known so far, use the SD card, making the situation more difficult.
• All system-software-based exploits use the SD card as well.
• Since there is no internet connectivity, and it's presumably been disabled/stubbed out of the Wii Mini's software making the USB adapter non-functional, exploits through the Internet Browser, WiiWare games, or internet communications in System Software or other titles, will not be capable on the Wii Mini.
• Because there are no Gamecube accessory ports, the Wii Mini cannot enter the "factory service mode" using a gamecube pad with its D-pad buttons glued down.

Looking from the outside, the attack surface is very slim and shallow, if you don't want to "void your warranty".

• The USB is only usable in a select few games, mostly music and karaoke-style games, or games which use a wired peripheral.
  
  A vulnerability in USB-handling code in any of those titles, could pave the way to a disc-dependent exploit for a game which uses the USB.​
• The disc drive is customized, so as to not accept standard DVDs (even pressed!), CD's, or any recordable media, unless it has a proper BCA, and is burned to the specifications of Nintendo optical discs on the Wii.
  (I would assume our beloved RVT-R is not recognized in drive firmware, too, like the standard retail wii.)
  The system software further checks for proper file system setup and encryption, as well.
• The bluetooth support is ubiquitous, but limited to Wii remote communications (and peripherals connected thereto - including the Balance Board).
  
  There are some more advanced communications which use bluetooth - such as, reading and writing the contents of the Wii remote's non-volatile storage (which is only used by the Mii channel, iirc, to store a certain number of Mii's to one remote) and peripheral communications (Nunchuck, Classic controller, Balance Board, etc.)​

As you can see, doing a classical softmod, or using a hardware "dongle" on any of the external interfaces, is not very feasible, but not impossible; however, a lot of work would have to be done, in order to successfully break into the system through these means.
There appears to be no known "service mode" or "jigkick" on the Wii Mini, either, and it is presumed that either the entirety of the Wii Mini's software is pre-flashed to NAND chips as they're installed to Wii Mini units, or that, like the Wii, the Wii Mini leaves the assembly line in a "factory" state, where it can accept and bootstrap a special testing and initialization disc, and load the software that way. Any damage to internal software would thus be considered irreparable (under normal means), and the components would thus be refurbished, and the board recycled.

Internally, there are a few ways of getting things done, with the minimum requirement of opening the Wii Mini's case, and the maximum requirement of chip decapping, NAND reading, and BGA/solder rework using a donor Wii.

Firstly, you can hook and/or emulate the disc interface (DI) using an ODDE, or play man-in-the-middle with a drivechip. The ODDE would be more plausible, as the drivechip may not be compatible with the Wii Mini's drive or capabilities, however the ODDE would be able to hook into the DI directly Currently, there are no ODDE's which have compatible wiring to the Wii Mini; however, for compatibility reasons, the protocol remains the same - so manually making a cable with the right pinouts should theoretically work.
Of course, in practice, this may very well not be the case. The disc drive is top-loading, and has no feed/eject motor or mechanism to control; and rather than four states (disc feed, disc loaded, disc eject, drive empty) the Wii Mini only has three (lid open, lid closed and disc, lid closed and no disc). This may be handled in circuitry before the system handles it, to retain the highest compatibility.
Once you have your ODDE, you could presumably load and possibly back up disc software, but it would be very clunky, and that's not the focus of this post.
Theoretically, this can be used to either:

• Boot an entirely homebrew ISO, which loads homebrew such as the Hackmii installer
• Boot a modified game, which crashes in such a way to bootstrap homebrew.

The second option, would be to connect an SD card to the traces present on the motherboard, and see if it's recognized from an exploitable game (such as Super Smash Bros.) If not, that sucks. If it does show up, it's just a matter of running Smash Stack or similar.

The third option, would be to remove the NAND, and basically pretend you bricked your Wii Mini and didn't make a backup.
See http://hackmii.com/2008/05/unbrickmii/ and http://bootmii.org/nandflash for more info.

The final, and craziest option, would be to remove the Hollywood and NAND from a functioning Wii, and replace the Wii Mini's with it.
I'm not certain how well that would work, it's expensive, a big risk, and basically not worth it.

 

I think one of the most interesting attack vectors would be through the Mii channel, and using the controller's flash storage to transport the payload.

It could be worth some effort to reverse the Mii channel app and look for any insecurities. At the very least, be able to install the ios for SD cards. I don't have the skills to do this, of course, but if someone does, perhaps they could look at it.

 

Not an option, to boot modified discs or homebrew ones, you need a patched IOS (or CIOS) on the console - chicken and egg.

In theory yes, in practice the console will most likely have a later version of the IOS the games use, but with SD function removed.

Also not an option, NAND contents is encrypted. To generate a new nand, you need the keys from the specific console you want to mod/repair/build a nand for. To get the keys, you need to be already running homebrew - again, chicken and egg.

This should work though

 

if there ever was a softmod sort of option, it sounds like the only realistic way of getting data onto the wii mini is through mii's stored on the wiimote.....not even going to pretend i have any technical knowlage of hacking, but i did read something about being able to crash a wiiu using a modded mii.....again not pretending to be knowlageable on it, but would that not possibly lead to anything (ps i already feel like one of them idiots who post in forums saying "can i jtag my 360 with a pen drive"....but was just wondering as it lead to nothing on the wii u, but im just wondering if that avenue has been explored on the wii before?)

whilst i get the argument that it was a bit of a lame duck of a console anyway and simply getting a normal wii which is cheaper and more functional kinda makes such efforts pointless, it kind of feels wrong that a console actually remains unhackable, despite its pointlessness....does anyone actually know what nintendo where thinking when they made it :s its like "how can we make a smaller wii?" "remove every single feature of the console and sell it for more than a second hand console would cost anyway"

 

If I had to speculate? I believe they saw Sony do it and thought "why shouldn't we?". Look at how much the evil giant crab (Sony) gimped their console between launch and superslim releases. It started with 4 USB ports, backwards compatibility, card reader ports, possibility to install Linux, etc..

If anything, Nintendo was playing their hand at taking advantage of trendy idiots... The only problem was that they underestimated even the idiots, who certainly didn't bite.

Seriously though, I don't think everyone who bought one was stupid. It's definitely a console worth hacking. It's not broken and has much fewer possible attack vectors than usual. The challenge itself is reason enough to get one.

Clearly it didn't work out the way Nintendo hoped and they let's cross our fingers that they refrain from such douchebaggery in the future.

That being said, the Mii channel via the wiimote does feel like a promising attack vector, and hopefully someone will try it.

 

That's a good idea!
Also, does the Wii Mini have the Photo Channel?
Maybe there's an image format exploit somewhere inside!

 

No. And it does not have SD anyway.

 

Sorry for the bump, but, I wanted to shed some info onto this topic.
http://gizmodo.com/261887/datel-drive-doctor-for-your-wii
The Datel Drive Doctor.
It's a tool that you solder into the Wii that allows you to inject code from your PC.
I don't own this, but considering how the Wii Mini's motherboard is mostly the same, so it could work my injecting the HackMii installer.
Once again, sorry for bumping but this peeked my interest.
(Also here's a link to an a ebay listing for the Drive Doctor. http://www.ebay.com/itm/WII-DRIVE-DOCTOR-DATEL-/221198052167?hash=item33806e6b47:g:fAcAAOSw14xWPIfr)

 

So does that mean it would be possible to get the HackMii installer on the Wii Mini?

 

can you put a WODE on the mini?

 

I believe so.

 

who tried to put the wii wode?
it's possible?

 

Datel's ebay store, they still have drive doctors.. http://www.ebay.com.au/usr/datel.electronics?_trksid=p2047675.l2559

What about something like FreeLoader for the wii?