>The disc drive can receive commands to read conventional DVDs and some IOS contained hidden calls to send those commands. This was particularly worrying for piracy reasons.<p>AFAIK this was worrying enough for someone from Team Twiizers to try actually contacting Nintendo about it. I don't remember if it was bushing or marcan that tried to reach out, but Nintendo's response was to... ignore them, then cyberstalk them and call their employer. As a "two can play at that game" move, when Nintendo blocked the first title ID the Homebrew Channel used (HAXX), they changed it to JODI instead, referencing the name of Nintendo's current head of antipiracy operations.<p>I'd add a citation to HackMii but I wasn't able to find the actual post. Though I did see a <i>lot</i> of callout posts against various idiots trying to resell the Homebrew Channel. And callout posts against one particular idiot building really terrible piracy tools that would install a bunch of modified firmwares to your system, which risked bricking it... because Nintendo's system engineering was actually not that much better.<p>Yeah, one thing this article didn't quite get across is how fragile the Wii system software is. strcmp on hashes is just the tip of the iceberg. In fact, Team Twiizers would regularly dissuade people from playing around with custom channel banners because it was very, very, very easy to make one that would brick your System Menu if installed. And if you did that there was no recovery (at least, not until bootmii/boot2).
Author here! Surprised to see it shared! This article was the first one where I studied how a cryptography-based system worked and how it was subsequently broken, back in late 2019. Lot of things in the website have changed since then.<p>For this reason I humbly ask, if you find any mistakes, please report them here:<p><a href="https://github.com/flipacholas/Architecture-of-consoles/issues">https://github.com/flipacholas/Architecture-of-consoles/issu...</a><p>That will make sure I don’t miss them, thanks!
What I think is crazy is there is a modding community that cuts up the Wii board. Specifically this guy GingerOfOz [1] that can fit a Wii in about the size of a GameBoy Color.<p>1. <a href="https://www.youtube.com/@GingerOfOz">https://www.youtube.com/@GingerOfOz</a>
I always love these articles. I hadn't read this one yet even though it looks like it came out in early 2020.<p>I think it might be worth a paragraph or two about the innovative use of MEMS gyros and accelerometers in the Wiimote, Motion Plus, and Nunchuk. There's a reasonably good writeup about them here: <a href="https://arduino-projects4u.com/wii-motion-plus/" rel="nofollow noreferrer">https://arduino-projects4u.com/wii-motion-plus/</a> .<p>For a time, these were one of the easiest and most cost effective sources of small IMUs, giving birth to projects like the early drone flight control system MultiWiiCopter.
> For people unfamiliar with C, strcmp is a routine used for checking if two strings are equal. This method receives three parameters: two strings and an integer, the latter states the number of characters to be compared. Afterwards, strcmp starts comparing each character until the end of any string is reached. Strings in C are just a chain of characters terminated by a \0 character, this means that strcmp stops comparing once any string reaches \0. Hence, by composing a Wii title in a way that its hash contains zeroes at the beginning, Starlet RSA computations will feed a string starting with \0 to strcmp. Thus, the comparison will always return equal… Title is signed!<p>This doesn't make sense. strcmp only needs two parameters (the two strings). Perhaps the article is talking about strncmp which takes a third "length" parameter which stops comparison after N characters. But in neither case would it behave as described in the article.<p>The only way to make it behave that way is if the code first did a strlen() on the channel's hash and then passed that in as the third parameter to strncmp(), which seems bizarre when you're comparing the fixed length output of a hash function...
The proprietary Nunchuk port speaks the standard I2C protocol, which is probably how they made the MotionPlus pass through extension controllers (as a kid I thought the MotionPlus and Nunchuk used separate sets of pins). I hear all extension communications were encrypted (which is causing problems for Dolphin Nunchuk TAS recordings), but evidently third parties were able to figure it out, since third-party/knockoff Nunchuks appeared fairly quickly (including the Nyko Kama).
Some other articles I would reccommend reading on this topic:<p><a href="https://wiibrew.org/wiki/Wii_architecture_overview" rel="nofollow noreferrer">https://wiibrew.org/wiki/Wii_architecture_overview</a><p><a href="https://wiibrew.org/wiki/Wii_hardware" rel="nofollow noreferrer">https://wiibrew.org/wiki/Wii_hardware</a>
One thing I was never clear on is: does boot0, boot1 happen on power button? Or on power? I can't think of any other way a wii remote button press would start the system.