In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Difference between revisions of "WiiTweet"

From WiiBrew
Jump to navigation Jump to search
m (Updated source link (removed hidden files, included makefile). Repository should be up this weekend.)
(Rewrote most of the document, made it more user-level friendly, still unfinished)
Line 4: Line 4:
 
| version = 0.3.1
 
| version = 0.3.1
 
| download = http://wiitweet.googlecode.com/files/wiitweet%200.3.1.zip
 
| download = http://wiitweet.googlecode.com/files/wiitweet%200.3.1.zip
| source  = https://wiitweet.googlecode.com/files/wiitweet%200.3.1-src.zip
+
| source  = http://wiitweet.googlecode.com/files/wiitweet%200.3.1-src.zip
 
| peripherals = {{Wiimote}} {{FrontSDHC}} {{USBMSD}}
 
| peripherals = {{Wiimote}} {{FrontSDHC}} {{USBMSD}}
 
| hbb        = yes
 
| hbb        = yes
 
}}
 
}}
  
WiiTweet is a Twitter client for the Nintendo Wii. This article is a stub, further information will be added in the next days I just don't have the time right now (feel free to improve this page). Feedback is very welcome. If you are a graphic designer and want your name on the credits you can contribute your skills to the project (see the source to get an idea of which images are used where). Toolbar icons are ridiculously ugly right now but I wanted to release because I won't have much time in the next days.
+
WiiTweet is a Twitter client for the Nintendo Wii that allows you to interact with your friends from your Wii.
== Features ==
 
*Not so bad Twitter interaction
 
*HTTPS support
 
*oAuth support
 
*Unicode capable keyboard
 
*Configurable keyboard layouts
 
*Local NIP support
 
*Content-Encoding: gzip, deflate support
 
  
== Browsing ==
+
It follows Twitter's security guidelines by implementing [http://dev.twitter.com/docs/auth/pin-based-authorization PIN-based authorization] and using HTTPS in every request. Read [[WiiTweet#Authorization_Flow|Authorization Flow]] below to get a more detailed explanation of how and why WiiTweet gets authorized by you.
 +
 
 +
'''IMPORTANT:''' Modified (scam) versions of this application are easy to build so I encourage you to download WiiTweet only from the link provided at this page or using the [[Homebrew Browser]].
 +
 
 +
= Features =
 +
* Browse timelines
 +
* Follow/Unfollow users
 +
* Tweet, favorite, retweet, reply tweets
 +
* Browse favorited tweets
 +
* See followers and followed users
 +
* See tweets you are mentioned in
 +
* Search tweets and users
 +
* Multiple profiles can be saved
 +
* Your language's characters can be added to the keyboard
 +
 
 +
= Authorizing WiiTweet =
 +
WiiTweet authorizes itself using the [http://dev.twitter.com/docs/auth/pin-based-authorization PIN-based authorization] as suggested by Twitter and gives you three ways of doing so: visiting an URL using an external device, visiting an URL using the Internet Channel and providing your Twitter username/password. Read [[WiiTweet#Authorization_Flow|Authorization Flow]] below to get a more detailed explanation of how and why WiiTweet gets authorized by you.
 +
 
 +
=== Using an external device ===
 +
An URL appears on screen, you go there from your computer/phone/another Wii, get your PIN and enter it to WiiTweet.
 +
 
 +
=== Using the Internet Channel ===
 +
WiiTweet launches your Internet Channel and you get your PIN there. You have to go back to WiiTweet and select the corresponding profile to enter the PIN. Slow but useful to people with no access to an external device at the time.
 +
 +
=== Providing your username and password ===
 +
You are asked for your Twitter username and password and WiiTweet authorizes itself. This is still PIN-based authorization but WiiTweet gets and reads the PIN automatically. '''Your password is not stored and you will not need it again to use WiiTweet'''.
 +
 
 +
= Local password support =
 +
If you set a local password it will be needed to access your profile. Use this if you want to protect your privacy from people with access to your Wii.
 +
 
 +
=== Encryption ===
 +
Your OAuth credentials are saved at your SD/USB. If you do not set a local password they will be stored in plain text. If you set a local password your credentials will be encrypted.
 +
 
 +
= Browsing =
 
WiiTweet is built around what I call a "river" which is a stack of "units" (which are either profiles, tweets or users) you can interact with. Units have a foreground and a background, to see the background of a unit place the cursor on it and hold B.
 
WiiTweet is built around what I call a "river" which is a stack of "units" (which are either profiles, tweets or users) you can interact with. Units have a foreground and a background, to see the background of a unit place the cursor on it and hold B.
 
If you want to browse to the previous river (page) you loaded press (-). Press (+) to browse to the next one.
 
If you want to browse to the previous river (page) you loaded press (-). Press (+) to browse to the next one.
 
Another thing that could trick you a little is: when clicking on a Tweet, if you click the profile picture (the leftmost 70 pixels) you will browse to the author's timeline, if you click anywhere else the brief tweet prompt will appear.
 
Another thing that could trick you a little is: when clicking on a Tweet, if you click the profile picture (the leftmost 70 pixels) you will browse to the author's timeline, if you click anywhere else the brief tweet prompt will appear.
 
 
== A word on mirroring ==
+
= Keyboard =
This software is opensource and I did not put any effort into obsfucating WiiTweet's API credentials (because there's enough people who could get them anyways). Long story short: '''''do not download WiiTweet from any source other than google code page because scamming versions are easy to build'''''.
+
Keyboard layouts are configurable/remappable allowing you to use any character included in the font WiiTweet uses. WiiTweet comes with a keyboard map with some unicode icons to show this feature off.
  
== HTTPS support ==
+
=== Controls ===
All the request to Twitter's API are done through HTTPS.
 
  
== oAuth support ==
+
{| class="wikitable" style="left;text-align:center;"
oAuth works by asking users to get a PIN from Twitter and provide it back to the application you want to grant access to. WiiTweet authorizes itself using the oAuth standard suggested by Twitter and gives you three options to authorize it: visiting an URL using the Internet Channel, visiting an URL using an external device and providing your Twitter username/password.
+
|-
 +
! {{Wiimote}} !! {{WiimoteHorizontal}} !! Action
 +
|-
 +
| {{WiimoteAim}} || Accelerometer || Cursor
 +
|-
 +
| {{WiimoteAButton}} || {{Wiimote1Button}}/{{Wiimote2Button}} || Press key
 +
|-
 +
| {{WiimoteBButton}} || {{WiimoteBButton}} || Shift
 +
|-
 +
| {{WiimoteMinusButton}}/{{WiimotePlusButton}} || {{WiimoteMinusButton}}/{{WiimotePlusButton}} || Keyboard layout
 +
|-
 +
| Acc only || {{WiimoteHomeButton}} || Enter acc mode
 +
|-
 +
| Acc only || {{WiimoteAButton}} || Delete
 +
|-
 +
| Acc only || Shake || Space
 +
|}
 +
''The accelerometer keyboard is currently poorly tuned and practically unusable.''
 +
 
 +
=== Using custom keyboard maps ===
 +
*Keyboard map files must be placed in the '''/apps/wiitweet/kbmaps/''' folder of your loading device.
 +
*The file must be named '''keyboardmapX''' where X is the position you want it to be.
 +
*If you place a '''keyboardmap0''' file it will overwrite the default keyboard.
 +
*Do not skip positions. If you have a ''keyboardmap1'', a ''keyboardmap2'' and a ''keyboardmap5'' file WiiTweet will not load ''keyboardmap5''.
 +
 
 +
=== Making custom keyboard maps ===
 +
Use [http://paguiar.net/wiitweet/wtkeyboard.html this script] to generate keyboard map files.
 +
 
 +
= Authorization Flow =
 +
  '''''Note:''' This is intended to be a simplified explanation of what happens during authorization.''
 +
  ''Consider reading [http://dev.twitter.com/docs/auth/using-oauth Using OAuth] at the Twitter developers site or the [http://tools.ietf.org/html/draft-ietf-oauth-v2 OAuth 2 specification] for more technical information.''
 +
 
 +
Twitter uses OAuth to provide authorized access to its content because it does not require users to share their passwords with 3rd party applications (such as WiiTweet), increasing account security.
 +
 
 +
=== How OAuth works ===
 +
When registering WiiTweet Twitter gave me two random, unique strings to identify it. Such strings are used as signatures. When a new user wants to authorize WiiTweet it sends a ''"Somebody wants to authorize me"'' message to Twitter and signs it, letting Twitter know WiiTweet sent the message. Twitter answers with a ''"Prove me that's true"'' message containing an URL WiiTweet must ask the user to visit.
 +
 
 +
 
 +
In the mentioned URL the user is asked (if he/she is not already) to log in. '''This is the only time the user has to provide his/her username and password and these are only provided to Twitter'''. The user is prompted to authorize WiiTweet and gets a PIN after doing so. That PIN is a ''"If WiiTweet gets this PIN then it was true"'' check.
  
=== Using the Internet Channel ===
 
WiiTweet launches your Internet Channel and you provide your username/password to get your PIN. Slow and ugly (as Internet Channel's certificates seem to be out of date because it displays warnings about certificates being expired) but coded for paranoids who don't want to give their password but do not have an external device at the time.
 
 
=== Using an external device ===
 
A shortened URL appears on screen, you go there from your computer and will be asked your Twitter credentials in exchange for your PIN.
 
 
=== Providing your password ===
 
WiiTweet does what your browser would do using any of the other methods, parses the response, gets the PIN and authorizes itself. You password is not stored and you will not need it to use WiiTweet again.
 
 
== Keyboard ==
 
Keyboard layouts are configurable. You can change them by placing the kbmap file in your loading device at the /apps/wiitweet/kbmaps/ naming it keyboardmapX where X is the position you want it to be starting from 1. Do not skip positions. If you place a keyboardmap0 file it will overwrite the default keyboard.
 
I have a script to generate keyboard map files at: http://paguiar.net/wiitweet/wtkeyboard.html
 
You can change layouts by pressing (-) and (+).
 
  
== Local NIP support ==
+
Back at WiiTweet the user is asked to enter the PIN he/she got from Twitter, which is sent back. Twitter answers with two random, unique strings that identify this user-application relationship. Such strings are used to sign every action an user does within WiiTweet, letting Twitter know they are authorized by the user.
Your oAuth credentials are obviously saved at your SD/USB. If you do not set a local NIP they will be stored in plain text. This is hipotetically not so dangerous (because of the unlikeliness of a Wii being infected by any malware) but programmers could read them if they wanted to. If you set a local NIP your credentials will be encrypted however the only failproof security meassurement you can take is to avoid running everything that moves. You can also use this to protect your privacy from people with access to your Wii as this NIP will be required to decrypt your credentials (which is its main goal).
 
  
 +
=== Revoking an authorization ===
 +
Changing your Twitter password will '''not''' terminate your relationship with any application you authorized using OAuth. You have to revoke the access through your account settings at Twitter's website.
 
[[Category:Homebrew using libwiigui]]
 
[[Category:Homebrew using libwiigui]]

Revision as of 20:19, 19 August 2012

WiiTweet
General
Author(s)Pedro Aguiar
Version0.3.1
Links
[[1]]
[[2]]
Downloadable via the Homebrew Browser
Peripherals
Wiimote.svg Loads files from SDHC cards in the Front SD slot USB mass storage device

WiiTweet is a Twitter client for the Nintendo Wii that allows you to interact with your friends from your Wii.

It follows Twitter's security guidelines by implementing PIN-based authorization and using HTTPS in every request. Read Authorization Flow below to get a more detailed explanation of how and why WiiTweet gets authorized by you.

IMPORTANT: Modified (scam) versions of this application are easy to build so I encourage you to download WiiTweet only from the link provided at this page or using the Homebrew Browser.

Features

  • Browse timelines
  • Follow/Unfollow users
  • Tweet, favorite, retweet, reply tweets
  • Browse favorited tweets
  • See followers and followed users
  • See tweets you are mentioned in
  • Search tweets and users
  • Multiple profiles can be saved
  • Your language's characters can be added to the keyboard

Authorizing WiiTweet

WiiTweet authorizes itself using the PIN-based authorization as suggested by Twitter and gives you three ways of doing so: visiting an URL using an external device, visiting an URL using the Internet Channel and providing your Twitter username/password. Read Authorization Flow below to get a more detailed explanation of how and why WiiTweet gets authorized by you.

Using an external device

An URL appears on screen, you go there from your computer/phone/another Wii, get your PIN and enter it to WiiTweet.

Using the Internet Channel

WiiTweet launches your Internet Channel and you get your PIN there. You have to go back to WiiTweet and select the corresponding profile to enter the PIN. Slow but useful to people with no access to an external device at the time.

Providing your username and password

You are asked for your Twitter username and password and WiiTweet authorizes itself. This is still PIN-based authorization but WiiTweet gets and reads the PIN automatically. Your password is not stored and you will not need it again to use WiiTweet.

Local password support

If you set a local password it will be needed to access your profile. Use this if you want to protect your privacy from people with access to your Wii.

Encryption

Your OAuth credentials are saved at your SD/USB. If you do not set a local password they will be stored in plain text. If you set a local password your credentials will be encrypted.

Browsing

WiiTweet is built around what I call a "river" which is a stack of "units" (which are either profiles, tweets or users) you can interact with. Units have a foreground and a background, to see the background of a unit place the cursor on it and hold B. If you want to browse to the previous river (page) you loaded press (-). Press (+) to browse to the next one. Another thing that could trick you a little is: when clicking on a Tweet, if you click the profile picture (the leftmost 70 pixels) you will browse to the author's timeline, if you click anywhere else the brief tweet prompt will appear.

Keyboard

Keyboard layouts are configurable/remappable allowing you to use any character included in the font WiiTweet uses. WiiTweet comes with a keyboard map with some unicode icons to show this feature off.

Controls

Wiimote.svg WiimoteHorizontal.svg Action
Wii Remote Aim Accelerometer Cursor
Wiimote A Button Wiimote 1 Button/Wiimote 2 Button Press key
Wiimote B Button Wiimote B Button Shift
Wiimote - Button/Wiimote + Button Wiimote - Button/Wiimote + Button Keyboard layout
Acc only Wiimote HOME Button Enter acc mode
Acc only Wiimote A Button Delete
Acc only Shake Space

The accelerometer keyboard is currently poorly tuned and practically unusable.

Using custom keyboard maps

  • Keyboard map files must be placed in the /apps/wiitweet/kbmaps/ folder of your loading device.
  • The file must be named keyboardmapX where X is the position you want it to be.
  • If you place a keyboardmap0 file it will overwrite the default keyboard.
  • Do not skip positions. If you have a keyboardmap1, a keyboardmap2 and a keyboardmap5 file WiiTweet will not load keyboardmap5.

Making custom keyboard maps

Use this script to generate keyboard map files.

Authorization Flow

 Note: This is intended to be a simplified explanation of what happens during authorization.
 Consider reading Using OAuth at the Twitter developers site or the OAuth 2 specification for more technical information.

Twitter uses OAuth to provide authorized access to its content because it does not require users to share their passwords with 3rd party applications (such as WiiTweet), increasing account security.

How OAuth works

When registering WiiTweet Twitter gave me two random, unique strings to identify it. Such strings are used as signatures. When a new user wants to authorize WiiTweet it sends a "Somebody wants to authorize me" message to Twitter and signs it, letting Twitter know WiiTweet sent the message. Twitter answers with a "Prove me that's true" message containing an URL WiiTweet must ask the user to visit.


In the mentioned URL the user is asked (if he/she is not already) to log in. This is the only time the user has to provide his/her username and password and these are only provided to Twitter. The user is prompted to authorize WiiTweet and gets a PIN after doing so. That PIN is a "If WiiTweet gets this PIN then it was true" check.


Back at WiiTweet the user is asked to enter the PIN he/she got from Twitter, which is sent back. Twitter answers with two random, unique strings that identify this user-application relationship. Such strings are used to sign every action an user does within WiiTweet, letting Twitter know they are authorized by the user.

Revoking an authorization

Changing your Twitter password will not terminate your relationship with any application you authorized using OAuth. You have to revoke the access through your account settings at Twitter's website.

Retrieved from "https://wiibrew.org/w/index.php?title=WiiTweet&oldid=100612"