Difference between revisions of "Tweezer Attack"
(Replaced dead link with archive.org link) |
Hallowizer (talk | contribs) (“What was extracted” and “Technical explanation”) |
||
| Line 2: | Line 2: | ||
The Tweezer Attack has been patched against by Nintendo in order to prevent people from reproducing it and obtaining their Wii's private encryption keys. | The Tweezer Attack has been patched against by Nintendo in order to prevent people from reproducing it and obtaining their Wii's private encryption keys. | ||
| + | |||
| + | == What was extracted == | ||
| + | From this, [[Team Twiizers]] was able to extract all of [[MIOS]]. After failing to disassemble it as PowerPC code, they discovered that it was actually ARM code. MIOS also includes the common key, which Team Twiizers now had. | ||
| + | |||
| + | == Technical explanation == | ||
| + | Because in GameCube mode, only the bottom 25% of memory could be used, MIOS simply made sure not to keep any important things in that range. However, by modifying the wires, it was possible to make the PowerPC think the other parts of memory were the bottom 25%, allowing the rest of memory to be seen. All extracted data was then sent out through a GameCube controller port, which tmbinc set up to be receiving in a computer. When this procedure was repeated for all regions of memory, the entire memory was known. Overlapping sections were also taken to ensure that MIOS was not overwriting anything relative to the modified wires. | ||
== External Links == | == External Links == | ||
Revision as of 20:28, 5 February 2021
The Tweezer Attack was an exploit that involved the use of a pair of tweezers to bridge areas of memory, allowing homebrew code running in Gamecube mode to have access to limited sections of Wii memory in order to map out the rest of the console a small piece at at time.
The Tweezer Attack has been patched against by Nintendo in order to prevent people from reproducing it and obtaining their Wii's private encryption keys.
What was extracted
From this, Team Twiizers was able to extract all of MIOS. After failing to disassemble it as PowerPC code, they discovered that it was actually ARM code. MIOS also includes the common key, which Team Twiizers now had.
Technical explanation
Because in GameCube mode, only the bottom 25% of memory could be used, MIOS simply made sure not to keep any important things in that range. However, by modifying the wires, it was possible to make the PowerPC think the other parts of memory were the bottom 25%, allowing the rest of memory to be seen. All extracted data was then sent out through a GameCube controller port, which tmbinc set up to be receiving in a computer. When this procedure was repeated for all regions of memory, the entire memory was known. Overlapping sections were also taken to ensure that MIOS was not overwriting anything relative to the modified wires.
External Links
Interview with bushing where he explains some of the details of the attack
| This article is a stub. You can help WiiBrew by expanding it. |