Difference between revisions of "Tweezer Attack"

From WiiBrew
Jump to navigation Jump to search
(←Created page with 'The Twiizer Attack was an exploit that employed the use of a pair of tweezers to short the Wii's memory addresses allowing homebrew code running in Gamecube mode to have acces...')
 
(→‎Technical explanation: Removed incorrect inof)
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
The Twiizer Attack was an exploit that employed the use of a pair of tweezers to short the Wii's memory addresses allowing homebrew code running in Gamecube mode to have access to limited areas of Wii functionality in order to map out the rest of the console a small piece at at time.
+
The Tweezer Attack was an exploit that involved the use of a pair of tweezers to bridge areas of memory, allowing homebrew code running in Gamecube mode to have access to limited sections of Wii memory in order to map out the rest of the console a small piece at at time.
 +
 
 +
The Tweezer Attack has been patched against by Nintendo in order to prevent people from reproducing it and obtaining their Wii's private encryption keys.
 +
 
 +
== What was extracted ==
 +
From this, [[Team Twiizers]] was able to extract all of [[MIOS]]. After failing to disassemble it as PowerPC code, they discovered that it was actually ARM code. MIOS also includes the common key, which Team Twiizers now had.
 +
 
 +
== Technical explanation ==
 +
In MIOS, only the bottom 25% of memory could be used. MIOS simply made sure not to keep any important things in that range. However, by modifying the wires, it was possible to manipulate the PowerPC into using other parts of memory as the bottom 25%, allowing the rest of memory to be seen. The data extracted is then sent out through a GameCube controller port, which tmbinc set up to be receiving in a computer. When this procedure was repeated for all regions of memory, the entire memory was known.
 +
 
 +
== External Links ==
 +
 
 +
[http://web.archive.org/web/20090505005003/www.atomicmpc.com.au/Tools/Print.aspx?CIID=102079 Interview with bushing where he explains some of the details of the attack]
  
 
{{Stub}}
 
{{Stub}}

Latest revision as of 21:45, 9 August 2021

The Tweezer Attack was an exploit that involved the use of a pair of tweezers to bridge areas of memory, allowing homebrew code running in Gamecube mode to have access to limited sections of Wii memory in order to map out the rest of the console a small piece at at time.

The Tweezer Attack has been patched against by Nintendo in order to prevent people from reproducing it and obtaining their Wii's private encryption keys.

What was extracted

From this, Team Twiizers was able to extract all of MIOS. After failing to disassemble it as PowerPC code, they discovered that it was actually ARM code. MIOS also includes the common key, which Team Twiizers now had.

Technical explanation

In MIOS, only the bottom 25% of memory could be used. MIOS simply made sure not to keep any important things in that range. However, by modifying the wires, it was possible to manipulate the PowerPC into using other parts of memory as the bottom 25%, allowing the rest of memory to be seen. The data extracted is then sent out through a GameCube controller port, which tmbinc set up to be receiving in a computer. When this procedure was repeated for all regions of memory, the entire memory was known.

External Links

Interview with bushing where he explains some of the details of the attack