Tweezer Attack

From WiiBrew
Jump to navigation Jump to search

The Tweezer Attack was an exploit that involved the use of a pair of tweezers to bridge areas of memory, allowing homebrew code running in Gamecube mode to have access to limited sections of Wii memory in order to map out the rest of the console a small piece at at time.

The Tweezer Attack has been patched against by Nintendo in order to prevent people from reproducing it and obtaining their Wii's private encryption keys.

What was extracted

From this, Team Twiizers was able to extract all of MIOS. After failing to disassemble it as PowerPC code, they discovered that it was actually ARM code. MIOS also includes the common key, which Team Twiizers now had.

Technical explanation

In MIOS, only the bottom 25% of memory could be used. MIOS simply made sure not to keep any important things in that range. However, by modifying the wires, it was possible to manipulate the PowerPC into using other parts of memory as the bottom 25%, allowing the rest of memory to be seen. The data extracted is then sent out through a GameCube controller port, which tmbinc set up to be receiving in a computer. When this procedure was repeated for all regions of memory, the entire memory was known.

External Links

Interview with bushing where he explains some of the details of the attack