vWii

Originally posted by stomp_442 on the forum

 

Configurable USB Loader

CFG Mod 70 r78 has been released. A mod of the original Configurable USB Loader because the original developers no longer support the project. This will work on a Wii and vWii (Wii U in Wii mode).

r78
-Fixed downloading cheat files (Thanks pabloacurielz)
-Fixed Forcing video modes for Nintendont

recent CFG Mod changelog:
r77
-Fixed Starting FST files through Nintendont

r76
-Changed “Force Devo” to “Default Gamecube loader”. It can now be set to Nintendont
-Added Nintendont LED support

r75
-Added missing NintendontConfig.h file it should compile now.

r74
-Added Nintendont support

download – here

source – here

Visit The Forum To Discuss The Story: CFG Mod 70 r78 is released

xerpi

has managed to get the PS4’s Dualshock 4 control pad running on the Wii, here is a quote from his artcle on the forum:

I’ve spent a few days trying to get a connection between the Wii and a Dualshock 4. In order to get it working, I had to do some “reverse engineering” to the libogc’s Bluetooth stack and I finally found what was happening: the Bluetooth protocol authentication part of the libogc’s bluetooth stack was missing. I’ve already submitted a patch to the official libogc repository.

Well, after getting the “authentication” working, I started implementing the specific DS4 bluetooth protocol (thanks to here and here).

The Dualshock4 need to be paired through USB before establishing a Bluetooth connection, so I’ve crafted a program called ds4pair_wii that makes this, it pairs the DS4 to the Wii’s Bluetooth address. ds4pair_wii also writes to the SD a file called ds4wiibt_config, which has a list of each MAC of all the paired DS4 controllers.

After pairing, the connection can be established, once you press the PS button, the Dualshock 4 will try to connect to its paired MAC. Before this, the Wii has to be listening (aka waiting) for the DS4 controller to be turned on. After this, connections is established.

Steps:

  1. Run ds4pair_wii with the DS4 connected over USB, it’ll create a config file to the SD
  2. Run ds4wiibt (it’ll load the config file), turn on the DS4 (press PS button)

Compiled apps: https://www.mediafire.com/?1ld710qi1whk55i
ds4wiibt source code: https://github.com/xerpi/ds4wiibt
ds4pair_wii source code : https://github.com/xerpi/ds4pair_wii

Enjoy!

Visit The Forum To Discuss The Story: [Working PoC] ds4wiibt – Connection between Dualshock4 and Wii through Bluetooth

I’ve read the whole bootrom code and i have to admit, that big N has done a good job on hiding where and how it calls the AES code.
Finding the AES implementation is easy, it’s just before the ancast header check function and after the most useless function.
Finding how the AES implementation is called, is a little bit hard, for two reasons:
there are no cross references in the text segment; This means you will not see something like:
bl AES_Decrypt
there are no addresses saved in the data segment:
AES_offset: .long AES_Decrypt
So how to find it? you have to read the code, because the value is hardcoded and saved into a memory on an unknown address (like 0xE0000000); then a function will load that addresses to the count (CTR) register and jumps there.
I’ll make an example:

How normally should be:

1Screenshot 2014-03-07 11.20.17

How is obfuscated on the Wii U:

2Screenshot 2014-03-07 11.22.01

Deroad Said
The last thing:
I had a lot of fun on reverse the whole bootrom. You’ll find interesting stuff, there (but not keys :P).

Source