Blog hosted on a Nintendo Wii

That :¬) face makes for a great custom emote in security-related channels.

>SSL Added and removed here!

And CloudFlare!

It’s so funny so see a top secret label below what’s clearly a hastily scribbled diagram

I was surprised at the Photo Booth usage as well. I would have just recorded it with the QuickTime Player as if it were an iOS device.

Nintendo's networking is bad no matter what console somehow

Yeah also in general the WFC code is a bit dated and not very secure.

This actually reminds me of two very interesting bugs which used together basically make it so that you can play WFC games (basically just Mario Kart Wii, nowadays) as simple as changing the DNS settings on your Wii

1. Firstly, as long as you set a particular field in the certificate, it just is completely happy with an invalid cert. (This was fixed by the NWC library by the time it was released In Korea, notably, although this bug was present in DWC for a long while.

(Aside:

I actually suspect that this bug was present in the RVL SDK (used by games and such on the PPC), but also is caused by the same cause as the signing/Trucha bug[1]. While the latter is a IOS specific exploit, it wouldn't surprise me if the same code was used in both this and DWC (the networking library). Given that Mario Kart Wii has an associated IOS version of IOS36[2], but DWC code isn't part of IOS, my hunch is that they used either the same or similar validation logic OR both bugs were squashed a part of some security related cleanup.

I haven't actually gone through the reverse engineering effort to confirm this yet, but given that this doesn't work on the Korean version of MKW, which notably uses a later version of IOS and other libraries, my hunch is that those bugs are one in the same. The fix timing at least seems interesting to me. Anyway side note over.)

2. The networking library also has an RCE caused by a buffer overrun, basically from the first message it has a length that's unchecked and the DWC library blindly memcpys data from the packet. This is kinda why it's important to have some sort of patchset that fixes these bugs.

The culmination of this is all you have to do is

1. Change your DNS settings on your unmodified Wii to point to a specified DNS server.

2. Start Mario Kart Wii (probably, although some other games work too), open up WFC

So that the game...

3. Does a DNS lookup for the NWS server which intentionally links to a 3rd party server

4. Passes validation of a bad cert which intentionally sets one of the fields to a null value in order to make the Wii accept it

5. Receives a message that contains an exploit which patches the game in memory to fix the known RCEs and setup URLs to resolve to different domains instead of using the old WFC ones among other things (such as cheat reporting that is all client-side based, etc)

all so you can play Wii games (probably Mario Kart Wii) online 11 years after WFC shut down for good :)

[1]: https://wiibrew.org/wiki/Signing_bug

[2]: https://wiibrew.org/wiki/IOS36

It puts up a bit of a fight.

https://blog.infected.systems/status/ for a plaintext status of what the Wii's doing load-wise (if it's still up, updated every ~15 minutes according to the blog).

https://archive.is/6QvVA

Loads for me at the moment

The author should have just disabled TLS! It would have been perfectly reasonable under the circumstances, and then the website would have been fully Wii-hosted, no caveats!

The status page doesn't seem to be updating....

Unfortunately the time you get to the point of even valid HTTP responses it will look less like a SNES and more like whatever-you-plugged-into-a-snes-for-power. E.g. the original Family Computer Network System addon already had more RAM and CPU power than the original console it attaches to just to interface as a modem at all, let alone something "basic" like CGI.

The Wii is probably the first Nintendo console where all the hardware you need to do this is fully built in (though maybe the Nintendo DS, depending how much you're willing to try to get Linux + your server to fit in memory without plugging in a RAM expansion pack to the GBA slot).

Whatever you end up doing on the NES would end up not being a website anymore. You want to interface with joystick port 1? Not TCP/IP anymore. Whatever gateway you would use to connect to the custom protocol would have a lot more oomph than a NES.

if you can run a web server on a C64, you can in theory run one on the NES, but you'd have to find a way around the NES's relative RAM constraints

you can run a C64 OS on the NES because of the shared CPU features, with limitations: https://github.com/calcwatch/nes64

which means you can port C64 LUnix NG to NES by adding the Famicom Disk System, which adds more RAM: https://hackaday.com/2024/02/11/running-unix-on-a-nintendo-e...

LUnix NG comes with an experimental web server: https://github.com/ytmytm/c64-lng/blob/b76b0470e28ec20d08c37..., https://github.com/ytmytm/c64-lng/blob/b76b0470e28ec20d08c37...

So in theory you could serve HTTP 1.0 from a NES. ("to whom" would be the big next question)

I don't think so without significant work, NES has only 2KB of RAM and an 8 bit CPU without MMU or many niceties taken for granted in General Purpose OS's

I doubt you can go much further back than Fifth Gen (of consoles) or so