Super Smash Bros. Brawl stage builder exploit discovered

Posted Jun 5, 2009 at 10:57AM by Ryan F. Listed in: Wii Tags: comex, Nintendo
Ó


Apparently a new exploit for the Nintendo Wii was discovered today and it seems this one is quite difficult for Nintendo to patch. The exploit found by comex explores a vulnerability in Super Smash Bros. Brawl's stage builder code to run arbitrary homebrew code. So what's the difference between this and the others released before?

This is different from other exploit because this one does not go through the System Menu,  and as of this time, Nintendo has no method on the Wii for patching games. Currently it will load an elf file from /boot.elf on the SD card.

To use use the exploit, all you have to do is delete all the custom stages of SSBB on your Wii, then copy over the file. When you enter the stage builder menu, it will automatically run /boot.elf on SD. The coder says that the exploit will be released soon, in the meantime, watch the video below to see the exploit in action.





Related article::


 
 
 

Comments [refresh]

by DARKnikon - 2009-06-05 06:14
» Awesome

I think I will finally get into the Wii homebrew scene with this. I just have to wait for the exploit to release, right?

by Silver-Tiger - 2009-06-05 06:53
» ...

This is just GREAT! These kind of exploit isn't so easy to fix for Nintendo, as there is no method to patch games yet.

by Stinky_1 - 2009-06-05 06:57
» ...

for now this exploit will sit on the shelf. Since Bannerbomb works so well, and requires NO hardware or software of any sort (except for SD card), its much esier to use.



BUT, when ninty fixes banner bomb this exploit will work ALL WAYS. The TP hack was stoppable because it required you to load the save onto the wii first. Since this can be booted to the game, then insert the SD, there is no way to stop it. Works much the same as the GTA exploit for PSP.



Very very good news in deed. This way we will ALWAYS have a way to get bootmii onto the wii. And as long as you have that, you have full control.



I bet Bushing is drooling over this exploit all ready!

by potat4o - 2009-06-05 07:32
» re:

great news for such a popular game!

by FreePlay - 2009-06-05 09:30
» ...

"Nintendo has no method on the Wii for patching games."



Didn't they patch the Twilight hack?

by DARKnikon - 2009-06-05 11:07
» Noob

I have a hacked PSP so I am familiar with that scene but I am new to Homebrew on the Wii. My Wii is ver 4.0U and I heard that this version did in fact disable the Twilight Hack. Does this new exploit found in SSBB offer hope that I too can see the Homebrew Channel on my Wii soon?

by PCEngineSHMUP - 2009-06-05 12:16
» good news

this is indeed awesome news

by ov3rkill - 2009-06-05 15:10
» bannerbomb?

why not use the bannerbomb exploit since it's compatible?

by ov3rkill - 2009-06-05 15:11
» yeah

this is indeed a great exploit...

hopefully it'll be release in public soon.

so many awesome news lately especially with the psp scene too.

PSP-3000 can have their own custom firmware now. xD

by haru3173 - 2009-06-05 18:42
» why is it hard to patch?

Can't nintendo just make a system menu patch that renders that exploit useless? I don't get it.

by Silver-Tiger - 2009-06-05 20:19
» ....

Yes, they produced new DVDs with the patch, but they didn't patch the "faulty" discs itself.



Replacing every disc iwould be completely impossible.

by Lazyboy256 - 2009-06-06 02:29
» This is

great news! A lot of people have this game, and from what I've seen it looks simple to do. Many of us will be able help our friends mod their Wiis when comex releases this exploit :)



Kudos to him!

by Techni - 2009-06-06 09:37
» ..

nope

by MitchenX - 2009-06-06 15:20
» yeah

same for me, long-time PSP but new to Wii... Was all set to do Twilight Hack, then my brother updated to 4.0... waited about a week, and Bannerbomb finally came out and solved everything :)

by HenshinMijin - 2009-06-06 18:15
» Likely yes..

The exploit may need to be prodded into opening up. Or maybe you could in fact just try deleting all custom stages and putting the HBC elf file on your SD root.

Orrr.. you could just use BootMii.



fo shizzle

~K Dizzle%u2122

by HenshinMijin - 2009-06-06 18:18
» No patch ..firmware update.

The Twilight hack was neutralized not by making newer Zelda game disks, but rather with a firmware update which removed corrupted/altered save data.



fo shizzle

~K Dizzle%u2122

by Stinky_1 - 2009-06-07 03:57
» ...

I am sure I touched on this a couple posts up, but to answer your question.



TP hack was based on creating a bogus save file that would crash the game once loaded. This relied on the ability of the wii itself to allow you to transfer the save file from an SD card to the wii system. After it was on there, you loaded up the game with your new save file.



This exploit works differently. You do not have to install anything at all to the wii. So, there is no way at all for the wii to know that it is about to be exploited. You simply boot the game up, then tell it to load your custom stage from the sd card. You could even insert the SD cards AFTER the game has been loaded. Once the game itself has been loaded the wii assigns ALL control to that game. It assumes that since the game has been signed by ninty it can not do anything malicious.



So, the TP hack was stopped simply by intercepting the save file as you tried to install it into the wii system memory. At this point, the wii still has full control of the system. So it was easily checked, and stopped. If someone could find a way to get the TP hack into system memory it would actually still work in the game, since no patch was created for the game. So that vulnerability is still there.



Since the SSBB exploit does NOT need to be installed on the system menu first, the ONLY way to stop it is to fix the exploit in the game itself, and start shipping new discs with the fix on it. Similar to what rockstar did with GTA for PSP when it was used for downgrading.



Hopefully that makes sense. I figured you would have know this all ready. But, this should make it a bit more clear

by Stinky_1 - 2009-06-07 04:06
» ....

bannerbomb works just fine for now. So, until system menu gets updated in 6 months or so, this exploit will just sit on the shelf. No need to use it when bannerbomb is easier, and does not require a special game.

by Lazyboy256 - 2009-06-07 10:30
» Aye

Yeah you're right.

Thanks for explaining how this exploit works too.

by HIMFan - 2009-06-08 03:44
» Yeah

I'm gonna buy a copy of this game. I have friends that buy Wii's all of the time and people at work that do the same. Since the bannerbomb CAN and WILL be patched with another update, and this is unpatchable, I'm just gonna start using this method now. Everybody will have to have a copy if they don't already. It'll be like Twilight Princess or Lumines( for PSP) or GTA Liberty City Stories all over again. All of the stores will be out of those copies for a while and people won't have the game while homebrewers and pirates all over the city will have a copy.

by Ryosuke - 2009-06-11 23:37
» good good

Nintendo's official response: We will do everything to stop piracy and we are hard at work to fix all these exploits very soon.



Nintendo's unofficial response: SSBB is out for over a year now...what on earth took you so long?



Anyway as someone who already has over 50 Wii titles and pays for his Wiiware I am really looking forward to BootMii because I prefer that no "unofficial" code is located on my Wii and I really need it for copying ALL my unmovable saves (how retarded can they be) and region free GC and Wii playback.

Add QJ.NET
Add to My Yahoo!
Google Reader Subscribe with Bloglines
Add  to your Kinja digest Subscribe in NewsGator Online
Subscribe with Pluck RSS reader Add 'www.qj.net' to Newsburst from CNET News.com
Subscribe with SearchFox RSS del.icio.us www.qj.net
Add to Technorati Favorite! Add to My AOL
furl! it Stumble for Treehugger!