The history of homebrew on the Wii

Chapter 0 - {root@wii}#

It all started back before the Wii was released with some people trying to get a Linux distro going on the GameCube.  Since the Wii is effectively a 2X speed Gamecube with USB, an SD card reader and Bluetooth connectivity, the groups redirected their efforts on the Wii.

THe first major breakthru came from Team Twiizers which discovered a buffer overflow vulnerability in the Zelda Twilight Princess game.  It involved setting the horse's name to an invalid value,

HELLO 
MY NAME IS 
EPONA":LOAD"BOOT.DOL",8,1

then, as Moss would say, you get yourself an unexpected reboot. This allowed to load and run boot.dol from the root directory of the SD card.  For a while, that was how to run homebrew: Load Zelda, recall special savegame, talk to a man about a horse, and boot.dol is loaded.

Chapter 1 - Shopping at the HBC Channel

Team Twiizers then unleashed their second coup, the Homebrew Channel.  This was made possible by a second exploit which allowed them to discover a way o install arbitrary code as a Wii channel. A serious weakness exists in the signature verification code which fails to verify the complete data.  Instead of taking millions of years to crack a digital signature, the process took mere hours.

Suddenly, Zelda was no longer needed once the channel was installed.  

All that was needed was to copy the proper files in the SD's /apps/ directory.  The homebrew scene exploded as everyone started porting emulators, media playes rand or creating simple games from scratch.

As libraries improved, homebrewapps gained access to the WiFi, USB storage devices and keyboards. There are emulators for most retro consoles and computers, from Atari 2600 to Nintendo 64, Commodore and Apple ][.

The latest improvement is the Homebrew browser.  It allows over-the-WiFi installation of homebrew apps without having to pull the SD and use a computer to add content.

Then things started to go grey hat. Those emulators need ROM dumps and those are copyrighted. The fight between fair use and copyright/DMCA rages on ...

Chapter 2 - Chinks in the armor

Rumors started surfacing about defeating DVD encryption without hardware modding.  Modchips have existed for the Wii from very early on but this was a software solution.

The second breakthru is installing custom IOS'(BIOS for the WII) on the console. This allowed the creation of the DVDX module, providing direct access to the DVD drive bypassing the Wii's encryption chip.  This was made to enable playing DVD movies from the homebrew media players and loading homebrew direct off  burned DVDs.

It was only a matter of time before someone wrote a boot loader that read a burned Wii DVD. Black hat stuff.

 Chapter 3 - The Empire Strikes Back

Nintendo did not stand idle while this was happening. There was two major system upgrades which provided little or no improvements to the user interface but sealed the reaches discovered by the homebrew and soft-modders scene. As these system updates get applied, it becomes more and more difficult to liberate the console.

These updates are difficult to circumvent as newer games and Nintendo-controlled channels require a system update before loading.

For now the updates do nothing more than close the loopholes but in the future another system update may (inadvertantly?) brick soft-modded Wii consoles.

This story is still being written ...