The security of Nintendo’s Wii U appears to have been compromised.
A speedrunner called MrBean35000vr has a released a video that shows some very basic tweaking of Mario Kart 8 using a web-browser vulnerability, such as the speeding up of in-game music.
Fortunately, the hack has already been blocked by Wii U’s most recent firmware update. Those behind it, however, reckon this is a problem that can be overcome.
It has access to read and write memory, the basic library functions, and that’s about it,” he said on a web forum. We can’t access the filesystem or likewise install or change anything on it (not that we’d want to since we still have no idea how it works).
When they added the quick boot menu in 5.0.0, it moved a bunch of code around and broke our ROP (Return Oriented Programming) chain that allows us to gain code execution.
So it IS possible to get it working, we just need to find where the addresses are, which is difficult if you don’t have any way to see (with the earlier versions we had binaries and so we could see where the code was), so it may take some time.
So first we’d need to port it to 5.0.0, and then our main priority is to start disassembling and looking for an exploit in the kernel which will allow us to do a lot more and allow for homebrew. As for a timeline for when this will happen, probably not anytime soon, since unless we get really lucky, it’s gonna take a while.”
While the vulnerability appears to be limited in scope, any console security exploit increases fears of what may follow – with the end game, despite the protestations of those who evangelise such exploits, often being game piracy.