Bluebomb v1.0 (Wii Mini Exploit) Released
Bluebomb is triggered by using a Linux based OS with a compatible Bluetooth adapter and a USB storage device. Bluebomb can be used with a normal model Nintendo Wii along with the Wii Mini.
It's advised as of now not to install anything to the Wii Mini NAND including cIOS (that includes the cIOS used to play backups)! Until there's some changes made to these files and/or tools you will more than likely brick your console. That means no backups for now on the Wii Mini.
Description
Bluebomb is an exploit for Broadcom's Bluetooth stack used in the Nintendo Wii. Bluebomb will allow you to run an unsigned ELF file from a USB device, therefor giving you the ability to install the Homebrew Channel. Bluebomb was discovered for use with the Wii Mini, but can also be used to exploit normal Wii consoles.
Instructions
You will need a Linux computer to do this! Download the pre-built binaries from the releases page and follow these instructions.
1. Download BlueZ from [here](http://www.bluez.org/download/), you just need the user space package.
2. Extract it and run build it with `./configure --enable-deprecated && make` (If you are using Ubuntu, you might need to install some needed packages with `sudo apt install libglib2.0-dev libdbus-1-dev libudev-dev libical-dev libreadline-dev` before this works)
3. Enter the `tools` directory and run `sudo systemctl disable --now bluetooth`
4. Run `sudo ./btmgmt`
5. Run the following commands in the managment prompt `select 0` `info` If you get an error about `Invalid index` then Linux can't find a Bluetooth device on your computer, if one real hardware make sure you have firmware for your bluetooth adapater, if in a VM make sure you have passed through the device. Assuming the above does not happen then you can continue. `power on` `connectable on` `bondable on` `discov on` `info` You should now look at the `info` results and check the `current settings` line for the following: `powered connectable discoverable bondable br/edr` If you don't have one of the above settings in your list, make sure you executed all the above commands. You can now `exit` out of the managment prompt.
6. Run `sudo ./hciconfig hci0 iac liac`
7. Run bluebomb with the arguments to the app-specific payload and the stage1 you would like to run. Ex. `sudo ./bluebomb ./stage0/MINI_SM_NTSC.bin stage1.bin` for a NTSC Wii Mini's System Menu. You can also specify which hci device to use with bluebomb by adding before the `stage0` and `stage1` arguments. Ex. `sudo ./bluebomb 1 ./stage0/MINI_SM_NTSC.bin stage1.bin` to use HCI1.
8. Start you Wii and navigate to the app that you are exploiting, for the System Menu you only need to turn on the Wii, you can leave it sitting on the Health and Safety screen.
9. Turn OFF your wiimote at this point, do not let anything be connected to the console via bluetooth.
10. Make sure you console is close to your bluetooth adapater, you may have to move it closer to get it in range, this will depend on your adapater.
11. Click the SYNC button on your console, you may have to click is several times in a row before it sees the computer. You will know it is connected when bluebomb prints "Got connection handle: #" Stop pushing the SYNC button and wait for bluebomb to run, what happens will depend on what `stage1.bin` you are using. The one from this repo will load `boot.elf` off the root of a FAT32 formatted usb drive and run it. You can use the HackMii Installer's boot.elf from [here](https://bootmii.org/download/) to get the Homebrew Channel.
IMPORTANT: The steps above will have disabled the bluetooth service on your machine to run the exploit. To enable the bluetooth service again run `sudo systemctl enable --now bluetooth`.
Changelog
v1.0
* Initial commit
Links & Downloads
https://github.com/Fullmetal5/bluebomb
 Released){kind=link}
0 Comments