1. jbmPlaysGaming

    OP jbmPlaysGaming Member Newcomer

    Joined:
    Feb 1, 2017
    Messages:
    24
    Country:
    United States

    [Part of this guide is still being worked on, SD Corrupter and Dolphinophile are not finished.]


    I know you probably won't trust me due to my minimal message count, but I hope that at least one person finds this useful.

    This thread is an attempt to help Wii owners protect their consoles from the Project Dandelion attack that GBATemp was talking about earlier today (see here).

    I will edit this as soon as people get more information on the project.

    Please keep in mind that if your Wii is not hacked, you should be okay, and do not need to follow the instructions below. However, if your Wii is hacked (meaning you have the Homebrew channel), then please follow the precautions below.

    If anyone has any other ideas/precautions to keep others safe, please let me know.

    I have tested some of this, and while this may seem ironic: use at your own risk, I do not own any responsibility if anything goes wrong. I have not run this malware on any Wii, so I do not have any experience in how much damage is inflicted when running it. I am running v4.3U, but your version and Wii may act/be different. This is not 100% destined to work for every single Wii, but the precautions that I can run have worked for me.

    With all of that out of the way, let's jump right in.

    To start off, here's an MD5 / CRC32 list of all the applications. This list will update as soon as people find more malicious software. (This includes more than just Project Dandelion!) See the blacklist below:
    Format: MD5 / CRC32

    List:
    1. E32F2A9837CE320EE67D872413E58269 / d3a65e0b
    2. F947B5CFB325752FE4BC19338153CD2E / 49ea1da8
    3. 0CFC7204D909C4502D7D931F41486FA0 / f287cfab

    Please report any more malicious software you are aware of/you have been affected by, and I will put it here immediately.
    Okay, now we can talk about the programs.

    Starting off, let's resolve Wii Bricker 9000:
    Looking in the public source code, this will be disguised as Wii Pong (it will be displayed in the Homebrew Channel as "Simple Pong"). Installing Priiloader and BootMii is an absolute must. If you have installed Priiloader and BootMii already, the best you can do is to avoid running any Homebrew application, in general, that has the MD5's / CRC32's that match the blacklist, especially Wii Pong/Simple Pong.

    However, if you do not have it installed, now is a good time to do so. DO NOT FOLLOW THESE NEXT INSTRUCTIONS ON A vWii, OTHERWISE, IT WILL BRICK! Install BootMii as IOS first with the HackMii Installer, then download Priiloader from the creator's direct page here (do NOT get it from WiiBrew after the 7th of September, however, you can check before then and see that the link is accurate to WiiBrew's page) and install.

    Once Priiloader and BootMii are installed, open BootMii's IOS. Press the POWER button twice to select the SD menu, then press RESET twice to open that menu and start BackupMii. Verify the backup, and exit if all goes well. Don't worry about having a few bad blocks, those are normal and usually go away after verification.

    If you do end up running Wii Bricker 9000, open Priiloader and start "BootMii IOS". Press the POWER button twice to select the SD menu, then press RESET to open that menu. Press POWER to select RestoreMii, then press RESET to open it. Once finished, exit.
    Next up is NAND Trasher:
    ATTENTION! DO NOT FOLLOW THESE INSTRUCTIONS ON A vWii, OTHERWISE, IT WILL BRICK!

    Installing Priiloader and BootMii is an absolute must. If you have installed Priiloader and BootMii already, the best you can do is to avoid running any Homebrew application, in general, that has the MD5's / CRC32's that match the blacklist, especially Wii Pong/Simple Pong.

    However, if you do not have it installed, now is a good time to do so. Install BootMii as IOS first with the HackMii Installer, then download Priiloader from the creator's direct page here (do NOT get it from WiiBrew after the 7th of September, however, you can check before then and see that the link is accurate to WiiBrew's page) and install.

    Once Priiloader and BootMii are installed, open BootMii's IOS. Press the POWER button twice to select the SD menu, then press RESET twice to open that menu and start BackupMii. Verify the backup, and exit if all goes well. Don't worry about having a few bad blocks, those are normal and usually go away after verification.

    If you do end up running NAND Trasher, open Priiloader and start "BootMii IOS". Press the POWER button twice to select the SD menu, then press RESET to open that menu. Press POWER to select RestoreMii, then press RESET to open it. Once finished, exit.
    Let's talk about Priiloader and resolve Priiloader Killer:
    ATTENTION! DO NOT FOLLOW THESE INSTRUCTIONS ON A vWii, OTHERWISE, IT WILL BRICK!

    Installing Priiloader and BootMii is an absolute must, which is why Priiloader Killer is such a large threat to those who haven't protected themselves from it yet. If you have installed Priiloader and BootMii already, the best you can do is to avoid running any Homebrew application, in general, that has the MD5's / CRC32's that match the blacklist, especially Wii Pong/Simple Pong.

    However, if you do not have it installed, now is a good time to do so. Install BootMii as IOS first with the HackMii Installer, then download Priiloader from the creator's direct page here (do NOT get it from WiiBrew after the 7th of September, however, you can check before then and see that the link is accurate to WiiBrew's page) and install.

    Once Priiloader is set up, hold the RESET button while turning on your Wii. Go down to Settings, and turn on Protect Priiloader and Protect Autoboot. DO NOT SET A PASSWORD, this will lock you out of your Wii. Boot up into System Menu.

    If you have been affected and Priiloader does not work, try reinstalling Priiloader if you have not been bricked. Otherwise, you, unfortunately, are not able to fix your Wii. You may need to shell out a few extra bucks to get another one.
    Next up, let's keep our Mii's safe from DeleteMiiMiis:
    ATTENTION! DO NOT FOLLOW THESE INSTRUCTIONS ON A vWii, OTHERWISE, IT WILL BRICK!

    Installing Priiloader and BootMii is an absolute must. If you have installed Priiloader and BootMii already, the best you can do is to avoid running any Homebrew application, in general, that has the MD5's / CRC32's that match the blacklist, especially Wii Pong/Simple Pong.

    However, if you do not have it installed, now is a good time to do so. Install BootMii as IOS first with the HackMii Installer, then download Priiloader from the creator's direct page here (do NOT get it from WiiBrew after the 7th of September, however, you can check before then and see that the link is accurate to WiiBrew's page) and install.

    Once you return to the Homebrew channel, press "HOME". Click "Launch BootMii". Press the POWER button twice to select the SD menu, then press RESET twice to open that menu and start BackupMii. Verify the backup, and exit if all goes well. Don't worry about having a few bad blocks, those are normal and usually go away after verification.

    If you do end up running DeleteMiiMiis, open Priiloader and start "BootMii IOS". Press the POWER button twice to select the SD menu, then press RESET to open that menu. Press POWER to select RestoreMii, then press RESET to open it. Once finished, exit.
    But that SD menu in BootMii? It won't work if SD Corrupter gets in our way:
    You will need a blank CD and your SD card. If your Wii is currently on, turn it off and eject the SD card. Even a USB if you have one if you want to keep that safe too.

    Figure out your system architecture. Big words, I know, but stick with me. On macOS, open the Terminal and type in
    If it says 64, you are using a 64-bit architecture. If it says 32, you are using a 32-bit architecture.

    On Windows, press Windows+R at the same time, and type in
    If you get an error saying it doesn't exist, you're using a 32-bit architecture. If your file explorer pops up, you're using a 64-bit architecture.

    Head here and download the GParted Live .iso that matches your architecture.

    If you have a 32-bit architecture, download gparted-live-1.0.0-3-i686.iso
    If you have a 64-bit architecture, download gparted-live-1.0.0-3-amd64.iso

    Burn your .iso as an image to the CD. Do not run it yet.

    Take your SD card, and put it into your computer. Make a folder for your SD backup, then name it and put it somewhere that you will remember. Drag the contents of your SD card, and put it inside of the SD backup folder you've created.

    If you're doing the same with your USB, do the same thing you did with your SD card, but with a new folder for the USB backup.

    If you have run SD Corrupter, and/or have followed the steps above beforehand, do the following steps below:
    Otherwise, if formatting didn't work, and/or you haven't followed these steps, you may need to shell out a bit more money to just get a new SD and/or USB.
    Let's make sure you can connect to the Internet and fix NoConnect24:
    Installing Priiloader and BootMii is an absolute must. If you do not have it installed, now is a good time to do so. Install BootMii as IOS first with the HackMii Installer, then download Priiloader from the creator's direct page here (do NOT get it from WiiBrew after the 7th of September, however, you can check before then and see that the link is accurate to WiiBrew's page) and install.

    Once Priiloader and BootMii are installed, open BootMii's IOS. Press the POWER button twice to select the SD menu, then press RESET twice to open that menu and start BackupMii. Verify the backup, and exit if all goes well. Don't worry about having a few bad blocks, those are normal and usually go away after verification.

    If you get RiiConnect24 Patcher, open up the .bat file in Notepad, and do CTRL+F. Look for this piece of code:

    If you do not find it, you may be in danger of getting NoConnect24 if you run the "mail patcher" it gives you.

    If you do find it, be safe and make sure the code is at line 3044. If it isn't, this is not the real patcher. If it is, keep going and look for this piece of code:

    If you do find it, this is not the real patcher. If you don't find it, keep going and look for this piece of code:

    If you do find it, this is not the real patcher. If you don't find it, this is a real patcher and can be executed safely.

    If you want to be 100% positive that your Wii is safe when running this patcher, get the patcher from the official GitHub releases page here.

    If you have been affected by NoConnect24, open Priiloader and start "BootMii IOS". Press the POWER button twice to select the SD menu, then press RESET to open that menu. Press POWER to select RestoreMii, then press RESET to open it. Once finished, exit. If you did not install Priiloader, or Priiloader Killer managed to defeat your installation, then there is sadly no way to recover from this.
    Finally, let's fix your Dolphin installation and resolve Dolphinophile:
    Okay, let's talk about dates.

    Some software is already public (probably on accident), but we have been given certain dates to watch out for. Here they are (slightly modified, as there is a countdown timer on the official website which cannot be portrayed here):
    Please stay safe out there.
     
    Last edited by jbmPlaysGaming, Sep 3, 2019
    Reynardine likes this.
  2. FancyNintendoGamer567

    FancyNintendoGamer567 GBAtemp Maniac Member

    Joined:
    Feb 13, 2017
    Messages:
    1,007
    Country:
    United States
    What's Dolphinophile? I'm assuming it prevents the homebrew app from actually being ran on Dolphin so that you can't test it.
     
  3. sks316

    sks316 (Future) VTuber - Princess Lillie of the Stars Member

    Joined:
    Nov 28, 2013
    Messages:
    2,869
    Country:
    United States
    Nope. It's quite the opposite, in fact. Dolphinophile is supposed to completely trash your Dolphin installation.
     
    jbmPlaysGaming likes this.
  4. FancyNintendoGamer567

    FancyNintendoGamer567 GBAtemp Maniac Member

    Joined:
    Feb 13, 2017
    Messages:
    1,007
    Country:
    United States
    So basically a Dolphin version of NAND Trasher? K
     
  5. Trash_Bandatcoot

    Trash_Bandatcoot Your Local Random Internet Geek Member

    Joined:
    Jul 14, 2018
    Messages:
    1,120
    Country:
    Netherlands
    Good job mate, you're giving him what he wants:
    ATTENTION.

     
  6. Vilagamer999

    Vilagamer999 VIP+ Member

    Joined:
    Jun 21, 2018
    Messages:
    305
    Country:
    United Kingdom

    Not related but, the wiibrew download link for benzin contains malware...

    http://wiibrew.org/wiki/Benzin
     
    jbmPlaysGaming likes this.
  7. jbmPlaysGaming

    OP jbmPlaysGaming Member Newcomer

    Joined:
    Feb 1, 2017
    Messages:
    24
    Country:
    United States
    This was done in December of 2018, that claims to be the latest update. It may have been reverted.

    I checked the .zip file with macOS, the source claims to be from 2012, while "ezbenzin.exe" claims to be from 2016.

    I'll look into this a bit more. Thank you for bringing it to my attention!

    Honestly, stuff like this is going to get attention anyways. You're also fueling the fire, so no point in burning it out now:



    I'm gonna analyze that video and get all of those hashes, by the way, Frutre.

    Also, now that I know you've seen this, here's a message for you:

    Ok, moving on from that...

    As said previously, Dolphinophile is meant to ruin your Dolphin installation to prevent you from testing this stuff.
     
    Last edited by jbmPlaysGaming, Sep 9, 2019
  8. Vilagamer999

    Vilagamer999 VIP+ Member

    Joined:
    Jun 21, 2018
    Messages:
    305
    Country:
    United Kingdom
    When I download the file it detects ezbenzin.exe as a virus, once that file is deleted everything else in the folder seems to work, Ill try running ezbenzin in a vm or in sandbox mode...
     
  9. Trash_Bandatcoot

    Trash_Bandatcoot Your Local Random Internet Geek Member

    Joined:
    Jul 14, 2018
    Messages:
    1,120
    Country:
    Netherlands
    No! There is nothing I can do! It’s not my fault that I made an article and some (rumoured alt account) includes my name into it! You made this post, so if there is anyone adding fuel to fire to this, it’s you.

    Nothing to investigate, Sherlock. Nobody is dumb enough to install his garbage anyway. He can easliy change 1 value and bam, another 8000 MD5 hashes. Plus, it has been delayed again, so expect delays after delays after delays.

    Just let it as it is.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - precautions, Addressing, Dandelion

Share this thread:

Facebook Twitter Reddit Tumblr Telegram WhatsApp
Site Map