How (Easily) The Conduit Was Hacked

While The Conduit may be mature gamers' shining star on top of the Wii tree this year (at least, we think so), many are reporting that cheaters and glitches are abundant in the game's popular online multiplayer section.  And while many are finding this to be a game-breaker, the person who broke the game isn't too worried.

An infamous code breaker (arguably, game hacker) by the handle "hetoan2" discovered The Conduit's infinite HP and ammo codes recently, in addition to other Wi-Fi hacks like rank modifier, being hidden on radar, and "moon jumping."  Some dirty players may be scrambling for any modification system to play the game with these codes on (as many work for single player as well).

The Wiire reached out to hetoan2 to find out what is going on behind the scenes for The Conduit.  The gritty details may cast a shadow on the game darker than its own storyline.

The Wiire: First, how did you discover these loopholes in the game? How easy was it to modify the game?

hetoan2: I discovered these loopholes in the game by using a device to dump the data from the wii, remote debugger, and GeckoOS (a homebrew program) to search and create the codes. The process is simple really, just using a bunch of searches on changes on in-game variables, and once you find where they're stored you can rewrite the code to make it do what you want, or you can write your own code to make it do what you want.

It isn't that simple with every game, as he notes, "sometimes you can't write your own code," with the important qualifier, "but not for the Conduit."  This is where gamers have every right to be nervous about how the game was developed.

hetoan2: Everything is virtually unprotected. All values can be edited fairly easily, and there's virtually no sign of an attempt at hiding values, fixing bugs, or preventing online hackers. The online codes are identical to the offline versions because the offline game is the same as the online version. The only difference is in the online mode the game sends the variables in real-time to their server. Keep in mind that there are NO server checks. (If the value instantly changes abnormally, usually the server will boot you from the game or make you desync from the other players.)

You've claimed that the codes you released "don't work." Why did you release them, then?

hetoan2: Actually, the first codes I released that I urged users to not use would actually cause all their save data(s) to become corrupted once they entered the online play to try and use them for cheating online. This was just an attempt at cleaning out the potential online hackers before they got the real codes.

At this point in our conversation, I began doubting hetoan2, thinking it "a likely story."  That is, until I was shown assembly code and was informed a bit about conversation between him and High Voltage employees.

Making his more "noble" intentions even more apparent is the faked code itself:

hetoan2: In the beginning when I did say that the codes didn't work I had posted this code:

Infinite HP, Ammo, and NO Reloads [hetoan2]:
42000000 80000000
047587FC 6675636B
04769478 20796F75
E0000000 80008000

If you look into the code it actually says to do ram writes to 807587FC and 80769478 which if edited will brick the save files.

There's a bit of a message to users of the hack hidden in the code itself.  If you convert the Hex code to ASCII, you'll see two words directed to the cheaters hetoan2 is claiming to prevent from cheating in the game, "f*** you."

Can you elaborate on what you've learned about High Voltage's online system for The Conduit?

hetoan2: I have learned that the online system is identical to the offline version besides the fact that data is sent and received from the server. Other than that there are no online server checks except for the exception with the player run speed being fixed at 80 when online.

This is what's causing online spawning glitches because the spawning points can't be modified in single player (without hacks), but in the online they are dynamic and practically randomly generated. There is no protection on this area and a slight desync during the loading of the level can create this annoying glitch.

What have they told you about what they are doing regarding it? Has Nintendo themselves seemed to be interested in combating the issue?

hetoan2: HVS has not told me exactly what they plan to do in their future games, but I have given them some suggestions for online checks and a couple of different banning methods (for future online hackers) that are different from Nintendo's.

Currently, they are looking out for online hackers using codes and are tracing MAC addresses that are sent by the game that will be collected, sent to Nintendo, and eventually banned.

Nintendo doesn't really seem interested with online hacking in non-Nintendo and their less popular games. Right now they seem to be primarily concerned with Mario Kart Wii and preventing homebrew all together with future updates and removing videos on YouTube for new exploits (like bannerbomb).

If you need proof they're neglecting their online system in older games. I'm striker of the day in Mario Strikers Charged with very obvious hacked stats. [Here's proof] that they don't and won't look, even though they did in the past (since inappropriate names were allowed before):

In your opinion, what do you think High Voltage can do about cheaters in The Conduit?

hetoan2: Right now HVS cant do anything about the cheaters except log them and have Nintendo ban them. I would not be worried if you are going to buy the game. There are very few cheaters (people using hacks) so far in the Conduit. The severity of the codes is pretty high though, which makes them very easy to track. I have given HVS specific values and addresses to look for in the game, so even if you have ANY codes on, they will know, even if you don't use them. They can track these on the server and easily get your Wii's MAC address (better than IP banning because IPs are dynamic) and they will ban you. They can also see users using a modified version of the game (so that they can get the debug menu) they will ban you also. That's probably even easier to trace.

It sounds like High Voltage is more "hopeful" that this will happen. As you said, Nintendo doesn't seem to care about hackers in the online community. Do you think Nintendo will actually go through with banning based on MAC addresses?

hetoan2: Nintendo has already started banning MAC addresses with the 20102 error code which is basically a ban from all wifi games.

HVS is collecting MACs (which they can do) but it's 100% up to Nintendo with the execution of the bans. It seems as if people will be banned from 3rd party games not soon, but probably either in the next 3 and 4 banning waves (the last one being on July 2nd). So right now it could be going either way. Doesn't look like its going to happen since I've hacked highscores in CoDWaW and Megaman 9 and they either haven't noticed or haven't cared to tell Nintendo. So that could be how this could go. It just depends.

To be fair, hetoan2's blog points out a way to dodge Nintendo's 20102 error code, so some diligent players may be able to skirt this problem.  Even so, it seems that everything depends on Nintendo.  At least this hacker is hopeful.

hetoan2: I hope they do ban the cheaters on The Conduit. Even though I've made *some* codes, it's gone too far, I haven't released all of the good codes I have, but the cheaters are out there and banning them is the only thing that's going to stop them. I'm sure if Nintendo releases another console they've learned alot from the whole Mario Kart Wii experience at least.

Pointing the finger here could be so easy.  What makes things worse is that hetoan2 is likely not the one releasing the legit codes, as he explains.  And what is incredibly unsettling is that The Conduit was a door left wide open.  In fact, it reminded me of Game Shark or Game Genie hardware that could search for and change a game's values, similar to this process.  Except those were on systems like the Nintendo 64, which should be archaic by today's standards.

It seems that even with working codes and working save files, cheaters will wind up finding themselves disconnected.  And for the sake of gamers hoping to have a good online shooter on the Wii, let's hope so.