eddorre

Connecting a Wii using WPA2 and a Complex Password

I recently upgraded my 802.11n wireless bridge/access point to a D-Link 802.11n so that I could have better download speeds when streaming video content to my Xbox or PS3. The concept of this device is simple, connect all of your devices to it via Ethernet and the bridge connects to the wireless network.

Unfortunately, the D-Link bridge doesn’t like to connect to Access Points/routers that are not broadcasting their SSIDs. This was a problem for me because I had set my Apple Airport Extreme (I still hate that name – Extreme? Really? I thought we got over that in the 90s) not to broadcast my SSID.

I’ve known for a while that not broadcasting your SSID isn’t really a security measure as it only discourages wireless network snooping. Anyone that really wants to hack into your wireless network, will know how to bypass that. In order to have real wireless network security your Access point should be using WPA or WPA2 with AES encryption and a very strong password. I should note that your SSID should never be something real world. Never your physical address, social security number, family last name, etc.

With this in mind, I allowed my Access Point to broadcast the SSID and then changed my wireless password to be 63 characters long.

After the change, the D-Link bridge was up and running but my Nintendo Wii decided to have a fit and not connect anymore. Fortunately, there is a fix.

Apparently the Wii has a problem connecting to Access Points using WPA/WPA2 when using a really large password.

I found this out by attempting to type the 63 character password (TIP: use a USB keyboard do to this as entering it with the Wii remote is likely to drive people insane) and having it fail. Then I tried a simple password of testtest (changed on both my wireless Access Point and my Wii). When I changed it to use a simple password, I was able to connect.

That set me Googling in the right direction. Where I found the information on WiiChat.com and then buried on Nintendo’s own tech support forums.

Basically, the problem is this: Passwords that are 63 characters are supposed to be hashed down to a 64 hex digit key and then sent off the Access Point for authentication. Unfortunately, the Wii fails to do this as it’s a broken implementation of how keys are transmitted to an Access Point.

What Zorach found out was that you can fake out the Wii by entering in the hex key yourself instead of the password. In order to generate the hex key, he used Joris van Rantwijk’s site an entered in his password and SSID to generate the key.

Now if entering a password and SSID into a random page on the Internet is sounding alarm bells in your head, well good, you’re getting as paranoid as I am. However, I’ve looked at the Javascript code and there there is nothing funky going on. If you want to be really paranoid, save the source of the HTML file locally, disconnect from the Internet and then run it in the browser.

Type in the hex key that is generated into your Wii and it should work. I should note, that in my situation, I did have to do one more thing; I set the IP information on the Wii statically as it would not download the information via DHCP.

A shout out goes to the user Zorach for linking the information, Messowires for linking to Zorach’s post and Joris van Rantwijk making it easy for people to generate a hex key from a password.


Comments

Comments are closed

Comments are closed on this post. If you have something on your mind regarding this post, don't hesitate to drop me a line.