You’re right! I misremembered this - it’s an SSL bug that’s really the first step in the chain in this case.
When you try to connect to the Nintendo WFC using this DNS server, the DNS redirects your login request to Wiimmfi instead. Wiimmfi then uses a specially crafted SSL certificate which some games consider valid due to an IOS bug, and then lets you go online.
After you are online, Wiimmfi is using a different bug in Mario Kart Wii in order to send and execute the rest of the Mario-Kart-specific Wiimmfi patches to your game, which is what happens during the loading screen when you are online.
When you try to connect to the Nintendo WFC using this DNS server, the DNS redirects your login request to Wiimmfi instead. Wiimmfi then uses a specially crafted SSL certificate which some games consider valid due to an IOS bug, and then lets you go online.
After you are online, Wiimmfi is using a different bug in Mario Kart Wii in order to send and execute the rest of the Mario-Kart-specific Wiimmfi patches to your game, which is what happens during the loading screen when you are online.