4/28/2021 0 Comments Download Wii Common Key File
One of those chips is 2kbit serial EEPROM, which stores the MS signature on the the ECC key.This key is known by all Wiis, but is never used, directly, to encrypt anything.
Instead, all titles are encrypted with a random AES key; this key is then encrypted with the Common key and then stored inside a ticket. The ticket is then transmitted along with the content on discs, its part of the certificates found before the encrypted data starts. Thus, knowing the common key allows you to decrypt most Wii content, as long as you have the right ticket. This key is stored in the OTP area inside the Starlet ARM core inside the Hollywood package. This key is used by the System Menu (1-2) to encrypt anything before writing it out to the SD card, and its used by 1-2 to decrypt anything read from the SD card. This is done mainly for the purpose of obfuscation, to keep people from examining savegames. Its worth noting that all Wii games save their data to the internal NAND no game supports loading or saving data directly to SD. This frees game writers from the requirement of handling this step themselves; they just write the savegame data, unencrypted and unsigned, to their title-data directory inside the NAND filesystem; the system menu then handles everything else. The real reason for this is probably that it allowed Nintendo to make a system where they didnt have to expose the details of this encryption or any encryption to their licensed game developers.) This key is also stored in OTP, and in several places in IOS (for no apparent reason). If youre using Seghers tools, you may also be interested in the SD IV (216712e6aa1f689f95c5a22324dc6a98) and the MD5 blanker (0e65378199be4517ab06ec22451a5793), both of which are stored inside the 1-2 binary. This key is used to prevent the contents of the NAND filesystem from being read using a flash chip reader. Nintendo may or may not actually record this key anywhere, since they (theoretically) dont need to ever use it. In fact, in some similar systems, keys like this are generated automatically by the device itself and (theoretically) never leave it the Wii shares some design prinicples with HSM s, but it certainly doesnt manage to be one. This is fundamentally different than the AES encryption used for data-hiding, because RSA is an asymmetric cipher, meaning there are no shared secrets nothing to be extracted from the Wii. The only RSA keys stored on the Wii are public keys, used to verify authenticity of content. The TMD contains a SHA1 hash of the contents of that title, proving that it had not been modified. My 24c3 presentation was done by injecting a new.DOL into a Lego Star Wars disc and then forging the signature on its TMD, using a flaw originally discovered by Segher. After that presentation, people eventually discovered the common key needed to decrypt update partitions, allowing others to analyze disassemble IOS. Wii Common Key File Code Great MindsIn fact, from disassembling his code, the core part of it was almost identical to our never-released code great minds think alike, eh. This certificate is then appended to savegames on SD cards, so that any other Wii can verify that the key was issued by Nintendo. ECC is used in ways similar to RSA, but its somewhat newer and much faster to run on an embedded system. There are no public vs private keys here you need to know this value in order to verify the hash, and you need the same value to generate the hash. This isnt appropriate for communications between two people, but is perfectly fine for letting the Wii test to see if the chip was pulled, rewritten, and resoldered.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |