Hacking Decrypting Wii VC nfs files

CeeDee · Dec 9, 2016

VinsCool said:
Alright guys, after struggling to grab some nfs files, I did it!

Simply followed instructions in OP, it worked like a charm!

View attachment 71636

Now I wish the inverted process could be done

Well... It's worth a shot.

VinsCool · Dec 9, 2016

CeeDee said:
Well... It's worth a shot.

Well it doesn't seem to work on dolphin though. I'll compare a dump of super mario galaxy 2 (I own the game, so I'll dump it with USB loader GX) and see what is going on.

sabykos · Dec 9, 2016

JaGoTu10 said:
Hmmm.

I just skimmed through the header (which was fine) and the last part (which also looked good to me, it had some readable plaintext), and thought it was okay.

If it turns out some of the parts are further encrypted, I have a few ideas, but it'd need more time and looking into.

(The idea: the header maybe holds a key for each of the parts. I've seen some stuff to point towards that being the case in the MCP. But it's just a wild guess.).

There were some strange bytes at 0x8000 in the decrypted nfs. That part were blank zeros in the wbfs. So... maybe thats the key for something?

Irastris · Dec 9, 2016

Can anyone help me? I'm trying to do this with the Metroid Prime Trilogy NFS files. I've stripped the header, merged the files, but I always get this error when trying to decrypt with OpenSSL. (Obviously that's not the actual key though)

Code:

OpenSSL> enc -d -aes-128-cbc -k "13371337133713371337133713371337" -iv 0 -nopad -in hif_merge.nfs -out hif_merge.nfs.dec

bad magic number
error in enc
OpenSSL>

I've tried two different Windows builds of OpenSSL. I've tried OpenSSL v1.0.2j from https://indy.fulgan.com/SSL/, and I've tried OpenSSL v1.1.0c from http://slproweb.com/products/Win32OpenSSL.html

VinsCool · Dec 9, 2016

sabykos said:
There were some strange bytes at 0x8000 in the decrypted nfs. That part were blank zeros in the wbfs. So... maybe thats the key for something?

I noticed this as well. Honestly I'm both clueless and excited to know more, lol.

--------------------- MERGED ---------------------------

Irastris said:
Can anyone help me? I'm trying to do this with the Metroid Prime Trilogy NFS files. I've stripped the header, merged the files, but I always get this error when trying to decrypt with OpenSSL. (Obviously that's not the actual key though)

Code:

OpenSSL> enc -d -aes-128-cbc -k "13371337133713371337133713371337" -iv 0 -nopad -in hif_merge.nfs -out hif_merge.nfs.dec bad magic number error in enc OpenSSL>

I've tried two different Windows builds of OpenSSL. I've tried OpenSSL v1.0.2j from https://indy.fulgan.com/SSL/, and I've tried OpenSSL v1.1.0c from http://slproweb.com/products/Win32OpenSSL.html

try this one:
That worked for me.

Irastris · Dec 9, 2016

VinsCool said:
try this one:
That worked for me.

Same issue.

VinsCool · Dec 9, 2016

Irastris said:
Same issue.

Weird. Have you pasted the HEX key strings, and removed the spaces? It worked fine for me.

Irastris · Dec 9, 2016

VinsCool said:
Weird. Have you pasted the HEX key strings, and removed the spaces? It worked fine for me.

Yep, I tried the key both straight from HxD (with spaces) and with the spaces removed.

VinsCool · Dec 9, 2016

Irastris said:
Yep, I tried the key both straight from HxD (with spaces) and with the spaces removed.

Well then, I really don't know :x

What game was it? I did it with Super Mario Galaxy 2. Made sure to remove the 0x200 bytes of the EGGS header, then merged the files. Used this OPENSSL version, and pasted the key in the CMD.

Irastris · Dec 9, 2016

VinsCool said:
What game was it? I did it with Super Mario Galaxy 2. Made sure to remove the 0x200 bytes of the EGGS header, then merged the files. Used this OPENSSL version, and pasted the key in the CMD.

Like I said, it was Metroid Prime Trilogy. I removed the header starting from EGGS and ending with SGGE (I don't hex edit very often so I don't know if that's 0x200 bytes), merged them all using "copy /b hif_*.nfs hif_merged.nfs" (making sure that it went in order from 000000 to 000030, which it did) and then ran that command through OpenSSL. Same problem every time.

VinsCool · Dec 9, 2016

Irastris said:
Like I said, it was Metroid Prime Trilogy. I removed the header starting from EGGS and ending with SGGE (I don't hex edit very often so I don't know if that's 0x200 bytes), merged them all using "copy /b hif_*.nfs hif_merged.nfs" (making sure that it went in order from 000000 to 000030, which it did) and then ran that command through OpenSSL. Same problem every time.

My bad for the game name, I can't read XD

Well, I really don't know, sorry.
I could try to grab it from nus and try again. We never know

JaGoTu10 · Dec 9, 2016

Irastris said:
Can anyone help me? I'm trying to do this with the Metroid Prime Trilogy NFS files. I've stripped the header, merged the files, but I always get this error when trying to decrypt with OpenSSL. (Obviously that's not the actual key though)

Code:

OpenSSL> enc -d -aes-128-cbc -k "13371337133713371337133713371337" -iv 0 -nopad -in hif_merge.nfs -out hif_merge.nfs.dec bad magic number error in enc OpenSSL>

I've tried two different Windows builds of OpenSSL. I've tried OpenSSL v1.0.2j from https://indy.fulgan.com/SSL/, and I've tried OpenSSL v1.1.0c from http://slproweb.com/products/Win32OpenSSL.html

The -k should be an uppercase one (-K).

Irastris · Dec 9, 2016

JaGoTu10 said:
The -k should be an uppercase one (-K).

You've got to be shitting me. The help output showed it as a lowercase k for specifying the hex key.

Thank you though, that solved my problem.

JaceCearK1 · Dec 9, 2016

JaGoTu10 said:
Hmmm.

I just skimmed through the header (which was fine) and the last part (which also looked good to me, it had some readable plaintext), and thought it was okay.

If it turns out some of the parts are further encrypted, I have a few ideas, but it'd need more time and looking into.

(The idea: the header maybe holds a key for each of the parts. I've seen some stuff to point towards that being the case in the MCP. But it's just a wild guess.).

As soon as somebody figured this out they should make a Python-Script or something similar to make the process a little easier!

Edit:
Stuff I found out until now [in decrypted "hif_000000.nfs" | Mario Galaxy 2 PAL]: (will add more when I found more)
- The 0x200-sized WBFS-Header is missing (was replaced by the EGGS-SGGE header)
- The Sector-table is missing
- ~~The start of every sector (0x8000) contains interesting information, for example:~~
- ~~0x8000 and 0x10000 contain some keys~~ @Falo wrote an important update on this matter.
- 0x18000 contains a list of tickets
- 0x38400 contains a header similar to 0x00000, but not the same one [no idea what 0x38000-0x383FF could be]
- 0x3A840 contains a date (11th Dec 2009; might be original game's compilation date)
- 0x3A840-0x3A85F(nfs) equals 0x1FF00-0x1FF1F(wbfs)
- 0x3BCC0 contains debug-/error-strings seemingly not in the original game (won't reveal due to the Terms/Copyright etc. but it seems to be part of the app-loader)
- Around 0x70D7C0 are some labels (maybe file names?)

Maybe somebody recognizes this pattern!

victormr21 · Dec 9, 2016

victormr21 said:
@AboodXD Fuck! I don't find BenZinU!!! I only see BenZin for Wii and all links are down

AboodXD said:
Uwizard can't extract what?
Can you send the file?

This is the file that contains english version of some EUR manual index. I obtained it by decrypting a manual as a .sarc with UWizard:
https://mega.nz/#!Ep5lDToR!LpOQE2Qg_c_YqUOloM2vpuyxqRT2qO5_OdiNkyPlzdA

AboodXD · Dec 9, 2016

victormr21 said:
This is the file that contains english version of some EUR manual index. I obtained it by decrypting a manual as a .sarc with UWizard:
https://mega.nz/#!Ep5lDToR!LpOQE2Qg_c_YqUOloM2vpuyxqRT2qO5_OdiNkyPlzdA

It's the first time I see this file, it's not arc nor sarc.

victormr21 · Dec 9, 2016

AboodXD said:
It's the first time I see this file, it's not arc nor sarc.

Chan Chan chaaaaan

Pachee · Dec 10, 2016

Reguarding injecting a new game, Xenoblade has a title.fst file in the Code folder, which seems to be a "Wii U partition"? I guess that file would need to be remade?
On the beginning of this video it says it could also be used for raw installing. youtube.com/watch?v=wFag8nx-LJc

AboodXD · Dec 10, 2016

Pachee said:
Reguarding injecting a new game, Xenoblade has a title.fst file in the Code folder, which seems to be a "Wii U partition"? I guess that file would need to be remade?
On the beginning of this video it says it could also be used for raw installing. youtube.com/watch?v=wFag8nx-LJc

Use:

Code:

[MEDIA=youtube]wFag8nx-LJc[/MEDIA]

victormr21 · Dec 10, 2016

Pachee said:
Reguarding injecting a new game, Xenoblade has a title.fst file in the Code folder, which seems to be a "Wii U partition"? I guess that file would need to be remade?
On the beginning of this video it says it could also be used for raw installing. youtube.com/watch?v=wFag8nx-LJc

in my wii u, all legit titles have this and other file that we haven't seen in loadiine format or .app format, maybe if we can do this file for non legit games, we can do they totally official, if you enter at eShop it will show like you have bought it, in the friend list it will appear as program instead ???...
And one question, whats the file that contains this info? I talked with a friend and he said me that if i use SCT it appeares in friend list, but if im using a custom channel like HBC, it doesnt appeare, friend list shows ???
Bye!

Hacking Decrypting Wii VC nfs files

fuckin dork

Persona Secretiva Felineus

Well-Known Member

Well-Known Member

Persona Secretiva Felineus

Attachments

Well-Known Member

Persona Secretiva Felineus

Well-Known Member

Persona Secretiva Felineus

Well-Known Member

Persona Secretiva Felineus

Active Member

Well-Known Member

Well-Known Member

Well-Known Member

I hack NSMB games, and other shiz.

Well-Known Member

Well-Known Member

I hack NSMB games, and other shiz.

Well-Known Member

Similar threads

Popular threads in this forum