Hacking Coding vWii 3-core support - everything you need to know.

[Ray Lewis]

Some mentioned side channel hacking to get the good key, lol. I've read security bulletins about it. All I see is brute forcing.

http://www.manvswebapp.com/vulnerable-side-channel-attacks-and-care

 

[JoostinOnline]

Nope. It's encrypted and signed such that without Nintendo's private keys for that it can't be done to my knowledge.

I was kinda wondering, though, if the system menu would run unencrypted you were to were to save it as a separate title (assuming IOS only tries to decrypt something if it sees the system menu's title ID) or if you run it with a different IOS (assuming IOS80 always wants an encrypted title, knowing it's only supposed to run the system menu) either way, though, you would probably have to deal with the issue that the system menu and 1-512 used to run an unencrypted title would want to use the same memory addresses.

as far as autobooting the unencrypted version, you also might be able to replace the original system menu with a copy of 1-512 with an extra section added to the DOL to also write the new title ID into the right address so it will see it once it's done decrypting and load that title instead.

Well I applied some patches manually to a decrypted System Menu, so if you think of a possible way to run it, let me know.

 

[Maxternal]

Some mentioned side channel hacking to get the good key, lol. I've read security bulletins about it. All I see is brute forcing.

http://www.manvswebapp.com/vulnerable-side-channel-attacks-and-care

brute forcing and side channel attacks are quite different. Brute forcing is trying every single possibility until you get the right one while side channel attacks are more like hooking up wires to the device and monitoring it's voltage in hopes that the device will give away it's keys while it's using them. In this case, we're talking about keys that only Nintendo has and that the system never uses, has or even sees so it would never be there to show up in a side channel attack.

Hm, is it possible to brute-force the key, or it's a waste of time?

Yeah, it's a waste of time. Things like this are designed mathematically so there will be so many possibilities to try when brute forcing that all the stars in the known universe would burn out before you finish with them all.

Well I applied some patches manually to a decrypted System Menu, so if you think of a possible way to run it, let me know.

Another thing that just occurred to me would you could patch the IOS to perform the race attack itself, perform the patches or write the patched file and then give control back to it. (I still haven't thought of any really simple solutions but I'll let you know. )

EDIT: Maybe program SNEEK to do that for you.

 

[Ray Lewis]

@ joostin
What patches?:-)

 

[JoostinOnline]

@ joostin
What patches?:-)

I (hopefully) disabled the System Menu background music, but we'll see what happens. Actually, we might not. It depends on if we can run it.

 

[Marionumber1]

Patching the IOS that the System Menu uses and making it perform the race attack is probably the only way to get vWii to run a different System Menu. In the 30c3 talk, it was implied that cafe2wii boots directly into the System Menu IOS once it's done, making it unable to use a different IOS.

 

[Maxternal]

The good news, though, is that it doesn't automatically reject an altered system menu IOS for signature problems or something like that since the vIOS80 patcher works fine.

 

[uyjulian]

So we make IOS80 redirect to something else?

 

[the_randomizer]

Can anyone get me up to speed as to where we are? Do we have all three cores running?

 

[Maxternal]

Can anyone get me up to speed as to where we are? Do we have all three cores running?

http://gbatemp.net/threads/coding-v...-you-need-to-know.347626/page-59#post-4939127

(see the bottom part)

So we make IOS80 redirect to something else?

That's one way, depending on exactly how IOS80 determines when it should assume something is encrypted or not.

 

[JoostinOnline]

That's one way, depending on exactly how IOS80 determines when it should assume something is encrypted or not.

Too bad this isn't an option:
http://gbatemp.net/threads/bootmii-as-ios-combined-with-the-sm-ios.321646/

 

[uyjulian]

brute forcing and side channel attacks are quite different. Brute forcing is trying every single possibility until you get the right one while side channel attacks are more like hooking up wires to the device and monitoring it's voltage in hopes that the device will give away it's keys while it's using them. In this case, we're talking about keys that only Nintendo has and that the system never uses, has or even sees so it would never be there to show up in a side channel attack.
Yeah, it's a waste of time. Things like this are designed mathematically so there will be so many possibilities to try when brute forcing that all the stars in the known universe would burn out before you finish with them all.






Another thing that just occurred to me would you could patch the IOS to perform the race attack itself, perform the patches or write the patched file and then give control back to it. (I still haven't thought of any really simple solutions but I'll let you know. )

EDIT: Maybe program SNEEK to do that for you.

Hmm, not even with a million GPUs? (literally!)
I wonder if it's possible to make a varient of primecoin but instead of finding primes it finds private keys. Oh, and could make some money out of it (if it gets any worth xD)


I don't know what algorithm the Wii U uses for encryption...

 

[Kargaroc]

Hmm, not even with a million GPUs? (literally!)
I wonder if it's possible to make a varient of primecoin but instead of finding primes it finds private keys. Oh, and could make some money out of it (if it gets any worth xD)


I don't know what algorithm the Wii U uses for encryption...

I think you'd have a better chance of success with good old fashioned espionage given the same resources.

 

[uyjulian]

I think you'd have a better chance of success with good old fashioned espionage given the same resources.

Hmm, but there's no incentive to contribute resources... (mining)

 

[Maxternal]

Hmm, not even with a million GPUs? (literally!)
I wonder if it's possible to make a varient of primecoin but instead of finding primes it finds private keys. Oh, and could make some money out of it (if it gets any worth xD)


I don't know what algorithm the Wii U uses for encryption...

Okay, to deter anyone from even attempting brute forcing, here's the math involved in brute forcing a key:
For a 128-bit key there are about
340,000,000,000,000,000,000,000,000,000,000,000,000
different possibilities (3.4e38)
and even given that we know the SHA1 hash of the the PUBLIC keys from f0f (finding a key we have no clue about would be even harder) if you were to use something like this http://www.golubev.com/hashgpu.htm which apparently can do 2300 million SHA1/second on the benched GPU it cites. In a year, that's about
72,500,000,000,000,000
possible keys checked per year (7.25e16).
which still means that to try every single possibility it would take
4,700,000,000,000,000,000,000 YEARS


Even if you were to assume that every person on the planet (7 billion) with a computer was helping you and, on average, everyone had a single GPU as powerful as the one cited in the benchmark for the above brute forcer, you could only reduce it down to about
670,000,000,000 years
The sun will have completely run out of all types of usable nuclear fuel in about 100th of that time.

 

[JoostinOnline]

Okay, to deter anyone from even attempting brute forcing, here's the math involved in brute forcing a key:
For a 128-bit key there are about
340,000,000,000,000,000,000,000,000,000,000,000,000
different possibilities (3.4e38)
and even given that we know the SHA1 hash of the the PUBLIC keys from f0f (finding a key we have no clue about would be even harder) if you were to use something like this http://www.golubev.com/hashgpu.htm which apparently can do 2300 million SHA1/second on the benched GPU it cites. In a year, that's about
72,500,000,000,000,000
possible keys checked per year (7.25e16).
which still means that to try every single possibility it would take
4,700,000,000,000,000,000,000 YEARS


Even if you were to assume that every person on the planet (7 billion) with a computer was helping you and, on average, everyone had a single GPU as powerful as the one cited in the benchmark for the above brute forcer, you could only reduce it down to about
670,000,000,000 years
The sun will have completely run out of all types of usable nuclear fuel in about 100th of that time.

That's only true if we had the worst luck in the world. Like really, the very last one you tried would have to be the correct key.

 

[Ray Lewis]

Has anyone read the technical write ups for the reset glitch hack on the 360? Lol, cb_b could be used and essentially security disabled. I an curious about the "hreset" part for Wii U. People say the chain of trust is good on the Wii U. The idea of a kexec type solution comes to mind. Omap processors on locked phones taught me a lot. Too many conversations about those. From trying an engineering hboot to "private key" but ultimately the heavy hitters managed a redirect using kexec. You could not mod the kernel in terms of changing it but still, it opened custom roms with some customizability.

PPC has the reset vulnerability so is this hreset essentially built off the racing attack? Racing attacks are well documented vulnerabilities with smp processors. Curious to know what bootrom revealed. 360 could have nand backed up, even raw mode like 3ds and needed basically a few minor mods. Granted, that was after decryption of the nand but at least a documented way to raw read/write would invite more testing. I told Comex I was surprised he did not back up his nand/emmc. Maybe he did but lied as to not give away details. Maybe they can decrypt and even sign a nand? Anyway, I hope to learn more.

 

[conanac]

I (hopefully) disabled the System Menu background music, but we'll see what happens. Actually, we might not. It depends on if we can run it.

You could try first by using real-time patching on SNEEK as suggested by Maxternal. Crediar put an example in the SMenuFindOffsets function (SMenu.c) for patching vWii SNEEK system menu to make it region-free (my guess is that the addresses are for EU console, and to confirm this unfortunately I need to get decrypted 00000017.app file from system menu of EU console).

I am also thinking about the rebooter feature of WiiLauncher (currently this feature only works for Wii) that allows real-time patching of system menu.

Hope that helps.

 

[Maxternal]

That's only true if we had the worst luck in the world. Like really, the very last one you tried would have to be the correct key.

hmm, kinda true but let's say the brute forcer goes in order from 0x000...000 to 0xFFF...FFF and assuming you were really lucky and it the first 2 hex digits of the key are 0x00 (don't think you'd get much luckier than that) you could divide the brute forcing time by 256. Even with several super computers working for you (equivalent to the 7 billion people example) the time to reach the key would still be counted in billions of years.

Oh, and Kargaroc, love the sig LOL

 

[asper]

You could try first by using real-time patching on SNEEK as suggested by Maxternal. Crediar put an example in the SMenuFindOffsets function (SMenu.c) for patching vWii SNEEK system menu to make it region-free (my guess is that the addresses are for EU console, and to confirm this unfortunately I need to get decrypted 00000017.app file from system menu of EU console).

I am also thinking about the rebooter feature of WiiLauncher (currently this feature only works for Wii) that allows real-time patching of system menu.

Hope that helps.

If you tell me how to extract it I can provide it (00000017.app).