Hacking Decryption of Wii Mini NAND (nand.bin)?

[Pepper]

I was wondering how exactly you would go about decrypting a Wii NAND dump. The reason I ask is because the Wii Mini still has not been cracked, probably because of lack of interest, but there is a NAND dump available. Here's how I think you would do it, but I would love it if someone corrected me if I was wrong, because I don't want to waste my time on it if it isn't going to work. I apologize if this is an incredibly stupid thing to say, I don't know much about cryptology, encryption, etc.

How I think you would go about decrypting the NAND:
First you would need to get the hash of nand dump, which you could do easily with a Linux command like sha1sum, because from my understanding, that's what the Wii's NAND encryption algorithm is. Then, you would need something like Hashcat, that would bruteforce every possible 'solution' to the hash. I am aware of the time this would take, so please don't brush me off because of that.

After that, I truly have no idea what to do, because I'm not an expert on how IOS secures itself.

Feel free to tell me if the idea won't work, and if it will work, what to do with said encryption key.

Thanks a ton.

 

[Brawl345]

The Wii Mini hasn't been cracked because it has no SD card slot..

 

[Deleted User]

And IIRC there are no traces.
We'd have to get bootmii on somehow, but we have 0 keys, and 0 methods to get said keys.

 

[Antidote]

First you would need to get the hash of nand dump, which you could do easily with a Linux command like sha1sum, because from my understanding, that's what the Wii's NAND encryption algorithm is. Then, you would need something like Hashcat, that would bruteforce every possible 'solution' to the hash. I am aware of the time this would take, so please don't brush me off because of that.

sha1 isn't an encryption algorithm, it's a hash. nand.bin is encrypted using aes-cbc, and, as has been previously stated, we don't know what the key is to decrypt it, and good luck brute forcing it.

 

[Deleted User]

We'd need to go into the startlet - IIRC Marcan or someone else WAS able to extract the keys from the startlet, so we'd have to do that, then use an Infectus - we could add homebrew channel,or the normal Sysmenu4.3 for regular Wii.

 

[FaTaL_ErRoR]

Find me one for 25.00 US or less and I'll sacrifice it. That's about all I'd be willing to put up because I have two original wiis and personally have no use for a hacked wii mini. But, apparently there are many that want it done.
There are traces on the board they are just buried under epoxy. I really don't even care if you find one the disc drive has quit. (I have a few original wii drives that work I don't care if it ends up looking like frankenstein)
Just looking at pics of the board I see two very interesting spots. First of all the mini has to store save games somewhere right?
That format hasn't changed.
I understand the lack of interest from some of the original teams for wii but hey I am interested now. I am looking as well myself for one in that price range. PM me if you find one in the US within that price range. I am going to check pawn shops and ebay in the coming days.

 

[Dyxlesci]

FaTaL_ErRoR,
I have a wii mini, and would be possibly be willing to send it to you. Id love to contribute to wii progress in any way I can. Send me a PM and we can talk about it.

 

[FaTaL_ErRoR]

FaTaL_ErRoR,
I have a wii mini, and would be possibly be willing to send it to you. Id love to contribute to wii progress in any way I can. Send me a PM and we can talk about it.

That is much appreciated. But, I raised my budget a little because I actually found someone selling two of them with about 20 games for 75 bucks.
Just waiting on them to show up. If nothing comes of it at least I get to keep the two wiimotes and the games.

 

[Dyxlesci]

Wonderful. Keep me posted with updates of your progress. If its alright with you, I would love to consolidate your findings into a guide on modretro to help those looking into hardware mods find all the information they need in an organized way.

 

[The_Meistro]

Lol how would you even load HBC through Wii Mini? You would need a modchip and the Official HBC Wii Game! Not sold in anywhere!

 

[FaTaL_ErRoR]

Lol how would you even load HBC through Wii Mini? You would need a modchip and the Official HBC Wii Game! Not sold in anywhere!

Actually the wii mini has a usb port on the back. And with the original wii you could load homebrew through a usb. And with the wii mini there is no mac address so the goal would be to extract the keys and build a self executing bootmii that you put on your flash drive and load hbc. I really can't imagine these things having any sort of uniqueness there really would be no point since they can't do anything online.
I am still waiting on mine so can someone answer why we can't move a smash bros save to usb and replace it with the modded one to do the smash stack?

 

[Lumstar]

Actually the wii mini has a usb port on the back. And with the original wii you could load homebrew through a usb. And with the wii mini there is no mac address so the goal would be to extract the keys and build a self executing bootmii that you put on your flash drive and load hbc. I really can't imagine these things having any sort of uniqueness there really would be no point since they can't do anything online.
I am still waiting on mine so can someone answer why we can't move a smash bros save to usb and replace it with the modded one to do the smash stack?

No sd slot to perform the initial exploit.

Only two ways to get homebrew onto a wii mini. Modifying its hardware, or finding an exploit within a usb capable game. (another less likely way is somehow pressing an optical disc it'll recognize)

 

[FaTaL_ErRoR]

Alright guys, on a wii I have managed to emulate a portal of power from a usb flash drive. Now the challenge will be forcing a game to write a save that doesn't go to the game.
Where the portal gets a character loaded to it this event happens. (GLAPISkylanderPortal::WriteSpyroData)
In the portal (emulated portal) this will need to be changed to this: GLAPISkylanderPortal::HostFileWrite
In the portal we will need to define that as our Indiana pwns save. In theory that will bump us back to a "are you sure you want to replace this" screen.
(keep in mind lego indiana jones will be needed and an existing save will have to already be on the system) This is what I am currently working on and will keep you people posted. (also testing on the actual wii mini will start once I am done.....it is much easier to use an already modded console to do the testing so I haven't made it to the mini other than the usb is seen as a portal on both consoles) So obviously do not run out to purchase Skylanders superchargers just yet. (if your only purpose is to run this exploit) But great strides are being made... Just thought I would keep everyone in the loop with progress.

 

[CheatFreak47]

I'm all for this- show nintendo that there's not a wii on the planet we can't hack.

That's pretty cool if you can get a USB based exploit running- even if not convenient- It'd be pretty cool to see a Wiimini running homebrew via USB.

 

[Dyxlesci]

Yesssss. Keep it coming. I'm excited to see where this goes.

 

[TheGuyThatPlaysNintendo]

Any progress?

 

[Crabby Patty]

Hey, did anything ever come of this?

 

[Pepper]

Actually the wii mini has a usb port on the back. And with the original wii you could load homebrew through a usb. And with the wii mini there is no mac address so the goal would be to extract the keys and build a self executing bootmii that you put on your flash drive and load hbc. I really can't imagine these things having any sort of uniqueness there really would be no point since they can't do anything online.
I am still waiting on mine so can someone answer why we can't move a smash bros save to usb and replace it with the modded one to do the smash stack?

Has there been any progress on this, and is there any way I could possibly help?

 

[Deleted User]

No.
One cannot add an exploit to a USB, nor would that really be possible. We'd need some wy of extracting the keys without homebrew running. IIRC the late bushing did this via GPU with a Wii turned on.

What we'd need is something that could trigger a code break - like something such as an NFC tag for the game skyanders that could overrun a buffer - but then how do we add USB support into the exploit

 

[Pepper]

Alright guys, on a wii I have managed to emulate a portal of power from a usb flash drive. Now the challenge will be forcing a game to write a save that doesn't go to the game.
Where the portal gets a character loaded to it this event happens. (GLAPISkylanderPortal::WriteSpyroData)
In the portal (emulated portal) this will need to be changed to this: GLAPISkylanderPortal::HostFileWrite
In the portal we will need to define that as our Indiana pwns save. In theory that will bump us back to a "are you sure you want to replace this" screen.
(keep in mind lego indiana jones will be needed and an existing save will have to already be on the system) This is what I am currently working on and will keep you people posted. (also testing on the actual wii mini will start once I am done.....it is much easier to use an already modded console to do the testing so I haven't made it to the mini other than the usb is seen as a portal on both consoles) So obviously do not run out to purchase Skylanders superchargers just yet. (if your only purpose is to run this exploit) But great strides are being made... Just thought I would keep everyone in the loop with progress.

Any progress on this so far? Please PM me or post any progress you've made on this. Your work is much appreciated!