Modify and Re-sign Wii isos

Status
Not open for further replies.

IBNobody

I try to keep myself amused.
Member
Joined
Nov 16, 2006
Messages
1,151
Trophies
1
Location
Texas, Hang 'Em High
Website
Visit site
XP
954
Country
United States
It's easy to get the keys, some clues:

Md5's:

md5 blanker: 4582417d623c81fca07a46a570c8969e
sd-iv: d9f2b2e045d22d3805a67fe0c340ccd2
sd-key: ef33e224e45c8d8c35ce32d8a810b603
commonkey: 8D1A2EBCD82A3469B77FACF15D9C8E50

You need this files:

RVL-WiiSystemmenu-v226.wad
RVL-WiiSystemmenu-v226.wad
IOS21-64-v514.wad
BOOT2-v2-64.wad

And some tool to search them

Yes, but aren't these just the decryption keys and not the encryption keys?
 

Scorpei

Well-Known Member
Member
Joined
Aug 21, 2006
Messages
1,295
Trophies
0
Website
scorpei.com
XP
263
Country
Netherlands
Here's something I don't understand, though...

The only key they have is the decryption key (key.bin). How are they using it to sign/encrypt the stuff again? Is there another key out there?

The encryption key is known by a select few people. They are thus able to run HB via other methods then we are. You can sign things yourself (when you are using the twilight hack you are signing things) however that is done on the fly. Not sure if you could do that not-on-the-fly with what we are able to run now though.
One thing though, re-encryping and signing are 2 different things AFAIK
wink.gif
.
 

masud

Well-Known Member
OP
Newcomer
Joined
Nov 20, 2005
Messages
64
Trophies
0
Website
Visit site
XP
90
Country
United States
You can sign isos with "trucha signer" because it exploits a bug, i think it doesn't use nintendo's private key. So you only need the keys that are known by now. The author states that his tool "inserts a “trucha signature” to be autenticathed by the Wii" Kind of a fake signature, hope it makes sense.
 

masud

Well-Known Member
OP
Newcomer
Joined
Nov 20, 2005
Messages
64
Trophies
0
Website
Visit site
XP
90
Country
United States
Just some new info: this hack doesn't break RSA, it only uses an exploit found on wii firmware so it CAN be fixed by nintendo wherever they want. So it is my advice not to update your wii because this tool can open many doors: downgrade, custom firmware, etc... If Nintendo fixes this bug in a firmware update discs signed with this tool will stop working.
 
J

Jackreyes

Guest
yeah but channels and or VC games they couldn't fix... could they?
 

tjas

The Gbatemp HRManager
Member
Joined
Sep 10, 2006
Messages
970
Trophies
0
Age
34
Location
BoZ
XP
311
Country
Netherlands
So.. lets take out the blood and gore effects of no more heroes ntcs and put them in the pal iso!
biggrin.gif
:D
 

IBNobody

I try to keep myself amused.
Member
Joined
Nov 16, 2006
Messages
1,151
Trophies
1
Location
Texas, Hang 'Em High
Website
Visit site
XP
954
Country
United States
So.. lets take out the blood and gore effects of no more heroes ntcs and put them in the pal iso!
biggrin.gif
:D

That's definitely possible.

You'll also be able to run your own homebrew from the system menu via VC titles. The RSA exploit that they are talking about is that pervasive!

If it works... I'll test it when I get home.

EDIT: Well... I can't seem to extract the keys from the WADs using that keyfinder that searches for the MD5 summed bytes. I wonder if I need to do anything else to them...
 

cheesyPOOF5

Well-Known Member
Member
Joined
Apr 21, 2006
Messages
420
Trophies
0
Age
31
Website
Visit site
XP
178
Country
United States
I don't completely understand what this does...
Does it just allow people to modify their ISOs and burn them back to discs?
At first I thought it allowed for burned ISOs to be played without a modchip, but that sounds WAY too good to be true...
 

Issac

Iᔕᔕᗩᑕ
Supervisor
Joined
Apr 10, 2004
Messages
7,023
Trophies
2
Location
Sweden
XP
7,304
Country
Sweden
I don't completely understand what this does...
Does it just allow people to modify their ISOs and burn them back to discs?
At first I thought it allowed for burned ISOs to be played without a modchip, but that sounds WAY too good to be true...

I second this question... what does it really do? (yes i've read this thread through, and still don't know what it'll be good for...)
 

MC DUI

Well-Known Member
Member
Joined
Nov 30, 2003
Messages
1,916
Trophies
0
Age
42
Location
Newcastle, Australia
Website
Visit site
XP
246
Country
I don't completely understand what this does...
Does it just allow people to modify their ISOs and burn them back to discs?
At first I thought it allowed for burned ISOs to be played without a modchip, but that sounds WAY too good to be true...


I second this question... what does it really do? (yes i've read this thread through, and still don't know what it'll be good for...)

If I understand it correctly it will allow you to modify a Wii ISO and then sign it with this program so that it can boot it a modified (chipped) Wii console.
People are also speculating that we will be able to create homebrew ISOs and sign them in order to boot.
 

Monkey01

Well-Known Member
Member
Joined
Aug 27, 2006
Messages
586
Trophies
0
Age
36
Location
The Netherlands
Website
Visit site
XP
189
Country
Netherlands
I think I finally understand how to get those keys. Still don't know how the program works though...

First you need the key.bin file from those other wii iso decrypt programs.
Open that in a hex editor, you'll see something starting with EB E4 ...
Edit the reg file and put that key as the common key, seperating with ,'s.
Execute the reg file and open the program.
You should now be able to open an iso file and check what's inside it.
Find an iso that contains the files
RVL-WiiSystemmenu-v226.wad
IOS21-64-v514.wad
BOOT2-v2-64.wad
(or .wad.out.wad is fine too I think, not sure, I think I got most of m from galaxy)
Now extract all those files (RightClick->Extract) to a folder and put the key.bin in the same folder.
Now find the program DesWad on the Italian site and create des files from the wad files.
Now open the keyfinder and fill in the MD5 codes of the keys in the small textfield and open the file in which the key should be:
4582417d623c81fca07a46a570c8969e->RVL-WiiSystemmenu-v226.des
d9f2b2e045d22d3805a67fe0c340ccd2->RVL-WiiSystemmenu-v226.des
ef33e224e45c8d8c35ce32d8a810b603->IOS21-64-v514.des
8D1A2EBCD82A3469B77FACF15D9C8E50->BOOT2-v2-64.des

I recommend starting with the third one, cause the first two will take ages to find and if you did something wrong it's a waste of time.
When finished succesfully it will say something like:
QUOTE said:
KeyFinder Log:

Nombre del fichero: C:\Documents and Settings\Monkey\Bureaublad\RVL-WiiSystemmenu-v226.des
Tamaño del fichero: 23363584 Bytes
Offset de la llave: $157E4A8
Se ha creado el fichero key.bin en el directorio: C:\Documents and Settings\Monkey\Bureaublad\4582417D623C81FCA07A46A570C8969E
Now open that folder and a key.bin will be in there too. Now reëdit the reg file and insert the key.
Now open the reg file again.

I have no idea what to do next.
Euw, I think you need to Right-Click a partition and Trucha Sign It! But as the replace thing doesn't work dunno if that's it. Wasn't there another tool with which you could change stuff but not sign it earlier? http://www.tehskeen.com/modules.php?name=D...article&id=1881?
 

IBNobody

I try to keep myself amused.
Member
Joined
Nov 16, 2006
Messages
1,151
Trophies
1
Location
Texas, Hang 'Em High
Website
Visit site
XP
954
Country
United States
It works!

Well... Sorta...

There is apparently a bug in the program that prevents you from replacing files.

However, I was able sign a copy of RE4 from...
1235CB29693D7B52B63D60103A7D4F47

...to...

C69CF3F3EB51F353C01FF5A45BCA2430

And yes, it booted fine.
 

IBNobody

I try to keep myself amused.
Member
Joined
Nov 16, 2006
Messages
1,151
Trophies
1
Location
Texas, Hang 'Em High
Website
Visit site
XP
954
Country
United States
I think I finally understand how to get those keys. Still don't know how the program works though...

First you need the key.bin file from those other wii iso decrypt programs.
Open that in a hex editor, you'll see something starting with EB E4 ...
Edit the reg file and put that key as the common key, seperating with ,'s.
Execute the reg file and open the program.
You should now be able to open an iso file and check what's inside it.
Find an iso that contains the files
RVL-WiiSystemmenu-v226.wad
IOS21-64-v514.wad
BOOT2-v2-64.wad
(or .wad.out.wad is fine too I think, not sure, I think I got most of m from galaxy)
Now extract all those files (RightClick->Extract) to a folder and put the key.bin in the same folder.
Now find the program DesWad on the Italian site and create des files from the wad files.
Now open the keyfinder and fill in the MD5 codes of the keys in the small textfield and open the file in which the key should be:
4582417d623c81fca07a46a570c8969e->RVL-WiiSystemmenu-v226.des
d9f2b2e045d22d3805a67fe0c340ccd2->RVL-WiiSystemmenu-v226.des
ef33e224e45c8d8c35ce32d8a810b603->IOS21-64-v514.des
8D1A2EBCD82A3469B77FACF15D9C8E50->BOOT2-v2-64.des

I recommend starting with the third one, cause the first two will take ages to find and if you did something wrong it's a waste of time.
When finished succesfully it will say something like:
QUOTE said:
KeyFinder Log:

Nombre del fichero: C:\Documents and Settings\Monkey\Bureaublad\RVL-WiiSystemmenu-v226.des
Tamaño del fichero: 23363584 Bytes
Offset de la llave: $157E4A8
Se ha creado el fichero key.bin en el directorio: C:\Documents and Settings\Monkey\Bureaublad\4582417D623C81FCA07A46A570C8969E
Now open that folder and a key.bin will be in there too. Now reëdit the reg file and insert the key.
Now open the reg file again.

I have no idea what to do next.
Euw, I think you need to Right-Click a partition and Trucha Sign It! But as the replace thing doesn't work dunno if that's it. Wasn't there another tool with which you could change stuff but not sign it earlier?

Any clues on getting DesWad working? That's what's been hanging me up for awhile now.
 
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • ZeroT21 @ ZeroT21:
    it wasn't a question, it was fact
  • BigOnYa @ BigOnYa:
    He said he had 3 different doctors apt this week, so he prob there. Something about gerbal extraction, I don't know.
    +1
  • ZeroT21 @ ZeroT21:
    bored, guess i'll spread more democracy
  • LeoTCK @ LeoTCK:
    @K3Nv2 one more time you say such bs to @BakerMan and I'll smack you across the whole planet
  • K3Nv2 @ K3Nv2:
    Make sure you smack my booty daddy
    +1
  • LeoTCK @ LeoTCK:
    telling him that my partner is luke...does he look like someone with such big ne
    eds?
  • LeoTCK @ LeoTCK:
    do you really think I could stand living with someone like luke?
  • LeoTCK @ LeoTCK:
    I suppose luke has "special needs" but he's not my partner, did you just say that to piss me off again?
  • LeoTCK @ LeoTCK:
    besides I had bigger worries today
  • LeoTCK @ LeoTCK:
    but what do you know about that, you won't believe me anyways
  • K3Nv2 @ K3Nv2:
    @BigOnYa can answer that
  • BigOnYa @ BigOnYa:
    BigOnYa already left the chat
  • K3Nv2 @ K3Nv2:
    Biginya
  • BigOnYa @ BigOnYa:
    Auto correct got me, I'm on my tablet, i need to turn that shit off
  • K3Nv2 @ K3Nv2:
    With other tabs open you perv
  • BigOnYa @ BigOnYa:
    I'm actually in my shed, bout to cut 2-3 acres of grass, my back yard.
  • K3Nv2 @ K3Nv2:
    I use to have a guy for that thanks richard
  • BigOnYa @ BigOnYa:
    I use my tablet to stream to a bluetooth speaker when in shed. iHeartRadio, FlyNation
  • K3Nv2 @ K3Nv2:
    While the victims are being buried
  • K3Nv2 @ K3Nv2:
    Grave shovel
  • BigOnYa @ BigOnYa:
    Nuh those goto the edge of the property (maybe just on the other side of)
  • K3Nv2 @ K3Nv2:
    On the neighbors side
    +1
  • BigOnYa @ BigOnYa:
    Yup, by the weird smelly green bushy looking plants.
    K3Nv2 @ K3Nv2: https://www.the-sun.com/news/10907833/self-checkout-complaints-new-target-dollar-general-policies...