Hacking Wii U Hacking & Homebrew Discussion

Ryanrocks462

Wii U/3DS Hacker.. Will test anything, A Pirate
Banned
Joined
Jun 18, 2014
Messages
566
Trophies
0
Location
California
XP
162
Country
United States
Private keys are not found, they are almost NEVER found. At least if they are nobody shares them. Wasn't that what Sony messed up? You can do what TSK mentioned with the common key? Here are the keys off the top of my head. What others ones are there and what are these and other keys needed for?

1.) Ancast keys
2.) Title keys (per game, right, unique?)
3.) Common key
4.) vWii keys that I guess are the same as with the Wii (right?)

Hard reset was SAID to have been needed to get to the OTP area, right? Where other keys are stored? I also thought the IOSU exploit was needed to go further than a kernel exploit? Haha, this is going to be interesting. Can we pretend today is Christmas? Lol, spell out what keys you have since they cannot be stopped, supposedly? Decryption...common key...ancast keys were talked about before...each game has a title key.... The tool I thought Crediar made but was "not useful without the common key"? Lol. I hate guessing.

hehe well i will say the ancast/espresso keys have already been leaked, titles keys are a per game encryption key for downloading games from NUS, then use the common key to decrypt stuff from NUS ;3 saves etc etc, no vwii keys were changed but were leaked ;3 also the common key hasn't been leaked (YET) ;3 hehe but i have a feeling it will be soon ;3
 
  • Like
Reactions: TeamScriptKiddies

TeamScriptKiddies

Licensed Nintendo (indie) Game Developer
Member
Joined
Apr 3, 2014
Messages
1,970
Trophies
0
Age
36
Location
Planet Earth :P
XP
1,703
Country
United States
Private keys are not found, they are almost NEVER found. At least if they are nobody shares them. Wasn't that what Sony messed up? You can do what TSK mentioned with the common key? Here are the keys off the top of my head. What others ones are there and what are these and other keys needed for?

1.) Ancast keys
2.) Title keys (per game, right, unique?)
3.) Common key
4.) vWii keys that I guess are the same as with the Wii (right?)

Hard reset was SAID to have been needed to get to the OTP area, right? Where other keys are stored? I also thought the IOSU exploit was needed to go further than a kernel exploit? Haha, this is going to be interesting. Can we pretend today is Christmas? Lol, spell out what keys you have since they cannot be stopped, supposedly? Decryption...common key...ancast keys were talked about before...each game has a title key.... The tool I thought Crediar made but was "not useful without the common key"? Lol. I hate guessing.
Most if not all keys have been obtained by others. Theyre just keeping tightlipped about it for now...
 
  • Like
Reactions: Ryanrocks462

Ray Lewis

Banned!
Banned
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
hehe well i will say the ancast/espresso keys have already been leaked, titles keys are a per game encryption key for downloading games from NUS, then use the common key to decrypt stuff from NUS ;3 saves etc etc, no vwii keys were changed but were leaked ;3 also the common key hasn't been leaked (YET) ;3 hehe but i have a feeling it will be soon ;3
What can the keys be used for? Especially the common key?
 

Ryanrocks462

Wii U/3DS Hacker.. Will test anything, A Pirate
Banned
Joined
Jun 18, 2014
Messages
566
Trophies
0
Location
California
XP
162
Country
United States
keys, keys, keys
The Wii U has lots of keys: its OTP is 8 times the size of the Wii OTP (1KB in 8 banks of 128 bytes, instead of a single bank of 128 bytes). Incidentally, bank 0 is the vWii bank (and all the other banks are disabled in vWii mode, so it only gets to see the keys that it needs, which are the same ones that were present on Wiis). We posted SHA-1 hashes of a few of the important keys in the presentation slides, but here’s a more detailed description of what they are used for. Note that these are still SHA-1 hashes, not the actual keys.
Espresso vWii ancast key (11 days)
ce3641b2660253f5a7e789db297be2c1585b3054
Found in the Espresso’s key fuses/OTP. Used to decrypt the vWii System Menu and the new NANDloader binaries (1-512 and 1-513) at load time. Disabled by the boot ROM until reset.
Espresso Wii U ancast key (11 days)
2ba6f692ddbf0b3cd267e9374fa7dd849e80f8ab
Found in the Espresso’s key fuses/OTP. Used to decrypt the Cafe OS kernel at load time. Disabled by the boot ROM until reset.
Note that the previous two hashes are contained in this file, and it is the SHA-1 hash of that file that we posted on the 11th day.
Wii U common key (30 days)
6a0b87fc98b306ae3366f0e0a88d0b06a2813313
Found in the Starbuck’s OTP. Used to decrypt the specific title key for every Wii U application (this is done at installation time for system firmware and installable titles, and at load time for disc games). Note that Cafe OS and Starbuck binaries are double-encrypted with their own ancast keys too.
vWii common key (30 days)
2b30b703c6676c8124c7347b30c7972ffeae2b39
Found in the Starbuck’s OTP. Used to decrypt the specific title key for vWii system updates (since the key is only needed at installation time, vWii mode doesn’t actually have access to it). Note that the System Menu and NANDloaders are double-encrypted with the vWii ancast key too.
Wii U ancast key (Clarification)
d8b4970a7ed12e1002a0c4bf89bee171740d268b
Found in the Starbuck’s OTP. Used to decrypt Starbuck binaries (Wii U IOS and cafe2wii). Unlike the Espresso keys, this one is enabled forever (except in vWii mode, of course), as the Starbuck boot0 really only runs at boot time, and Starbuck ancast binaries are simply parsed and decrypted by IOS itself when reloading.
Wii U boot1 key (not yet!)
Found in the Starbuck’s OTP. Used by boot0 to decrypt boot1. This key, and it alone, is selectively disabled in a special clear-only OTP mask register by boot0, and is not available after boot. We don’t have it yet, but we’re trying to get it with some cute side-channel attacks.

A few people have claimed that our work doesn’t qualify as having hacked the Wii U since we do not have this key yet. That doesn’t make any sense, though: We have full code execution in kernel mode in both the Espresso and the Starbuck, access to every other key (including the aforementioned ones as well as per-console storage encryption keys and the like), unrestricted access to Wii U mode hardware, etc. Stating that we haven’t hacked the Wii U because we don’t have the boot1 key is like saying that nobody has ever hacked any iPhone because nobody has ever extracted the GID Key. Either way, there’s a good chance we might be able to fish it out soon ;-)
 

Ryanrocks462

Wii U/3DS Hacker.. Will test anything, A Pirate
Banned
Joined
Jun 18, 2014
Messages
566
Trophies
0
Location
California
XP
162
Country
United States
Lol, I meant "exactly." Can the common key decrypt the emmc/nand if it is dumped? Can you use the common key to just toss a program on to a decrypted external drive and run it? This is more of the details I am looking for.

Game decryption, music textures etc etc
use saves from other systems and more especially my favorite thing Piracy <3
 
  • Like
Reactions: Ray Lewis

NWPlayer123

Well-Known Member
Member
Joined
Feb 17, 2012
Messages
2,642
Trophies
0
Location
The Everfree Forest
XP
6,693
Country
United States
I'll be blunt and stop any more questions. Some people (who I am not going to name) are thinking of leaking the common key some time in the near future.

This would allow for you to do things like decrypt and re-encrypt external hard drives (they also use a new format - WFS (Wii File System) - not to be confused with WBFS which is unofficial), which would allow you to obtain the data from games installed on the system via eShop and also save games and such, since you can transfer all that to an external drive.
It would also allow you to decrypt any of the ISOs that have been dumped so far (there are a bunch of shady deals going around that I just recently learned about - it's how so many people have access to files - they buy a disc, send it to someone who can dump it (like bubba) and decrypt it, and then that person sends the file data back to the people who sent the disc).
You can do the same thing with NUS, it has a ticket you download to get the keys needed to decrypt the actual binary file, thus giving you access to any Wii U firmware's binaries.

Those are the 3 "main" things that you can do right away once it's out in the wild. There's not much you can do with the files other then look at them until you have a kernel/IOSU exploit running which would allow you to switch into the actual game to patch in modified ones. It's the whole reason we're working on a kernel exploit in the first place.

There, now everyone knows. Can we finally stop all the stupid questions now? Seriously, you guys are giving me a headache.
 

Vappy

Well-Known Member
Member
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
not necessarily you just need where game boots and redirect it, games still will be encrypted as .wud
To do that without breaking signatures you'd need something that reads data stored on a hard drive in a way that's identical enough to reading from a legitimate disc that it can bypass those checks, eg. The fabled Wii Key U. Just putting the encrypted files on an external hard drive and patching the system software to read them like that won't work because again you still have to deal with the Starbuck.
 

TeamScriptKiddies

Licensed Nintendo (indie) Game Developer
Member
Joined
Apr 3, 2014
Messages
1,970
Trophies
0
Age
36
Location
Planet Earth :P
XP
1,703
Country
United States
not necessarily you just need where game boots and redirect it, games still will be encrypted as .wud
You might actually be right here. But in order for that to happen, you'll need to develop a custom loader that can read that file format and properly "feed it" to the rest of the wii u's hardware without "breaking" the signature with so much as a single byte. In theory, it should work, but its not going to be an easy task.

Backup loading would be much easier with an IOSU exploit
 
  • Like
Reactions: Ryanrocks462

MRDOCA

Well-Known Member
Member
Joined
Nov 19, 2014
Messages
264
Trophies
0
XP
1,128
Country
New Zealand
+1 @ backup loading sick of my kids leaving discs out and scratching them beyond use. Dont have scratched discs on my ps3 and xbox 360 due to backups. Anyway back on topic...
 
  • Like
Reactions: Onion_Knight

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,967
Country
United States
+1 @ backup loading sick of my kids leaving discs out and scratching them beyond use. Dont have scratched discs on my ps3 and xbox 360 due to backups. Anyway back on topic...


Implying that the common key is ever released/leaked and simply not withheld out of spite from Wii U developers just because :rolleyes::glare:

Not that that's ever happened before...oh wait.
 
  • Like
Reactions: Fpsrussia117

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • BigOnYa @ BigOnYa:
    Yea, and co-op, but you can also start a pvp session and battle just with friends. You get special skill cards (powers) the more you play. And higher value cards, but you can only enable so many cards at a time.
  • K3Nv2 @ K3Nv2:
    If you can find enough for it
  • BigOnYa @ BigOnYa:
    Toilet paper is considered the money, you collect and buy stuff with TP, kinda funny. Graphics are def better than the other games tho, I think they used Unity 5 engine.
  • Psionic Roshambo @ Psionic Roshambo:
    Look if I zoom in enough I can see the herpes!!!
    +1
  • BigOnYa @ BigOnYa:
    In fact I'm gonna go make a drink, roll a fatty n play some, good night to all!
    +2
  • Xdqwerty @ Xdqwerty:
    I bet most people at the time still watched it in black and white
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Many of them did before colour television was common.
  • SylverReZ @ SylverReZ:
    Likely because black and white TV was in-expensive.
    +1
  • K3Nv2 @ K3Nv2:
    It certainly wasn't inexpensive it cost the same as a new car back then
  • K3Nv2 @ K3Nv2:
    How much did a 1965 color TV cost?

    For example, a 21-inch (diagonal) GE color television in 1965 had an advertised price of $499, which is equal to $4,724 in today's dollars, according to the federal government's inflation calculator.
    +1
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, take into consideration how economy was back then
  • K3Nv2 @ K3Nv2:
    Yeah that's why they listed inflation rates
  • Xdqwerty @ Xdqwerty:
    Sorry didnt read that part
  • BakerMan @ BakerMan:
    @LeoTCK don't worry i knew he was joking
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    My first color TV was like 1984 or something lol
  • Psionic Roshambo @ Psionic Roshambo:
    19 inches it was glorious lol
  • SylverReZ @ SylverReZ:
    @Psionic Roshambo, If it doesn't fit, you should've gotten one smaller lol
    +2
  • SylverReZ @ SylverReZ:
    If a racoon can fit up to 8-inches then so be it
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Lol it it fits I sit? Lol
    +1
  • SylverReZ @ SylverReZ:
    @Psionic Roshambo, Will it blend lol
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Blended families!!!
  • Psionic Roshambo @ Psionic Roshambo:
    The Dahmer diet, two healthy shakes and meat for dinner!!!
    Psionic Roshambo @ Psionic Roshambo: The Dahmer diet, two healthy shakes and meat for dinner!!!