Hacking Wii Mode Keys!!! Thanks crediar.

[JoostinOnline]

It means we get a close look at the vWii NAND before a bug-free exploit is found.

 

[the_randomizer]

It means we get a close look at the vWii NAND before a bug-free exploit is found.

Excellent, that's what I was hoping for.

 

[Bent]

I think the wad packer did that.

Look in the file system of the extracted nand: /ticket/00000001/ The tickets are proper there.

Here's a side-by-side: http://i.imgur.com/3K6Ym.png One on the left is from vWii IOS9 after it was WAD'd then unpacked again. Right side is the ticket as seen in the /ticket/00000001/ folder.

Makes sense I guess. I am not familiar with ShowMeWads. Though it seems kind of odd to just put whatever you want into a ticket.

 

[HorreC]

Well It means we have a way to write or really do some stuff on IOS (from what I am gathering) and I still havent read if this area is writeable (which they dont really need to but it seems everything likes to update on this console so much more then on the wii) but if it is we should see some projects hitting the vWii soon, maybe even a wait till all regions release so they can see if its system why or just here, and dont want fixes rolling out for v2.0.0k/j/e. Thats at least what I am getting from all the info out right now from people with good knowledge in the scene

 

[techboy]

Makes sense I guess. I am not familiar with ShowMeWads. Though it seems kind of odd to just put whatever you want into a ticket.

That string is in the title key field. It can be pretty much anything you want as long as it fits. Normally it's random hex that N generates when they publish the title, but there's nothing stopping us from putting human-readable characters in there...

 

[WiiCrazy]

Ios 40, 50, 60 is missing in that list. Install one using a proper wad manager and there you have an exploitable ios on your virtual wii or not?

 

[djbubba2002]

Ios 40, 50, 60 is missing in that list. Install one using a proper wad manager and there you have an exploitable ios on your virtual wii or not?

Wish it was that easy .

 

[JoostinOnline]

Ios 40, 50, 60 is missing in that list. Install one using a proper wad manager and there you have an exploitable ios on your virtual wii or not?

They haven't been able to install any IOS, not even a legitimate one. It would be good to install IOS16.

 

[crediar]

You can save yourself the time of trying to install any IOSs, all vIOSs have error -1017 hardcoded for all IOSs and the system menu within these functions: ES_AddTicket/ES_AddTitleStart/ES_AddContentStart.

 

[techboy]

You can save yourself the time of trying to install any IOSs, all vIOSs have error -1017 hardcoded for all IOSs and the system menu within these functions: ES_AddTicket/ES_AddTitleStart/ES_AddContentStart.

Good to know...

How does the vWii's shop channel work though? It must install stuff somehow...

 

[the_randomizer]

So, we found the keys, but what now? Standstill?

 

[Isle41]

Nice

You might want to remove the link though...mods removed your old ones and said you can't link to dumps.

In other news, I'm downloading as fast as you're uploading I keep refreshing and watching more rar parts show up

EDIT: Extracted beautifully in NANDEXtract. Not corrupt this time The homemade keys.bin works fine. Thanks Deadly! Let the exploration and experimentation begin!

EDIT2: Here's a shot of a vWii NAND as seen in ShowMiiWads:
HCTE is a new channel we haven't seen yet, either in impersonator or on WiiUBrew. It's the system transfer tool

How did you make the wads?

 

[techboy]

Open the dump in showmiiwads: Choose Options->Change NAND Backup Path. Select the folder where the extracted dump is. Then just select the titles in the showmiiwads list that you want, right click, and Pack Wad. Choose a folder to save the wads in.

The IOSes don't work on Wii (black screen). The system menu won't pack. Channels are described in one of my posts on the previous page.


Speaking of the SM not packing...I'm out of ideas on this one. Maybe someone with a better understanding of this sort of thing can get the SM to work?

 

[JoostinOnline]

I wouldn't expect the IOS to work even if you could install them. However, I had no trouble packing the SM wad. Try v1.5 Mod.
http://code.google.com/p/showmiiwads-mod/

 

[techboy]

I wouldn't expect the IOS to work even if you could install them. However, I had no trouble packing the SM wad. Try v1.5 Mod.
http://code.google.com/p/showmiiwads-mod/

Thinking same here with the IOS. Wasn't really expecting them to work because the hardware is different.

As for the SM, it must be a bug in my old version of ShowMiiWads. 1.5 mod did in fact pack it. Created a 21.5MB wad. It also shows the # of SM contents as being more sane: 10 vs. the 75 from earlier. Thanks for that. I was still running showmiiwads 1.3...

EDIT: Now it's a question of what this SM needs in order to make it boot...it doesn't run on SNEEK (tried neek2o r58 and r95).

 

[Isle41]

Open the dump in showmiiwads: Choose Options->Change NAND Backup Path. Select the folder where the extracted dump is. Then just select the titles in the showmiiwads list that you want, right click, and Pack Wad. Choose a folder to save the wads in.

Hmm. I did all those, but no list ever comes up.
What I do is:
1. Drag and drop nand.bin on showmiiwads
2. File>Open folder, navigate to folder with nand.bin
3. Options>Change Nand backup path, selected folder with nand.bin
4. Hmm, nothing happened.
5. Click ShowMiiNand. Nothing.........

Try again:
1-2 same
3. Options>Change Nand backup path, select folder with an extraction of nand.bin.
4-5 same.

I have .net framework 3.5, so that should cover 2.0. Any ideas why no list comes up?

 

[JoostinOnline]

Use http://www.wiibrew.org/wiki/NandExtract to extract the nand.bin file.

 

[crediar]

The System Menu won't work because it is encrypted, the IOS won't in sneek because there is a New WLAN Module in iOS that doesnt Support the Old Wii One.

Witten and crapply corrected by an icrap.

 

[crono141]

I wonder if the new WiiShop uses WiiU level privileges to install new downloads upon vWii reboot. What I mean is, perhaps it downloads the software to a specific 'to be installed' location and sets a flag for the WiiU to alter the vWii nand according to what is in that location. When you exit the vWii store, it reboots the menu, WiiU hypervisor alters NAND on boot, and to the regular user it appears as normal installation behavior.

 

[air2004]

Here's my copy-paste on the whole brute forcing idea, aimed at the DSi.


I present to you: "DSi Encryption Put In Perspective", also known as "I Love Crushing People's Dreams".

The DSi uses 128-bit encryption (IIRC).
How do you break it? You find the correct encryption key.

How many encryption keys are there? 2 (binary, a bit) to the 128th power (number of bits), divided by 8 (8 bits in a byte).
That's so many that the calculator that comes with windows (at least XP) can't even display the number without reverting to scientific notation.

128-bits is...
340,282,366,920,938,463,463,374,607,431,768,211,456 possible values in binary.
However, Since there's 8 bits in a byte, you divide 128 by 8 and get 16. That's 16 bytes, 16 characters.
That's 18,446,744,073,709,552,000 possible values, ranging from 0x0000000000000000 to 0xFFFFFFFFFFFFFFFF. Eighteen quintillion possible keys.
The actual number is a bit less less since a key will be a certain number of digits and be designed to not have repeating segments, but this puts it in perspective.

Let's say that you have a computer program which can try 50,000 unique keys a second.
That's 3,000,000 keys a minute.
180,000,000 keys in an hour.
4,320,000,000 keys a day.
1,576,800,000,000 keys in one year.

It would take 11,698,848 years to try all the keys at that speed.

That just made my brain hurt