Toggle sidebar

Hacking WFS USB Block Injector

  • Thread starter Thread starter dimok
  • Start date Start date
  • Views Views 27,753
  • Replies Replies 92
  • Likes Likes 52
@Valery0p and I have observed that there are not common bytes in (three) different USB seeds. But, I noticed that all the three SEEPROMs had also different SEEPROM version codes. Maybe the last 12 bytes of the USB seeds are just random numbers, unique per console (worst case)... Or there is only one number for each SEEPROM version (best case). It may be interesting to compare many USB seeds (last 12 bytes) and SEEPROM version codes. Does anyone have a SEEPROM with version code 00 03, 00 15 or 00 08? If you have it or don't mind to share the last 12 bytes of your USB seed (without the Console ID) with us, please send me a PM.
 
  • Like
Reactions: Valery0p
Corredor said:
@Valery0p and I have observed that there are not common bytes in (three) different USB seeds. But, I noticed that all the three SEEPROMs had also different SEEPROM version codes. Maybe the last 12 bytes of the USB seeds are just random numbers, unique per console (worst case)... Or there is only one number for each SEEPROM version (best case). It may be interesting to compare many USB seeds (last 12 bytes) and SEEPROM version codes. Does anyone have a SEEPROM with version code 00 03, 00 15 or 00 08? If you have it or don't mind to share the last 12 bytes of your USB seed (without the Console ID) with us, please send me a PM.
Click to expand...

Okay but what is the usb seed?
 
Last edited by tomcaliser,
tomcaliser said:
Like?" i won't give my seeprom away like that, it contains pretty sensible stuff" but i have make a backup what is the problem?
What do you mean?
Click to expand...
It contains some stuff that could ban your wii u (i could just pick some stuff from it, inject into my wii u, use some hacks and ban you)
 
OK that coold....Thank to answer

--------------------- MERGED ---------------------------

tomcaliser said:
Help please,when i try this,Cmd say wrong usb key size...So please tell me what i have to do?...
Click to expand...
Anyone have solution please?
If someone can make a video tutorial step by step...it could be very helpful
 
Last edited by tomcaliser,
C0mm4nd_ said:
It contains some stuff that could ban your wii u (i could just pick some stuff from it, inject into my wii u, use some hacks and ban you)
Click to expand...
If you inject only a random and incomplete usb seed you can only ban your hard hard drive :P
I'm not like someone that screenshots his entire dump...
 
If it is possible to derive the 4byte NGID, since it possbily is related to the serial or maybe the wiiu leaks it through network packets, bruteforcing the other 6bytes wouldn't be too farfetched.

2^48 combinations = 281 trillion = ~5 days to bruteforce the remaining 6 bytes since plain-text and AES ciphers are known.
GPU's can produce GPU's ~0.5-1 billion AES hashes a second.

Not the most elegant solution but within reach.

Not knowing the NGID bumps it up to 2^80 = two magnitudes higher than exa-combination prefix = 65,000 years
 
Last edited by wiiupoo,
wiiupoo said:
If it is possible to derive the 4byte NGID, since it possbily is related to the serial or maybe the wiiu leaks it through network packets, bruteforcing the other 6bytes wouldn't be too farfetched.

2^48 combinations = 281 trillion = ~5 days to bruteforce the remaining 6 bytes since plain-text and AES ciphers are known.
GPU's can produce GPU's ~0.5-1 billion AES hashes a second.

Not the most elegant solution but within reach.

Not knowing the NGID bumps it up to 2^80 = two magnitudes higher than exa-combination prefix = 65,000 years
Click to expand...
The best we can do right now is to analyze some Wii U seeds (last 12 bytes) and SEEPROM version codes. Should I make a thread asking for collaboration?

Enviado de meu 6039J usando Tapatalk
 
Actually, more interesting would be to check out how the wiiu "system transfer" works.

The "source" console formats an SD card meant for the "dest" console.

While it doesn't transfer content hax, the save game exploits look to be fairgame. The payloads within the save games will then be encrypted on the virgin console without a known encryption key during the transfer.

It should be possible to indentify where these payloads start and end even though they are encrypted. In essence it may be a way to use the encryption key to create valid files without actually knowing what it is.
 
Last edited by wiiupoo,
wiiupoo said:
Actually, more interesting would be to check out how the wiiu "system transfer" works.

The "source" console formats an SD card meant for the "dest" console.

While it doesn't transfer content hax, the save game exploits look to be fairgame. The payloads within the save games will then be encrypted on the virgin console without a known encryption key during the transfer.

It should be possible to indentify where these payloads start and end even though they are encrypted. In essence it may be a way to use the encryption key to create valid files without actually knowing what it is.
Click to expand...
Afaik the seeprom usb seed is used only with...the usb encryption system.
How a sys transfer can help with that? Also, existing save exploits on wiiu are no functional for now (because: normal apps=no codegen=no kexploit=no HBL)...maybe you want to leak the plaintext, using the systransfer? Wiping a console only for that? Dx Dx Dx

Also, is pretty sure we can dump the NG ID from an hacked vWii, since wii and wii u ones are the same except for the first half byte (2 on wii, 4 on wiiu, see page 3 for more info); maybe there are better ways to obtain it, but sadly without the others 12 bytes it's useless...

Stupid question about plaintext: two wiiu formatted usb drives, of the same dimension, both empty/with the same continent, from two different consoles, don't generate the same/pretty similar plaintext after proper decryption?
 
Last edited by Valery0p,
Valery0p said:
Afaik the seeprom usb seed is used only with...the usb encryption system.
How a sys transfer can help with that?
Click to expand...

When you do a system transfer, can you reuse usb sticks/hdd's from the source Wii U without formatting the drive?
If yes, then that is what he is talking about... the seeprom info has to be sent to the new Wii U to use the old drive without formatting it. And if that info is stored on the sd card, we can easily rip that info out and digest if we know what it is encrypted with which has to be something common between Wii U's.
 
Last edited by Glix,

Site & Scene News

Go to forum More news

Popular threads in this forum

Strange Blue Blinking Wii U

Hacking Homebrew Project  Modernized YouTube for Wii U

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

[discussion] what game do you wanna see next?

[discussion] Paper Mario Wii U or Mario Kart 64 wii u?

Gaming Homebrew Misc Project  Roséverse - a 1:1 Miiverse revival by Project Rosé!

Can the Wii u pro controller works for Wii games ?

[PRERELEASE] Sonic 3 A.I.R. (finally) Wii U