Hacking Decrypt WAD contents using openssl command line...

Red_Squirrel · Feb 5, 2010

I'm under Linux and I want to decrypt WAD contents using openssl command line.
I tried:

Code:

openssl enc -d -aes-128-cbc -K COMMONKEY -iv 0 -nopad -in 00000000 -out 00000000.app

with at the place of COMMONKEY the 16 hex values of common-key.bin. But the result is NOT a correct decrypted .APP

So, is it possible to decrypt a WAD content using only openssl command line? And if yes, with which command?! Thx

Krestent · Feb 5, 2010

Why? What's wrong with using a tool?!?!?

Red_Squirrel · Feb 5, 2010

tattar8 said:
Why? What's wrong with using a tool?!?!?

If you can tell me the name of some linux tool to do this, you make me very happy

Wadunpacker on linux gives me always a buffer overflow error.... and then I want to decrypt only some WAD contents, not all the WAD...

tueidj · Feb 5, 2010

Every title uses a different key, not the common key.

nitrostemp · Feb 5, 2010

looks like someone needs to use wine

Leathl · Feb 5, 2010

Because I'm too lazy to write it myself, I quote WiiBrew

QUOTE said:
To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).

Then you should be able to decrypt the content using the decrypted title key.
Also mention, the IV for the content is not zero! (The first two bytes are the content's index, you can grab it from the tmd)

techboy · Feb 5, 2010

EDIT: Beaten to it.

giantpune · Feb 5, 2010

just use NUS WadPacker. it runs in linux and gets shit from NUS and saves it in the normal formats. one of those is decrypted.

a couple other options are if you have the wad of this, just use the wadMii or showmiiwads i have posted on here. i compiled a version of each that works in mono and will spit out decrypted contents.

Red_Squirrel · Feb 5, 2010

Leathl said:
Because I'm too lazy to write it myself, I quote WiiBrew

QUOTE said:

To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).

Click to expand...

Then you should be able to decrypt the content using the decrypted title key.
Also mention, the IV for the content is not zero! (The first two bytes are the content's index, you can grab it from the tmd)

Thank you very much, I'll give a try

SanGor · Feb 5, 2010

http://wiibrew.org/wiki/Segher%27s_Wii.git

Red_Squirrel · Feb 5, 2010

Red_Squirrel said:
Leathl said:

Because I'm too lazy to write it myself, I quote WiiBrew

QUOTE said:

To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).

Click to expand...

Then you should be able to decrypt the content using the decrypted title key.
Also mention, the IV for the content is not zero! (The first two bytes are the content's index, you can grab it from the tmd)

Click to expand...

Thank you very much, I'll give a try

Thank you again Leathl, I did it

Only another little question: i compared "my" decrypted content with the same decrypted content (but decrypted using NUSD) and there is ONLY one difference: in the second (o third, i don't remember well now) byte at the place of 0x00 there is a 0x03. Only that byte is different, for the rest the two files are the same.
Will be this a issue (for example installing the content in the NAND)?

SanGor · Feb 5, 2010

you used the wrong IV, it might break when you install it

Red_Squirrel · Feb 5, 2010

SanGor said:
you used the wrong IV, it might break when you install it

using a wrong IV only one byte comes different?!

more then 600k bytes are the same and only one is different (I used WinHEX to compare byte by byte the two files!)... is possible?

worstenbrood · Feb 5, 2010

Red_Squirrel said:
SanGor said:

you used the wrong IV, it might break when you install it

Click to expand...

using a wrong IV only one byte comes different?!

more then 600k bytes are the same and only one is different (I used WinHEX to compare byte by byte the two files!)... is possible?

BeyondCompare is your friend

Red_Squirrel · Feb 5, 2010

worstenbrood said:
Red_Squirrel said:

SanGor said:

you used the wrong IV, it might break when you install it

using a wrong IV only one byte comes different?!

more then 600k bytes are the same and only one is different (I used WinHEX to compare byte by byte the two files!)... is possible?

BeyondCompare is your friend

Click to expand...

Lol, I didn't check byte by byte alone xD winHEX made the byte comparison automatically... and the result is:
QUOTE

Click to expand...

Search for differences

1. /home/redsquirrel/Applicazioni/WII/NUSD_v13Beta/0001000248414141/00000006.app: 271.616 bytes
2. /home/redsquirrel/Applicazioni/WII/NUSD_v13Beta/0001000248414141/00000006.dec: 271.616 bytes
Offsets: decimal

1: 00 03

1 difference(s) found.

.APP is the file decrypted by NUSD, .DEC is the file decrypted using openssl... Only one difference at second byte

tueidj · Feb 5, 2010

That's right, the IV only affects the first 16 bytes (and in the case of wii titles, the IV only has 2 unique bytes). If you read up about AES-CBC on wikipedia you'll see why.

SanGor · Feb 5, 2010

the index is used as the IV, nintendo really fails at crypto. I mean you could easily guess it ...

Red_Squirrel · Feb 5, 2010

I tried to decrypt 4 different contents of the same WAD (so same titlekey and same IV for all). Then I compared them with the decrypted contents made by NUSD... result? for 3 of them I got the same decrypted files of NUSD (equals in every byte, tested with tools not with eyes xD), and only one is different from the NUSD's decripted content by ONE byte.

If my IV was bad, why other three contents have been decripted correctly? It's very strange...

EDIT: oh, and yes, i used the content ID as IV

tueidj · Feb 5, 2010

Use the index, not the content ID.

giantpune · Feb 5, 2010

75% is passing in every class i took in college. i say go with it

Hacking Decrypt WAD contents using openssl command line...

Well-Known Member

What to post?

Well-Known Member

I R Expert

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Witchhunter

Well-Known Member

Witchhunter

Well-Known Member

Active Member

Well-Known Member

I R Expert

Witchhunter

Well-Known Member

I R Expert

Well-Known Member

Similar threads

Popular threads in this forum