Hacking 4.0 Tweezer Attack

[pspmte]

Does anybody know where i can get the circuit diagram and software for the tweezer attack

As i said a few days ago the wii will boots in the game cube made on a mod chip, so i have an idea of dumping my keys from wii 4.0 in game cube mode, which really was the first hack team tweezers did

So if anybody can help me with the release diagrams ect


Cheers Mat


Mods can we have a Wiidev forum ?

 

[Helsionium]

I thought Nintendo patched either BC or MIOS long before 4.0 which made the tweezer attack in GC mode impossible?

 

[pspmte]

Wii you can boot into game cube mode on Yasom mod chip config 1.3 with a mod chip

So i guess not

 

[FAST6191]

Tweezer attack:
Got the common key for all wii (an AES key), this was changed for the Korean wii but other than that all wiis use it and still use it to this day. It relied on the upper areas of the memory not being wiped/scrambled upon launch of the GC hypervisor (we could run gamecube code quite happily at this point), Nintendo had assumed the memory would not be viewable and the tweezer attack allowed people to shift this memory which led to people finding the common key (although it is a rookie mistake to leave your keys in the memory). They did however fix this bug with a new mIOS (mIOS = the GC hypervisor), not that there was any point and at the same time blocked the datel GC discs and GCOS by way of the header values (which could be easily changed in the case of GCOS but as datel had burned discs...).

Getting this key ultimately allowed decryption of the various parts of the wii including the IOS modules where it was discovered that Nintendo has messed up the signing of games in a big way (the trucha bug). Signing is asymmetric based on RSA with a large key (it was over 1000 bits which is way outside any capability for brute force).
More
http://hackmii.com/2008/04/keys-keys-keys/
http://debugmo.de/?p=61
Ignore the wikipedia links and do a real search.

 

[pspmte]

That was a great bit of info thank you so much

 

[fogbank]

Does anybody know where i can get the circuit diagram and software for the tweezer attack

As i said a few days ago the wii will boots in the game cube made on a mod chip, so i have an idea of dumping my keys from wii 4.0 in game cube mode, which really was the first hack team tweezers did

So if anybody can help me with the release diagrams ect


Cheers Mat


Mods can we have a Wiidev forum ?

http://www.wiire.org/Wii/console/motherboard

Short various lines under U3 to shift the area of memory used in GameCube mode.

However as FAST6191 mentioned, Nintendo patched MIOS to prevent the attack anyway:

http://hackmii.com/2008/06/genie-into-bottle-mios/

Even so I believe the Tweezer attack only revealed the common key, which we all know already anyway.

 

[joda]

Does anybody know where i can get the circuit diagram and software for the tweezer attack

As i said a few days ago the wii will boots in the game cube made on a mod chip, so i have an idea of dumping my keys from wii 4.0 in game cube mode, which really was the first hack team tweezers did

So if anybody can help me with the release diagrams ect


Cheers Mat


Mods can we have a Wiidev forum ?

http://www.wiire.org/Wii/console/motherboard

Short various lines under U3 to shift the area of memory used in GameCube mode.

However as FAST6191 mentioned, Nintendo patched MIOS to prevent the attack anyway:

http://hackmii.com/2008/06/genie-into-bottle-mios/

Even so I believe the Tweezer attack only revealed the common key, which we all know already anyway.

With xuzzy, which relies on the Tweezer attack, you can see your NAND-key as well.

 

[fogbank]

With xuzzy, which relies on the Tweezer attack, you can see your NAND-key as well.

Xyzzy is a homebrew app that has very little to do with the Tweezer attack.