A rough guide to pack/unpack savefiles (data.bin)

Don't read below crap, it's old, instead download FE100 1.2b, run the bundled keygrabber and you can avoid most of the mambo jambo here....
http://wiicrazy.tepetaklak.com/index.php/2...-fe100-release/

For a few days I was fiddling with segher's tools to get them pack a savefile I changed... There were these NG-key-id and NG-sig files I was stuck with... Finally found them in the output of xyzzy, key dumping application...

First of all, to use segher's tools in it's current form you should have an unix of some sort, you can either compile the existing one or try the existing precompiled binaries... best is just doing make clean and make afterwards... If you don't have OpenSSL libraries you should install them before compiling... If you don't have a key dump from xyzzy, make sure you have it before using tachtig and twintig, you'll need it...


After compilation you'll need a bunch of files for unpacking and packing save files...

To make it simple I'll refer xyzzy key dump as dump from now on... For unpacking, the stuff is the same for everyone...

Here are the required files (put them in .wii directory under your home (~) directory..

sd-key : 16 bytes encryption key, this is a shared secret.. you can find it as #6 key in your dump, or in the hackmii blog entry (HBE)

sd-iv : 16 bytes initialization vector for encryption... this is not in your dump so you should get it from the HBE.

md5-blanker : 16 bytes...not in the dump, you should get it from HBE.

These are the required files for tachtig (savefile unpacker) from segher's tools to work.. You'll find them in ascii hex form... so you should create binary files out of them with the exact sizes I mentioned above...

Running the tachtig from your home directory as below will result in a folder with the unencrypted contents of the savefile... folder name will be title id...

./tachtig data.bin



Packing a savefile is much more complex than unpacking a savefile since there is an extra process called signing to ensure your wii and every wii sucessfully verify the content of your savefile... Private encryption keys from your wii and your wii's signature takes place in this step... Since we got them with xyzzy, we are good to go...

Here are the files needed to run twintig (savefile packer)

You need these files under ~/.wii/default directory

NG-id : 4 bytes, id of your console... You can see it in ascii form at 0xC6 in device cert of your dump... just make sure you enter it correctly as hex bytes in an hex editor and create a file with 4 bytes... do not copy four bytes from 0xC6 in device cert since that's the represantation of the ascii form of it... Tachtig will also dump it from the savefile you can use that too, it's same after all...

NG-mac : 6 bytes, mac address of your console... Open a savefile from your wii in a hex editor, search for the title id (RSPE for wii sport for ex), 6 bytes after the title id is the mac address of your console... alternatively, it's at 0xF128 in the savefile...


Now here comes the interesting ones,

NG-priv : 30 bytes, Your wii's private elliptical curve cryptography key. it's the #0 key in your dump called ECC key there...

NG-key-id : 4 bytes, get it from your dump, it's at 0x104 in your device cert

NG-sig : 60 bytes, public ECC key for your wii, it's also in the device cert part of the dump. it's located at 0x4...


When you got all files ready, you can run twintig... Of course you can mess with the savefiles before that

./twintig

Like this,



http://www.youtube.com/watch?v=tOuNtuG5q28


Notes,

1. Icon animation didn't work with the packed savefile I tested, I thought it was because I didn't get the correct NG-sig file yet I successfully copied the savefile over to my wii..

2. Don't ask for the files!! Shared ones already posted everywhere, especially the bushing's ... NG-* ones are specific to each wii so you'll not find them anywhere...

3. If you can't get the NG files correctly savefile will be displayed in the SD section of data management yet copying will fail with "data cannot be copied" error message... That flags you got the signature at the end of the savefile wrong...

4. You can create the necesarry folders like,

Code:

cd ~
mkdir .wii
mkdir .wii/default

you should put sd-key, sd-iv, md5-blanker under ~/.wii directory

and NG-id, NG-mac, NG-priv, NG-key-id, NG-sig files under ~/.wii/default directory

5. Here is the hackmii blog entry : http://hackmii.com/2008/04/keys-keys-keys/

 

Ever packed a savefile? Using someone else's NG keys or your own?

 

Well I tried compiling using visual studio with open ssl libraries but only got some porting issues with unistd.h and types.h... it messes with permissions and stuff...
Compiling with a linux compatibility layer should work but my intention was to debug so I didn't bother as I don't have any in my current pc at the moment... I'll do that when I got my cygwin installed notebook back...

If anyone successfully compiled for windows I'd be more than glad if shared

 

Could you remove that guide... It seems as if you wrote it... There is no credits no link or nothing... What I posted above is completely original, no rip off from someone else's guide or anything... Not a single time I did a copy and paste on that one...