Hacking certificate chain (cert.bin)

Wiimm · Nov 3, 2010

I have 2 questions about Nintendo certificate chain ("cert.bin" if extracted from ISO):

1.) Is the cert.bin the same for all games?
(My about 60 games share identical certificates)

2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.

smf · Nov 3, 2010

Wiimm said:
2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.

The root key which signs the certificate chain is stored inside your wii.
You can't easily replace it & you can't have two.

Trucha signing and patching your IOS is much much easier.

tueidj · Nov 3, 2010

Well you can easily replace root - it's hardcoded in IOS. But then normal stuff would break.
The reason they're on every disc is because technically they could make new certs - I believe it's even possible for a disc to contain a revocation list of old certs.

Wiimm · Nov 3, 2010

@tueidj
The root_dat data in http://pastie.org/private/alwgpoiqfnpp59pxbfwq is a copy of the hard coded root?

tueidj · Nov 3, 2010

Yes. It's not really needed in that example since the certs are also hardcoded into the sample app (no need to always verify static data, it's not going to change), I just left the entire chain checking in for demonstration purposes. Doing the final verify against Root takes much longer than the rest because it's 4096 bits instead of 2048.

(Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)

Wiimm · Nov 3, 2010

tueidj said:
(Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)

I have already noticed that, but I like to understand all. I will implement that code into wit (both are GPL2).

smf · Nov 3, 2010

tueidj said:
Well you can easily replace root - it's hardcoded in IOS. But then normal stuff would break.

Good luck with bricking your wii.

tueidj · Nov 3, 2010

It's not going to brick just by installing one patched IOS.

smf · Nov 3, 2010

tueidj said:
It's not going to brick just by installing one patched IOS.

It's the system menu one, so if you do screw up with your editing then it won't end good.
Where trucha patching has already been automated so the chances of getting it wrong are much lower.

I guess you could test it safely with SNEEK.

However you slice it, it's not as easy or as convenient as trucha. Which will just work if your wii is running an old enough system menu.

Wiimm · Nov 15, 2010

This question is open until now:

Wiimm said:
1.) Is the cert.bin the same for all games?
(My about 60 games share identical certificates)

But I have to more questions:
2.) Is is legal to distribute the cert chain (all so called public keys) together with the wit distribution?
3.) Is it legal to distribute the root cert together with the wit distribution?

tueidj · Nov 16, 2010

I don't think anyone can confirm if every game uses the same certs unless they own them all, but I would say it's very likely.

As for distributing the certs, I'm advised it's legal since it's not possible to copyright keys or signatures.

Hacking certificate chain (cert.bin)

Developer

Well-Known Member

I R Expert

Developer

I R Expert

Developer

Well-Known Member

I R Expert

Well-Known Member

Developer

I R Expert

Similar threads

Popular threads in this forum