Hacking certificate chain (cert.bin)

Wiimm

Developer
OP
Member
Joined
Aug 11, 2009
Messages
2,291
Trophies
1
Location
Germany
Website
wiimmfi.de
XP
1,462
Country
Germany
I have 2 questions about Nintendo certificate chain ("cert.bin" if extracted from ISO):

1.) Is the cert.bin the same for all games?
(My about 60 games share identical certificates)

2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,233
Trophies
2
XP
5,072
Country
United Kingdom
Wiimm said:
2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.

The root key which signs the certificate chain is stored inside your wii.
You can't easily replace it & you can't have two.

Trucha signing and patching your IOS is much much easier.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
Well you can easily replace root - it's hardcoded in IOS. But then normal stuff would break.
The reason they're on every disc is because technically they could make new certs - I believe it's even possible for a disc to contain a revocation list of old certs.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
Yes. It's not really needed in that example since the certs are also hardcoded into the sample app (no need to always verify static data, it's not going to change), I just left the entire chain checking in for demonstration purposes. Doing the final verify against Root takes much longer than the rest because it's 4096 bits instead of 2048.

(Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)
 

Wiimm

Developer
OP
Member
Joined
Aug 11, 2009
Messages
2,291
Trophies
1
Location
Germany
Website
wiimmfi.de
XP
1,462
Country
Germany
tueidj said:
(Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)
I have already noticed that, but I like to understand all. I will implement that code into wit (both are GPL2).
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,233
Trophies
2
XP
5,072
Country
United Kingdom
tueidj said:
It's not going to brick just by installing one patched IOS.

It's the system menu one, so if you do screw up with your editing then it won't end good.
Where trucha patching has already been automated so the chances of getting it wrong are much lower.

I guess you could test it safely with SNEEK.

However you slice it, it's not as easy or as convenient as trucha. Which will just work if your wii is running an old enough system menu.
 

Wiimm

Developer
OP
Member
Joined
Aug 11, 2009
Messages
2,291
Trophies
1
Location
Germany
Website
wiimmfi.de
XP
1,462
Country
Germany
This question is open until now:
Wiimm said:
1.) Is the cert.bin the same for all games?
(My about 60 games share identical certificates)
But I have to more questions:
2.) Is is legal to distribute the cert chain (all so called public keys) together with the wit distribution?
3.) Is it legal to distribute the root cert together with the wit distribution?
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
I don't think anyone can confirm if every game uses the same certs unless they own them all, but I would say it's very likely.

As for distributing the certs, I'm advised it's legal since it's not possible to copyright keys or signatures.
 

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
  • K3N1 @ K3N1:
    The mechs of mw2 really don't feel that bad
    +2
  • Shape @ Shape:
    Neither do the mechs of mech warrior 2. Much better game.
  • K3N1 @ K3N1:
    People would say different if cod Gundam was a thing
    +1
  • Shape @ Shape:
    Omg do you know how much money I would spend if that was a thing? Especially if you get to assemble the gundams somewhat like those old model toy kits. The answer is zero dollars. I would spend zero dollars. It would still be so good, though.
  • K3N1 @ K3N1:
    Liar
    +1
  • Shape @ Shape:
    $118.49
  • x65943 @ x65943:
    I bought 1-2 switch, imagine my pain
    +2
  • x65943 @ x65943:
    for full price at launch
    +2
  • Shape @ Shape:
    Full price at launch for full exploitability without modchips. Or so I hear.
    +1
  • K3N1 @ K3N1:
    You should like buy a 3rd one and ship it to my address
  • x65943 @ x65943:
    No no lads, the game called 1-2 switch
    +1
  • x65943 @ x65943:
    Where you feel the controller vibrate and guess how many virtual ice cubes are inside of it
    +2
  • K3N1 @ K3N1:
    You should still buy me a switch so I don't have to pay for it
  • The Real Jdbye @ The Real Jdbye:
    best game on the switch amirite
  • The Real Jdbye @ The Real Jdbye:
    i just saw a video yesterday that mentioned how it's a good thing 1-2-switch wasn't a pack in title because it would've made everyone lose faith in the switch immediately and they might have a point
    +1
  • Sonic Angel Knight @ Sonic Angel Knight:
    It was this one, The "video" Jdbye watched this one. :P
  • K3N1 @ K3N1:
    What no The Real video Jdbye?
  • M4x1mumReZ @ M4x1mumReZ:
    @Shape, Quake is great.
    +1
  • Sonic Angel Knight @ Sonic Angel Knight:
    QUAKER OATS! :P
  • K3N1 @ K3N1:
    Remember to eat your oats
  • Shape @ Shape:
    I prefer to nuke my oats. At quake.
    K3N1 @ K3N1: https://youtube.com/shorts/as489gU7sLo?feature=share