certificate chain (cert.bin)

Discussion in 'Wii - Hacking' started by Wiimm, Nov 3, 2010.

  1. Wiimm
    OP

    Wiimm Developer

    Member
    2,172
    381
    Aug 11, 2009
    Gambia, The
    Germany
    I have 2 questions about Nintendo certificate chain ("cert.bin" if extracted from ISO):

    1.) Is the cert.bin the same for all games?
    (My about 60 games share identical certificates)

    2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.
     
  2. smf

    smf GBAtemp Maniac

    Member
    1,182
    257
    Feb 23, 2009
    The root key which signs the certificate chain is stored inside your wii.
    You can't easily replace it & you can't have two.

    Trucha signing and patching your IOS is much much easier.
     
  3. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    Well you can easily replace root - it's hardcoded in IOS. But then normal stuff would break.
    The reason they're on every disc is because technically they could make new certs - I believe it's even possible for a disc to contain a revocation list of old certs.
     
  4. Wiimm
    OP

    Wiimm Developer

    Member
    2,172
    381
    Aug 11, 2009
    Gambia, The
    Germany
  5. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    Yes. It's not really needed in that example since the certs are also hardcoded into the sample app (no need to always verify static data, it's not going to change), I just left the entire chain checking in for demonstration purposes. Doing the final verify against Root takes much longer than the rest because it's 4096 bits instead of 2048.

    (Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)
     
  6. Wiimm
    OP

    Wiimm Developer

    Member
    2,172
    381
    Aug 11, 2009
    Gambia, The
    Germany
    I have already noticed that, but I like to understand all. I will implement that code into wit (both are GPL2).
     
  7. smf

    smf GBAtemp Maniac

    Member
    1,182
    257
    Feb 23, 2009
    Good luck with bricking your wii.
     
  8. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    It's not going to brick just by installing one patched IOS.
     
  9. smf

    smf GBAtemp Maniac

    Member
    1,182
    257
    Feb 23, 2009
    It's the system menu one, so if you do screw up with your editing then it won't end good.
    Where trucha patching has already been automated so the chances of getting it wrong are much lower.

    I guess you could test it safely with SNEEK.

    However you slice it, it's not as easy or as convenient as trucha. Which will just work if your wii is running an old enough system menu.
     
  10. Wiimm
    OP

    Wiimm Developer

    Member
    2,172
    381
    Aug 11, 2009
    Gambia, The
    Germany
    This question is open until now:
    But I have to more questions:
    2.) Is is legal to distribute the cert chain (all so called public keys) together with the wit distribution?
    3.) Is it legal to distribute the root cert together with the wit distribution?
     
  11. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    I don't think anyone can confirm if every game uses the same certs unless they own them all, but I would say it's very likely.

    As for distributing the certs, I'm advised it's legal since it's not possible to copyright keys or signatures.