Hacking certificate chain (cert.bin)

Wiimm

Developer
OP
Member
Joined
Aug 11, 2009
Messages
2,292
Trophies
1
Location
Germany
Website
wiimmfi.de
XP
1,519
Country
Germany
I have 2 questions about Nintendo certificate chain ("cert.bin" if extracted from ISO):

1.) Is the cert.bin the same for all games?
(My about 60 games share identical certificates)

2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,653
Trophies
2
XP
5,913
Country
United Kingdom
Wiimm said:
2.) What happens if I generate a self signed certificate chain and use it instead of the Nintendoa chain? Does the Wii confirm the certificates by using any other source? If the Wii accept a self signed chain, it is possible to create a well signed ISO (and other well signed stuff) with self made keys.

The root key which signs the certificate chain is stored inside your wii.
You can't easily replace it & you can't have two.

Trucha signing and patching your IOS is much much easier.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
Well you can easily replace root - it's hardcoded in IOS. But then normal stuff would break.
The reason they're on every disc is because technically they could make new certs - I believe it's even possible for a disc to contain a revocation list of old certs.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
Yes. It's not really needed in that example since the certs are also hardcoded into the sample app (no need to always verify static data, it's not going to change), I just left the entire chain checking in for demonstration purposes. Doing the final verify against Root takes much longer than the rest because it's 4096 bits instead of 2048.

(Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)
 

Wiimm

Developer
OP
Member
Joined
Aug 11, 2009
Messages
2,292
Trophies
1
Location
Germany
Website
wiimmfi.de
XP
1,519
Country
Germany
tueidj said:
(Look for "// remove this if statement if you don't want to check the whole chain" if you want to speed up the sample code.)
I have already noticed that, but I like to understand all. I will implement that code into wit (both are GPL2).
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,653
Trophies
2
XP
5,913
Country
United Kingdom
tueidj said:
It's not going to brick just by installing one patched IOS.

It's the system menu one, so if you do screw up with your editing then it won't end good.
Where trucha patching has already been automated so the chances of getting it wrong are much lower.

I guess you could test it safely with SNEEK.

However you slice it, it's not as easy or as convenient as trucha. Which will just work if your wii is running an old enough system menu.
 

Wiimm

Developer
OP
Member
Joined
Aug 11, 2009
Messages
2,292
Trophies
1
Location
Germany
Website
wiimmfi.de
XP
1,519
Country
Germany
This question is open until now:
Wiimm said:
1.) Is the cert.bin the same for all games?
(My about 60 games share identical certificates)
But I have to more questions:
2.) Is is legal to distribute the cert chain (all so called public keys) together with the wit distribution?
3.) Is it legal to distribute the root cert together with the wit distribution?
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
I don't think anyone can confirm if every game uses the same certs unless they own them all, but I would say it's very likely.

As for distributing the certs, I'm advised it's legal since it's not possible to copyright keys or signatures.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • cearp @ cearp:
    Even sugar free isn't good, as the acid is bad enough.
  • cearp @ cearp:
    oh earlier than 15 Ken, babies, children can get decay
  • K3Nv2 @ K3Nv2:
    So dentists give. Us these caps that'll last a few years to fight thrm
  • K3Nv2 @ K3Nv2:
    Yeah but babies get a new set
  • K3Nv2 @ K3Nv2:
    Screw godfor not giving us a new adult set after we mess up
    +2
  • cearp @ cearp:
    "You listening up there big guy?"
  • BigOnYa @ BigOnYa:
    Just smoke meth, all your dental problems will go away.
    +2
  • K3Nv2 @ K3Nv2:
    Even steven
  • cearp @ cearp:
    I wonder why edibles haven't caught on for meth
  • K3Nv2 @ K3Nv2:
    Locked down from government to dispensary
  • BigOnYa @ BigOnYa:
    In India it has, can't remember what its called yuka I think, they have a crisis like we have with fentanal
  • K3Nv2 @ K3Nv2:
    That's why we need regulation :teach:
  • SylverReZ @ SylverReZ:
    @BigOnYa, Speak to Psi, he'll offer you some in Tempycoin. :tpi:
    +1
  • OGSniper @ OGSniper:
    Day after day, we drink beer, Night after night my heartbeat shows the fear
    +1
  • K3Nv2 @ K3Nv2:
    Beer can be bad for your teeth
  • OGSniper @ OGSniper:
    Teeth? What Teeth?
  • SylverReZ @ SylverReZ:
    @K3Nv2, Do crack instead. Beer is more of a depressant.
  • OGSniper @ OGSniper:
    I like taking trips without even leaving my house, if ya know what I mean.
  • K3Nv2 @ K3Nv2:
    My hygienist name is Jose I'm like fuck Juan found me
    +2
  • BigOnYa @ BigOnYa:
    Did he ask to see yo feet?
  • K3Nv2 @ K3Nv2:
    Teeth
  • K3Nv2 @ K3Nv2:
    Juan's second cousin obsessed with teeth
    +1
  • BigOnYa @ BigOnYa:
    Did you wake up with your belt un-buckled?
  • K3Nv2 @ K3Nv2:
    Let me lift you up in my chair
    K3Nv2 @ K3Nv2: Let me lift you up in my chair