Decrypt WAD contents using openssl command line...

Discussion in 'Wii - Hacking' started by Red_Squirrel, Feb 5, 2010.

  1. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila
    I'm under Linux and I want to decrypt WAD contents using openssl command line.
    I tried:
    Code:
    openssl enc -d -aes-128-cbc -K COMMONKEY -iv 0 -nopad -in 00000000 -out 00000000.app
    with at the place of COMMONKEY the 16 hex values of common-key.bin. But the result is NOT a correct decrypted .APP [​IMG]

    So, is it possible to decrypt a WAD content using only openssl command line? And if yes, with which command?! Thx [​IMG]
     


  2. Krestent

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    Why? What's wrong with using a tool?!?!?
     
  3. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila
    If you can tell me the name of some linux tool to do this, you make me very happy [​IMG]
    Wadunpacker on linux gives me always a buffer overflow error.... and then I want to decrypt only some WAD contents, not all the WAD...
     
  4. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    Every title uses a different key, not the common key.
     
  5. nitrostemp

    nitrostemp GBAtemp Maniac

    Member
    1,395
    89
    Mar 15, 2009
    looks like someone needs to use wine
     
  6. Leathl

    Leathl GBAtemp Regular

    Member
    239
    1
    Aug 15, 2009
    Gambia, The
    Berlin
    Because I'm too lazy to write it myself, I quote WiiBrew [​IMG]

    Then you should be able to decrypt the content using the decrypted title key.
    Also mention, the IV for the content is not zero! (The first two bytes are the content's index, you can grab it from the tmd)
     
  7. techboy

    techboy GBAtemp Advanced Maniac

    Member
    1,720
    21
    Mar 15, 2009
    United States
    Pennsylvania
    EDIT: Beaten to it.
     
  8. giantpune

    giantpune GBAtemp Addict

    Member
    2,860
    122
    Apr 10, 2009
    United States
    just use NUS WadPacker. it runs in linux and gets shit from NUS and saves it in the normal formats. one of those is decrypted.

    a couple other options are if you have the wad of this, just use the wadMii or showmiiwads i have posted on here. i compiled a version of each that works in mono and will spit out decrypted contents.
     
  9. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila
    Thank you very much, I'll give a try [​IMG]
     
  10. SanGor

    SanGor Witchhunter

    Member
    993
    79
    Aug 21, 2008
    United States
  11. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila

    Thank you again Leathl, I did it [​IMG]
    Only another little question: i compared "my" decrypted content with the same decrypted content (but decrypted using NUSD) and there is ONLY one difference: in the second (o third, i don't remember well now) byte at the place of 0x00 there is a 0x03. Only that byte is different, for the rest the two files are the same.
    Will be this a issue (for example installing the content in the NAND)? [​IMG]
     
  12. SanGor

    SanGor Witchhunter

    Member
    993
    79
    Aug 21, 2008
    United States
    you used the wrong IV, it might break when you install it
     
  13. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila
    using a wrong IV only one byte comes different?! [​IMG] more then 600k bytes are the same and only one is different (I used WinHEX to compare byte by byte the two files!)... is possible? [​IMG]
     
  14. worstenbrood

    worstenbrood Member

    Newcomer
    25
    0
    Nov 29, 2006
    Belgium
    BeyondCompare is your friend [​IMG]
     
  15. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila
    .APP is the file decrypted by NUSD, .DEC is the file decrypted using openssl... Only one difference at second byte [​IMG]
     
  16. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    That's right, the IV only affects the first 16 bytes (and in the case of wii titles, the IV only has 2 unique bytes). If you read up about AES-CBC on wikipedia you'll see why.
     
  17. SanGor

    SanGor Witchhunter

    Member
    993
    79
    Aug 21, 2008
    United States
    the index is used as the IV, nintendo really fails at crypto. I mean you could easily guess it ...
     
  18. Red_Squirrel
    OP

    Red_Squirrel Advanced Member

    Newcomer
    73
    0
    Feb 8, 2009
    Italy
    L'Aquila
    I tried to decrypt 4 different contents of the same WAD (so same titlekey and same IV for all). Then I compared them with the decrypted contents made by NUSD... result? for 3 of them I got the same decrypted files of NUSD (equals in every byte, tested with tools not with eyes xD), and only one is different from the NUSD's decripted content by ONE byte. [​IMG] If my IV was bad, why other three contents have been decripted correctly? It's very strange... [​IMG]

    EDIT: oh, and yes, i used the content ID as IV [​IMG]
     
  19. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    Use the index, not the content ID.
     
  20. giantpune

    giantpune GBAtemp Addict

    Member
    2,860
    122
    Apr 10, 2009
    United States
    75% is passing in every class i took in college. i say go with it [​IMG]