[HELP] EGGS-SGGE header of Wii VC eShop games

Discussion in 'Wii U - Hacking & Backup Loaders' started by sabykos, Dec 26, 2016.

  1. sabykos
    OP

    sabykos GBAtemp Regular

    Member
    257
    406
    Jun 10, 2013
    Gambia, The
    Hi guys,

    wouldnt it be cool if we could inject Wii games into the existing Wii eShop games? Then we could access our complete Wii library from WiiU menu and could use the game pad as classic controller...

    Well I'm kinda one step away from achieving this. I successfully extracted an iso file from the nfs files of an Wii eShop game with help of the guys here. The goal is now to reverse this process and I'm practically one step away from this. The only thing that's left is to reverse engineer the EGGS-SGGE header of the Wii eShop games.

    Wii eShop games come as bunch of hif hif_0000XX.nfs files, where XX is a counter number starting from 00. Every nfs file has a size of 256 MB, except the last one. In total those files a nearly exactly as big as a WBFS file of the game. I was able to join, decrypt, and manipulate those files to produce an functional iso file. I'm also able revert this.

    The first file hif hif_000000.nfs has a 512 Byte header starting wird the word EGGS and ending with SGGE. Currently it is not known how to generate a working for a Wii game. Here are some examples for EGGS headers (I hope it's OK to post those):

    Warning: Spoilers inside!

    If you want to take a look at some other headers. GO to that titlekey site, look the eShop Wii games. And download and decrypt them with JNUSTool using titlekey and titleID. The hif_000000.nfs lies in the content folder.

    The only thing I'm quite sure of, is that the byte at 0x13 times 2 is number of dwords following which are not ff ff ff ff. So, any ideas appreciated. :)
     


  2. NexoCube

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Just decrypt the wanted game .nfs and change the header
     
  3. julienbdes

    julienbdes GBAtemp Regular

    Member
    164
    30
    Sep 3, 2015
    Canada
    Why is that header so important ? With sigpatch or somes option on the rednand region tool stuff, would it be possible to Just bypass this step? Make a public header or custom With no risk since we dont play online private would bè useless. I dont have the knowledge atm, hope I dont confuse everything
     
    Conn0r likes this.
  4. ZoNtendo

    ZoNtendo GBAtemp Fan

    Member
    422
    225
    May 25, 2015
    lol, header are always important in a file
     
  5. Conn0r

    Conn0r GBAtemp Fan

    Member
    327
    187
    Jan 10, 2016
    United States
    I'd try a bit of Caffeiine or SDCaffeiine
     
  6. sabykos
    OP

    sabykos GBAtemp Regular

    Member
    257
    406
    Jun 10, 2013
    Gambia, The
    Wow, OK I forgot how useless most people are here.
     
    Hiccup, N7Kopper, OrGoN3 and 27 others like this.
  7. yahoo

    yahoo G͝B͢A͜t͞em҉p̡ R̨e͢g̷ul̨aŗ

    Member
    341
    236
    Aug 4, 2014
    United States
    What happens with an incorrect EGGS header?
     
  8. sabykos
    OP

    sabykos GBAtemp Regular

    Member
    257
    406
    Jun 10, 2013
    Gambia, The
    Error Code 150-3230 or 150-3032 cant remember which one exactly.

    For the one who don't understand what I'm trying to achieve: I'm trying to install Wii games on WiiU menu. THere are some Wii games that can be purchased at eShop. But obviously only few one. I try to reverse engineer their format to make all Wii installable.
     
    Funkymon likes this.
  9. yahoo

    yahoo G͝B͢A͜t͞em҉p̡ R̨e͢g̷ul̨aŗ

    Member
    341
    236
    Aug 4, 2014
    United States
    Do the rpx files differ from game to game? Also have you tried looking at one of the rpx files in IDA to see what it is doing with the header? Most likely somewhere in the header is the size of the game, since they are all different.
     
    Last edited by yahoo, Dec 26, 2016
    fejich likes this.
  10. sabykos
    OP

    sabykos GBAtemp Regular

    Member
    257
    406
    Jun 10, 2013
    Gambia, The
    Havent tried that yet. Theres also a fw.bin in the code folder that probably is responsible for dealing with the nfs files. Problem is I'm actually not that good in REing asm code. I understand the basics but finding the right spot in a file thats over 1 MB requires also experience. But afaik @JaGoTu10 REd most of the fw.img code. Maybe he can help out?
     
  11. victormr21

    victormr21 GBAtemp Advanced Fan

    Member
    547
    67
    Dec 29, 2015
    @sabykos bah! There isn't any information in the SDK...
    Maybe if we make a EGGS header database, we can find a pattern, if you want I say you the SMG1 NTSC header?
    Bye!
     
  12. VinsCool

    VinsCool Delusional

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,730
    27,862
    Jan 7, 2014
    Canada
    Another World
    Well it's not like some of us have a life and are at work right now. That's just not possible.

    Anyway I'll be glad to poke at this either tonight or tomorrow when I get some free time away from work.
     
  13. sabykos
    OP

    sabykos GBAtemp Regular

    Member
    257
    406
    Jun 10, 2013
    Gambia, The
    I wasn't refering to the lack of answers but to the stupidity of some answers. Thanks for your efforts.
     
  14. Ryuzaki_MrL

    Ryuzaki_MrL Furry Addict

    Member
    744
    719
    Jun 23, 2015
    Brazil
    Simple put: it's the number of qwords following this byte.
     
  15. VinsCool

    VinsCool Delusional

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,730
    27,862
    Jan 7, 2014
    Canada
    Another World
    Yes yes I know that, but still this reply was rude, especially since I do my best to contribute to the community.

    Shouldn't have taken it to a personal level, I have to admit, haha.
     
  16. Crazystato

    Crazystato Advanced Member

    Newcomer
    55
    32
    Oct 24, 2016
    Australia
    Could there be a possibility that once these headers are cracked and wii games can be successfully run, we could somehow inject or point to Nintendont for GC games also?
     
  17. KiraW

    KiraW Member

    Newcomer
    13
    4
    Nov 1, 2016
    Looking at these, I'm pretty certain that the data from 0x24-0x1FB are position-length pairs.

    For example, in your Kirby's Return to Dream Land USA example, it can be read as:

    #1: Start potition 0x1F00, length 0x1F58
    #2: Start position 0x3E5A, length 0x1A
    #3: Start position 0x3E77, length 0x4D
    #4: Start position 0x3EC6, length 0x51
    #5: Start position 0x3F18, length 0x18
    #6: Start position 0x3F31, length 0xE2
    #7: Start position 0x4014, length 0x730C

    ...and then the rest is padded with 0xFFFFs.

    The numbers would seem to match up. I'm not really experienced with Wii games so I don't know what they might be referring to, but I'm fairly certain that this is what that piece of data means.
     
    Last edited by KiraW, Dec 26, 2016
  18. VinsCool

    VinsCool Delusional

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,730
    27,862
    Jan 7, 2014
    Canada
    Another World
    That or a way to load vWii system menu, that would be great.
     
    CeeDee likes this.
  19. Ryccardo

    Ryccardo WiiUaboo

    Member
    3,138
    1,501
    Feb 13, 2015
    Italy
    Imola
    If Nintendont works fine from an optical drive (you can try by making a romhack, or maybe even the "alt dol" feature of your dvd/usb loader), that would be the best case

    — Posts automatically merged - Please don't double post! —

    In slc:/proc/prefs/wii_acct.xml, there's this interesting option: " <ctrl type="complex"><drc type="unsignedByte" length="1">0</drc></ctrl>", but manually changing it is useless as the wiiu launcher always adjusts it to the correct option for the Wii title you're launching...

    If we were talking about a virtualized Wii game, that setting is loaded from a xml in the game (or so I heard), but the main Vwii icon just has the titleid of the Vwii kernel and most likely there is some magic implementation (like the actual icon) in the launcher itself, like the optical drive channel
     
    Last edited by Ryccardo, Dec 26, 2016
    VinsCool likes this.
  20. Zero72463

    Zero72463 GBAtemp Maniac

    Member
    1,255
    602
    Jun 27, 2016
    United States
    We should be working on removing protection from vWii in Wii U and unbricking people's vWii