Hacking Modchips + homebrew - free + illegal = ArgonChannel

djdynamite123

Master Of Hardcore!
OP
Banned
Joined
Sep 21, 2008
Messages
3,788
Trophies
0
Age
36
Location
Redcar, England UK
Website
www.djdynamite.bravehost.com
XP
136
Country
<a href="http://hackmii.com/" target="_blank">http://hackmii.com/</a>

<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/<object width="480" height="295"><param name="movie" value="http://www.youtube.com/v/EEaJNfnrJFw&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/EEaJNfnrJFw&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object>&rel=1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/<object width="480" height="295"><param name="movie" value="http://www.youtube.com/v/EEaJNfnrJFw&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/EEaJNfnrJFw&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object>&rel=1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>

<b>The Argon modchip guys have been trumping up this new cool thing they call the Argon Channel. At first details were sketchy, but as time passed what it was started to become obvious: some homebrew launching or installing “solution”, locked to a modchip.

Recently, the Argon guys showed up on IRC and had an interesting conversation with me, where they tried to get me to help them get the channel to work on System Menu 3.4 by convincing me of the wonderful world of modchip software. The conversation was somewhere along the lines of this, excluding the broken English: “By bundling it with our modchip we make homebrew more popular”. “But it’s locked to your modchip, how will that make it more popular?” “Yes, that makes it even more popular because it’s exclusive and people will want it.”

The response, obviously, was no.

Now the channel has showed up and gasp, it’s compatible with 3.4. Wait, did they find an exploit?


Of course they didn’t.

By watching the video you’ll see that it consists of a two-stage process. This should start ringing alarm bells: why on earth would they have to install two things to install the channel? You’ll also notice that before installing the second half, they do some sort of serial number verification. This seems to be their way of locking it to the chip.

Download their package. First alarm bell. They’re bundling the Twilight Hack, which they’re not authorized to do. Hmm.

Let’s look inside the first DOL file - which turns out to be the one labeled part2. They’re backwards. Shows how much time they spent preparing this package. This file looks suspiciously like a Waninkoko product - same banner and console style. Let’s look inside.</b>


0004e980 00 00 00 20 49 73 00 00 00 00 0a 00 00 00 00 00 |... Is..........|
0004e990 00 00 02 a4 00 00 02 2c 00 18 8c 00 00 00 00 40 |.......,.......@|
0004e9a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
0004e9b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
0004e9c0 00 01 00 00 b3 ad b3 22 6b 3c 3d ff 1b 4b 40 77 |......."k<=..K@w|
That looks like a WAD header. Interestingly, `strings’ didn’t show any readable four-letter Title ID among the Root-CA strings from the certs, TMD, and ticket. Let’s run it through a WAD extraction tool that I have, which prints out information:

Wii Wad:
Header 0x20 Type 'Is' Certs 0xa00 Tik 0x2a4 TMD 0x22c Data 0x188c00 @ 0xf40 Footer 0x40
ETicket:
Title ID: '\x00\x00\x00\x01\x00\x00\x00\x10'
Title key IV: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 00
Title key (encrypted): 52 6b 1a 2a d0 db 6a 80 c2 95 25 63 80 98 f8 82
Common key index: 0
Title key (decrypted): 34 9e 8a c5 ed 3c e1 51 72 f2 b9 3e 1b cb 06 3b
ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: ec f8... [OK]
TMD:
Versions: 0, CA CRL 0, Signer CRL 0, System 0-0
Title ID: 00000001-00000010 ('\x00\x00\x00\x01'-'\x00\x00\x00\x10')
Title Type: 1
Group ID: '\x00\x01'
Access Rights: 0x00000000
Title Version: 0x101
Boot Index: 1
Contents:
ID Index Type Size Hash
00000000 0 0x1 0x40 ca 2e 8c 59 e9 7e e9 fe...
00000001 1 0x1 0x188b81 65 3e 5e 0f 1d ea 72 f2...
TMD signed by Root-CA00000001-CP00000004 using RSA-2048: 8b 1a... [OK]
Certificates:
- CA00000001 (RSA-2048)
Certificate signed by Root using RSA-4096: 6f 47... [OK]
- CP00000004 (RSA-2048)
Certificate signed by Root-CA00000001 using RSA-2048: 8d 4f... [OK]
- XS00000003 (RSA-2048)
Certificate signed by Root-CA00000001 using RSA-2048: d7 0a... [OK]
Title ID 00000001-00000010 is IOS16. So this is how they get it to work on 3.4. And this is also why there’s a two-stage process. They’re bundling a private, repair center only, leaked IOS from nintendo.

Ladies and gentlemen, epic fail.

There’s another WAD in the DOL. I’ll spare you the boring WAD infodumps and just say that it’s some version of cIOS. So their first stage “installer” just installs IOS16, then uses that to install cIOS. A waninkoko-worthy product indeed. I seem to recall him saying he’d never use IOS16, some time ago in the EOL forums. How quaint.

00000000 66 69 72 6d 77 61 72 65 2e 36 34 2e 30 38 30 38 |firmware.64.0808|
00000010 32 39 31 36 30 30 00 00 00 00 00 00 00 00 00 00 |291600..........|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 01 02 00 00 |................|
00000030 77 61 6e 69 6e 6b 6f 6b 6f 40 43 49 4f 53 00 00 |waninkoko@CIOS..|
Their part21 “installer” is just a standard game DVD launcher that launches it using cIOS.

Let’s look at their install DVD, shall we?

This is a standard Wii ISO. You can tell it has been fakesigned with Trucha Signer. This is evident because you can, you know, read my name and xt5’s on the signature:

502c0 00 01 00 01 a5 ce b8 bc 99 b7 e9 a0 c1 ff 14 78 |...............x|
502d0 5c 22 66 85 51 a0 44 0c 70 3e 16 34 9a 1c a6 74 |\"f.Q.D.p>.4...t|
502e0 74 47 56 46 4e 1c 56 b3 dd bc 76 f4 6b 64 ce 35 |tGVFN.V...v.kd.5|
502f0 40 72 c6 cf 53 9b 64 38 36 30 15 dc 4f 0d 6d 26 |@r..S.d860..O.m&|
50300 41 38 55 4b 67 d8 54 68 45 66 49 53 68 e9 61 78 |A8UKg.ThEfISh.ax|
50310 b1 30 c5 63 00 d9 69 de 93 d8 4f c8 69 ed 52 12 |.0.c..i...O.i.R.|
50320 96 35 28 45 48 e2 70 e2 4b 01 53 7d 53 e3 43 13 |.5(EH.p.K.S}S.C.|
50330 8b 30 77 6a 58 41 6f 6c 54 72 61 4c 61 4c 61 05 |.0wjXAolTraLaLa.|
50340 6d 64 8a 62 bd b8 53 98 b3 9c 55 df 4c 10 4e c2 |md.b..S...U.L.N.|
50350 4d 33 77 87 e0 a8 61 69 85 3b 4a 64 69 7a 37 f7 |M3w...ai.;Jdiz7.|
50360 fe 4b 84 42 d2 37 6c 48 67 c6 75 ec 45 8d 9e fd |.K.B.7lHg.u.E...|
50370 db 63 43 41 30 6a 4d 6d 42 4e 73 55 21 d5 da 32 |.cCA0jMmBNsU!..2|
50380 23 34 d2 64 f6 e3 4f 3c 43 ab 65 ec ea 1e a7 92 |#4.d..O<C.e.....|
50390 6f 68 70 54 68 49 6e 47 53 52 eb 52 96 a2 03 43 |ohpThInGSR.R...C|
503a0 8e 33 fb 73 be f8 67 72 49 6e 64 45 45 64 3f 3f |.3.s..grIndEEd??|
503b0 77 53 d8 89 28 a8 bf a4 aa e8 ef 83 ff 56 9a e3 |wS..(........V..|
For fun, try finding other interesting strings

Let’s try running it through an information tool.

Game ARGO, maker NC, magic 5d1c9ea3: Argon Channel Installer
1 partitions in ISO:
[ 0] 0x0000050000 (00000000)
Wii Partition at 0x0000050000:
TMD @ 0x2c0 [0x208], Certs @ 0x4e0 [0xa00], H3 @ 0x8000, Data @ 0x20000 [0x1f0000]
ETicket:
Title ID: '\x00\x01\x00\x01ARGN'
Title key IV: 00 01 00 01 41 52 47 4e 00 00 00 00 00 00 00 00
Title key (encrypted): 21 21 41 52 47 4e 43 48 4e 4c 46 4b 4b 59 23 23
Common key index: 1
Title key (decrypted): 5a de 4a 66 32 0d c1 56 05 3e e3 64 c3 c0 d3 5b
ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: d2 a8.... [FAIL]
Signature hash: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TMD:
Versions: 0, CA CRL 0, Signer CRL 0, System 1-21
Title ID: 00010001-4152474e ('\x00\x01\x00\x01'-'ARGN')
Title Type: 0
Group ID: 'HB'
Access Rights: 0x00000000
Title Version: 0x1
Boot Index: 0
Contents:
ID Index Type Size Hash
00000000 0 0x1 0x3e0000 aa b4 a7 dc 21 48 0d e9...
TMD signed by Root-CA00000001-CP00000004 using RSA-2048: 00 ea... [BUG]
Signature hash: 00 6f...
H4 hash check passed
Data:
Blocks: 62
Subgroups: 7 (plus 6 blocks)
Groups: 0 (plus 62 blocks)
Certificates:
- CA00000001 (RSA-2048)
Certificate signed by Root using RSA-4096: 6f 47... [OK]
- CP00000004 (RSA-2048)
Certificate signed by Root-CA00000001 using RSA-2048: 8d 4f... [OK]
- XS00000003 (RSA-2048)
Certificate signed by Root-CA00000001 using RSA-2048: d7 0a... [OK]
pywii.wii.HashError: Failed to verify data chunk 0 against H0:
expected 82254908e26f42fe903d5bcf3f95f2acfa110e4d,
got 8b7219c81d0a4e985c65edd9de2c0b943520f8c6
So their ticket is signed wrong and the data doesn’t verify. Attempting to extract it yields garbage. This means their modchip patches the Title Key to something else. Because, you know, just in case you couldn’t figure it out yourself, they tell you. Their fake key is “!!ARGNCHNLFKKY##”.

I tried all single or double byte patches in case they were using a really lame patch, but it appears they’re not that stupid. I’m currently waiting for a way of getting the Title Key, probably from someone with an Argon2. Expect an update once that happens. I can practically guarantee that their channel banner will also be stolen from a Nintendo channel, though - it looks just like all those other stolen banners, in the video (same animation). Beyond that, who knows - maybe there’s even more things to laugh about.

In short, if you want a channel that:

Is vendor locked to a modchip
Is way more annoying to install than The Homebrew Channel
Consists of a bunch of jury-rigged tools to install and was clearly made by not very competent people
Is illegal twice
Is probably illegal a couple more times
Also rips off the Twilight Hack
More to come once I get their key
Then, by all means, get the ArgonChannel. Otherwise, stay very very far away.

Bonus content: Apparently argon have never heard of fonts. Those were inside their modchip updater DOL file.
Bonus content 2: An HMAC password involved in the update process of the Argon chip is RobinsodAndWaninkoko1. Just in case anyone had any doubts that he’s involved in all this.
 

Wiisel

Well-Known Member
Member
Joined
Dec 4, 2008
Messages
1,309
Trophies
0
Website
Visit site
XP
333
Country
atleast they asked before stealing
biggrin.gif


all seems too much hassle to install with the crappy key thing and who wants to buy a chip to access homebrew?

nice to have another homebrew launcher tho if it uses anything new.
 

Blue-K

No right of appeal.
Member
Joined
Jun 21, 2008
Messages
2,572
Trophies
0
Location
Helvetica
XP
199
Country
Swaziland
You're getting slow, djdynamite123...I've read this 30 Minutes ago (or more)...
tongue.gif


Anyways...again I don't get it..is this simply a Homebrew-Channel from Argon? Not more? Why should someone be so dumb and use this s***, since the original from TeamTwiizers is and will always be the best?

EPIC FAIL...realy..
rolleyes.gif
 

dread123

Well-Known Member
Member
Joined
Dec 9, 2006
Messages
136
Trophies
0
Age
48
Location
manchester uk
Website
Visit site
XP
169
Country
...please!!!

Does it really matter that it is illegal? only to Marcan and rest of the team. To everyday users like myself and other people, it makes no difference.
We will still use most apps wether legal or illegal. i say fair play to them..they are keeping things fresh, whereby others seem to keep any info to themselves untill it has been revealed by others!
I am a pirate and not really concerned what the general public think about my downloading habits, it s the inertnet shit happens ,people get ripped off.. there is not alot that Marcan and his team can do to stop people ripping off their warez!

Rant over- flame on
 

Arm the Homeless

Custom Title
Member
Joined
May 26, 2008
Messages
1,762
Trophies
0
Location
/home/andy/
Website
Visit site
XP
125
Country
United States
dread123 said:
...please!!!

Does it really matter that it is illegal? only to Marcan and rest of the team. To everyday users like myself and other people, it makes no difference.
We will still use most apps wether legal or illegal. i say fair play to them..they are keeping things fresh, whereby others seem to keep any info to themselves untill it has been revealed by others!
I am a pirate and not really concerned what the general public think about my downloading habits, it s the inertnet shit happens ,people get ripped off.. there is not alot that Marcan and his team can do to stop people ripping off their warez!

Rant over- flame on
Could we ban him?
 

Phratt

Well-Known Member
Member
Joined
Nov 12, 2008
Messages
541
Trophies
0
XP
151
Country
United States
People need to stop making money off of homebrew, even if its original work, itys just very sleezy IMO.

If they weren't selling then I'd say that marcan should just let them live, because TPhack is like one of the few ways to do homebrew now days. Thats like Benjimen franklin sueing everyone who doesn't credit him when making electrical products, franklin was the poineer theres no other alternative than to use his discovery.
 

denzil

Well-Known Member
Newcomer
Joined
Jun 11, 2008
Messages
88
Trophies
0
XP
11
Country
United States
Phratt said:
TPhack is like one of the few ways to do homebrew now days
One of the few? Name another hack to do homebrew on Wii.

But you are exactly right:
QUOTEPeople need to stop making money off of homebrew
marcan put it into other words, but that's exactly the point: all aspects of legality aside, by selling this channel and its installer as "feature" of their modchip, they make money off other people's work, namely Team Twiizer's work, and by including their code, Nintendo's. That's just about the same as selling warez.
 

Lazycus

Rotten
Member
Joined
Jul 22, 2006
Messages
871
Trophies
0
Website
Visit site
XP
169
Country
United States
Yawn. Who would buy an Argon chip because of this "feature"? What a waste of time and effort. Waninkoko will get paid but I doubt the Argon folks will see a return on their investment.
 

FRanatic

Well-Known Member
Member
Joined
Nov 1, 2008
Messages
277
Trophies
0
XP
55
Country
Netherlands
People don't buy modchips for homebrew.
To the new users it's just a modchip. If the price of this one exceeds the others, just because it's 'homebrew capable', the new customer will buy one of the cheaper other chips.

And the people familiar with the scene know about TP and HBC, so they'll drop it like a bad habit.

This chip will not sell for the above reasons. Also, once they start taking orders nintendo will shut them down. See what happend to the Datel Lite Blue Battery for the psp.
 

WiiCrazy

Be water my friend!
Member
Joined
May 8, 2008
Messages
2,395
Trophies
0
Location
Istanbul
Website
www.tepetaklak.com
XP
387
Country
FRanatic said:
People don't buy modchips for homebrew.
To the new users it's just a modchip. If the price of this one exceeds the others, just because it's 'homebrew capable', the new customer will buy one of the cheaper other chips.

And the people familiar with the scene know about TP and HBC, so they'll drop it like a bad habit.

This chip will not sell for the above reasons. Also, once they start taking orders nintendo will shut them down. See what happend to the Datel Lite Blue Battery for the psp.

Well but people want to use emulators... and there are lots of them... so it makes a choice when average joe mods his wii...

The thing is lame... yet they don't think it being lame or not, they just care about the profit at the end of the day...

What's much more lame is they need to resort to the twilight hack to install this... guess there is a scarcity for talented hackers (even not self motivated) around the globe...
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
  • K3Nv2 @ K3Nv2:
    Oh hi flame
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a picteof not updating just tell them don't update
    K3Nv2 @ K3Nv2: You got a good chance of buying a used one and asking the seller how often they used or even ask...