Hello.
I hacked my Wii a long time ago but, recently, I started wondering a few things about how it works and thought you could help me.
If I understood well, Nintendo uses a combination of Asymetric encryption and hash functions in order to check if a content was approved. And this is stored in what we call certficates, right ?
So, If I can understand that exploits allow to run unsigned code, what seems obscure to me is how, for instance, the Hombrew Channel can be installed. I heard about Trucha and STM exploits but they are patched, aren't they ? So, does the Bootmii installer use another exploit ? I think it does, although its code must be obfuscated.
But that raises another question : How can wads be installed ?
I think clean dumped channels contain the right certificates, so it shouldn't be a problem, should it ?
But what about other self-made channels ? How do we manage to trick the Wii to make it think it was signed by Nintendo without the trucha bug ? Do wad installers use the same exploit as bootmii installer ?
Also, when does the signing check occur? During installation ? When the system-menu boots ? Before booting a channel ?
Thanks for your help !
I hacked my Wii a long time ago but, recently, I started wondering a few things about how it works and thought you could help me.
If I understood well, Nintendo uses a combination of Asymetric encryption and hash functions in order to check if a content was approved. And this is stored in what we call certficates, right ?
So, If I can understand that exploits allow to run unsigned code, what seems obscure to me is how, for instance, the Hombrew Channel can be installed. I heard about Trucha and STM exploits but they are patched, aren't they ? So, does the Bootmii installer use another exploit ? I think it does, although its code must be obfuscated.
But that raises another question : How can wads be installed ?
I think clean dumped channels contain the right certificates, so it shouldn't be a problem, should it ?
But what about other self-made channels ? How do we manage to trick the Wii to make it think it was signed by Nintendo without the trucha bug ? Do wad installers use the same exploit as bootmii installer ?
Also, when does the signing check occur? During installation ? When the system-menu boots ? Before booting a channel ?
Thanks for your help !