Question about save games

Discussion in 'Wii - Hacking' started by SifJar, Jun 2, 2010.

Jun 2, 2010

Question about save games by SifJar at 8:38 PM (1,779 Views / 0 Likes) 17 replies

  1. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    I have been reading a bit about save games recently for various reasons. I know that to decrypt/encrypt save games you can use FE100 on Windows, and segher's tachtig and twintig on Linux. I also know that these tools require a number of keys extracted from your Wii. My question is: why?

    From my reading of this page: http://wiibrew.org/wiki/Savegame_Files, the only keys used in the encryption process is the SD-key (ab01b9d8e1622b08afbad84dbfc2a55d) and the SD-IV (216712e6aa1f689f95c5a22324dc6a98) (both found in this HackMii article: http://hackmii.com/2008/04/keys-keys-keys/)

    So why is it necessary to get keys from a Wii? Why are those keys not simply included in the package, seeing as it appears those are all that is necessary to decrypt or encrypt a save game?

    Thanks to anyone who can answer my questions, and my apologies if it is a stupid question.

    EDIT: OK, I'm an idiot. I did a little more reading here: http://wiibrew.org/wiki/Wii_Security and realised that a Wii's private key is needed to encrypt a save, and a few other keys (all stored in the save itself) are required to decrypt it.

    I'm sorry for posting this pointless topic.

    EDIT: OK, I have another question: Why does Tanooki not need any keys? Am I correct in my assumption that it has included in the source the SD-Key, SD IV and MD5 blanker, along with the creators Wii's private key and public keys, and when it is loading a save, it uses the SD-Key, SD-IV and MD5 blanker to find get the public keys out of the save, then when saving it, encrypts it with the creator's private key and puts his/her public keys into the save? If so, could this approach not also be taken for FE100, allowing decrypting/encrypting save games without dumping any keys from your Wii?
     
  2. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    Well for decrypting the save the actual key is the SD key, the other stuff SD IV and MD5 blanker are just the cream on top but of course necessary...

    Actually to encrypt a save you can create the public/private ecc keypair and use that instead of getting them out of one's wii... That's because savegames are already designed with sharing in mind... A wii can not verify if a savegame is signed by another wii, for that every wii should contain public keys of all wiis...

    But a wii can tell apart a savegame signed by that very wii and a savegame signed by another wii... I don't know if this ability is every employed in System Menu.. I guess not but maybe it's used to lock certain parts (personal stuff or so) of a savegame keeping the other parts shared...

    By the way, all this are just educated guesses... FE100 was a direct port of Twintig & Tachtig. At the time I wrote the thing twintig & tachtig came with no explanation... I got only that keys, keys, keys blog entry of bushing and some vague names for the keys which I needed to correlate with the key dump provided by xyzzy...
    here is that background info : http://gbatemp.net/index.php?showtopic=122568&hl=
     
  3. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    So how would someone go about generating a completely custom public/private ecc keypair, and if this was done, could we simply use these keys along with the SD Key, SD IV and MD5 blanker with FE100/tachtig and twintig to encrypt any save?

    And then simply grab the public keys necessary from any particular save to decrypt it?

    EDIT: Also, can we generate NG-id, NG-mac and NG-key-id, as well as NG-priv and NG-sig (which I believe are the public/private keypair)?
     
  4. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    I believe we can at least create an ecc public/private keypair to use, Private one is the NG-priv. NG-id and NG-mac can be bogus I guess... The trickiest part that needs examination is NG-sig which as it seems encrypted&signed copy of ecc keypair's public part... we don't have the key used in signing that signature... we only have the public key for the signer of that signature.... hence there is no way to create a savegame with bogus ecc keypairs and stuff [​IMG] (Ignore the first part of this post [​IMG] )

    Expressing it in simpler terms,

    1. Ninty signed the public ecc keypair along with console id and stuff probably and put that in the cpu
    2. When your wii creates a savegame it puts your public ecc key in the savegame as well as that signature signed by ninty's private key(NG-sig)
    3. When another wii gets that savegame, it verifies that signature using the public part of that ninty's private key so that it matches the public ecc key in the savegame... So a wii can ensure that the savegame indeed signed by another wii (or with another wii's keys) and not some bogus stuff...

    ps: I might be missing or failing on some technical mumbo jumbo there but it seems reasonable to me.
     
  5. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    So we WOULD have to use a REAL public/private keypair extracted from a Wii then? And is it legal to redistribute those keys? I assume that is what Tanooki does...

    EDIT: Wait a minute: if NG-sig if your Wii's public key, signed with Ninty's private key, does that mean the private key is used in the System Menu to create NG-sig? Or is the NG-sig put on the Wii in the factory?

    BTW, thanks for all your explanations, particularly the simplification of your last post. Very helpful [​IMG]
     
  6. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    Yes possibly, that's where it ends up... About the legality, it depends on whose keys are used in that program and if the owner of the keys know it or not... If it's the keys of the author then there is no problem...

    NG-sig is put on the cpu in the factory, menu only have the public part of that key that's used to create that signature...

    ps: forgive me for my english when I try to explain all this in relative clauses...
     
  7. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    By the way, I just tested Tanooki and it doesn't deal with encrypted savefiles... it uses the sav file in the data.bin of NSMBW
     
  8. Slimmmmmm

    Member Slimmmmmm GBAtemp MoNkEeE

    Joined:
    Nov 1, 2007
    Messages:
    1,687
    Location:
    the land of lol
    Country:
    United Kingdom
    I wonder what Datel do for power saves ? Same method, different method...

    btw nice sig WiiCrazy [​IMG]
     
  9. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    I'd guess they use a similar method: decrypting them and then encrypting them with the keys of a Wii they own. Either that or they manually make every save (i.e. playing through the game) and then just dump them all.
     
  10. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    @Slimm : About Datel stuff, that depends certainly on the timeline of events after trucha exploit has been found. Twiizers suggest that Datel found trucha bug on their own account regardless of the scene finding it earlier...(Freeloader)

    It seems Powersave thing is released earlier than twilight hack...

    http://nintendo.joystiq.com/2007/06/02/dat...g-in-easy-mode/
    June 2007

    Twilight Hack
    March 2008

    But the ability of running unsigned code on the wii (which was possible once trucha exploit has been found) is enough to create hacked savefiles...

    So I guess Datel used their own hacks and didn't need savegame packing stuff... Timeline suggests this.

    @SifJar : I don't think they got those saves merely by playing the games [​IMG]
     
  11. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    OK I have another question about the encryption. I can see from WiiBrew that the Main Header, Banner and Files are all encrypted with the SD-key, the Main Header and Banner with SD-IV and the Files with the IV in the File Header. I also see that the Backup Header and File Header are unencrypted, and that the Backup Header contains the NG-id and NG-mac.

    So where to NG-key-id and NG-sig come from, seeing as I notice your KeyGrabber gets these from a savefile?

    Also, which parts are signed with NG-priv, and when (i.e. before or after SD-key is used, if it is used on same parts)?

    And am I correct in thinking NG-priv is not necessary to decrypt saves, but all the others (NG-id, NG-mac, NG-key-id, NG-sig) are, and all 5 are needed for encryption?
     
  12. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    A quick answer to your last question...

    For decryption you only need SD-key, SD-iv and md5-blanker. Below screenshot of FE100 Keygrabber tells it all actually,

    [​IMG]

    Hold on for the other files needed in savegame packing... They are used to create a signature for the savefile to prevent tampering and/or to create authenticity that it's created by a wii.

    Don't hold on for the packing part [​IMG] it contains serious cryptography which needs serious study... I guess it could be best documented by Segher, it would be a nice hackmii blog entry if it did indeed contained the reverse engineering part for that stuff...

    Ng-key-id and Ng-sig stored on the OTP but there are copies of them in every savefile.
    http://gitweb.bootmii.org/?a=viewblob&...&f=crypto.h
     
  13. megazig

    Member megazig SU

    Joined:
    Oct 25, 2008
    Messages:
    467
    Country:
    United States
    Tanooki uses the game's checksum to finish off the decrypted save after setting all the data needed for different parts.

    NSMBWii used a pretty easy checksum, so that wasn't the harder part of the equation. The technique they used to get the level into the game was more impressive. ( adding code to a common function to redirect a pointer. )

    There might be another savegame editor for NSMBWii sometime. Treeki and I worked out the savegame stuff a long time back but just got bored and didn't finish it. We handed the info off to someone else and they may put one out.
     
  14. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    Cool, thanks for the info. So is the save not signed with the Wii's NG-priv then? Or if it is, how can it be decrypted without matching NG-sig?
     
  15. tueidj

    Member tueidj I R Expert

    Joined:
    Jan 8, 2009
    Messages:
    2,569
    Country:
    Signing is not the same thing as encrypting. If something is signed it is still readable, it just has some extra data attached (a signature) to verify its authenticity.
     
  16. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    I should probably read up a bit on cryptography...

    So is it signed with NG-priv, and encrypted with SD-key?
     
  17. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
     
  18. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    thanks. pity I don't really understand it, but thanks anyway [​IMG]. I think I now know enough to know that I'm unlikely to fully understand this stuff any time soon XD
     

Share This Page