Hacking Save Game swapping

[Dragonlord]

If they use a signed file you have a problem. Certificating is a process in which you first encrypt the game file using a private key. Then you append the SHA1 fingerprint of the unencrypted data to the stream. This system is used in PGP for email encryption and is safe in reference to all 4 security principles.

Hence if the files are encrypted this way you can not trick the machine in any way... unless... and there comes the funny part. Security always breaks at the weakest link in the chain. Certification is really strong so you have no chance to break this link but you can try to break the "reliability" link. For decrypting and verifying the certificate two things are needed: A Public key and a Certificate. Both files are stored somewhere in the firmware. The trick would be then to generate your own Key pair ( private key / public key ) and your own certificate you sign yourself with this key pair. Once placed in the machine your encrypted files are considered valid.

This trick though requires a way to hard-flash a firmware onto the machine.

 

[ShortFuse]

All I figured out from the save files so far is this:

address length name
0000F124 4 game code
0000F14B 12 game file

as for the game code, it's standard nintendo game code
ABCD
A = R for Revolution (Wii)
BC = What Game
D = Region (E = USA)

but Wii Sports's main file is: RPSports.dat
and zelda's is: zeldaTp.dat

and the end of the file always has
Root-CA***

using sdload, and launching another dol, can you then read sectors from a Wii Disc? Is this how images are being dumped, like dumping it to a 2gb SD Card?

 

[The_Pope]

Please, for the person who supplied the game/saves delete the Root-CA00000001-MS00000002-*
AP00000001*

This information will allow Nintendo to locate who the person who supplied it is and in theory, ban them online.