1. dimok

    dimok GBAtemp Advanced Fan
    Member

    Joined:
    Jan 11, 2009
    Messages:
    728
    Country:
    United States
    Alright guys here is the first version of the USB key injector.
    http://www48.zippyshare.com/v/AFBviDgi/file.html

    How it works?
    Put a seeprom_inject.bin (a copy of your dumped seeprom.bin file) with the modified USB seed at offset 0x0B0 of the file to the root of your sd card. Run the program from HBL. The application will inject the data and dump a new fresh seeprom.bin to your sd card which then should have the new seed in it.
    The application does explicitly not inject the full seeprom.bin to avoid bricks through wrong values for boot parameter and such. Also only bytes 0xB4-0xC0 are injected. The first 4 bytes of the seed are always the console ID and cannot and should not be replaced. So the application automatically limits the injection range to offsets 0xB4-0xC0.

    I tried it out and injected zeroes into the USB seed. My USB drive was not recognized anymore. Then I injected back my original seed and it is recognized again.

    The fact that the first 4 bytes of the seed are the console ID makes the seed not changeable to another consoles seed. Thus making usb drive key bound to a console. This could probably be worked around if we patch ios crypto at the correct position to use another key on the fly. Since we don't have that yet the only way to transfer an USB drive to another console is to decrypt the full drive using the combination of OTP usb key and seeprom usb seed and re-encrypt the drive with the key combintation results from another console.

    This should be safe and not brick anything as only the usb seed is injected into the eeprom. You can inject whatever you like into that seed part. It only affects the USB drive being mountable or not. But you need to be aware that the functions used are really low level (I don't think you can go lower than that on the Wii U) and I take no responsibility if you manage to brick somehow with this.
     
  2. roots

    roots Advanced Member
    Newcomer

    Joined:
    Nov 9, 2015
    Messages:
    79
    Country:
    France
    is it normal that my usb drive is allowed in sysnand and rednand ?
    my nands are not linked i had format sysnand long time ago...
    @dimok
     
    Last edited: Nov 23, 2016
  3. sjuut

    sjuut Newbie
    Newcomer

    Joined:
    Mar 26, 2007
    Messages:
    4
    Country:
    Netherlands
    @dimok, I have a USB drive which worked prior to redNAND setup + unlinked (formatted) sysNAND. Since I cannot make the USB drive work in redNAND anymore (my SEEPROM prob. changed), is there a way to retrieve the original SEEPROM (e.g. from NAND dumps, OTP keys) ? Or will any future release of iosuhax make it possible to skip the SEEPROM check? I would like to inject my 'old' seeprom, so I can access the drive again.
     
  4. dimok

    dimok GBAtemp Advanced Fan
    Member

    Joined:
    Jan 11, 2009
    Messages:
    728
    Country:
    United States
    Well since the drive is completely encrypted with the seed you can't work around using that key to recover it. There is though a very simple trick to it I noticed. When you format your drive, your seed actually changes only on it's last number. The number seems to just be incremented.

    Example:
    If your seed was as following before you formatted:
    12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 12

    After you format it the last number gets incremented. Meaning it will become something like this:
    12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 13

    So since you have your current USB drive seed with the seeprom dumper, you can go ahead and decrement the number by one. Meaning if it is as following now:
    12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 13

    You can change it back to and inject it:
    12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 12

    There is a very good chance that you will hit the correct number by decrementing it and trying, maybe a few times. I think it depends on how often you formatted.

    This was an observation on my end when I did format tests. I formatted 4 times and the number was increased by exactly 4. You could just go ahead and try it. Let me know if it worked for you.
     
    Last edited: Nov 23, 2016
    sjuut, peteruk and Irastris like this.
  5. Ghassen-ga

    Ghassen-ga GBAtemp Advanced Fan
    Member

    Joined:
    Jul 21, 2016
    Messages:
    767
    Country:
    Can you work on something that formats only a partition of the HDD drive to become compatible with the wii u ? that way we can make use of the available space we have left for other stuff, let's say usb support for loadiine in the future or something ?
     
    Don Jon likes this.
  6. piratesephiroth

    piratesephiroth I wish I could read
    Member

    Joined:
    Sep 5, 2013
    Messages:
    3,387
    Country:
    Brazil
    I see it contains the drive key. So are people able to replace the optical drive now (if there's a way to get the key from the new drive)
     
    Last edited: Nov 24, 2016
    paulloeduardo and loler55 like this.
  7. huma_dawii

    huma_dawii GBAtemp Psycho!
    Member

    Joined:
    Apr 3, 2014
    Messages:
    3,448
    Country:
    United States
    Awesome, don't need it but it could lead to something really important in the future!
     
    KiiWii likes this.
  8. loler55

    loler55 GBAtemp Advanced Fan
    Member

    Joined:
    Jan 4, 2012
    Messages:
    973
    Country:
    Gambia, The
    I think the drive itself contain the key
    We just have to change the drivekey in the discdrivefirmware, to the drivekey from the wiiufirmware
     
    paulloeduardo likes this.
  9. HaloEffect17

    HaloEffect17 Hiya!
    Member

    Joined:
    Jul 1, 2015
    Messages:
    1,115
    Country:
    Canada
    So, the seeprom2sd ELF is not included in the master zip download...
     
  10. subcon959

    subcon959 teh retro
    Member

    Joined:
    Dec 24, 2008
    Messages:
    2,771
    Country:
    paulloeduardo and HaloEffect17 like this.
  11. Blitzur

    Blitzur Member
    Newcomer

    Joined:
    Jul 20, 2016
    Messages:
    18
    Country:
    Gambia, The
    Is it possible to use the usb key to open an wiiu formatted drive on pc?
    I guess it's not possible to crack the key? I still have an image of my old wiiu usb stick with my old savegames :P
     
  12. CreeperMario

    CreeperMario GBAtemp Advanced Fan
    Member

    Joined:
    Jun 18, 2016
    Messages:
    676
    Country:
    Australia
    A combination of keys from the SEEPROM and OTP are used to create a key that encrypts/decrypts your USB drive. If you were to figure out what those two keys were, and what operation is used to generate the final key, and if you knew what encryption method is used, you could decrypt your image on your PC.
     
  13. piratesephiroth

    piratesephiroth I wish I could read
    Member

    Joined:
    Sep 5, 2013
    Messages:
    3,387
    Country:
    Brazil
    does anyone still have @dimok 's USB key injector?
     
    Chakratos and paulloeduardo like this.
  14. pudink

    pudink Advanced Member
    Newcomer

    Joined:
    May 24, 2013
    Messages:
    59
    Country:
    How can i use this to make my hard drive recognized by the wii u?

    i have formatted my wii u, without formatting the external hard drive. i have my games and save files in the hard drive.

    As the wii u assigns a new usb drive key after the console is formatted , the hard drive is not recognized. Now i have a drive that has my valuable zelda and pikmin save files and all that readily installed games.

    if someone can help me with this , they will save my day
     
    Last edited: Aug 9, 2017
  15. piratesephiroth

    piratesephiroth I wish I could read
    Member

    Joined:
    Sep 5, 2013
    Messages:
    3,387
    Country:
    Brazil
    You just need mocha cfw. Enable rednand and redirected otp and seeprom.
    I'm not sure if it will dump these automatically, you might need to use otp2sd and seeprom2sd first.
    Then you hexedit your seeprom.bin and modify the last byte of the USB seed (16 bytes long at offset 0xB0), subtracting 1 from it.

    [​IMG]
    In this example it's 98 after I formatted the console so I would change it to 97

    Now when you run mocha you'll be able to read your USB drive and extract whatever you need with homebrews.

    Another option would be to use the SEEPROM USB Key Injector so you would just restore normal access to the drive but the link is dead and I don't have it.
     
    Last edited: Aug 10, 2017
    pudink and Madridi like this.
  16. pudink

    pudink Advanced Member
    Newcomer

    Joined:
    May 24, 2013
    Messages:
    59
    Country:
    Hello the image is not visible can you please reupload?
    i have seeprom.bin file and I have a hex editor, but I can not be sure where to change, can you help?( if i could see the image I would be able to make it)
    and after changing the seeprom , I will run mocha with which settings? can you elaborate the process?
    I know this seems quite simple for you guys but I am not very good at these things.
     
    Last edited: Aug 10, 2017
  17. piratesephiroth

    piratesephiroth I wish I could read
    Member

    Joined:
    Sep 5, 2013
    Messages:
    3,387
    Country:
    Brazil
    [​IMG]
     
    Last edited: Feb 2, 2018
  18. EyeKey

    EyeKey GBAtemp Regular
    Member

    Joined:
    Feb 10, 2017
    Messages:
    225
    Country:
    Israel
    The USB seed is at offset 0xb0, not 0x80
     
    piratesephiroth likes this.
  19. piratesephiroth

    piratesephiroth I wish I could read
    Member

    Joined:
    Sep 5, 2013
    Messages:
    3,387
    Country:
    Brazil
    I guess I need glasses, lol
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - SEEPROM2SD, Dimok,