Hacking The VC lowdown

[retrospect]

I've gathered quite a bit of info on how the Trucha Sign exploit, but something doesn't make sense:

Using NANDFS you can dump your whole filesystem to SD as a readable directory structure.
From that file system you can extract the .APP, .TMD, and .TIK files.
Those files can be packed into a WAD using Blaze's WAD Packer.
A ticket will be signed with a sort of public master key, allowing the corresponding WAD to run on all Wii consoles.
But it is likely that Nintendo will close this hole pretty quickly.

When you download from VC, the tickets are signed using a key specific to your Wii console.
This key can too be extracted with NANDFS.
The different sources of tickets signed with this key are indistinguishable from one another.

So why is everyone using the first scenario? Why aren't we signing tickets with our own keys?

Thanks

 

[dsfgd]

they are not signed with a Master Key.
they are trucha signed, what means, the signing part (RSA_2048 and RSA_4096) is filled with 00 (thats how the bug works)

the .TIK files are normally signed with XS-key, but atm no one is able to use it (except Team Twizzer and maybe waninkoko), what means, the only way is to trucha sign it.
the .TMD files are normally signed with CP-key, you can use for example:
http://ccs.cdn.shop.wii.com/ccs/download/0...001********/tmd (******** = Game Title ID)
to get a real signed TMD for a Game (when the game has a brocken or trucha signed), but it doesn't matter, the .TIK is what you need

the most People doesn't use Blaze WAD Packer, and that automatically means, the .TIK gets trucha signed, some other also trucha signs the .TMD.


the Private key is not in the NAND and it's only used to crypt the NAND.

is also stored in the OTP area of the Starlet

most infos from http://hackmii.com/2008/04/keys-keys-keys/