Here is a tutorial on how to use the Trucha Signer. It is a work in progress. I am in no way responsible for the work that has gone into this hack. Trucha signer requires the ubiquitous key.bin. It can also use other keys, but I was able to sign an ISO using only the common key. I believe this is because the keys are just used for decryption, and only the common key is needed to decrypt ISO files. The other keys, I assume, are for decrypting other file types like VC channels and such. The true hack, if I've read things right, is totally separate from the keys and involves a bug in the Wii RSA signature engine. Nevertheless, I included a section on how to obtain the other keys. I did this mainly because of how difficult it was for me to get everything working. Trucha Signer works on Wii Firmware US 3.2 THIS WILL NOT LET YOU PLAY BURNED ISO'S ON AN UNMODDED WII! I WILL NOT GIVE OUT KEY.BIN TO ANYONE, NOT EVEN THROUGH PMs! *** PRE REQS *** 1. Get the required files: * Trucha Signer: http://gbatemp.net/index.php?download=1909 * Keysearch 1.2: http://gbatemp.net/index.php?download=1945 * DesWaD 0.1: http://gbatemp.net/index.php?download=1944 NOTE: There is a newer version of DesWaD out, but the version I linked to is easier to use for key searching purposes. * key.bin Google it! It will have an MD5 of 8D1A2EBCD82A3469B77FACF15D9C8E50 I WILL NOT GIVE OUT KEY.BIN TO ANYONE, NOT EVEN THROUGH PMs! * UltraEdit, or some form of hex editor http://www.ultraedit.com/ * An ISO. You may need multiple ISOs... 2. Unzip everything and put them into a central directory. Note: Some users report that DesWaD.exe will only work in their root directory. I did not run into this. 3. Open up the "wiikeyset.reg" that came with the Trucha Signer in UltraEdit and find the section: Code: [HKEY_CURRENT_USER\Software\Wii\KeySet\2] "name"="Custom KeySet 1" "boot1 key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "common key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "sd key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "sd iv"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "md5 blanker"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 4. Open the key.bin file in UltraEdit and make sure you are in hex mode (Ctrl-H). 5. Replace the "common key" line... Code: "common key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ...with the contents from key.bin. For example, if key.bin contained AABBCCDDEEFFAABBCCDDEEFF11223344, you'd enter... Code: "common key"=hex:AA,BB,CC,DD,EE,FF,AA,BB,CC,DD,EE,FF,11,22,33,44 6. Save the "wiikeyset.reg" file and activate it by double clicking on it. Click "Yes" to add it to the registry. *** OBTAINING OTHER KEYS - OPTIONAL? *** 7. Run trucha.exe and select "Select Keyset/Custom Keyset 1" from the menu bar. 8. Select "Image/Open ISO" from the Trucha menu bar and open your ISO. If your ISO does not open, make sure you have a CLEAN (not scrubbed) ISO. If you get a decryption error, verify that you correctly added the key information to your registry (steps 3-6). 9. Double-click on the "DISC" icon. 10. Double-Click on the "PARTITION (RELSAB)" icon, under the "DISC" header. If this partition does not exist, look for the first partition. 11. Double-Click on the "ROOT" icon under the "PARTITION (RELSAB)" header. 12. Double-Click on the "_SYS" icon under the "ROOT" header. 13. There should be two or more .wad files under the "_SYS" header. Look for the following files: RVL-WiiSystemmenu-v???.wad (??? can be any number. Some recommend v226, but I used v193) IOS21-64-v???.wad (??? can be any number. Some recommend v514.) Here are the MD5 sums for the two wad files I used. You can use these to verify your files. File: IOS21-64-v514.wad MD5: DE6D068FEB5CD09C9D74E1CC344433E5 File: RVL-WiiSystemmenu-v193.wad MD5: 945378F722B53913BC2B391D5A9BA3EB Note: This image shows RVL-WiiSystemmenu-v162.wad. I did not use this one but am showing it as an example. If these do not exist, repeat steps 8-12 with a DIFFERENT ISO. 14. Assuming you found your files, you need to extract them. Right-click on one of the wads, select "Extract to File", and point to a folder where you want the wad to be saved to. 15. Take your extracted wads and move them to a folder that contains key.bin. 16. Launch DesWaD.EXE. 17. Click the only button on the DesWaD interface and select the WaD file you want to convert to Des. Repeat for the other WaD file. If you get an error 103, your folder with your wads does not contain a copy of key.bin. 18. You should now have 2 Des files. RVL-WiiSystemmenu-v???.des IOS21-64-v???.des Here are the MD5 sums for the two des files I used. File: IOS21-64-v514.des MD5: A334D53748B83DD8E22F0756E41CED32 File: RVL-WiiSystemmenu-v193.des MD5: 06771D6B4A7D3AF3F6FD62B5F3DB250C 19. Run KeyFinder.exe 20. In key-finder, copy & paste the following MD5 sum into the TOP textbox EF33E224E45C8D8C35CE32D8A810B603 21. Click the only button in KeyFinder.exe and select your "IOS21-64-v???.des" file. DO NOT SELECT YOUR WAD FILE! 22. Wait for the program to finish. For some of the keyfinds, it will take awhile. The Keyfinder program may appear to lock up, but it will complete eventually. The bottom window will eventually display: 23. KeyFinder creates a folder with the same name as the MD5 sum of the key. Inside it is a new key.bin. THIS IS NOT THE SUPER KEY.BIN! THIS IS JUST A CONTAINER FOR OTHER KEYS! In my example, KeyFinder created... T:\ROM Tools\WiiGC Tools\WiiTools\KeyFinder\EF33E224E45C8D8C35CE32D8A810B603\key.bin 24. Open this key-bin and perform steps 3-6, except instead of replacing the common key, you replace the SD Key. Code: "sd key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 25. Repeat steps 19-24 using the following file: Code: File: RVL-WiiSystemmenu-v???.des MD5 of Key: 4582417D623C81FCA07A46A570C8969E wiikeyset.reg Value to Edit: "md5 blanker"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 26. Repeat steps 19-24 using the following file: Code: File: RVL-WiiSystemmenu-v???.des MD5 of Key: D9F2B2E045D22D3805A67FE0C340CCD2 wiikeyset.reg Value to Edit: "sd iv"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 *** REPLACING FILES ON ISO *** This section assumes you now know how to navigate through Trucha Signer. 27. Create a backup copy of the ISO you want to edit. 28. Navigate to the file you want to replace. 29. Right-click on the file and select "Replace". 30. In the popup window, select a file that is EQUAL IN SIZE OR SMALLER. 31. If the replacement was successful, you will see a popup message. (Trucha v0.2 had a bug that wouldn't replace the file and wouldn't pop up a message.) 32. After you have replaced all the files you want, right click on the PARTITION that you edited. 33. Select "Trucha Sign". 34. Your edited ISO has now been signed and is now ready to burn!