[TUTORIAL] Trucha Signer Tutorial

Discussion in 'Wii - Hacking' started by IBNobody, Feb 27, 2008.

Thread Status:
Not open for further replies.
Feb 27, 2008
  1. IBNobody
    OP

    Member IBNobody I try to keep myself amused.

    Joined:
    Nov 16, 2006
    Messages:
    1,127
    Location:
    Texas, Hang 'Em High
    Country:
    United States
    Here is a tutorial on how to use the Trucha Signer. It is a work in progress.

    I am in no way responsible for the work that has gone into this hack.

    Trucha signer requires the ubiquitous key.bin. It can also use other keys, but I was able to sign an ISO using only the common key. I believe this is because the keys are just used for decryption, and only the common key is needed to decrypt ISO files. The other keys, I assume, are for decrypting other file types like VC channels and such. The true hack, if I've read things right, is totally separate from the keys and involves a bug in the Wii RSA signature engine.

    Nevertheless, I included a section on how to obtain the other keys. I did this mainly because of how difficult it was for me to get everything working.

    Trucha Signer works on Wii Firmware US 3.2

    THIS WILL NOT LET YOU PLAY BURNED ISO'S ON AN UNMODDED WII!

    I WILL NOT GIVE OUT KEY.BIN TO ANYONE, NOT EVEN THROUGH PMs!

    *** PRE REQS ***

    1. Get the required files:

    * Trucha Signer:
    http://gbatemp.net/index.php?download=1909

    * Keysearch 1.2:
    http://gbatemp.net/index.php?download=1945

    * DesWaD 0.1:
    http://gbatemp.net/index.php?download=1944

    NOTE: There is a newer version of DesWaD out, but the version I linked to is easier to use for key searching purposes.

    * key.bin
    Google it! It will have an MD5 of 8D1A2EBCD82A3469B77FACF15D9C8E50

    I WILL NOT GIVE OUT KEY.BIN TO ANYONE, NOT EVEN THROUGH PMs!

    * UltraEdit, or some form of hex editor
    http://www.ultraedit.com/

    * An ISO. You may need multiple ISOs...

    2. Unzip everything and put them into a central directory.

    Note: Some users report that DesWaD.exe will only work in their root directory. I did not run into this.

    3. Open up the "wiikeyset.reg" that came with the Trucha Signer in UltraEdit and find the section:

    Code:
    [HKEY_CURRENT_USER\Software\Wii\KeySet\2]
    
    "name"="Custom KeySet 1"
    "boot1 key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    "common key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    "sd key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    "sd iv"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    "md5 blanker"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    4. Open the key.bin file in UltraEdit and make sure you are in hex mode (Ctrl-H).

    5. Replace the "common key" line...

    Code:
    "common key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    ...with the contents from key.bin. For example, if key.bin contained AABBCCDDEEFFAABBCCDDEEFF11223344, you'd enter...

    Code:
    "common key"=hex:AA,BB,CC,DD,EE,FF,AA,BB,CC,DD,EE,FF,11,22,33,44
    6. Save the "wiikeyset.reg" file and activate it by double clicking on it. Click "Yes" to add it to the registry.

    *** OBTAINING OTHER KEYS - OPTIONAL? ***

    7. Run trucha.exe and select "Select Keyset/Custom Keyset 1" from the menu bar.

    8. Select "Image/Open ISO" from the Trucha menu bar and open your ISO.

    If your ISO does not open, make sure you have a CLEAN (not scrubbed) ISO. If you get a decryption error, verify that you correctly added the key information to your registry (steps 3-6).

    9. Double-click on the "DISC" icon.

    10. Double-Click on the "PARTITION (RELSAB)" icon, under the "DISC" header. If this partition does not exist, look for the first partition.

    11. Double-Click on the "ROOT" icon under the "PARTITION (RELSAB)" header.

    12. Double-Click on the "_SYS" icon under the "ROOT" header.

    13. There should be two or more .wad files under the "_SYS" header. Look for the following files:

    RVL-WiiSystemmenu-v???.wad (??? can be any number. Some recommend v226, but I used v193)
    IOS21-64-v???.wad (??? can be any number. Some recommend v514.)

    Here are the MD5 sums for the two wad files I used. You can use these to verify your files.

    File: IOS21-64-v514.wad
    MD5: DE6D068FEB5CD09C9D74E1CC344433E5

    File: RVL-WiiSystemmenu-v193.wad
    MD5: 945378F722B53913BC2B391D5A9BA3EB

    [​IMG]

    Note: This image shows RVL-WiiSystemmenu-v162.wad. I did not use this one but am showing it as an example.

    If these do not exist, repeat steps 8-12 with a DIFFERENT ISO.

    14. Assuming you found your files, you need to extract them. Right-click on one of the wads, select "Extract to File", and point to a folder where you want the wad to be saved to.

    15. Take your extracted wads and move them to a folder that contains key.bin.

    16. Launch DesWaD.EXE.

    17. Click the only button on the DesWaD interface and select the WaD file you want to convert to Des. Repeat for the other WaD file. If you get an error 103, your folder with your wads does not contain a copy of key.bin.

    [​IMG]

    18. You should now have 2 Des files.

    RVL-WiiSystemmenu-v???.des
    IOS21-64-v???.des

    Here are the MD5 sums for the two des files I used.

    File: IOS21-64-v514.des
    MD5: A334D53748B83DD8E22F0756E41CED32

    File: RVL-WiiSystemmenu-v193.des
    MD5: 06771D6B4A7D3AF3F6FD62B5F3DB250C

    19. Run KeyFinder.exe

    20. In key-finder, copy & paste the following MD5 sum into the TOP textbox

    EF33E224E45C8D8C35CE32D8A810B603

    21. Click the only button in KeyFinder.exe and select your "IOS21-64-v???.des" file. DO NOT SELECT YOUR WAD FILE!

    22. Wait for the program to finish. For some of the keyfinds, it will take awhile. The Keyfinder program may appear to lock up, but it will complete eventually.

    The bottom window will eventually display:

    [​IMG]

    23. KeyFinder creates a folder with the same name as the MD5 sum of the key. Inside it is a new key.bin. THIS IS NOT THE SUPER KEY.BIN! THIS IS JUST A CONTAINER FOR OTHER KEYS!

    In my example, KeyFinder created...
    T:\ROM Tools\WiiGC Tools\WiiTools\KeyFinder\EF33E224E45C8D8C35CE32D8A810B603\key.bin

    24. Open this key-bin and perform steps 3-6, except instead of replacing the common key, you replace the SD Key.

    Code:
    "sd key"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    25. Repeat steps 19-24 using the following file:

    Code:
    File: RVL-WiiSystemmenu-v???.des
    MD5 of Key: 4582417D623C81FCA07A46A570C8969E
    wiikeyset.reg Value to Edit:
    "md5 blanker"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    26. Repeat steps 19-24 using the following file:

    Code:
    File: RVL-WiiSystemmenu-v???.des
    MD5 of Key: D9F2B2E045D22D3805A67FE0C340CCD2
    wiikeyset.reg Value to Edit:
    "sd iv"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    *** REPLACING FILES ON ISO ***

    This section assumes you now know how to navigate through Trucha Signer.

    27. Create a backup copy of the ISO you want to edit.

    28. Navigate to the file you want to replace.

    29. Right-click on the file and select "Replace".

    30. In the popup window, select a file that is EQUAL IN SIZE OR SMALLER.

    31. If the replacement was successful, you will see a popup message. (Trucha v0.2 had a bug that wouldn't replace the file and wouldn't pop up a message.)

    32. After you have replaced all the files you want, right click on the PARTITION that you edited.

    33. Select "Trucha Sign".

    34. Your edited ISO has now been signed and is now ready to burn!
     


  2. ilostmyshoes

    Newcomer ilostmyshoes Member

    Joined:
    Feb 13, 2007
    Messages:
    45
    Country:
    Canada
    Nice work on the tutorial.

    One thing I would suggest adding between steps 7 and 8 is after you open the program
    to use Select KeySet and change it to custom KeySet 1.

    At least I had to do that for it to actually open the iso.

    Edit: Nevermind, you beat me to it! [​IMG]
     
  3. JPH

    Banned JPH Banned

    Joined:
    Jul 11, 2006
    Messages:
    6,892
    Country:
    United States
    Nice guide, thanks a lot man [​IMG]
     
  4. IBNobody
    OP

    Member IBNobody I try to keep myself amused.

    Joined:
    Nov 16, 2006
    Messages:
    1,127
    Location:
    Texas, Hang 'Em High
    Country:
    United States
    Yeah... I realized that when I read through the thing again... I'm an editing NINJA!
     
  5. ProdigySim

    Member ProdigySim GBAtemp Regular

    Joined:
    Nov 23, 2005
    Messages:
    191
    Country:
    United States
    I've found that while the GUI will lockup, the program continues to operate. If you wait until it finishes checking, the GUI will unfreeze and work normally.

    Edit: Does anyone know about the use of the boot1 key?
     
  6. coolbho3000

    Member coolbho3000 GBATemp Kikkoman Naturally Brewed SoySauce Fanatic

    Joined:
    Apr 29, 2007
    Messages:
    2,095
    Location:
    Kikkoman Factory
    Country:
    Eh, the keys are already freely available...
     
  7. bailli

    Member bailli GBAtemp Regular

    Joined:
    Oct 16, 2006
    Messages:
    178
    Country:
    Germany
    on some systems - like mine - deswad only works if it runs in root of the drive...
     
  8. IBNobody
    OP

    Member IBNobody I try to keep myself amused.

    Joined:
    Nov 16, 2006
    Messages:
    1,127
    Location:
    Texas, Hang 'Em High
    Country:
    United States
    That may be true, but they are still illegal. This method gives people who only have the common key a way to obtain the other keys.

    ---

    Also... How do you use GBATemp to host images? I guess I never ran across the need to do that yet. I'd rather not use Imageshack.
     
  9. aligborat69

    Member aligborat69 GBAtemp Fan

    Joined:
    Nov 15, 2006
    Messages:
    498
    Country:
    Excellent Tutorial, i managed to figure it all about previously, using bits of info from all over the place! Ive made the changed to my Manhunt.2 iso and will test it when i get home tonight. Ahhh the joys of remote controlling your home server / adding latest downlaods, LOL :-)

    One thing i still dont understand.

    With regards to putting the Keys into the registry etc.... is it basically not the same for everyone? Couldnt those keys have been in that regfile from the beginning?

    Or is it PC or game specific?

    So for example, now that i have loaded manhunt 2 reg details and made the changes to the game, would i need to do the same for the next game and replace the registry entries?
     
  10. IBNobody
    OP

    Member IBNobody I try to keep myself amused.

    Joined:
    Nov 16, 2006
    Messages:
    1,127
    Location:
    Texas, Hang 'Em High
    Country:
    United States
    Those keys are protected by the DMCA. They are illegal. You can't distribute them with the Trucha Signer or post them on a message board.

    ---

    And I don't know what the boot key was... I was just using the common key. It appeared to work, apparently. I was able to resign an ISO, burn it, and boot it.
     
  11. berlinka

    Member berlinka You have sustained a lethal injury.

    Joined:
    Jul 31, 2003
    Messages:
    3,147
    Location:
    Harderwijk, Netherlands
    Country:
    Netherlands
    Is it possible make an ISO from an existing DVD? Because I do have Manhunt 2 but only burned on DVD.
     
  12. aligborat69

    Member aligborat69 GBAtemp Fan

    Joined:
    Nov 15, 2006
    Messages:
    498
    Country:
    Aha! So it makes sense now, i wondered why everyone was going about it the super long way. Anyway, im happy i got it working and made the changes.

    Im hoping this helps with the region problem of some games not working on different regions and others do...

    Would be so cool.
     
  13. jelbo

    Member jelbo Ōkami!

    Joined:
    Sep 12, 2003
    Messages:
    807
    Location:
    Netherlands
    Country:
    Netherlands
    Keys are the same for everyone, but they're illegal to share. So with the pretty easy to find common key around people can follow the tutorial to obtain the other keys. You could search the keys themselves, but I'm pretty much looking forward to try the Deswad method out myself.

    No idea how it works exactly though, I mean, finding keys using MD5 hashes and decrypted Wii system files? Intersting stuff [​IMG]
     
  14. IBNobody
    OP

    Member IBNobody I try to keep myself amused.

    Joined:
    Nov 16, 2006
    Messages:
    1,127
    Location:
    Texas, Hang 'Em High
    Country:
    United States
    The hacker responsible for this program (xt5) is working on a version that will let you do just that. It currently doesn't work for me, and I have one of those special Wii reading drives.

    EDIT:

    Jelbo,

    The KeySearcher just continually scoops up 16 bytes and runs an MD5 check on them. If MD5 sums match, it spits the key out. If not, it moves 1 byte down the file and scoops up another 16 bytes. It's a VERY simple program, aside from the whole MD5 thing. Great idea, too!
     
  15. CockroachMan

    Member CockroachMan Scribbling around GBATemp's kitchen.

    Joined:
    Jan 14, 2006
    Messages:
    3,889
    Location:
    Brazil
    Country:
    Brazil
    Thanks! Nice work! [​IMG]
     
  16. shiftyraccoon

    Newcomer shiftyraccoon Member

    Joined:
    May 8, 2007
    Messages:
    24
    Location:
    Birmingham, UK
    Country:
    United Kingdom
    I don't understand the KEY business?
    Do I run a keyfinder - enter the common key (which is the same for all games)

    And then enter the individual game keys?
    Sorry for the n00bosity, I just wanna play No More Heroes with BLOOD NOW!
     
  17. berlinka

    Member berlinka You have sustained a lethal injury.

    Joined:
    Jul 31, 2003
    Messages:
    3,147
    Location:
    Harderwijk, Netherlands
    Country:
    Netherlands
    Thanks, I'm waiting with staggering anticipation [​IMG]
     
  18. coolbho3000

    Member coolbho3000 GBATemp Kikkoman Naturally Brewed SoySauce Fanatic

    Joined:
    Apr 29, 2007
    Messages:
    2,095
    Location:
    Kikkoman Factory
    Country:
    Sure. Simply use "Read" mode in IMGBurn to rip an ISO from the disc.

    Unless it is a legit copy of Manhunt 2 - then you need the LG drive or use the Wiikey SD ripper.
     
  19. MSW0

    Newcomer MSW0 Advanced Member

    Joined:
    Jan 22, 2008
    Messages:
    79
    Country:
    United States
    Nice tutorial. Got me ready for GH3 Customs once I figure it out, and GH3 is done DLing.

    Only part that requires a decent amount of thinking is obtaining the key, but even then it should be easy.
     
  20. DjoeN

    Member DjoeN Captain Haddock!

    Joined:
    Oct 21, 2005
    Messages:
    4,925
    Location:
    Somewhere in this potatoland!
    Country:
    Belgium
    Thanks this was just what i needed [​IMG]

    up and running!
     
Thread Status:
Not open for further replies.

Share This Page