Hacking Uwizard: All-In-One Wii U PC Program

[Mr. Mysterio]

How would someone obtain the cetk file for NUS downloaded games and DLC to decrypt them? Uwizard seems to download everything but the cetk when it comes to this.

I already stated that here, but if you read the last few posts, you'll see that I'm trying to legally include the cetk files into Uwizard.

 

[Mr. Mysterio]

DLC is fully downloadable and decryptable (they're seen as updates by the NUS), it's just games that need the ticket files. That's what Mr. Mysterio is trying to overcome right now, he just doesn't know of a way to do it that's both foolproof and 100% legal

AFAIK, DLC does not have a cetk on NUS, only updates and system software have cetks. You need to somehow intercept the cetk for DLC when purchasing it, then use that in NUS Downloader U.

 

[SWS90]

I already stated that here, but if you read the last few posts, you'll see that I'm trying to legally include the cetk files into Uwizard.

Ah, ok. I thought that the cetk's for DLC would be more easily obtainable.
So there's currently no easy way to decrypt DLC, cause getting the file from the internet is a long shot, and not to mention finding wud's of Wii U games is not easy.
How would someone intercept the data then?

 

[TotalInsanity4]

AFAIK, DLC does not have a cetk on NUS, only updates and system software have cetks. You need to somehow intercept the cetk for DLC when purchasing it, then use that in NUS Downloader U.

Oh, really! So Mario Kart DLC is kind of a special case?

 

[NWPlayer123]

Yes. Game updates and System Software have the cetk provided, (paid?) DLC and games need to be authenticated with the server so it knows it's been purchased before you can get a cetk from the servers. For example, in MK8, the updates have all character files so people can see them without the DLC and DLC course music files, but all DLC track files are a seperate download.

 

[TotalInsanity4]

Yes. Game updates and System Software have the cetk provided, (paid?) DLC and games need to be authenticated with the server so it knows it's been purchased before you can get a cetk from the servers. For example, in MK8, the updates have all character files so people can see them without the DLC and DLC course music files, but all DLC track files are a separate download.

Ohhhh interesting, that makes sense! Why include the music files, though, I wonder??

 

[Cyan]

There's no legal method to provide an illegal data.
As long as you allow users to obtain something for free that they should have bought is illegal.

Shifting, xoring, or whatever operation you do to the ticket key to provide it is still illegal. XORing it with another illegal key not provided to the user is probably grey area, depend on user's point of view. I'm not a lawyer and only see the end result or the shared data for what it is. "providing" is illegal. Keygen are illegal too, as long as you bypass the need to buy.

The simple idea to allow users to download a game without paying for it is wrong.
To me, it's even more illegal than sharing the common key. With the common key alone you can't obtain games for free, you can decrypt them but you don't allow installation and use.
If you use something which doesn't allow obtaining game for free (common key) to obtain it for free is illegal.


If I understand correctly what you want to do, it's only allowing users to decrypt the data downloaded from NUS but not providing the full ticket. (it could be re-generated to allow game install?)
but for that purpose, you will have to provide a list of encrypted keys to let the user decrypt it with the common key+GameID?
Where do you get these encrypted keys from? providing something that users can't get themselves is what is illegal.

edit:
A concrete example with games.

You own PokémonX and want a translated version.
- Providing original PokémonX ROM is illegal.
- providing a translated version of PokémonX ROM is illegal, so you provide only a patch of the difference.
- The patch data contains only the translated parts to apply to the ROM. If the user have the ROM he can apply the changes and obtain the SAME but translated game.
- If you provide a patch created from the difference between PokémonX and PokémonY, the patch itself is not a ROM and can't be played, alone it's not useful, but that patch is illegal (1 it contains data of the game and not amateur translation content, 2 it allows recreation of another illegal ROM)
- If the user happen to own PokemonX and apply the patch, he will now own a version of PokémonY that he didn't bought.

Providing a way to convert data from X to Y is illegal, even if he obtained X by illegal means, because at the end you allowed him to own another games.

how this apply to your idea:
You want to provide the encrypted ticket key (patch with illegal data) to convert it using the common key (X obtained by the user) to obtain the decrypted ticket key (Y).


To stay legal, let the user obtain the ticket (from a game disc, bought or pirated it's their choice not yours).
Only let your program open a ticket file or encrypted key that the user provide.

 

[AboodXD]

let the user obtain the ticket (from a game disc, bought or pirated it's their choice not yours).
Only let your program open a ticket file or encrypted key that the user provide.

Yeah, exactly.

 

[capito27]

Mr. Mysterio What you could do, that would still be legal, is that you allow the user to provide a ticket file, or a "Tiket string" (i'm reffering to the 16 characters usefull in the ticket) when they try to decrypt the contents or prior to download. That would still be legal, and you add something along the lines of "To get the Ticket String, you must use google". That would still be legal, since you would not be giving away any direct way to get the string nor giving any substancial hints to get the said string. Trust me, once the method to genetate those strings becomes widely available (maybe adding a way to generate it from inside of Uwizard with a ticket file ), there will be a lot of pastebins all over the internet with the strings for the right content^^

 

[Mr. Mysterio]

There's no legal method to provide an illegal data.
As long as you allow users to obtain something for free that they should have bought is illegal.

Shifting, xoring, or whatever operation you do to the ticket key to provide it is still illegal. XORing it with another illegal key not provided to the user is probably grey area, depend on user's point of view. I'm not a lawyer and only see the end result or the shared data for what it is. "providing" is illegal. Keygen are illegal too, as long as you bypass the need to buy.

The simple idea to allow users to download a game without paying for it is wrong.
To me, it's even more illegal than sharing the common key. With the common key alone you can't obtain games for free, you can decrypt them but you don't allow installation and use.
If you use something which doesn't allow obtaining game for free (common key) to obtain it for free is illegal.


If I understand correctly what you want to do, it's only allowing users to decrypt the data downloaded from NUS but not providing the full ticket. (it could be re-generated to allow game install?)
but for that purpose, you will have to provide a list of encrypted keys to let the user decrypt it with the common key+GameID?
Where do you get these encrypted keys from? providing something that users can't get themselves is what is illegal.

edit:
A concrete example with games.

You own PokémonX and want a translated version.
- Providing original PokémonX ROM is illegal.
- providing a translated version of PokémonX ROM is illegal, so you provide only a patch of the difference.
- The patch data contains only the translated parts to apply to the ROM. If the user have the ROM he can apply the changes and obtain the SAME but translated game.
- If you provide a patch created from the difference between PokémonX and PokémonY, the patch itself is not a ROM and can't be played, alone it's not useful, but that patch is illegal (1 it contains data of the game and not amateur translation content, 2 it allows recreation of another illegal ROM)
- If the user happen to own PokemonX and apply the patch, he will now own a version of PokémonY that he didn't bought.

OK, I kinda see your point.

But, here's a couple of example for you to consider:

Let's look at a video capture card. It captures TV video input and saves a video file on a computer. These devices are perfectly legal (otherwise they wouldn't be at Fry's Electronics). However, these devices may also be used for illegal purposes, like recording a rented video. It's the USER'S CHOICE whether they will use the device for legal or illegal purposes, but if they do use it for illegal purposes, they may be prosecuted, but the manufacturer of the video capture card cannot be prosecuted for the users copyright infringement.

You buy a spool of yarn at a craft store. Nothing even the slightest bit illegal about that. Then, you use the yarn to strangle someone! You'd be guilty of first-degree murder, which, last time I checked, was illegal. HOWEVER, no legal action can be taken against the yarn manufacturer.

What I'm trying to say with these examples is that anything, no matter how legal it starts out, may be used for illegal activities. Here's that same example style applied to Uwizard:

Uwizard can download files from Nintendo's servers. Nothing illegal about that. However, the user may enter the common key to decrypt the files and steal copyrighted information. The user could also enter the title key for a game and download and decrypt that, but no legal action could be taken against Uwizard. I do see your point that it could be considered illegal for Uwizard to include a number that, when XORed with the common key, produced a title key. It IS sort of a gray area because the user must first obtain illegal information (the common key) to obtain a title key, so it COULD be argued that the illegal information came from the illegal common key and not the encrypted number. But, I won't do it this way unless someone can tell me for sure that it's legal.

I do have ONE MORE idea. The irrational number PI is NOT illegal, but, being irrational, contains ALL possible combinations of ALL numbers of ANY length. Meaning that at some offset PI contains EVERY ENCRYPTION KEY EVER USED! If I found an offset in PI where maybe the next 16 bytes were the common key, it would DEFINITELY NOT be illegal to share that offset. The only problem is finding it. I've already searched through 50 million digits with no hits for the common key. Just one funny thing to consider: PI actually contains ROMs of all games that Nintendo ever made and ever will make!

 

[Mr. Mysterio]

capito27 has thought of a great idea for using PI to generate keys. (Although the end result IS the same of the user ending up with the copyrighted keys. The user must choose to use them for illegal purposes.) The idea is to break a key into eight chunks of two bytes each, and provide the offsets to each chunk inside PI. Then to generate the key, Uwizard could use the BBP formula to generate PI and then it could extract the chunks for each offset! What do you think about this Cyan? I could also make this a separate program so then in case it is technically illegal (and Nintendo decides to take action), only that program would suffer a lawsuit and not Uwizard.

 

[capito27]

capito27 has thought of a great idea for using PI to generate keys. (Although the end result IS the same of the user ending up with the copyrighted keys. The user must choose to use them for illegal purposes.) The idea is to break a key into eight chunks of two bytes each, and provide the offsets to each chunk inside PI. Then to generate the key, Uwizard could use the BBP formula to generate PI and then it could extract the chunks for each offset! What do you think about this Cyan? I could also make this a separate program so then in case it is technically illegal (and Nintendo decides to take action), only that program would suffer a lawsuit and not Uwizard.

Just want to add that Mr. Mysterio would only give away offsets, since Pi is generated locally, the computer is used to generate the key, in no way, shape or form would Mr. Mysterio giveout copyrighted material, since in the given binaries, there would be no pregenerated key parts; since he would release a software that only contains offsets , and no actual number to use them on (since Pi would be calculated on the fly).

In my oppinion, in a legal stand point, your software can be used to generate copyrighted material, but wouldn't contain any copyrighted material (encrypted or not) in the release. (would be a light-grey legal area, in my oppinion)

 

[Cyan]

If you make a program to pick specific offset from PI/a book/whatever static data, it will always be used to generate the key.
The program would provide both the offsets AND the static data. It's like providing it in clear, but with shifted data.
It makes me remember old games with rotated disc copy protection "go to page xxx, align the wheel to the first letter of that page and provide corresponding symbol from it". The wheel (the offsets) is illegal to photocopy and share. it allows pirates to play the game without buying the box+wheel.


Why not let the user find keys themselves?
Let your program load a .xml or text file or URL to parse keys from it and let users create and share such file if they want.
Your program will be clean, users will find the data or URL somewhere else.
It's the host choice and only him will have issues with copyright owners, not us or you by providing the program.

 

[aspico]

Anyway you won't ever find a 16 bytes key in the digits of Pi (even though it is there). You would have to explore about 2^128 (about 1 billion billion billion billion) digits to find it.
And it would still be illegal to share that offset!

 

[Mr. Mysterio]

If you make a program to pick specific offset from PI/a book/whatever static data, it will always be used to generate the key.
The program would provide both the offsets AND the static data. It's like providing it in clear, but with shifted data.
It makes me remember old games with rotated disc copy protection "go to page xxx, align the wheel to the first letter of that page and provide corresponding symbol from it". The wheel (the offsets) is illegal to photocopy and share. it allows pirates to play the game without buying the box+wheel.


Why not let the user find keys themselves?
Let your program load a .xml or text file or URL to parse keys from it and let users create and share such file if they want.
Your program will be clean, users will find the data or URL somewhere else.
It's the host choice and only him will have issues with copyright owners, not us or you by providing the program.

Why would this method be illegal? The illegal data comes from Pi, which, in legal terms, has an intrinsically archivable quality. Have you read this? It describes how an object's intrinsically archivable quality supersedes copyright laws. Since Pi is useful for mathematical research that gives it an intrinsically archivable quality by this definition.
If this still doesn't satisfy you, then I just won't add that feature. I think this debate has gone on long enough.

Anyway you won't ever find a 16 bytes key in the digits of Pi (even though it is there). You would have to explore about 2^128 (about 1 billion billion billion billion) digits to find it.
And it would still be illegal to share that offset!

You're right, and I quickly realized that. However, if I break up the 16-byte number into 8 2-byte chunks, then I can find offsets for each chunk. I have already found offsets for the common key and I have successfully made a program that accepts any 8 offsets and creates a 16-byte key from them. If I enter the offsets I found for the common key, then it does generate the common key! I just want to make sure no legal action can be taken against me or Uwizard before I release it. Of course, if the end user uses it for illegal purposes (like downloading games from NUS that they don't own), then they will be vulnerable to legal action.

 

[aspico]

You're right, and I quickly realized that. However, if I break up the 16-byte number into 8 2-byte chunks, then I can find offsets for each chunk. I have already found offsets for the common key and I have successfully made a program that accepts any 8 offsets and creates a 16-byte key from them. If I enter the offsets I found for the common key, then it does generate the common key! I just want to make sure no legal action can be taken against me or Uwizard before I release it. Of course, if the end user uses it for illegal purposes (like downloading games from NUS that they don't own), then they will be vulnerable to legal action.

This seems illegal too. This way you could share any copyrighted data. That is: music, movie, credit cards etc. (As you said just give the sequence of offsets, and have a program convert back to the original data)

Think about it this way. You chose to use 2-byte chunks, but you could have used 1 bit chunks. So you just need the offset for the bit 0 (which is 33), and the offset for the bit 1 (which happens to be 1)

So instead of sharing the common key 001011001010 (just an example)
you would share 33 33 1 33 1 1 33 33 1 33 1 33 (and telling the user that 33 should be looked up in Pi, and thus converted to 0)
They're basically the same data; sharing either is illegal

 

[Mr. Mysterio]

Does anyone know of a Wii U hacking website where this method to generate keys would not be considered illegal and I could release it there as a program separate from Uwizard?

 

[Cyan]

Nobody here will share names or URL where you can find/upload illegal files.

Edit:
Sorry if I sound to hard on this sharing and piracy thing, but it's needed to keep this place clean. it's not against you.

 

[Alexander Prime]

I feel like I need to clear something up, because ideas are getting mixed that are actually very different.

There is no such thing as an "illegal file". The concept can't exist, or else large databases and network transfers might get any number of parties arrested just because some copyright troll was scraping around for an arbitrary string of data that they "thought of first".

Copyright protects content, not data. That's why resampling a song before sending it to a friend is still against the law, and why you can't sue someone for creating a file with the same hash as yours (although some have tried).

Mr. Mysterio, there will be no legal method to what you're trying to accomplish because it's protected in a domain that ignores implementation. As has been mentioned, the best you'll be able to do is to meet the user halfway and provide vague instructions to "do it yourself".

 

[Mr. Mysterio]

Nobody here will share names or URL where you can find/upload illegal files.

Edit:
Sorry if I sound to hard on this sharing and piracy thing, but it's needed to keep this place clean. it's not against you.

I'm sorry if my post asking for recommendations breaks the rules. If you think it does, then please remove it. I just know that some people would consider this legal. I wasn't asking where to share illegal files, I was asking if there was a place where this was considered legal. For example, some people consider MakeKeyBin.exe legal.