vWii encrypted menu key discovered?

Discussion in 'Wii U - Hacking & Backup Loaders' started by Kippykip, Apr 11, 2013.

?

Will this help cracking anything in vWii?

  1. Yes! helpful!

    0 vote(s)
    0.0%
  2. Nope... Useless data

    7 vote(s)
    77.8%
  3. Possibly...

    2 vote(s)
    22.2%
Apr 11, 2013
  1. Kippykip
    OP

    Member Kippykip D E L E T T H I S

    Joined:
    Mar 30, 2013
    Messages:
    508
    Country:
    Australia
    I found these vWii update logs from google, this one is europe's (me)
    >http://wii.marcansoft.com/wiimpersonator/reports/vwii/EUR/20121116-092121.log
    I thought it may get us somewhere with vWii hacking....

    Could we have possibly cracked vWiis system menu key?
    in the logs from the 16th of november or whatever you should you find this
    Code:
    ETicket: 
      Title ID: '\x00\x00\x00\x01\x00\x00\x00\x02'
      Title key IV: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00
      Title key (encrypted): 15 6b 68 f7 71 71 be 84 77 b0 82 04 94 08 ec ef
      Common key index: 2
     ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: 04 9c e5 d1 de 18 f6 3b 2f 26 5a ae 9a e5 46 6a e1 c3 85 6b [OK]
     ETicket Certificates: 
      - XS00000003 (RSA-2048)
         Certificate signed by Root-CA00000001 using RSA-2048: d7 0a a0 54 90 af 79 3e 49 10 af 47 9a 76 0f d2 75 f5 ad 12 [OK]
      - CA00000001 (RSA-2048)
         Certificate signed by Root using RSA-4096: 6f 47 c8 5c b1 aa ee 83 b1 1d 73 3f 19 fe 6c 7e 8e 2f e4 50 [OK]
    so then I edited the url a bit and found USAs log
    http://wii.marcansoft.com/wiimpersonator/reports/vwii/USA/20121116-091910.log


    The system menu ticket key data is...
    Code:
    ETicket: 
      Title ID: '\x00\x00\x00\x01\x00\x00\x00\x02'
      Title key IV: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00
      Title key (encrypted): 15 6b 68 f7 71 71 be 84 77 b0 82 04 94 08 ec ef
      Common key index: 2
     ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: 04 9c e5 d1 de 18 f6 3b 2f 26 5a ae 9a e5 46 6a e1 c3 85 6b [OK]
     ETicket Certificates: 
      - XS00000003 (RSA-2048)
         Certificate signed by Root-CA00000001 using RSA-2048: d7 0a a0 54 90 af 79 3e 49 10 af 47 9a 76 0f d2 75 f5 ad 12 [OK]
      - CA00000001 (RSA-2048)
         Certificate signed by Root using RSA-4096: 6f 47 c8 5c b1 aa ee 83 b1 1d 73 3f 19 fe 6c 7e 8e 2f e4 50 [OK]
    Now for Japan's...
    http://wii.marcansoft.com/wiimpersonator/reports/vwii/JPN/20121116-091707.log


    Menu data:
    Code:
     ETicket: 
      Title ID: '\x00\x00\x00\x01\x00\x00\x00\x02'
      Title key IV: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00
      Title key (encrypted): 15 6b 68 f7 71 71 be 84 77 b0 82 04 94 08 ec ef
      Common key index: 2
     ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: 04 9c e5 d1 de 18 f6 3b 2f 26 5a ae 9a e5 46 6a e1 c3 85 6b [OK]
     ETicket Certificates: 
      - XS00000003 (RSA-2048)
         Certificate signed by Root-CA00000001 using RSA-2048: d7 0a a0 54 90 af 79 3e 49 10 af 47 9a 76 0f d2 75 f5 ad 12 [OK]
      - CA00000001 (RSA-2048)
         Certificate signed by Root using RSA-4096: 6f 47 c8 5c b1 aa ee 83 b1 1d 73 3f 19 fe 6c 7e 8e 2f e4 50 [OK]
    They all have the same 'Title key (encrypted)' data
    going to the root of the link again finds more logs
    (http://wii.marcansoft.com/wiimpersonator/reports/vwii)
    I don't understand this level of hacking too much but still...

    Incase the site be's an a$$ (http://wii.marcansoft.com) and removes,
    I'll upload a zip here just in case

    WELL I think these will be useful! I guess?
     

    Attached Files:

  2. asper

    Member asper GBAtemp Fan

    Joined:
    May 14, 2010
    Messages:
    420
    Country:
    United States
    Marcan is not an a$$, he is a member of fail0verflow team and that site simulate a Nintendo console (Wii, vWii and WiiU of any region) in order to catch and document new updates in real time.
    No way you can decrypt system menu with that information.
     
    Kippykip likes this.
  3. Kippykip
    OP

    Member Kippykip D E L E T T H I S

    Joined:
    Mar 30, 2013
    Messages:
    508
    Country:
    Australia
    Thanks for telling me that the info won't help, also I said INCASE the site be's an a$$ and removes it, I said that because i've ran into so many sites that deleted their content recently and I thought those might of been important, also I didn't know that's from failoverflow thanks!
     
  4. Enigma Hall

    Member Enigma Hall GBAtemp Advanced Fan

    Joined:
    Feb 6, 2013
    Messages:
    526
    Country:
    Brazil
    Dude, i think his info was help a lot. Easy your adrenaline. Any changes will be in news, only wait man.
     
  5. Kippykip
    OP

    Member Kippykip D E L E T T H I S

    Joined:
    Mar 30, 2013
    Messages:
    508
    Country:
    Australia
    Alright! :D
     
  6. Ray Lewis

    Banned Ray Lewis Banned

    Joined:
    Dec 30, 2012
    Messages:
    1,518
    Country:
    United States
    Marcan said possibly this month as March was busy for him.
     
  7. Kippykip
    OP

    Member Kippykip D E L E T T H I S

    Joined:
    Mar 30, 2013
    Messages:
    508
    Country:
    Australia
    What's this?
    http://wii.marcansoft.com/wiimpersonator/lastupdate.vwii.EUR.txt
    Code:
    0000000700000002 0202 23657456
    0000000700000009 050a 1659984
    000000070000000c 030e 1709824
    000000070000000d 0508 1713872
    000000070000000e 0508 1713872
    000000070000000f 0508 1713872
    0000000700000011 0508 1713872
    0000000700000015 050f 2010256
    0000000700000016 060e 1720688
    000000070000001c 080f 1740272
    000000070000001f 0f18 1866320
    0000000700000021 0f18 1866320
    0000000700000022 0f18 1866320
    0000000700000023 0f18 1866320
    0000000700000024 0f18 1866320
    0000000700000025 171f 2015840
    0000000700000026 111c 2032176
    0000000700000029 0f17 1869104
    000000070000002b 0f17 1869104
    000000070000002d 0f17 1869104
    000000070000002e 0f17 1869104
    0000000700000030 111c 2035040
    0000000700000035 171f 2015840
    0000000700000037 171f 2015840
    0000000700000038 171e 2032896
    0000000700000039 181f 2060320
    000000070000003a 1920 2084096
    000000070000003b 1c21 2604736
    000000070000003e 191e 2032976
    0000000700000050 1c20 2023536
    0000000700000200 0007 259648
    0000000700000201 0001 603712
    0007000248414241 0015 24862784
    0007000248414341 0006 8178480
    0007000248435550 0002 26381616
    0007000248435641 0000 705408
    0007000848414c50 0002 12865776
     
  8. adrenochrome

    Newcomer adrenochrome Member

    Joined:
    Sep 12, 2009
    Messages:
    30
    Country:
    France
  9. Ray Lewis

    Banned Ray Lewis Banned

    Joined:
    Dec 30, 2012
    Messages:
    1,518
    Country:
    United States
  10. SifJar

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    The encrypted menu key is just that, encrypted. In other words, it's pretty much useless as-is. Basically how it works is a particular key will be generated and used to encrypt the system menu. This same key is required to decrypt the System Menu again. This key is unique to the System Menu (every title has a "title key"). This unique menu key is then encrypted with the common key, and the encrypted version is included in the title metadata. So when the Wii (or in this case, vWii) attempts to decrypt the title (for installation), it will use the common key to decrypt the title key, and then use the decrypted title key to decrypt the content itself. So you can't do anything with the encrypted title key, it's only useful once it has been decrypted.

    AFAIK, the common key is the same as it was on the Wii, but I think there is also additional encryption involved in vWii stuff beyond this (handled by the WiiU side of things rather than vWii).
     

Share This Page