Toggle sidebar

Hacking vWii encrypted menu key discovered?

  • Thread starter Thread starter Kippykip
  • Start date Start date
  • Views Views 4,158
  • Replies Replies 9

Will this help cracking anything in vWii?

  • Yes! helpful!

    Votes: 0 0.0%

  • Nope... Useless data

    Votes: 7 77.8%

  • Possibly...

    Votes: 2 22.2%
  • Total voters
    9
Kippykip

Kippykip

j e f f
Member
Level 5
Joined
Mar 30, 2013
Messages
543
Reaction score
188
Trophies
1
Website
kippykip.com
XP
689
Country
Australia
I found these vWii update logs from google, this one is europe's (me)
>http://wii.marcansoft.com/wiimpersonator/reports/vwii/EUR/20121116-092121.log
I thought it may get us somewhere with vWii hacking....

Could we have possibly cracked vWiis system menu key?
in the logs from the 16th of november or whatever you should you find this
Code: 
ETicket: 
  Title ID: '\x00\x00\x00\x01\x00\x00\x00\x02'
  Title key IV: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00
  Title key (encrypted): 15 6b 68 f7 71 71 be 84 77 b0 82 04 94 08 ec ef
  Common key index: 2
 ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: 04 9c e5 d1 de 18 f6 3b 2f 26 5a ae 9a e5 46 6a e1 c3 85 6b [OK]
 ETicket Certificates: 
  - XS00000003 (RSA-2048)
     Certificate signed by Root-CA00000001 using RSA-2048: d7 0a a0 54 90 af 79 3e 49 10 af 47 9a 76 0f d2 75 f5 ad 12 [OK]
  - CA00000001 (RSA-2048)
     Certificate signed by Root using RSA-4096: 6f 47 c8 5c b1 aa ee 83 b1 1d 73 3f 19 fe 6c 7e 8e 2f e4 50 [OK]

so then I edited the url a bit and found USAs log
http://wii.marcansoft.com/wiimpersonator/reports/vwii/USA/20121116-091910.log


The system menu ticket key data is...
Code: 
ETicket: 
  Title ID: '\x00\x00\x00\x01\x00\x00\x00\x02'
  Title key IV: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00
  Title key (encrypted): 15 6b 68 f7 71 71 be 84 77 b0 82 04 94 08 ec ef
  Common key index: 2
 ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: 04 9c e5 d1 de 18 f6 3b 2f 26 5a ae 9a e5 46 6a e1 c3 85 6b [OK]
 ETicket Certificates: 
  - XS00000003 (RSA-2048)
     Certificate signed by Root-CA00000001 using RSA-2048: d7 0a a0 54 90 af 79 3e 49 10 af 47 9a 76 0f d2 75 f5 ad 12 [OK]
  - CA00000001 (RSA-2048)
     Certificate signed by Root using RSA-4096: 6f 47 c8 5c b1 aa ee 83 b1 1d 73 3f 19 fe 6c 7e 8e 2f e4 50 [OK]

Now for Japan's...
http://wii.marcansoft.com/wiimpersonator/reports/vwii/JPN/20121116-091707.log


Menu data:
Code: 
 ETicket: 
  Title ID: '\x00\x00\x00\x01\x00\x00\x00\x02'
  Title key IV: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 00
  Title key (encrypted): 15 6b 68 f7 71 71 be 84 77 b0 82 04 94 08 ec ef
  Common key index: 2
 ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: 04 9c e5 d1 de 18 f6 3b 2f 26 5a ae 9a e5 46 6a e1 c3 85 6b [OK]
 ETicket Certificates: 
  - XS00000003 (RSA-2048)
     Certificate signed by Root-CA00000001 using RSA-2048: d7 0a a0 54 90 af 79 3e 49 10 af 47 9a 76 0f d2 75 f5 ad 12 [OK]
  - CA00000001 (RSA-2048)
     Certificate signed by Root using RSA-4096: 6f 47 c8 5c b1 aa ee 83 b1 1d 73 3f 19 fe 6c 7e 8e 2f e4 50 [OK]

They all have the same 'Title key (encrypted)' data
going to the root of the link again finds more logs
(http://wii.marcansoft.com/wiimpersonator/reports/vwii)
I don't understand this level of hacking too much but still...

Incase the site be's an a$$ (http://wii.marcansoft.com) and removes,
I'll upload a zip here just in case

WELL I think these will be useful! I guess?
 

Attachments

Marcan is not an a$$, he is a member of fail0verflow team and that site simulate a Nintendo console (Wii, vWii and WiiU of any region) in order to catch and document new updates in real time.
No way you can decrypt system menu with that information.
 
  • Like
Reactions: Kippykip
Thanks for telling me that the info won't help, also I said INCASE the site be's an a$$ and removes it, I said that because i've ran into so many sites that deleted their content recently and I thought those might of been important, also I didn't know that's from failoverflow thanks!
 
Dude, i think his info was help a lot. Easy your adrenaline. Any changes will be in news, only wait man.
 
What's this?
http://wii.marcansoft.com/wiimpersonator/lastupdate.vwii.EUR.txt
Code: 
0000000700000002 0202 23657456
0000000700000009 050a 1659984
000000070000000c 030e 1709824
000000070000000d 0508 1713872
000000070000000e 0508 1713872
000000070000000f 0508 1713872
0000000700000011 0508 1713872
0000000700000015 050f 2010256
0000000700000016 060e 1720688
000000070000001c 080f 1740272
000000070000001f 0f18 1866320
0000000700000021 0f18 1866320
0000000700000022 0f18 1866320
0000000700000023 0f18 1866320
0000000700000024 0f18 1866320
0000000700000025 171f 2015840
0000000700000026 111c 2032176
0000000700000029 0f17 1869104
000000070000002b 0f17 1869104
000000070000002d 0f17 1869104
000000070000002e 0f17 1869104
0000000700000030 111c 2035040
0000000700000035 171f 2015840
0000000700000037 171f 2015840
0000000700000038 171e 2032896
0000000700000039 181f 2060320
000000070000003a 1920 2084096
000000070000003b 1c21 2604736
000000070000003e 191e 2032976
0000000700000050 1c20 2023536
0000000700000200 0007 259648
0000000700000201 0001 603712
0007000248414241 0015 24862784
0007000248414341 0006 8178480
0007000248435550 0002 26381616
0007000248435641 0000 705408
0007000848414c50 0002 12865776
 
The encrypted menu key is just that, encrypted. In other words, it's pretty much useless as-is. Basically how it works is a particular key will be generated and used to encrypt the system menu. This same key is required to decrypt the System Menu again. This key is unique to the System Menu (every title has a "title key"). This unique menu key is then encrypted with the common key, and the encrypted version is included in the title metadata. So when the Wii (or in this case, vWii) attempts to decrypt the title (for installation), it will use the common key to decrypt the title key, and then use the decrypted title key to decrypt the content itself. So you can't do anything with the encrypted title key, it's only useful once it has been decrypted.

AFAIK, the common key is the same as it was on the Wii, but I think there is also additional encryption involved in vWii stuff beyond this (handled by the WiiU side of things rather than vWii).
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew Project  Modernized YouTube for Wii U

[discussion] what game do you wanna see next?

[discussion] Paper Mario Wii U or Mario Kart 64 wii u?

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

[PRERELEASE] Sonic 3 A.I.R. (finally) Wii U

Can the Wii u pro controller works for Wii games ?

Sonic Advance 2 Wii U (another release, this time it's playable)

Homebrew Misc  Wii U Homebrew — accessing certain apps causes 160-0103 error, uncertain if Homebrew attempt is responsible