Hacking Wii U Hacking & Homebrew Discussion

  • Thread starter Thread starter filfat
  • Start date Start date
  • Views Views 5,117,457
  • Replies Replies 21,104
  • Likes Likes 29
We could always try and reverse-engineer the file to see what kind of encryption it is...that would take quite a lot of time though. I dunno. I need a copy of the game.


Definitely a possibility, but it do us much good without the private key needed to sign it :P. Not unless we attempted to brute force it once we know the encryption type hmmmmm.......

I cant imagine the encryption is a high bit encryption as the files are only 1kb a piece :)

UPDATE: the old brawl tools dont work. Nintendos changed the algorithm and/or private key.

Theyre not THAT stupid lol. Im working on getting the private key for it. Stay tuned for updates!

UPDATE 2: The encryption algorithm being used is MD5, I'm working on cracking the private key now....
 

Attachments

  • hashcat.png
    hashcat.png
    73.9 KB · Views: 360
finally we have some great news, not just pure crap like bubba from wiiukey team crap whom they project always delay for no particular reasons :D just saying :)


its time to get the ball rolling! "basement" coders ftw!
 
Definitely a possibility, but it do us much good without the private key needed to sign it :P. Not unless we attempted to brute force it once we know the encryption type hmmmmm.......

I cant imagine the encryption is a high bit encryption as the files are only 1kb a piece :)

UPDATE: the old brawl tools dont work. Nintendos changed the algorithm and/or private key.

Theyre not THAT stupid lol. Im working on getting the private key for it. Stay tuned for updates!

UPDATE 2: The encryption algorithm being used is MD5, I'm working on cracking the private key now....

Cheers, don't post the key once you get it. That MD5 may take a while though...
 
Cheers, don't post the key once you get it. That MD5 may take a while though...


Ya I figured as much :P. I don't see any problem in writing a tool for decrypting and resigning these files though. I mean it exists for brawl, but then again, I'm really not sure.... I'm not posting it here though. Perhaps we should have our own premodified bin file that we release as part of the exploit (if the exploit comes to light)
 
Ya I figured as much :P. I don't see any problem in writing a tool for decrypting and resigning these files though. I mean it exists for brawl, but then again, I'm really not sure.... I'm not posting it here though. Perhaps we should have our own premodified bin file that we release as part of the exploit (if the exploit comes to light)

It'd be a good idea to have a tool to decrypt and resign, but it all depends on the exploit. If the exploit doesn't involve it, then it should be released as homebrew. If it IS involved, best not to mention it out here until the exploit is ready.
 
Definitely a possibility, but it do us much good without the private key needed to sign it :P. Not unless we attempted to brute force it once we know the encryption type hmmmmm.......

I cant imagine the encryption is a high bit encryption as the files are only 1kb a piece :)

UPDATE: the old brawl tools dont work. Nintendos changed the algorithm and/or private key.

Theyre not THAT stupid lol. Im working on getting the private key for it. Stay tuned for updates!

UPDATE 2: The encryption algorithm being used is MD5, I'm working on cracking the private key now....

This is embarassing. MD5 isn't an encryption algorithm. And why are you even looking into this? Smash's content isn't hackable yet for the same reason that any SD-based content isn't. This talk of smash-based userland exploits is also really unnecessary since the browser, y'know, exists.
 
This is embarassing. MD5 isn't an encryption algorithm. And why are you even looking into this? Smash's content isn't hackable yet for the same reason that any SD-based content isn't. This talk of smash-based userland exploits is also really unnecessary since the browser, y'know, exists.


Ummm yes it is an encryption algorithm, not the best source of info, but its good for a start: http://en.wikipedia.org/wiki/MD5. The reason, I'm going for this is because Smash bros, has sd card privileges which the browser does not. If this can be pulled off we should have the same privileges that the game has, meaning the ability to load from and write to the sd card.

the sd card data for smash bros is fully viewable on a computer, its just that each jpeg file (snapshot) has a corresponding .bin file thats encrypted and is used to verify the contents of said jpeg image file. If you edit the jpeg in any way shape or form and stick it back in the Wii U, smash refuses to let you open it, because it doesn't match the bin file attached to it.

My thoughts, if we can decrypt and resign these bin files, we can modify them accordingly with any changes made to a snapshot file (jpeg). We could attempt to run a userland exploit via a corrupted image file, if we're able to modify the bin files accordingly.
 
  • Like
Reactions: Ryanrocks462
hash =/= encryption


the bin files are only 1kb a piece, meaning the encryption itself is very weak, I wouldn't be surprised if they used something as dated as MD5.

I understand what you're saying NWPlayer123, its actually a hashing algorithm, NOT an encryption algorithm, but either way, in laymans terms its a way of scrambling up information to make it look like garbage (needs to be cracked or have the appropriate key to decrypt it).

for anyone who wants more info on this, check out this link: http://stackoverflow.com/questions/...nce-between-hashing-and-encryption-algorithms
 
  • Like
Reactions: Ryanrocks462
hash =/= encryption. A hash is meant to be one way, a way to check things. Encryption is meant to be reversible (given you have the correct key)
the bin files are only 1kb a piece, meaning the encryption itself is very weak, I wouldn't be surprised if they used something as dated as MD5.

I understand what you're saying NWPlayer123, its actually a hashing algorithm, NOT an encryption algorithm, but either way, in laymans terms its a way of scrambling up information to make it look like garbage (needs to be cracked or have the appropriate key to decrypt it).

I don't want to be rude and I don't know muh about this stuff, but what NWPlayer says is this:

A hash is used to verify if a file contains, what it is meant to contain. The MD5 or SHA-1 of a file is string of a few hundred bits and therefore contains much less data. It's certainly possible that two different files have the same hash, and therefore you can't reconstruct the file based on the hash.

A encryption on the other hand is reversible, meaning you can reconstruct the file.

Now take a look on your findings. JPEG is already a pretty good format to compress image informations. Do you really think that those images are encrypted in 1kb bin. files?
 
I don't want to be rude and I don't know muh about this stuff, but what NWPlayer says is this:

A hash is used to verify if a file contains, what it is meant to contain. The MD5 or SHA-1 of a file is string of a few hundred bits and therefore contains much less data. It's certainly possible that two different files have the same hash, and therefore you can't reconstruct the file based on the hash.

A encryption on the other hand is reversible, meaning you can reconstruct the file.

Now take a look on your findings. JPEG is already a pretty good format to compress image informations. Do you really think that those images are encrypted in 1kb bin. files?


Watch my video above, you'll see that those bin files are definitely associated with the images directly. It could just be information relating to the images rather than the images themselves. Its being used to verify that the image hasn't not been altered in anyway.

As for hash reconstruction, I understand its a tedious and drawn out process, but if I release the modified bin file (reconstructed) with the exploit (assuming this is a valid attack method) then the end user doesn't have to fuss with it at all. Only I will have to suffer through the trial and error process XD
 
Watch my video above, you'll see that those bin files are definitely associated with the images directly. It could just be information relating to the images rather than the images themselves. Its being used to verify that the image hasn't not been altered in anyway.

As for hash reconstruction, I understand its a tedious and drawn out process, but if I release the modified bin file (reconstructed) with the exploit (assuming this is a valid attack method) then the end user doesn't have to fuss with it at all. Only I will have to suffer through the trial and error process XD

I'm personally not aware of how smash saves its files, but it's more than likely you're dealing with a file containing metadata on user data, not the data itself. And again, reconstructing a file from an MD5 hash would take an incredibly long amount of time. It's 100% not that, I'll bet my life on it.
 
If they're just hashes, it's quite probable that they're hashes of the image files. Did you test out that idea?


Well in my video you can see that each bin file has the same exact filename (except the extension of course) as the jpeg it corresponds to. I haven't tried to match them to eachother know, haven't even thought of that tbh lol.

I'm glad to see a well respected dev supporting this idea :)

UPDATE: Just tried verifying the hashes of a bin with its corresponding image and no dice :(

UPDATE 2: I just got a binary file to open properly in 010 editor w00t!. It displays it properly in hex and in binary. Hey its a step in the right direction :). When I try to convert it to text within the program, it still shows up as gibberish unfortunately, but its progress
 
Well in my video you can see that each bin file has the same exact filename (except the extension of course) as the jpeg it corresponds to. I haven't tried to match them to eachother know, haven't even thought of that tbh lol.

I'm glad to see a well respected dev supporting this idea :)

UPDATE: Just tried verifying the hashes of a bin with its corresponding image and no dice :(

UPDATE 2: I just got a binary file to open properly in 010 editor w00t!. It displays it properly in hex and in binary. Hey its a step in the right direction :). When I try to convert it to text within the program, it still shows up as gibberish unfortunately, but its progress


Whoa, update 2, holy crap, I don't know the significance necessarily, but I take it it's a good sign! XD
 
Whoa, update 2, holy crap, I don't know the significance necessarily, but I take it it's a good sign! XD


I honestly don't know what instruction set this was written in so I don't know exactly what the data represents, therefore, I'm afraid to post a screenshot. If its any sort of private key, I certainly don't want to plaster it all over the web. Although, its likely not, but still
 

Site & Scene News

Popular threads in this forum