Hacking wwt+wit: Wiimms WBFS+ISO Tools

[kylster]

is there a GUI for WIT?

 

[Bauldrick]

@kylster

There is a clue buried deep within the first post of this very thread....

 

[giantpune]

ok, well after some poking around, i see what is up with the TMD fakesign detection & why it fails on games made with TheGhost. it comes down to these lines in "bool tmd_is_fake_signed ( const wd_tmd_t * tmd, u32 tmd_size )"
CODEÂÂÂÂfor ( i = 0; i < sizeof(tmd->sig); i++ )
ÂÂÂÂif (tmd->sig)
ÂÂÂÂÂÂÂÂreturn 0;

I poked around and it looks like TheGhost is using wiiscrubber.dll to replace files. And this dll doesnt zero the signature. It leaves the original signature in place and only edits the reserved byte of the tmd at 0x19a.

Spoiler

I checked and the first byte of the SHA1 comes out to be 0x00.

so, i think something like this should work better. i dont have a ticket that is fakesigned by wiiscrubber.dll, but i assume it does the same thing there as well.

Spoiler

CODEbool tmd_is_fake_signed ( const wd_tmd_t * tmd, u32 tmd_size )
{
ÂÂÂÂif (!tmd)
ÂÂÂÂreturn false;
ÂÂ
ÂÂÂÂif (!tmd_size)ÂÂ// auto calculation
ÂÂÂÂtmd_size = sizeof(wd_tmd_t) + tmd->n_content * sizeof(wd_tmd_content_t);

ÂÂÂÂint i;
ÂÂÂÂbool zeros = true;
ÂÂÂÂfor ( i = 0; i < sizeof(tmd->sig); i++ )
ÂÂÂÂif (tmd->sig)
ÂÂÂÂ{
ÂÂÂÂÂÂÂÂzeros = false;
ÂÂÂÂÂÂÂÂbreak;
ÂÂÂÂ}
ÂÂÂÂ
ÂÂÂÂif( zeros )
ÂÂÂÂreturn true;
ÂÂÂÂÂÂÂÂ
ÂÂÂÂu8 hash[WII_HASH_SIZE];
ÂÂÂÂSHA1( ((u8*)tmd)+WII_TMD_SIG_OFF, tmd_size-WII_TMD_SIG_OFF, hash );
ÂÂÂÂreturn !*hash && tmd->fake_sign[ 0 ] != 0;
}

 

[tueidj]

If the signature isn't zeroed it's technically not fakesigned. Just because the first byte of the SHA1 is 0, doesn't mean it will pass the strncmp check unless both input strings end at the same time. Such a disc should be flagged as "invalid signature" or such.

 

[giantpune]

these games play fine on vanilla IOS that have the strncmp bug. so i would be willing to call it fakesigned.

also, looking at the source of "wiiscrubber-ng", it does the opposite of zeroing out a signature. it actually has a 256 byte array it calls "the trucha signature" and it copies this to the tmd and then brute forces till the sha1 starts with 0.

 

[tueidj]

You must have a different copy to me, which very luckily has an original hash that starts with zero. Original SHA1 for my GH3 PAL is:
611CAF17EC6A911E276E321226D0E0D93435F322
So if the SHA1 of the TMD started with a zero and the default signature was left in place, there would be a mismatch.

EDIT: Well that makes more sense, this "trucha signature" is most likely a sig ripped from some other disc that had an original hash starting with zero.

EDIT2: Oh, it's that signature:
CODE502c0ÂÂ00 01 00 01 a5 ce b8 bcÂÂ99 b7 e9 a0 c1 ff 14 78ÂÂ|...............x|
502d0ÂÂ5c 22 66 85 51 a0 44 0cÂÂ70 3e 16 34 9a 1c a6 74ÂÂ|\"f.Q.D.p>.4...t|
502e0ÂÂ74 47 56 46 4e 1c 56 b3ÂÂdd bc 76 f4 6b 64 ce 35ÂÂ|tGVFN.V...v.kd.5|
502f0ÂÂ40 72 c6 cf 53 9b 64 38ÂÂ36 30 15 dc 4f 0d 6d 26ÂÂ|@r..S.d860..O.m&|
50300ÂÂ41 38 55 4b 67 d8 54 68ÂÂ45 66 49 53 68 e9 61 78ÂÂ|A8UKg.ThEfISh.ax|
50310ÂÂb1 30 c5 63 00 d9 69 deÂÂ93 d8 4f c8 69 ed 52 12ÂÂ|.0.c..i...O.i.R.|
50320ÂÂ96 35 28 45 48 e2 70 e2ÂÂ4b 01 53 7d 53 e3 43 13ÂÂ|.5(EH.p.K.S}S.C.|
50330ÂÂ8b 30 77 6a 58 41 6f 6cÂÂ54 72 61 4c 61 4c 61 05ÂÂ|.0wjXAolTraLaLa.|
50340ÂÂ6d 64 8a 62 bd b8 53 98ÂÂb3 9c 55 df 4c 10 4e c2ÂÂ|md.b..S...U.L.N.|
50350ÂÂ4d 33 77 87 e0 a8 61 69ÂÂ85 3b 4a 64 69 7a 37 f7ÂÂ|M3w...ai.;Jdiz7.|
50360ÂÂfe 4b 84 42 d2 37 6c 48ÂÂ67 c6 75 ec 45 8d 9e fdÂÂ|.K.B.7lHg.u.E...|
50370ÂÂdb 63 43 41 30 6a 4d 6dÂÂ42 4e 73 55 21 d5 da 32ÂÂ|.cCA0jMmBNsU!..2|
50380ÂÂ23 34 d2 64 f6 e3 4f 3cÂÂ43 ab 65 ec ea 1e a7 92ÂÂ|#4.d..O

 

[giantpune]

there is also tools from waninkoko's that leave a signature in the TMD that starts with "WaNiNKoKOWaSHeRe!". i think his IOS patcher was one of these tools. also, i think the ISO prep tool from TheGhost leaves this signature when you use it to change the ID so the game will use a different save than the original game.

 

[tueidj]

Well that sig is specially crafted to basically do the same job as zeroing out the whole thing, so as long as the SHA1 is again brute-forced to start with zero after changing the title, it will still be fakesign-compatible.

For lulz I decrypted the "trucha signer" sig expecting to see text hidden in the padding, but there was none - I guess that would be expecting too much.

 

[giantpune]

so, in your expert opinion, how would you check the validity of a signature? this is meant to just be a quick check and is only used 1 time in the entire project to display information. i wouldnt justify including any aes library in the project if its only going to be used for this 1 calculation.

so, how would you do an accurate check if i game is fakesigned?

 

[tueidj]

You could check if the first byte of the SHA1 is 0 and also verify that all unused bytes of the TMD/Ticket are zero, but there are plenty of used bytes that can also be brute forced. IMO the only way to be sure is to decrypt the sig properly and check it (optionally verify the whole certificate chain, not really necessary). RSA's not really complicated, it just requires some sort of bignum library for example the bn_* functions in segher's wii tools (there's a check_cert_chain function somewhere in there too that does proper signature verification).

 

[tueidj]

Sample code (assuming you have SHA1 code to bolt on already) : http://pastie.org/private/alwgpoiqfnpp59pxbfwq

 

[drh]

Hi Wiimm,

I've been away from this thread for a few months now, but I just had to come back and leave a message today.

I was thinking about giving configurable loader another try with an NTFS partition.
It doesn't seem to support my existing WFD files (from my WiiFlow & WBFS disk), so I was messing with WIT to convert from WDF to WBFS with the following command:

wit cv "Dave Mirra BMX Challenge [RXCPGT].wdf" -P -wbfs

I ended up with a RXCPGT.wbfs file which is fine, but the tool removes the original file by default!?!?!?!?!
If that's not a bug and intentional default operations all I can say is WTF!?!?!? :-)
Worse, if you abort WIT during the process, not only do you lose the conversion but you lose the original file too!!!!!!!!!

Sorry Wiimm, as much as I love your tools, its simply not right for a tool to remove the original file as a default action, that needs to be a switched command at the very least.
Good job I was only testing with a smaller game that I wasn't particularly bothered with, because that simple conversion test resulted in a total loss of the file just from pressing abort!!

 

[Wiimm]

@giantpune & tueidj:
I haven't checked the sample code but perhaps a three way statement "fake sign" / "maybe fake signed" / "not fake signed" is a good way.

@drh:
CONVERT implies removing the source. Use COPY if you want to leave the source.
http://wit.wiimm.de/wit/cmd-convert.html (1. sentence of the built in help) => ... and replace the source with the result.

YOu can create the lost file again: wit copy xxxx.wbfs %Y.wdf

 

[giantpune]

ive compiled the sample code and run it on 8 or 10 games. it is correctly saying if a tmd/ticket is fakesigned. i tested it on official games, ones created using wit, and ones made with Theghost. then i picked a random spot in the tmd and changed a byte and the code says "RSA Signature did not match SHA1". i think it is working like it is supposed to, at least more accurate than the code in wit and the code i put a few posts back..

 

[drh]

@drh:
You can create the lost file again: wit copy xxxx.wbfs %Y.wdf

Normally I would, but an abort with WIT CV leaves you without either file, it gets rid of the original file irrespective of the command completing successfully!!

 

[Wiimm]

@drh:
You can create the lost file again: wit copy xxxx.wbfs %Y.wdf

Normally I would, but an abort with WIT CV leaves you without either file, it gets rid of the original file irrespective of the command completing successfully!!

That should not be ... I will check this bug in the next days.

 

[Wiimm]

@dry:
Are you sure that the file is lost? Look into the "current working directory".
There is an path error if converting to wbfs.

 

[drh]

Yes its definitely gone.

I'm not bothered about the title, I picked a random (small) file to test with and fortunately, its not a title I've ever played.

Going back through the terminal history, the first command I did was:

wit cv "Dave Mirra BMX Challenge [RXCPGT].wdf" -P --wbfs

Which resulted in a file called "RXCPGT.wbfs".

We tried this with configurable loader 60 on an NTFS partition using the recommended folder structure "/wbfs" but the loader still didn't work with that file. It only seems to accept ".iso" files or WBFS files created with their Windows tool. :-(
So anyway, after realising that the CV command removed the original file, I started to convert the file back using the following command:

wit cv RXCPGT.wbfs -P

I thought the default action was to convert to WDF format, so I just removed the force switch off the end, but when WIT started, I saw the output file was wbfs still, so I aborted the convert to add "--wdf" on the end but the "RXCPGT.wbfs" was now gone.

All this action was done from within the directory of the original WDF files, so this was also the working directory.

 

[Wiimm]

@drh:
Which version do you use?
Some releases ago I have change a wbfs param and a version alter i have restored the old one.

 

[Bauldrick]

I see that same behaviour as drh, using same commands on r1892, r1934, r1938:

****************************************************************
***ÂÂPROGRAM INTERRUPTED BY USER (LEVEL=1).ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ***
***ÂÂPROGRAM WILL TERMINATE AFTER CURRENT JOB HAS FINISHED.ÂÂ***
****************************************************************

Let it finish and the file will remain. Cancel the job again:

*********************************************************
***ÂÂPROGRAM INTERRUPTED BY USER (LEVEL=2).ÂÂÂÂÂÂÂÂÂÂ ***
***ÂÂPROGRAM WILL TRY TO TERMINATE NOW WITH CLEANUP.ÂÂ***
*********************************************************

The file has been deleted.