Savegame files key for Wii homebrew games?
Nintendo-Scene forum user therealr found out that savegame files for the Wii use elliptic curve cryptography with the NIST B 233 bit elliptic curve, or otherwise known as “sect233r1” in OpenSSL.
According to him, exploiting this could be the first step for a Wii homebrew soft-mod method. therealr mentioned that a savegame file for the Wii ends with a certificate chain that contains a public keypair (that is the one being certified) and another number pair for the signature from the signing entity.
These pairs are then stored as a compound 60-bit data (30 for each pair). That implies then that the first and middle byte are always 00 or 01 for keys while signatures always use 00. therealr then went on and speculated on the certificate format of a savegame file:
[Magic number 0x00010002]
[Certificate signature from signing entity]
[Name of signing entity]
[Name of entity being certified]
[Public key pair of entity being certified]
The coder added that a file always ends with two certificates and the first one is always the same for the same console. The other one, however, involves a freshly generated private/public keypair. The private key will not be present after encryption, but the decryption of the data requires the public keys.
These public keys will be then signed by the console’s permanent private key. At this point, you have to remember that these have been discarded during encryption. So what keys are we talking about now? therealr said that it is highly possible that there’s another set of keys being used somewhere that can be understood by all Wii consoles.
We know that was kind of hard to understand but bottom line is savegame files produced in one Wii console can be read by any other Wii unit. Knowing how all of these fall into places is going to be important to exchange homebrew games in the future. The Read link below will provide you with some example routines that can be further examined.
Nintendo-Scene forum user therealr found out that savegame files for the Wii use elliptic curve cryptography with the NIST B 233 bit elliptic curve, or otherwise known as “sect233r1” in OpenSSL.
According to him, exploiting this could be the first step for a Wii homebrew soft-mod method. therealr mentioned that a savegame file for the Wii ends with a certificate chain that contains a public keypair (that is the one being certified) and another number pair for the signature from the signing entity.
These pairs are then stored as a compound 60-bit data (30 for each pair). That implies then that the first and middle byte are always 00 or 01 for keys while signatures always use 00. therealr then went on and speculated on the certificate format of a savegame file:
[Magic number 0x00010002]
[Certificate signature from signing entity]
[Name of signing entity]
[Name of entity being certified]
[Public key pair of entity being certified]
The coder added that a file always ends with two certificates and the first one is always the same for the same console. The other one, however, involves a freshly generated private/public keypair. The private key will not be present after encryption, but the decryption of the data requires the public keys.
These public keys will be then signed by the console’s permanent private key. At this point, you have to remember that these have been discarded during encryption. So what keys are we talking about now? therealr said that it is highly possible that there’s another set of keys being used somewhere that can be understood by all Wii consoles.
We know that was kind of hard to understand but bottom line is savegame files produced in one Wii console can be read by any other Wii unit. Knowing how all of these fall into places is going to be important to exchange homebrew games in the future. The Read link below will provide you with some example routines that can be further examined.
About The Author
