Quick Jump Daily Digest
Thank you for your interest in the Quick Jump Daily Digest. Get notified of all new content on QJ in our free Daily Digest. To subscribe, enter your email address below and click the subscribe button.
Wii homebrew - Xyzzy v1.1 |
Listed in: Wii Tags: Bushing, nand
Ó
Bushing is back, and he brings the very useful Xyzzy v1.1 with him. Wii homebrew devs out there may want to give this thing a shot, 'cause it's very useful in extracting OTP encryption keys. It should automatically save the keys to a text file on your SD, but it also displays them on-screen if ever you need to write them down by hand.
xyzzy extracts the following data:
- ECC Private Key - used for signatures in various places
- Console ID - the unique identifier for your Wii
- NAND AES key - used to encrypt and decrypt the Wii's NAND
- NAND HMAC - used to generate or verify a hash of the NAND, and therefore judge its integrity
- Common key (AES) - used to decrypt keys found on items distributed from Nintendo
- PRNG seed - a random seed
- SD key (AES) - used to encrypt and decrypt anything being written to/read from the SD card
- Device cert - you Wii's personal cert
You've probably seen this before, but for information's sake, I'll put it here. This is what xyzzy does automatically.
- Download IOS11 from the Nintendo Update Server
- Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
- Patch it to allow it to delete itself later using ES_DeleteTitle()
- Find an unused IOS slot (counting downward from IOS255)
- Install the hacked IOS11 there
- Reboot into the hacked IOS
- Copy the private key structure from the IOS address space into MEM1
- Reboot back into a sane IOS
- Delete the temporary, hacked IOS
- Display the keys on screen
- Try to write them to a file on the SD card — keys.txt
- Pause for 60 seconds to allow you to copy the keys down using pen and paper,if necessary
Download: Xyzzy v1.1
More on xyzzy:
| This story sucks? This story rocks! |
|
|
Comments
Reply