Wii homebrew - Xyzzy v1.1

Posted Nov 26, 2008 at 9:00PM by Glenn M. Listed in: Wii Tags: Bushing, nand
Ó


xyzzy - Image 1


Bushing is back, and he brings the very useful Xyzzy v1.1 with him. Wii homebrew devs out there may want to give this thing a shot, 'cause it's very useful in extracting OTP encryption keys. It should automatically save the keys to a text file on your SD, but it also displays them on-screen if ever you need to write them down by hand.

xyzzy extracts the following data:
  • ECC Private Key - used for signatures in various places
  • Console ID - the unique identifier for your Wii
  • NAND AES key - used to encrypt and decrypt the Wii's NAND
  • NAND HMAC - used to generate or verify a hash of the NAND, and therefore judge its integrity
  • Common key (AES) - used to decrypt keys found on items distributed from Nintendo
  • PRNG seed - a random seed
  • SD key (AES) - used to encrypt and decrypt anything being written to/read from the SD card
  • Device cert - you Wii's personal cert

You've probably seen this before, but for information's sake, I'll put it here. This is what xyzzy does automatically.
  • Download IOS11 from the Nintendo Update Server
  • Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
  • Patch it to allow it to delete itself later using ES_DeleteTitle()
  • Find an unused IOS slot (counting downward from IOS255)
  • Install the hacked IOS11 there
  • Reboot into the hacked IOS
  • Copy the private key structure from the IOS address space into MEM1
  • Reboot back into a sane IOS
  • Delete the temporary, hacked IOS
  • Display the keys on screen
  • Try to write them to a file on the SD card — keys.txt
  • Pause for 60 seconds to allow you to copy the keys down using pen and paper,if necessary
One last thing.
It ain't pretty, but at least it no longer contains copyrighted code. Bushing reckons you only need to run this once on any given Wii, but it should be safe to run multiple times.

Download: Xyzzy v1.1



More on xyzzy:


 
 
 

Comments

by z32tt3z - 2008-11-27 12:19:36
bushing = sell out

how can he even still show his face in the homebrew scene after snitching to nintendo??? we dont need this guy anymore we have waninkoko!!!

Add New Comment




You must be logged in to post comments




Add QJ.NET
Add to My Yahoo!
Google Reader Subscribe with Bloglines
Add  to your Kinja digest Subscribe in NewsGator Online
Subscribe with Pluck RSS reader Add 'www.qj.net' to Newsburst from CNET News.com
Subscribe with SearchFox RSS del.icio.us www.qj.net
Add to Technorati Favorite! Add to My AOL
furl! it Stumble for Treehugger!