- Wii Common Key File Crack for starcraft 2 offline launcher. Drop Wii common key file (.bin) here: Browse… Alternatively enter Wii common key (32 characters) here: Common Key: Optional: Adjust Wii channel data here.
- I have my common key and my rom key and the emulator says that it needs a common key Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts.
The Wii has four basic ways of communicating with the environment -- games on disc, savegames on SD card, channels/VCs on SD card and updates downloaded from the Internet. All of them need to be protected for the Wii security model to keep its integrity. Different security methods are used for each of the 4 methods, with some similarities between them.
Wii U Common Key. Not a member of Pastebin yet? Sign Up, it unlocks many cool features! Raw download clone embed print report. WiiU Title Key DB Cemu Wii U Emulator Game Key Database Press Ctrl + F key on your keyboard to search for a title on the page. Nintendo Wii U Europeam - EUR Game Keys. All Nintendo Wii U Emulator Cemu resources and links in one location so you do not have to wonder around Github, Reddit, forums and random websites looking.
A detailed list of flaws can be found at Wii system flaws.
- 2Game discs
- 3Channels on SD cards
- 4Save games on SD cards
- 5Message Board
- 6Internet
Definitions
- Encryption: Technology used to prevent unauthorized parties from viewing data. The Wii uses AES-128-CBC.
- Symmetric Encryption: The same key is used for both encryption and decryption. AES is a symmetric cipher, meaning the same key is used for encryption and decryption (this is why the key must be kept secret).
- Hashing: Technology used to detect modification of data. The Wii uses both SHA-1 and MD5.
- Signing: Technology used to prevent unauthorized parties from modifying (changing, editing) data. (Generally, this is a combination of encryption and hashing.) For the purposes of signing, the Wii uses RSA and ECC. Signing is an asymmetric algorithm: a signature can be verified by a party without sufficient information to produce a signature.
- Title: In Wii terminology, a 'title' is a self-contained set of code and data. Every game is a title; a channel is a title, etc.
- Content: In Wii terminology, a 'content' is a piece of code or data. Discs contain one 'content' per partition; channels usually contain several 'contents' per title.
The rest of this page will assume you know the difference between symmetric and asymmetric cryptography.
Game discs
Game discs are encrypted to avoid analysis (as you would need the key from a Wii) and signed by Nintendo to stop modifications.
Wii U Common Key Usa
The encryption is a symmetric cipher, 128-bit AES-CBC. Each disc usually contains two or more partitions. Each partition has its own AES key, referred to as a 'title key'. This key is stored on the disc, inside of a 'ticket', but it is encrypted with the master AES key (also known as the common key). So, with the master AES key, you can decrypt the title keys, which can decrypt the partitions. This master AES key was extracted by the Tweezer hack and has been known publicly since April 2008.
The disc is signed by building SHA-1 hashes of small parts of the disc, then aggregating these hashes into a hierarchical structure, which is finally signed with Nintendo's asymmetric private key; this is chosen for speed, as asymmetric cryptography is slower than symmetric.
For more details, see Partition Data info on the Wiidisc page.
Typically, the first partition contains system updates, in the form of WAD files. The data content of the WAD files themselves are encrypted and signed, as well. It is encrypted by 128-bit AES-CBC, by a title key. The title key is encrypted with the master AES key and is stored in the WAD.
Exploits
- Drivechip (Homebrew Channel ISO)
Channels on SD cards
All channels found on an SD card are signed by the Wii to prevent tampering, similar to discs but with a per-console key. However, only their binary is signed, so things such as banners can still be modified.
Exploits
Save games on SD cards
When copying a save game from a Wii system memory to an SD card (in 'Data Management'), it encrypts it with an AES key known to all consoles (SD-key). This serves only to keep prying eyes from reading a save game file. In crypto terminology, the SD-key is a 'shared secret'.
Wii Common Key Bin Download
The Wii then signs the file on the SD card with its private (ECC) key. This is to prevent anyone from modifying the save file while it is on the SD card.
If someone shares save games to another Wii using an SD card, the Wii will be able to decrypt it using the shared secret. However, it has no way of checking the Wii's signature, because it doesn't know the other console's public key. To solve this problem, the save game also contains a copy of the Wii's unique public key -- the one that matches the private key used to sign the save file. (The copy of the Wii's public key is called a 'certificate'.)
Thanks to this, the Wii can verify that the file is signed, but it has no way of knowing whether it was a real Wii that signed it, or if the key was just generated randomly. To solve this, each Wii's certificate used for save game signing is also signed by Nintendo using their private key which all Wii's must know for game signature validation.
The original memory-dumping hack for the Wii solves the problem of needing a key to sign a new save; a private ECC key was extracted from one console, and since any Wii can read any savefile signed by a Wii's certificate, there can just be one shared key for exploits -- it doesn't need to be re-encrypted / re-signed every time.
Exploits
Message Board
The Wii Message Board is able to read messages from an SD card if properly signed using the Wii's MAC address. LetterBomb and other exploits use this as a way to run unsigned code on the Wii from the System Menu. This exploit was originally discovered by giantpune.
Exploits
Internet
The Internet Channel for the Wii does not feature the ability to download files by any normal means. By running unsigned code via bookmarking, it is possible to send unsigned code to the Wii and run exploit code.
The EULA for WiiConnect24 and Wii Shop downloads HTML from Nintendo's official servers over HTTP; by using a DNS server, it can instead run unsigned code to run an exploit via the EULA channel.
Exploits
By popular request, here’s an explanation of the different encryption keys that are used on the Wii.
AES Keys: The Wii uses 128-bit (16-byte) symmetric AES (aka AES-128-CBC) for most encryption.
- Common key (ebe42a225e8593e448d9c5457381aaf7): This is the “shared secret” that we extracted with the Tweezer Hack. This key is known by all Wiis, but is never used, directly, to encrypt anything. Instead, all titles are encrypted with a random AES key; this key is then encrypted with the Common key and then stored inside a ticket. The ticket is then transmitted along with the content — on discs, it’s part of the “certificates” found before the encrypted data starts. Thus, knowing the common key allows you to decrypt most Wii content, as long as you have the right ticket. This key is stored in the OTP area inside the Starlet ARM core inside the Hollywood package.
- SD key (ab01b9d8e1622b08afbad84dbfc2a55d): This is another shared secret — also stored on the Hollywood, but also found plenty of other places, including inside the firmware images. This key is used by the System Menu (1-2) to encrypt anything before writing it out to the SD card, and it’s used by 1-2 to decrypt anything read from the SD card. This is done mainly for the purpose of obfuscation, to keep people from examining savegames. It’s worth noting that all Wii games save their data to the internal NAND — no game supports loading or saving data directly to SD. This frees game writers from the requirement of handling this step themselves; they just write the savegame data, unencrypted and unsigned, to their title-data directory inside the NAND filesystem; the system menu then handles everything else. (The real reason for this is probably that it allowed Nintendo to make a system where they didn’t have to expose the details of this encryption — or any encryption — to their licensed game developers.) This key is also stored in OTP, and in several places in IOS (for no apparent reason). If you’re using Segher’s tools, you may also be interested in the SD IV (216712e6aa1f689f95c5a22324dc6a98) and the MD5 blanker (0e65378199be4517ab06ec22451a5793), both of which are stored inside the 1-2 binary.
- NAND key (varies): This AES key is used to encrypt the filesystem data on the actual NAND chip itself; it is probably randomly generated during manufacturing and is also stored in the OTP area of the Starlet. This key is used to prevent the contents of the NAND filesystem from being read using a flash chip reader. Nintendo may or may not actually record this key anywhere, since they (theoretically) don’t need to ever use it. In fact, in some similar systems, keys like this are generated automatically by the device itself and (theoretically) never leave it — the Wii shares some design prinicples with HSMs, but it certainly doesn’t manage to be one. This is another OTP key.
Wii Common Key Oot Randomizer
RSA keys: The Wii uses RSA-based authentication in several different places. This is fundamentally different than the AES encryption used for data-hiding, because RSA is an asymmetric cipher, meaning there are no shared secrets — nothing to be extracted from the Wii. The only RSA keys stored on the Wii are public keys, used to verify authenticity of content.
- CP: Content Protection? This key is used to sign the TMD associated with every title. The TMD contains a SHA1 hash of the contents of that title, proving that it had not been modified. My 24c3 presentation was done by injecting a new .DOL into a Lego Star Wars disc and then forging the signature on its TMD, using a flaw originally discovered by Segher. After that presentation, people eventually discovered the common key needed to decrypt update partitions, allowing others to analyze / disassemble IOS. xt5 (who I had the pleasure of meeting at 24c3) was then able to find the same flaw and implemented it in his Trucha Signer. In fact, from disassembling his code, the core part of it was almost identical to our never-released code — great minds think alike, eh?
- XS: “Access”? This is the key that signs tickets, which contain the title keys for individual titles.
- CA: Certification Authority: This key signs both the XS and CP keys.
- MS: “Master?” This key is used to sign the certificate that contains a copy of your Wii’s public ECC key. This certificate is then appended to savegames on SD cards, so that any other Wii can verify that the key was issued by Nintendo.
- Root: This is the “grand master key”, which signs the CA key. The public half of this can be found here.
ECC keys: The Wii uses Elliptic Curve Cryptography in a few select places — primarily, it uses this when it signs savegames before writing them to SD card. ECC is used in ways similar to RSA, but it’s somewhat newer and much faster to run on an embedded system.
Other: For lack of a better place to put it, there is also an HMAC key — a 20-byte value that is used in a SHA1-based HMAC of the NAND flash contents to prevent them from being tampered with. This is a commonly used scheme in embedded systems, where a device wants to “sign” something itself, for itself. There are no public vs private keys here — you need to know this value in order to verify the hash, and you need the same value to generate the hash. This isn’t appropriate for communications between two people, but is perfectly fine for letting the Wii test to see if the chip was pulled, rewritten, and resoldered.
Key storage: The public keys are stored in various places — these aren’t sensitive, so they don’t really need to be concealed (although at least one of them needs to be protected from modification, and it can then sign the others). The rest are stored in two places:
- Hollywood SEEPROM: After meeting him at 24c3, bunnie was kind enough to decap some chips for me, including a Hollywood. One of those chips is 2kbit serial EEPROM, which stores the MS signature on the the ECC key.
- One-Time Programmable Area: Inside the Starlet ARM core, there are a bunch of things:
- SHA1 hash of boot1
- Common key
- ECC private key
- NAND HMAC
- NAND AES key
- RNG seed
- other stuff we can’t yet decipher