In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Talk:Wii Savegame Parser

From WiiBrew
Jump to navigation Jump to search

kyocera ringtones cheap adipex free samsung ringtones ativan online xenical online cheap propecia cheap wellbutrin celexa online hgh online didrex wellbutrin online alprazolam free ringtones hydrocodone online free midi ringtones free mp3 ringtones free cool ringtones free sony ringtones real ringtones cheap cialis cheap xenical nextel ringtones cool ringtones free sharp ringtones free nokia ringtones norco online lorazepam online mp3 ringtones ambien online sprint ringtones cheap levitra carisoprodol online fioricet cheap prozac diazepam online cheap clomid order zanaflex cheap hoodia free mono ringtones cheap xanax cheap phentermine free real ringtones polyphonic ringtones cheap zyban viagra online carisoprodol online cheap ultracet free kyocera ringtones cheap cyclobenzaprine vicodin online cheap meridia cheap nexium cheap ambien free funny ringtones norco online free mp3 ringtones flexeril cheap diazepam cheap cyclobenzaprine hgh online sagem ringtones buy wellbutrin fioricet online cheap hydrocodone carisoprodol online norco online free tracfone ringtones midi ringtones free sagem ringtones lortab free mono ringtones free mtv ringtones cheap xenical tracfone ringtones but clomid cheap soma cheap vigrx ativan online free ericsson ringtones nexium online cheap lorazepam cialis alltel ringtones free wwe ringtones levitra online tenuate online celexa online online pharmacy online cheap diethylpropion free ringtones buy alprazolam free motorola ringtones alltel ringtones paxil online zyban online cheap cyclobenzaprine propecia online free qwest ringtones funny ringtones free motorola ringtones cheap xanax free nextel ringtones cheap clonazepam meridia cingular ringtones buy alprazolam order flexeril cheap adipex cheap phentermine vigrx online sildenafil online verizon ringtones polyphonic ringtones jazz ringtones free tracfone ringtones buy pharmacy online free nextel ringtones valium online buy clonazepam order valium prozac online cialis online hoodia online cheap lisinopril cheap ativan tramadol free sony ericsson ringtones buy valium albuterol online free verizon ringtones free sharp ringtones free sonyericsson ringtones free samsung ringtones cheap vicodin viagra online free samsung ringtones order levitra but lipitor tramadol online nokia ringtones cheap albuterol mtv ringtones cheap phentermine free qwest ringtones real ringtones cheap meridia didrex online diethylpropion online free sprint ringtones cheap xanax free ringtones didrex online jazz ringtones ortho online online paxil cheap soma buy lorazepam free ericsson ringtones ultracet online qwest ringtones buy soma buy ultram buy rivotril fioricet online buy tenuate free nokia ringtones free sonyericsson ringtones free motorola ringtones sildenafil online viagra online free sony ericsson ringtones nexium online zoloft online funny ringtones buy ambien cheap hydrocodone ortho online free cingular ringtones lisinopril online cheap zanaflex ultram online cheap vicodin order ultracet free punk ringtones cheap clonazepam lortab online free wwe ringtones music ringtones order adipex free punk ringtones order lipitor buy diazepam cheap propecia free music ringtones online rivotril ultram online online zoloft cheap tramadol cheap paxil free sony ringtones Hi all, Im getting interested in the hack of the savegames. It looks a first step to hack all the ecryption protections of the Wii, because it could provide many information about algorithms used by the console. In other hand, I'm interested in security and it seems to be a entertainment exercising the knowledgement.

I'm using a Wii and games bought in Germany. I've made several comparisions between savegames of Zelda and WiiSports.

I've converted the script to C# and written a small application which parses the savegames.

Comparing the data with the parser, the first remark is with the magic value right after the Mac Address. Istead of a 0xF5550000 I've got a 0x90900000. Hmmmmm... Different zone?

It is interesting for me the size of the hashes. The most used standard algorithms are: MD4 16 bytes (algorithm broken) MD5 16 bytes (algorithm broken, but still in use because its an internet standard) RIPEMD 16 bytes SHA-1 20 bytes SHA-224 28 bytes SHA-256 32 bytes SHA-348 48 bytes SHA-512 64 bytes I don't know any hash algorithm with a digest of 60bytes like the most of the hashes sizes in the savegame file. Could it be a signed hash? In that case, the size of the signature depends on the size of the key. Hmmm more investigation is needed here.

The hash #1 is a 16 bytes array. It seems to be depending on the game. I have the same hash for all the WiiSports savegames and another for the all the Zelda ones. I would say it is some kind of hash of the header.


First experiment: I've saved twice in different cards the same savegame of Zelda. I've compared the two serialized files, and the only differences are in the Hashes #2, #5 and #6. The rest of the files are identical. In that case, I can suppose that some kind of Initialization Vector is used. But in this case the encrypted data is the same, which makes me think that its better some kind of timestamp, probably in the Hash #2, which makes different the other two hashes. So they don't use IV for encryption.

Second experiment: I've saved two games (Zelda and Wiisport) in different days. When comparing the files, I'm trying to check which data is the same, so it depends only on the Wii. Basically the header is different, the hash #1 too (which I think depends on the game) too, the block sizes are different and the encrypted data too. But hash #3, all the RootCA information and hash #4 are identical, which means they are independendent of the game and the time.

Hmmm I'll continue investigating. Greetings! Aykito.

Why is it rejecting/accepting modified files inconsistently?

I've been tinkering with the save files and the results are bizarre. For example, I took a Wii Sports file and changed the "number of files" to 2, and it copied back to the system just fine. I tried some other values and it wouldn't copy anymore, so I tried 2 again and it still wouldn't! But after changing back to 1, it would copy again, and I checked no other bytes were changed. WTF? This happens in other cases too, such as the file size. It accepts the first change, but after that only the original file. 142.59.173.240 22:00, 22 March 2007 (PDT)

Things that need to be looked into

  • What is the relationship between hash1 and the header?
  • Is the header a image? What format?
  • Why does hash2 always start with a zero? It tells me we're off by one byte somewhere.
  • What does the per file padding really look like?
  • Verify all hash sizes.
Retrieved from "https://wiibrew.org/w/index.php?title=Talk:Wii_Savegame_Parser&oldid=2941"