Format

A savegame consists of a Header, followed by a Bk Header and a set of files contained in a files section, and finally a footer. The savgames are signed while being copied to the SD card using the Wii's private NG key.

Header

The Header is 0xF0C0 bytes long. It is encrypted (AES128-CBC) using the "sd-key" and the "sd-iv" initialization vector.

The plaintext header contents are described in the following table.

It's divided in two parts: The "main header" and the "banner"

Main header

Start	End	Length	Description
0x0000	0x0007	8	Savegame ID
0x0008	0x000B	4	size of banner (0x72A0 or 0xF0A0, also seen 0xBAA0)
0x000C	0x000C	1	permissions
0x000D	0x000D	1	?? unknown
0x000E	0x001D	16	md5 of plaintext header with md5 blanker applied
0x001E	0x001F	2	?? unknown

Banner

Start	End	Length	Description
0x0020	0x0023	4	magic ('WIBN') (Wii Banner?)
0x0024	0x0027	4	Flags - (Maskable) if set to 0x000001 the save cannot be copied from NAND via normal means, 0x000010 means to "Bounce" between 0 and the last frame. Setting it to 0x000000 makes the animation loop through all frames resetting to 0 on the final frame.
0x0028	0x002A	2	AnimSpeed - Set per frame frameDelay((animSpeed >> (2nFrame))&3); 0 being no animation 1-3 being progressively slower, this is a little strange, but if the first two frames are set to 0, don't animate the icon.
0x002B	0x003F	22	Reserved
0x0040	0x007F	64	Game title (big endian Unicode)
0x0080	0x00BF	64	Game subtitle (big endian Unicode)
0x00C0	0x60BF	24576	banner (192x64) - RGB5A3 GX texture format
0x60C0	0x72BF	4608	icon0 (48x48) - RGB5A3 GX texture format
0x72C0	0x84BF	4608	icon1 (optional, present if size of header is 0xF0C0)
0x84C0	0x96BF	4608	icon2 (optional, present if size of header is 0xF0C0)
0x96C0	0xA8BF	4608	icon3 (optional, present if size of header is 0xF0C0)
0xA8C0	0xBABF	4608	icon4 (optional, present if size of header is 0xF0C0)
0xBAC0	0xCCBF	4608	icon5 (optional, present if size of header is 0xF0C0)
0xCCC0	0xDEBF	4608	icon6 (optional, present if size of header is 0xF0C0)
0xDEC0	0xF0BF	4608	icon7 (optional, present if size of header is 0xF0C0)

Bk ("BacKup") Header

The Bk Header is 0x70 bytes long (plus 0x10 bytes of padding/aligning). It is not encrypted.

Start	End	Length	Description
0x000	0x003	4	Size of the header (0x00000070)
0x004	0x005	2	magic ('Bk')
0x006	0x007	2	magic2 or version (0x0001)
0x008	0x00B	4	NG id
0x00C	0x00F	4	number of files
0x010	0x013	4	size of files
0x014	0x017	4	?? unknown
0x018	0x01B	4	?? unknown
0x01C	0x01F	4	total size
0x020	0x05F	64	?? unknown
0x060	0x063	4	?? unknown
0x064	0x067	4	Game ID (ex. 'RMGP' for Super Mario Galaxy)
0x068	0x06D	6	Mac address of the wii
0x06E	0x06F	2	?? unknown
0x070	0x07F	16	null padded

Files

A savegame consists of several files up to the number specified in the Bk Header. Each file is described using a File Header and a File Data section. Files are stored immediately after the Bk Header using the format described in the next sections.

File Header

The file header is 0x80 bytes long. It is not encrypted.

Start	End	Length	Description
0x000	0x003	4	magic1 (0x03adf17e)
0x004	0x007	4	size of file
0x008	0x008	1	permissions
0x009	0x009	1	attributes
0x00A	0x00A	1	type (1=file, 2=directory)
0x00B	variable	variable	name (null terminated)
...	...	...	...
0x050	0x05F	16	IV for file data decryption
0x060	0x07F	...	?? unknown

File Data

File data comes after the File Header. Each file actually occupies the length specified in the file header rounded up to the next 64 byte boundary. Data is encrypted (AES128-CBC) using the "sd-key" and the initialization vector specified in the File Header.

Parsing savegames

Savegames can be decrypted and unpacked with segher's tachtig and created with his twintig.

Footer

The footer is mainly used for encryption.

Start	End	Length	Description
0x000	0x03C	60	Unknown
0x03D	0x040	4	Unknown
0x041	0x238	504	NG certificate
0x239	0x270	56	Padding
0x271	0x275	4	Unknown
0x276	0x46E	504	AP certificate

Savegame Files

Contents