WiiConnect24/WC24 Content

From WiiBrew
Jump to navigation Jump to search

This page describes the WC24 encryption container, mechanism for announcements, and some of the E-Mail system.

WC24 encryption

WC24 content/files can be encapsulated by the "WC24 header" and optionally encryption. The FourCC at offset 0 is WC24. Offset 4 is a u32 for header version. At offset 0xc is a byte determining encryption: 0 for plaintext, 1 for AES-128-OFB. At offset 0x30 is the IV. Following the IV at 0x40 is the RSA-2048 signature. Encrypted/plaintext payload is at offset 0x140. WC24 content can be semi-raw: the u32 at offset zero must not be zero, and must not be the value of the WC24 FourCC. The encryption type byte at offset 0xc must not be 1, when the u32 at offset zero is zero. The content length must be at least 0x140 bytes. Basically the header can be all zero with the version at offset 0x4 set to 1, but the header isn't needed as long as the aforementioned requirement is met.(The RSA signature is cleared to all zero in memory when the content is raw, however the RSA signature is still verified unless nwc24dl.bin entry flags bit 2 is set.) When RSA signature verification fails,(when verification is still enabled with entry flags bit 2 clear) KD_Download returns -45, and error 107245 is written to the entry error_code field.

typedef struct _WC24Content_Header
{
    u32 magic;//be 0x57433234 ASCII WC24
    u32 version;//Should be 1.
    u32 filler;
    u8 crypt_type;//0 = none, 1 = AES-128-OFB
    u8 pad[3];
    u32 reserved[0x20];
    u8 iv[0x10];
    u8 signature[0x100];
} WC24Content_Header;

When nwc24dl.bin entry flags bit 0 is set, the RSA public key from the title's wc24pubk.mod file stored under the data directory is used. Otherwise, the hard-coded KD key is used. When bit 3 is set, the AES key from wc24pubk.mod is used, otherwise the hard-coded KD key is used. The hard-coded keys are used mainly for announcements. wc24decrypt can be used to decrypt WC24 content.

typedef struct _swc24pubkmod
{
   unsigned char rsa_public[256];
   unsigned char rsa_reserved[256];
   unsigned char aes_key[16];
   unsigned char aes_reserved[16];
} swc24pubkmod;

Announcements

Announcements aren't downloaded with the E-Mail system, the announcement WC24 content files are downloaded with WC24 via HTTP. Format of URLs: http://cfh.wapp.wii.com/announce/cn/ln/num.bin cn is the country code with 3 decimal places.(Like 049 for USA.) ln is a zero based language code. num is the msg file number, 1-based. There's 4 files total. Message file #4 is the newest file, #3 is older, and so on. Announcements can be downloaded with getwiimsg. The WC24 HTTP mail contains MIME data which is a container for the actual E-Mail. Although the MIME data has timestamps, WC24 will save the actual mail to wc24recv.mbx when the file was modified since the last download, regardless of the MIME timestamps or the actual mail date header. Sample MIME data:

--BoundaryForDL201006092127/3767779
Content-Type: text/plain

This part is ignored.


--BoundaryForDL201006092127/3767779
Content-Type: text/plain

<actual mail here>
 
--BoundaryForDL201006092127/3767779--

The boundary format is as follows: BoundaryForDLyyyymmddhhmm/rrrrrrr The fields are 1-based: yyyy is year, mm is month and dd is day, hh and mm are hour and minute. rrrrrrr is random decimal.

The announcements are signed with the common WC24 key (the RSA one used for News, Forecast, etc), aswell as encrypted with the AES-128-OFB key.

E-Mail system

E-Mail is checked, received, and sent with HTTP(S). Everything except for checking for new mail uses HTTPS. The URLs and post params for mail are used from /shared2/wc24/nwc24msg.cfg.

More information on the mail system can be seen at WiiConnect24/Mail

Tools

  • Wc24decrypt - Decrypts WiiConnect24 files
  • getwiimsg - Gets all 4 announcements for a region and language, and decrypts.