834
edits
Changes
clarification
Line 15:
Line 15:
bushing writes the following at MaxConsole: (http://forums.maxconsole.net/showpost.php?p=845262&postcount=82)+"When you copy a savegame from your Wii system memory to an SD card (in "Data Management"), it encrypts it with an AES key known to all consoles (SD-key). This is just to keep prying eyes from reading a savegame file.+The encrypted data is then signed with the private (ECC) key for your console. This is to prevent anyone from modifying the save file.+If I then give you a copy of my savefile, your Wii can decrypt it because it knows the shared secret. However, it has no way of checking this signature, because it doesn't know who I am nor my console's public key. To solve this problem, the savegame also contains a copy of the public half of my ECC key.+Now your Wii can verify that I signed it, but it has no way of knowing whether it was really a Wii that signed it, or if I just made up a new random ECC key to try to fool it. To solve this problem, the copy of my Wii's public key stored inside of the savegame is then signed with Nintendo's private key. So, the console now knows that the savegame came from a Wii, using a key that was assigned by Nintendo.+
−
=== Savegames on SD cards ===
=== Savegames on SD cards ===
−When you copy a savegame from your Wii system memory to an SD card (in "Data Management"), it encrypts it with an AES key known to all consoles (SD-key). This serves only to keep prying eyes from reading a savegame file. In crypto terminology, the SD-key is a "shared secret".
−Your Wii then signs the file on the SD card with its private (ECC) key. This is to prevent anyone from modifying the save file while it is on the SD card.
−If I then give you a copy of my savefile, your Wii can decrypt it because it knows the SD-key. However, it has no way of checking your Wii's signature, because it doesn't know my console's public key. To solve this problem, the savegame also contains a copy of my Wii's public key -- the one that matches the private key it used to sign the savefile. (This copy my Wii's public key is called a 'certificate'.)
−Now your Wii can verify that my Wii signed the file, but it has no way of knowing whether it was really a real Wii that signed it, or if I just made up a new random ECC key to try to fool it. To solve this problem, the certificate stored inside of the savegame is then signed with Nintendo's private key. All Wiis have Nintendo's public key stored in their firmware; your Wii can use that key to verify the signature on the certificate. If the certificate is valid, it can verify the signature on the savegame against my Wii's signature.
−We solved the chicken-and-egg problem with our original memory-dumping hack. We extracted a private ECC key from one console. Since any Wii can read any savefile, we only need to have one key -- it doesn't need to be re-encrypted / re-signed every time.
−We solved the chicken-and-egg problem with our original memory-dumping hack. We got the private key from that Wii. Since any Wii can read any savefile, we only need to have one key -- it doesn't need to be re-encrypted / re-signed every time."
=== Channels on SD cards ===
=== Channels on SD cards ===