Difference between revisions of "WAD files"

From WiiBrew
Jump to navigation Jump to search
m (i'm too slow....)
Line 4: Line 4:
=== Decryption ===
Decrypt the partition key at 0xa40 (offset to something that looks like a tmd file) + 0x1bf using the master key and the first 8 bytes at 0xa40 + 0x1dc as IV. You can then start decrypting the user data at offset 0xf40 using this key and an empty IV. It looks like .wad files are not encrypted and hashed in blocks like the discs.
=== Header ===
=== Header ===

Revision as of 20:55, 23 January 2008

WAD Format

The data within a WAD file has the following format.



Start End Length Description
0x000 0x003 4 ?? Header size = 0x0020
... ... ... ...

Chain of Certificates

Start End Length Description
0x040 0x043 4 signature type (0x00010001 RSA2048, 0x00010000 RSA4096)
0x044 0x143 256 for RSA2048 (d=0x000), 512 for RSA4096 (d=0x100) signature
0x144+d 0x17F+d 60 zero filled
0x180+d 0x1BF+d 64 issuer
0x1C0+d 0x1C3+d 4 ? subject type (0x00000000, 0x00000001)
0x1C4+d 0x203+d 64 subject
0x204+d 0x307+d 260 ? public key
0x308+d 0x30B+d 4 ?? unknown (0x00010001)
0x30C+d 0x33F+d 52 zero filled
... ... ... ...

Key and IV

Start End Length Description
0x0bff 0x0c0e 0x0010 Encrypted title key (decrypt using the master key)
0x0c1c 0x0c23 0x0008 First 8 bytes of IV for title key decryption (last 8 bytes are zero)

Note: this is probably part of the TMD/ticket/whatever. I'm throwing the offsets here for now, since this is arguably the most important part for extraction purposes.

File Table

WAD files contain a number of "files" in them. The number of files can be obtained from the halfword (2 bytes) at 0xede. The table itself starts at 0xee4, and it is composed of a number of file entries:

Start End Length Description
0x00 0x03 0x04 File number / ID
0x04 0x05 0x02 First 2 bytes of IV to decrypt contents (last 14 bytes are zero)
0x06 0x07 0x02 Flags ?
0x08 0x0B 0x04 Padding (zero)
0x0C 0x0F 0x04 File size
0x10 0x24 0x14 SHA-1 sum of decrypted file

The files are located after the file table, with their starts aligned to a 64 byte boundary. To read a file, skip bytes until the next 64 byte boundary (unless already at one), read the File size bytes rounded to the next 16 bytes (the AES block size), decrypt using AES (using the title key and the IV in the file table entry plus 14 zero bytes), and take filesize bytes from the result to create the output file. The SHA-1 sum of this should match the one in the file table.