Open main menu

WiiBrew β

WAD files

Contents

WAD Format

The data within a WAD file has the following format.

This page is horribly out of date. Expect an update when the dust of recent events settles.

Header

Start End Length Description
0x000 0x003 4 ?? Header size = 0x0020
... ... ... ...

Chain of Certificates

Start End Length Description
0x040 0x043 4 signature type (0x00010001 RSA2048, 0x00010000 RSA4096)
0x044 0x143+d 256 for RSA2048 (d=0x000), 512 for RSA4096 (d=0x100) signature
0x144+d 0x17F+d 60 zero filled
0x180+d 0x1BF+d 64 issuer
0x1C0+d 0x1C3+d 4 ? subject type (0x00000000, 0x00000001)
0x1C4+d 0x203+d 64 subject
0x204+d 0x307+d 260 ? public key
0x308+d 0x30B+d 4 ?? unknown (0x00010001)
0x30C+d 0x33F+d 52 zero filled
... ... ... ...

Key and IV

Start End Length Description
0x0bff 0x0c0e 0x0010 Encrypted title key (decrypt using the master key)
0x0c1c 0x0c23 0x0008 First 8 bytes of IV for title key decryption (last 8 bytes are zero)

To obtain the title key, simply decrypt it using the master key and the given IV (last eight bytes zero, first eight bytes supplied).

Note: this is probably part of the TMD/ticket/whatever. I'm throwing the offsets here for now, since this is arguably the most important part for extraction purposes.

File Table

WAD files contain a number of "files" in them. The number of files can be obtained from the halfword (2 bytes) at 0xede. The table itself starts at 0xee4, and it is composed of a number of file entries:

Start End Length Description
0x00 0x03 0x04 File number / ID
0x04 0x05 0x02 First 2 bytes of IV to decrypt contents (last 14 bytes are zero)
0x06 0x07 0x02 Flags ?
0x08 0x0B 0x04 Padding (zero)
0x0C 0x0F 0x04 File size
0x10 0x24 0x14 SHA-1 sum of decrypted file

The files are located after the file table, with their starts aligned to a 64 byte boundary. To read a file, skip bytes until the next 64 byte boundary (unless already at one), read the File size bytes rounded to the next 16 bytes (the AES block size), decrypt using AES (using the title key and the IV in the file table entry plus 14 zero bytes), and take filesize bytes from the result to create the output file. The SHA-1 sum of this should match the one in the file table.