Difference between revisions of "Wii disc"
m (Not software)
m (→Decrypted: linked DOL and apploader)
|Line 388:||Line 388:|
| Pointer to the Main
| Pointer to the Main , Address is (value << 2)
|Line 404:||Line 404:|
| Pointer to the
| Pointer to the
== Known Wii discs ==
== Known Wii discs ==
Revision as of 05:21, 23 July 2021
This article describes the logical layout of data on a Wii disc.
The first 0x400 bytes are like the GameCube disc header format.
|0x000||1||Disc ID||Wiidisc IDs|
|0x003||1||Region code||'D' = German ; 'E' = USA ; 'F' = France ; 'I' = Italy ; 'J' = Japan ; 'K' = Korea ; 'P' = PAL ; 'R' = Russia ; 'S' = Spanish ; 'T' = Taiwan ; 'U' = Australia|
|0x006||1||Disc number||0x00||Used in multi-disc games|
|0x008||1||Audio streaming||0||0: Streaming disabled, nonzero: streaming enabled. No Wii game uses streaming.[check]|
|0x009||1||Streaming buffer size||0||Buffer size for audio streaming, only used when streaming is enabled. 0 uses the default value, which is 10.|
|0x018||4||Wii Magicword||0x5D1C9EA3||Identifies Disc as Wii. Present on Wii discs, zero on Gamecube discs.|
|0x01C||4||Gamecube Magicword||0xC2339F3D||Identifies Disc as Gamecube. Present on Gamecube discs, zero on Wii discs.|
|0x020||64||Game title||though most docs claim it to be 0x400 the Wii only reads 0x44 which will be padded by the DI driver to 0x60|
|0x060||1||Disable hash verification. On retail consoles, this makes all disc reads fail even before they reach the DVD drive.|
|0x061||1||Disable disc encryption and h3 hash table loading and verification. On retail consoles, this effectively also makes all disc reads fail because the h2 hashes won't be able to verify against "something" that will be in the memory of the h3 hash table. None of these two bytes will allow unsigned code on retail consoles.|
The Wii disc format uses partitions, mostly one is used for updates (the 1st) and the 2nd for the game.
|0x40000||4||Total partitions in the disc|
|0x40004||4||Partition info table offset, Address is (value << 2)|
|0x40008||4||Total 2nd partitions in the disc (optional)|
|0x4000C||4||Partition info table offset, Address is (value << 2)|
|0x40010||4||Total 3rd partitions in the disc (optional)|
|0x40014||4||Partition info table offset, Address is (value << 2)|
|0x40018||4||Total 4th partitions in the disc (optional)|
|0x4001C||4||Partition info table offset, Address is (value << 2)|
Partition table entry
|0x0||4||Partition offset, Address is (value << 2)|
|0x4||4||Type: 0 for a Data partition, 1 for an Update partition, 2 for a Channel installer. The demonstration VC titles on Super Smash Brothers Brawl use the Ascii title ID.|
|0x4E000||4||Region byte||0 = JAP/CHT (Taiwan), 1 = USA, 2 = PAL, 4 = KOR|
|0x4E010||1||Japan/Taiwan||Age Rating byte. Indicates the Age Rating for a Wiidisc|
|0x4E013||1||Germany||Age Rating byte. Indicates the Age Rating for a Wiidisc|
Offset 0x00000000 is considered as the start of the partition.
The offset of the actual partition data is 0x00020000 for normal discs and 0x00008000 for unencrypted discs (discs where 0x61 in the header is non-zero).
|0x000002A8||4||TMD offset >> 2|
|0x000002AC||4||Cert chain size|
|0x000002B0||4||Cert chain offset >> 2|
|0x000002B4||4||Offset to the H3 table >> 2 (size is always 0x18000)|
|0x000002B8||4||Data offset >> 2|
|0x000002BC||4||Data size >> 2|
For discs where 0x61 in the disc header is non-zero, skip this section and go to #Decrypted. (Such discs don't work on retail consoles.)
Partition data is encrypted using a key, which can be obtained from the partition header and the master key. The actual partition data starts at an offset into the partition (normally 0x20000), and it is formatted in "clusters" of size 0x8000 (32k). Each one of these blocks consists of 0x400 bytes of encrypted SHA-1 hash data, followed by 0x7C00 bytes of encrypted user data. The 0x400 bytes SHA-1 data is encrypted using AES-128-CBC, with the partition key and a null (all zeroes) IV. Clusters are aggregated into subgroups of 8 clusters, and 8 subgroups are aggregated into one group of 64 clusters. The plaintext format is as follows:
|0x000||0x26B||0x26C||31 SHA-1 hashes ("H0", 20 bytes each), one for each block of 0x400 bytes of the decrypted user data for this cluster.|
|0x26C||0x27F||0x014||20 bytes of 0x00 padding|
|0x280||0x31F||0x0A0||8 SHA-1 hashes ("H1"), one for each cluster in this subgroup. Each hash is of the 0x000-0x26B bytes, that is, of the 31 hashes above. This means that each cluster carries a hash of the data cluster hashes for each of the clusters in its subgroup. Every cluster in the subgroup has identical data in this section.|
|0x320||0x33F||0x020||32 bytes of 0x00 padding|
|0x340||0x3DF||0x0A0||8 SHA-1 hashes("H2"), one for each subgroup in this group. Each hash is of the 0x280-0x31F bytes above. This means that each cluster carries a hash of the subgroup hash data for each of the subgroups in its group. All 64 clusters in a group have identical data in this section. Bytes 0x3D0-0x3DF here, when encrypted, serve as the IV for the user data.|
|0x3E0||0x3FF||0x020||32 bytes of 0x00 padding|
If you're having trouble seeing how this works, here's the algorithm:
- For every 0x400 bytes of user data (plaintext), apply SHA-1. Store the resulting table of hashes.
- Aggregate 8 clusters. Apply SHA-1 to the table of data hashes that you've just created above for every cluster, and build a table of the resulting 8 hashes. Store this table in each of the 8 clusters.
- Aggregate 8 subgroups (64 clusters). Apply SHA-1 to the table of hashes of each subgroup (note that every cluster in the subgroup shares this, so you only compute the SHA-1 once per subgroup). Build a table, and store a copy of this table into every one of the 64 clusters.
Finally, the global hash table ("H3"; which the partition header points to) contains the SHA-1 hash of the last table of each group in the partition. This table is not encrypted, but it is signed. To build it, take bytes 0x340-0x3DF from any sector in each group in the partition, apply SHA-1, and simply store all of the resulting hashes consecutively. All in all, each sector includes enough information to trace itself back to the master SHA-1 hash table. As a result, the entire partition is effectively signed. If anything is changed, the Wii will immediately crash (if the master hash table has been updated), or it will crash when it reads any sector in the modified group (if the group tables have been updated), any sector in the modified subgroup (if the subgroup tables have been updated), or any modified sector if no SHA-1s were updated.
The signature is stored in the TMD. The TMDs for the partition always have one content. The type of that content seems to be always 3, and the SHA1 hash is the SHA1 of the entire 0x18000 bytes of the hash table. The TMD is signed using Nintendo private key. That makes basically impossible to run modified discs. Trucha Signer uses the signing bug to bypass the TMD signature checking, so the SHA1 hash of the master table can be updated, and modified discs can be booted.
To decrypt the user data at 0x0400-0x7FFF, again use the partition key, but this time take the IV from bytes 0x3D0-0x3DF in the encrypted SHA-1 block.
Once the Partition Data is decrypted (or if it was stored unencrypted to begin with), it follows the same formatting as a Gamecube disc for the most part.
|0x00000||1024||Same format as the main disc header, except bytes 0x60 and 0x61 are set to 0x01.|
|0x00420||4||Pointer to the Main DOL, Address is (value << 2)|
|0x00424||4||Pointer to the File System start, Address is (value << 2)|
|0x00428||4||File System Size|
|0x0042C||4||Max File System Size|
|0x02440||4||Pointer to the apploader|
Known Wii discs
On the Title Database you can find some info about different game discs
Methods to boot a disc
As far as we know there are 2 methods to boot a game.
Method 1 is R (manual boot) Method 2 is 0 (autoboot)
The Wii BootMe tool (created by CorteX) lets you change the way wii images boot.