This key is used to prevent the contents of the NAND filesystem from being read using a flash chip reader.
NAND key (varies): This AES key is used to encrypt the filesystem data on the actual NAND chip itself it is probably randomly generated during manufacturing and is also stored in the OTP area of the Starlet. If you’re using Segher’s tools, you may also be interested in the SD IV (216712e6aa1f689f95c5a22324dc6a98) and the MD5 blanker (0e65378199be4517ab06ec22451a5793), both of which are stored inside the 1-2 binary. (The real reason for this is probably that it allowed Nintendo to make a system where they didn’t have to expose the details of this encryption - or any encryption - to their licensed game developers.) This key is also stored in OTP, and in several places in IOS (for no apparent reason). This frees game writers from the requirement of handling this step themselves they just write the savegame data, unencrypted and unsigned, to their title-data directory inside the NAND filesystem the system menu then handles everything else. It’s worth noting that all Wii games save their data to the internal NAND - no game supports loading or saving data directly to SD. This is done mainly for the purpose of obfuscation, to keep people from examining savegames. This key is used by the System Menu (1-2) to encrypt anything before writing it out to the SD card, and it’s used by 1-2 to decrypt anything read from the SD card. SD key (ab01b9d8e1622b08afbad84dbfc2a55d): This is another shared secret - also stored on the Hollywood, but also found plenty of other places, including inside the firmware images. 
This key is stored in the OTP area inside the Starlet ARM core inside the Hollywood package. Thus, knowing the common key allows you to decrypt most Wii content, as long as you have the right ticket. The ticket is then transmitted along with the content - on discs, it’s part of the “certificates” found before the encrypted data starts.
Instead, all titles are encrypted with a random AES key this key is then encrypted with the Common key and then stored inside a ticket. This key is known by all Wiis, but is never used, directly, to encrypt anything.
Common key (ebe42a225e8593e448d9c5457381aaf7): This is the “shared secret” that we extracted with the Tweezer Hack. By popular request, here’s an explanation of the different encryption keys that are used on the Wii.ĪES Keys: The Wii uses 128-bit (16-byte) symmetric AES (aka AES-128-CBC) for most encryption.
0 kommentar(er)
