Skyward Sword Game Breaking Bug

Started by Thomas83Lin, December 07, 2011, 02:41:07 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

dcx2

#15
December 08, 2011, 04:43:12 AM Last Edit: December 08, 2011, 04:54:08 AM by dcx2
What we really need is an application that can decrypt an arbitrary encrypted save in data.bin format, patch the glitch, and then encrypt back into data.bin.  This tool could then be distributed and any user could fix their own saves, even if they don't have homebrew.

EDIT:

Bingo!  Wiibrew to the rescew!  http://wiibrew.org/wiki/Wii_Security#Save_games_on_SD_cards

The save file is first encrypted by a common AES key known as the SD key.  It can be found here.  http://hackmii.com/2008/04/keys-keys-keys/

Once it is encrypted, a per-console ECC key is then used to sign the encrypted data, however this per-console key is not a problem since there is no restriction on copying someone else's save.

The ECC key is stored as a certificate inside the data.bin.  The ECC key is itself signed by Nintendo's private key (which we don't have).  However, we can use any existing ECC key and its signature to sign the encrypted data.  And it's easy to get an ECC key from your own machine with homebrew; if you don't mind sharing your ECC key then everyone can use it to sign their data.

This same principle can be used to patch the M:OM glitch.

Thomas83Lin

#16
December 08, 2011, 05:08:06 AM
I agree with Dcx2, if someone could code up a small little user friendly app that would be great :)

dcx2

#17
December 08, 2011, 06:07:57 AM
Segher has some tools.  http://wiibrew.org/wiki/Segher%27s_Wii.git

tachtig and twintig work with save files.  But his tools only work in Linux.  So either get cygwin, or try FE100.  http://wiibrew.org/wiki/FE100  But those files are old and/or abandoned, you should go here instead, there are two sets of files to get from two threads in here.  http://www.wiidewii.com/read.php?29,15141  http://www.wiidewii.com/read.php?29,5485 <-- eighth post

It also looks like there might be some checksums.  Hopefully the Twilight Princess checksum might work for Skyward Sword?  But we'd still need a routine for M:OM.  http://git.infradead.org/users/segher/wii.git/blob/abfd6293ab97abef5ed973dfe85b1ad0c23e76d7:/zelda-cksum.c

Note that the checksum is different for various games.  The Lego games have a different routine.  http://git.infradead.org/users/segher/wii.git/blob/78c49eea0f85de8b9863b22519bc469e4b6179c6:/lego-cksum.c

Someone would also have to volunteer their ECC key.

Thomas83Lin

#18
December 08, 2011, 07:02:52 AM Last Edit: December 08, 2011, 09:01:15 AM by thomas83lin
@Dcx2 don't think i'm up for it, but i'm sure someone with a alittle experience at stuff like that, would make a cake walk of it.

@James
Here's that Video of the glitch fix, Its low quality though due to the laptop's webcam

http://www.youtube.com/watch?v=YnRiJOm8usA

edit:
Apparently someone on youtube, posted a Glitch fix video, with a slightly different method, I dunno his method is different and so is his code, He uploaded his video 1 hour before mine, but i did post my code 5 hours before i posted my video.  Its strange but it looks legit.

Bully@Wiiplaza

#19
December 08, 2011, 09:04:46 AM Last Edit: December 08, 2011, 09:13:16 AM by Bully@Wiiplaza
so what are the offsets in the encrypted savegame that needs to be patched? ;D
The video quality isn´t that bad... I´ve seen worse. :)

@dxc2:
Would it be enough to volunteer my ECC key, if I upload my encrypted or decrypted save file?

P.S.
Should this topic stick on Off-topic section? :P
My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully

Thomas83Lin

#20
December 08, 2011, 09:11:25 AM
the offset in the decrypted save using 010 editor was 090Eh
Print
Go Up Pages 1 2
User actions