Welcome! Log In Create A New Profile

Advanced

Certificate chain question

Posted by wiinub 
Certificate chain question
August 21, 2010 05:29AM
Hi, I'm very new to the wii and to this forum so please excuse me if this post is misplaced.

I'm playing around with the wii disk format following the documentation on the wiki.
So far I'm just parsing the partition data and doing sha1 verification from h0 to h3.
That was quite a lot of fun and everything works.

Then the wiki says the h3 in signed. However i couln't figure how it's signed.
Presuming it's got soemthing to do with the cert chain, I started looking at it but got soon quite stuck.
If I've got it right, the chain starts with the type (which i presume is always 0x10000) then there is the signature and the the issuer (which again should always be Root).
The rest of the chain should be signed with the root ca key which I found on hackmii - btw the format is not specified, I presume it's a 4096 bit modulus with a 65537 exp appended. Am I that correct?

However, I can't seem to be able to verify the digest.
I'm using openssl with something like:
RSA_verify(NID_sha1, &cert_chain[0x280], cert_chian_size-0x280, &cert_chain[4], 0x200, public_key)
where cert_chain is a pointer to the chain, cert_chian_size is its size and public_key is the key from hackmii.

For the recors, verification fails with RSA_verify:bad signature...


If I ever manage to sort this out, I'd have a second question. The following key in the chain (i.e. CA00000001) looks again in the modulus + exp (00 01 00 01) format. However the size seems a bit weird to me: a 260 byte long modulus + 4 bytes for the exp.
Am I missing something?

Thanks a lot!
Re: Certificate chain question
August 23, 2010 04:57PM
nm i've figured it out
Sorry, only registered users may post in this forum.

Click here to login