Welcome! Log In Create A New Profile


Key dump

Posted by mauifrog 
Key dump
April 04, 2012 06:42AM
I would be nice to have a fast simple method of getting the nand keys without making a full nand dump with bootmii or using xyzzy. The best option would be to have the hackmii installer create a key.bin file on sd:\ any time the installer was run, regardless of usable ios. Or have an option to dump only the keys from within bootmii. Or have a standalone app that would dump the keys. The problem is, is most people can not install bootmii as boot2, so bootmii is not a good recovery option. These people with bootmii ios often skip making a nand dump with bootmii, so they have not nand keys. Then when they brick there wii they can not recover via nand programming because they have not keys. I know, it is their fault, but it would be great if everyone had the nand keys. I think it would be best if the hackmii installer could dump these keys to sd:\ when run, this would be great. Or at least have a simple method to quickly get the keys without making a whole nand dump, via bootmii or mini app, that people could use who choice not to make a nand dump with bootmii, either because they are stupid or do not have a 1 gig sd card.

Just a thought, I think I could help a lot of people.

I know it is not much, but I pledge a $100 donation to the inclusion of nand key dump included into the hackmii installer, regardless of "no vulnerable ios". That would be great, and I would be happy to put some money up for it.

$100 - hackmii key dump
$50 - bootmii key dump
$50 - mini key dump -Done, thanks giantpune

Edited 3 time(s). Last edit at 04/06/2012 03:14AM by mauifrog.
Re: Key dump
April 04, 2012 10:38AM
Why not ask giantpune to make a mini app, I'm sure he'd be happy to take your money.
Re: Key dump
April 04, 2012 01:59PM
The problem with your suggestions other than the one about HackMii Installer is that if people are too lazy/stupid to take a NAND dump, they are unlikely manually dump keys with BootMii or another app.

I'm sure xzyyz could probably be updated to use AHBPROT without a huge amount of work, but it's a question of whether people would actually use it, because if not, it defeats the point.
Re: Key dump
April 05, 2012 03:54AM
I would be happy to have giantpune do it if he likes, I am sure whatever work involved will take more effort than my pledge. An updated xzyyz that used ahbprot would be great, assuming it would not need network and ios11 etc. I think there are two types of people, the stupid ones, the lazy ones, and the poor ones with very small sd card. You can't help the stupid ones, but a quick method of dumping the keys would help the lazy and poor I believe. The hackmii solution is the best, and would be simply awesome, probably not likely to happen, but one can always hope. But I think that the more methods the better life would be.
Re: Key dump
April 05, 2012 11:11AM
heres a quick hack that seems to work.

its a ppcboot.elf, which can be started directly with mini by replacing the bootmii one, or started from the little homebrew launcher in the bootmii ui. it runs with MINI, so does that satisfy #2 and #3? :D

i really wasnt sure about what to put at the start of the file. the backupmii one puts "BackupMii v1..." at the start. i dont know if any programs are out there that actually read that or not. on the off chance that there is one, i made this one put the same string at the start of the file, even though it is not backupmii creating it.

Edited 1 time(s). Last edit at 04/05/2012 11:13AM by giantpune.
Re: Key dump
April 05, 2012 01:04PM
#2 was for an option in Ceiling Cat to dump keys, so you only classify for #3 I think pune.
Re: Key dump
April 06, 2012 03:13AM
That works great giantpune, your awesome. You win a prize, only one though, sorry. This is a super simple solution for those with small sd card or little time, works very fast. Did you have that laying around, or did you just write it?

What is 0x2f8 - 0x2f9? It does not match the key.bin from my bootmii dump.
Re: Key dump
April 06, 2012 03:33AM
i think somewhere in there is the SFFS generation number which is incremented each time IOS commits the metadata changes to the nand filesystem. it matches up with u16 prng_seed[2]; in this layout. and has the comment "incremented every time IOS starts."


Edited 1 time(s). Last edit at 04/06/2012 03:39AM by giantpune.
Sorry, only registered users may post in this forum.

Click here to login