Welcome! Log In Create A New Profile


Custom Wii Extension: dealing with encryption

Posted by janeba 
Custom Wii Extension: dealing with encryption
January 28, 2009 06:01AM
Howdy all,
I am really interested in making my own extension for the Wii. The big problem with this is the encryption that is used. So far people have been able to figure out how to disable it so plain-text data can be read from the extension. While this is useful for interfacing a Wiimote+extension to a PC, it dosnt solve the problem of interfacing a custom extension to the Wii.

What we know now:
-We can get plain-text data off of any extension on a PC
-The Wii sends a 16 byte(128 bit) key to the Wiimote which in-turn writes that key to the extension at address 0x40.
-Immediately after the Wii sends the key, it then reads 32 bytes from address 0x20 on the extension.

Plan of attack:
What I am thinking is that we can control the key, we can read the key-response from the extension, and we know what the plan-text results should be so it should be a matter of data collection and analysis to figure out what the encryption function is.

What I dont know:
Has/Is anyone doing something similar? Would they like to collaborate? Is there a way we can get the library the Wii uses to interface to the extension?

Re: Custom Wii Extension: dealing with encryption
January 30, 2009 06:21AM
The encryption appears to be mostly a lot of bullshit tables and random screwing around with the data. There's also an unknown component - the extension appears to have to guess a table index, but it's only three bits and you can check whether it's valid, so it can be brute forced with ease.

You can read the Wii side of the code by disassembling any Wii app. The System Menu is handy because it's got a full set of symbols.

Here's an implementation of the code from the device perspective, including the necessary brute force. This should be enough to implement a custom extension.

I used this code (well, an assembly language version) to implement this: [es.youtube.com]
Re: Custom Wii Extension: dealing with encryption
May 04, 2009 10:37AM
Check out this page:

It's a library for implementing the Wiimote<->extension protocol using AVR microcontrollers.
On the bottom of the page you find information on how the encryption works.

I plan to use the library for making a DIY extension that allows you to connect a MIDI drum it and pretends to be a Guitar Hero World Tour drums controller.
See this thread
Sorry, only registered users may post in this forum.

Click here to login