Custom Wii Extension: dealing with encryption
Posted by janeba
|
Custom Wii Extension: dealing with encryption January 28, 2009 06:01AM | Registered: 15 years ago Posts: 1 |
Howdy all,
I am really interested in making my own extension for the Wii. The big problem with this is the encryption that is used. So far people have been able to figure out how to disable it so plain-text data can be read from the extension. While this is useful for interfacing a Wiimote+extension to a PC, it dosnt solve the problem of interfacing a custom extension to the Wii.
What we know now:
-We can get plain-text data off of any extension on a PC
-The Wii sends a 16 byte(128 bit) key to the Wiimote which in-turn writes that key to the extension at address 0x40.
-Immediately after the Wii sends the key, it then reads 32 bytes from address 0x20 on the extension.
Plan of attack:
What I am thinking is that we can control the key, we can read the key-response from the extension, and we know what the plan-text results should be so it should be a matter of data collection and analysis to figure out what the encryption function is.
What I dont know:
Has/Is anyone doing something similar? Would they like to collaborate? Is there a way we can get the library the Wii uses to interface to the extension?
Thanks,
Janeba
I am really interested in making my own extension for the Wii. The big problem with this is the encryption that is used. So far people have been able to figure out how to disable it so plain-text data can be read from the extension. While this is useful for interfacing a Wiimote+extension to a PC, it dosnt solve the problem of interfacing a custom extension to the Wii.
What we know now:
-We can get plain-text data off of any extension on a PC
-The Wii sends a 16 byte(128 bit) key to the Wiimote which in-turn writes that key to the extension at address 0x40.
-Immediately after the Wii sends the key, it then reads 32 bytes from address 0x20 on the extension.
Plan of attack:
What I am thinking is that we can control the key, we can read the key-response from the extension, and we know what the plan-text results should be so it should be a matter of data collection and analysis to figure out what the encryption function is.
What I dont know:
Has/Is anyone doing something similar? Would they like to collaborate? Is there a way we can get the library the Wii uses to interface to the extension?
Thanks,
Janeba
|
Re: Custom Wii Extension: dealing with encryption January 30, 2009 06:21AM | Admin Registered: 16 years ago Posts: 62 |
The encryption appears to be mostly a lot of bullshit tables and random screwing around with the data. There's also an unknown component - the extension appears to have to guess a table index, but it's only three bits and you can check whether it's valid, so it can be brute forced with ease.
You can read the Wii side of the code by disassembling any Wii app. The System Menu is handy because it's got a full set of symbols.
Here's an implementation of the code from the device perspective, including the necessary brute force. This should be enough to implement a custom extension.
[pastie.org]
I used this code (well, an assembly language version) to implement this: [es.youtube.com]
You can read the Wii side of the code by disassembling any Wii app. The System Menu is handy because it's got a full set of symbols.
Here's an implementation of the code from the device perspective, including the necessary brute force. This should be enough to implement a custom extension.
[pastie.org]
I used this code (well, an assembly language version) to implement this: [es.youtube.com]
|
Re: Custom Wii Extension: dealing with encryption May 04, 2009 10:37AM | Registered: 15 years ago Posts: 5 |
Check out this page:
[frank.circleofcurrent.com]
It's a library for implementing the Wiimote<->extension protocol using AVR microcontrollers.
On the bottom of the page you find information on how the encryption works.
I plan to use the library for making a DIY extension that allows you to connect a MIDI drum it and pretends to be a Guitar Hero World Tour drums controller.
See this thread
[forum.wiibrew.org]
[frank.circleofcurrent.com]
It's a library for implementing the Wiimote<->extension protocol using AVR microcontrollers.
On the bottom of the page you find information on how the encryption works.
I plan to use the library for making a DIY extension that allows you to connect a MIDI drum it and pretends to be a Guitar Hero World Tour drums controller.
See this thread
[forum.wiibrew.org]
Sorry, only registered users may post in this forum.