Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Dumps SD Key from the ES module from the running IOS (loaded from NAND). * Dumps SD IV and MD5 Blanker from the System Menu binary. * Saves the raw device.cert to the SD card root. * Replaced tabs with spaces in the output keys.txt file. * Improvements to the OTP/SEEPROM read functions. Unaligned reads are now handled more efficiently. * Fixed an issue where trying to read SEEPROM data starting from an offset higher than zero would return garbage data. * Added an unused SEEPROM write function capable of handling unaligned writes. Might be useful for someone else.
- Loading branch information
1 parent
f9cabca
commit 5c04b77
Showing
16 changed files
with
1,279 additions
and
115 deletions.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,23 @@ | ||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> | ||
<app version="1.1"> | ||
<name>Xyzzy</name> | ||
<version>1.2.7</version> | ||
<release_date>20200508000000</release_date> | ||
<version>1.2.8</version> | ||
<release_date>20200521000000</release_date> | ||
<coder>Bushing, DarkMatterCore</coder> | ||
<short_description>Extract your Wii console keys!</short_description> | ||
<long_description>Xyzzy is a homebrew application that allows the extraction of the OTP and SEEPROM Encryption Keys. | ||
|
||
This modified version uses full hardware access through the HW_AHBPROT flag to read the both OTP and SEEPROM chips, copy their data to a memory buffer and retrieve the console keys. Thus, it no longer installs a modified IOS11 nor uses PatchMii. | ||
This modified version uses full hardware access through the HW_AHBPROT flag to read the OTP and SEEPROM chips, the System Menu binary and the ES module from the current IOS, in order to retrieve the console keys. Thus, it no longer installs a modified IOS11 nor uses PatchMii. | ||
|
||
Other changes include: | ||
|
||
* Compatibility with USB devices. | ||
* Support for GCN controllers and newer WiiMotes.</long_description> | ||
* Compatibility with USB mass storage devices. | ||
* Support for GCN controllers and newer WiiMotes. | ||
* Retrieves SD IV, MD5 Blanker and MAC address. | ||
* Besides generating a "keys.txt" file with a hexdump of every dumped key, these files are also created: | ||
* "bootmii_keys.bin" (follows the BootMii keys.bin format). | ||
* "device.cert" (raw device certificate dump). | ||
* "otp.bin" (raw OTP memory dump). | ||
* "seeprom.bin" (raw SEEPROM memory dump) (Wii only).</long_description> | ||
<ahb_access/> | ||
</app> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
// This program is free software: you can redistribute it and/or modify | ||
// it under the terms of the GNU General Public License as published by | ||
// the Free Software Foundation, version 2.0. | ||
|
||
// This program is distributed in the hope that it will be useful, | ||
// but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
// GNU General Public License 2.0 for more details. | ||
|
||
// Copyright (C) 2010 Joseph Jordan <joe.ftpii@psychlaw.com.au> | ||
// Copyright (C) 2012-2013 damysteryman | ||
// Copyright (C) 2012-2015 Christopher Bratusek <nano@jpberlin.de> | ||
// Copyright (C) 2013 DarkMatterCore | ||
// Copyright (C) 2014 megazig | ||
// Copyright (C) 2015 FIX94 | ||
|
||
#ifndef __RUNTIMEIOSPATCH_H__ | ||
#define __RUNTIMEIOSPATCH_H__ | ||
|
||
/** | ||
* Version information for Libruntimeiospatch. | ||
*/ | ||
#define LIB_RUNTIMEIOSPATCH_VERSION "1.5.4" | ||
|
||
//============================================================================== | ||
// HW_RVL header | ||
//============================================================================== | ||
#if defined(HW_RVL) /* defined(HW_RVL) */ | ||
|
||
/** | ||
*Returns true when HW_AHBPROT access can be applied | ||
*/ | ||
#define AHBPROT_DISABLED (*(vu32*)0xcd800064 == 0xFFFFFFFF) | ||
|
||
//============================================================================== | ||
// Error code definitions: | ||
//============================================================================== | ||
#define ERROR_AHBPROT -5 | ||
#define ERROR_PATCH -7 | ||
|
||
//============================================================================== | ||
// C++ header | ||
//============================================================================== | ||
#ifdef __cplusplus | ||
extern "C" { | ||
#endif | ||
/* __cplusplus */ | ||
|
||
//============================================================================== | ||
// Patchsets: | ||
//============================================================================== | ||
/* | ||
Wii: | ||
* DI Readlimit | ||
* ISFS Permissions | ||
* ES SetUID | ||
* ES SetIdentify | ||
* Hash Check (aka Trucha) | ||
* New Hash Check (aka New Trucha) | ||
* SSL patches | ||
Sciifii: | ||
* MEM2 Prot | ||
* ES OpenTitleContent 1 & 2 | ||
* ES ReadContent Prot | ||
* ES CloseContent | ||
* ES TitleVersionCheck | ||
* ES TitleDeleteCheck | ||
vWii: | ||
* Kill Anti-SystemTitle-Install 1, 2, 3, 4 & 5 | ||
*/ | ||
|
||
|
||
//============================================================================== | ||
// Functions: | ||
//============================================================================== | ||
|
||
/** | ||
* This function can be used to keep HW_AHBPROT access when going to reload IOS | ||
* @param verbose Flag determing whether or not to print messages on-screen | ||
* @example | ||
* if(AHBPROT_DISABLED) { | ||
* s32 ret; | ||
* ret = IosPatch_AHBPROT(false); | ||
* if (ret) { | ||
* IOS_ReloadIOS(36); | ||
* } else { | ||
* printf("IosPatch_AHBPROT failed."); | ||
* } | ||
* } | ||
* @return Signed 32bit integer representing code | ||
* > 0 : Success - return equals to number of applied patches | ||
* ERROR_AHBPROT : Error - No HW_AHBPROT access | ||
*/ | ||
s32 IosPatch_AHBPROT(bool verbose); | ||
|
||
|
||
/** | ||
* This function applies patches on current IOS | ||
* @see Patchsets | ||
* @param wii Flag determing whether or not to apply Wii patches. | ||
* @param sciifii Flag determing whether or not to apply extra Sciifii patches. | ||
* @param vwii Flag determing whether or not to apply extra vWii patches. | ||
* @param verbose Flag determing whether or not to print messages on-screen. | ||
* @example if(AHBPROT_DISABLED) IosPatch_FULL(true, false, false, false); | ||
* @return Signed 32bit integer representing code | ||
* > 0 : Success - return equals to number of applied patches | ||
* ERROR_AHBPROT : Error - No HW_AHBPROT access | ||
* ERROR_PATCH : Error - Patching HW_AHBPROT access failed | ||
*/ | ||
s32 IosPatch_RUNTIME(bool wii, bool sciifii, bool vwii, bool verbose); | ||
|
||
|
||
/** | ||
* This function combines IosPatch_AHBPROT + IOS_ReloadIOS + IosPatch_RUNTIME | ||
* @see Patchsets | ||
* @param wii Flag determing whether or not to apply Wii patches. | ||
* @param sciifii Flag determing whether or not to apply extra Sciifii patches. | ||
* @param vwii Flag determing whether or not to apply extra vWii patches. | ||
* @param verbose Flag determing whether or not to print messages on-screen. | ||
* @param IOS Which IOS to reload into. | ||
* @example if(AHBPROT_DISABLED) IosPatch_FULL(true, false, false, false, 58); | ||
* @return Signed 32bit integer representing code | ||
* > 0 : Success - return equals to number of applied patches | ||
* ERROR_AHBPROT : Error - No HW_AHBPROT access | ||
* ERROR_PATCH : Error - Patching HW_AHBPROT access failed | ||
*/ | ||
s32 IosPatch_FULL(bool wii, bool sciifii, bool vwii, bool verbose, int IOS); | ||
|
||
//============================================================================== | ||
// C++ footer | ||
//============================================================================== | ||
#ifdef __cplusplus | ||
} | ||
#endif /* __cplusplus */ | ||
|
||
//============================================================================== | ||
// HW_RVL footer | ||
//============================================================================== | ||
#endif /* defined(HW_RVL) */ | ||
|
||
#endif |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.