Skip to content
This repository has been archived by the owner on Feb 26, 2019. It is now read-only.

Key Management

Jump to bottom
Spotlight edited this page Dec 1, 2018 · 2 revisions

Unlike other applications, the Nintendo Channel tells the KD IOS module that it handles its own keys. While entirely true, it does ultimately mean the channel's key needs to be modified.

Creating the key

  • First, you'll have to create the key. Since the Wii uses 2048 bits as the downloaded container size, we can go ahead and do such:
openssl genrsa -out key.pem 2048

Please keep key.pem safe and private. Disconnect24 isn't responsible for the remarkable amount of gremlins that seem to appear whenever private keys are shown and allow impersonation.

  • From the private key, we can grab the public key. This is what the Wii will verify against to know if the download was successful.
openssl rsa -in key.pem -out key.pub -pubout
  • From such, we then need to convert it to binary. We can decrypt using openssl's base64 feature:
openssl base64 -in key.pub -out key.encapsulated.bin -d
  • However, this approach retains the encasulation notes (BEGIN and END PUBLIC KEY). We can use dd to strip off such:
dd skip=21 count=256 bs=1 if=key.encapsulated.bin of=key.pub.bin

(If you don't wish to utilize dd or don't have it entirely, you can just strip the first 21 bytes and then copy the next 256 bytes elsewhere. You are now safe to delete key.encapsulated.bin.)

Inserting into the channel

  • Open up 0000001.app from an extracted WAD of the Nintendo Channel in your favourite hex editor. Search for 113214D5 7A038FDC E6DAE0D5 ADF687FF. (Some may require you to delete the spaces between every 4 bytes.) This is the Nintendo AES key. You can keep it as-is, or replace it. For ease, we'll keep it. If you edit, don't go past 16 bytes or you'll mess up internal memory structures.

  • In the same file, find 86040000 00000000. The next 256 bytes we'll need to replace with our own private key. Go ahead and open up key.pub.bin from earlier in your text editor. If you select the AES key, you've gone too far.

Below's a visual of the structure. Key Visual

What next?

You can pack the app back into a wad and install on a Wii. If DNS changing isn't your thing, you can replace http://entX.wapp.wii.com where X is a letter code for region like u, d, e or j.

From now on, you're entirely set to use key.pem to sign content for the Nintendo Channel, and key.pub will be used inside the channel to verify.

Clone this wiki locally