- 精华
- 0
- 帖子
- 516
- 威望
- 0 点
- 积分
- 560 点
- 种子
- 11 点
- 注册时间
- 2007-3-5
- 最后登录
- 2024-10-8
|
发表于 2008-11-12 11:52 · 江苏
|
显示全部楼层
钥匙,钥匙,钥匙。
2008年4月15日 BUSHING
By popular request, here’s an explanation of the different encryption keys that are used on the Wii.
为了通俗易懂,针对wii上不同的加密key做相应的解释
AES Keys: The Wii uses 128-bit (16-byte) symmetric AES (aka AES-128-CBC) for most encryption.
Common key (ebe42a225e8593e448d9c5457381aaf7): This is the “shared secret” that we extracted with the Tweezer Hack. This key is known by all Wiis, but is never used, directly, to encrypt anything. Instead, all titles are encrypted with a random AES key; this key is then encrypted with the Common key and then stored inside a ticket. The ticket is then transmitted along with the content — on discs, it’s part of the “certificates” found before the encrypted data starts. Thus, knowing the common key allows you to decrypt most Wii content, as long as you have the right ticket. This key is stored in the OTP area inside the Starlet ARM coreinside the Hollywood package
AES key: wii大部分使用128位元( 16字节)对称AES(又名AES- 128 -cbc)加密。
Common key( ebe42a225e8593e448d9c5457381aaf7 ) :这是“共享秘密” ,我们用hack方式提取。这个key是已知的所有wiis ,但从未使用过,直接加密任何东西。相反,所有的TITLES是一个随机的AES KEY加密,这个KEY是然后用common key加密,然后储存到一个TICKET。TICKET,然后转交随内容-对光盘,它的部分的“证书”被发现在加密的数据开始之前。因此,明知COMMON KEY 让您解密大多数wii的内容,只要你有正确的TICKET。这主要是储存在好莱坞(gpu)里的Starlet ARM 内核(一个在图形处理器中没有公开过的芯片(undocumented processor),这个芯片被他们叫"Starlet"(因为没有官方名称),芯片的作用是控制Wii的RAM、安全和加密并控制几乎所有周边。)
SD key (ab01b9d8e1622b08afbad84dbfc2a55d): This is another shared secret — also stored on the Hollywood, but also found plenty of other places, including inside the firmware images. This key is used by the System Menu (1-2) to encrypt anything before writing it out to the SD card, and it’s used by 1-2 to decrypt anything read from the SD card. This is done mainly for the purpose of obfuscation, to keep people from examining savegames. It’s worth noting that all Wii games save their data to the internal NAND — no game supports loading or saving data directly to SD. This frees game writers from the requirement of handling this step themselves; they just write the savegame data, unencrypted and unsigned, to their title-data directory inside the NAND filesystem; the system menu then handles everything else. (The real reason for this is probably that it allowed Nintendo to make a system where they didn’t have to expose the details of this encryption — or any encryption — to their licensed game developers.) This key is also stored in OTP, and in several places in IOS (for no apparent reason). If you’re using Segher’s tools, you may also be interested in the SD IV (216712e6aa1f689f95c5a22324dc6a98) and the MD5 blanker (0e65378199be4517ab06ec22451a5793), both of which are stored inside the 1-2 binary.
SD KEY(ab01b9d8e1622b08afbad84dbfc2a55d) : 这是另一种共享的秘密-也储存在好莱坞,但也发现大量的其他地方,包括firmware images里。 这个key被系统菜单1-2用在写或读SD卡片之前加密任何东西,。 这主要为迷惑研究savegames漏洞的人,值得注意的是,所有的wii游戏保存数据到内部的nand,而不能直接在sd卡里读写。 这减轻了要处理这一步的游戏开发者负担; 他们只需要保存末加密和未签名的游戏记录到nand里的自己标题文件夹下。 (真正的原因也许是领有牌照的游戏开发商没必要知道任天堂的系统加密细节。)这把钥匙也被存放在OTP(One-Time Programmable 一次性可编程)ROM和在IOS(Wii的韧体/固件的名称)的几个地方(没有明显的原因)。
如果使用Segher的工具,您也许也是对SD IV (216712e6aa1f689f95c5a22324dc6a98)和MD5 blanker (0e65378199be4517ab06ec22451a5793)感兴趣,这两者都是储存在1-2二元
NAND key (varies): This AES key is used to encrypt the filesystem data on the actual NAND chip itself; it is probably randomly generated during manufacturing and is also stored in the OTP area of the Starlet. This key is used to prevent the contents of the NAND filesystem from being read using a flash chip reader. Nintendo may or may not actually record this key anywhere, since they (theoretically) don’t need to ever use it. In fact, in some similar systems, keys like this are generated automatically by the device itself and (theoretically) never leave it — the Wii shares some design principles with HSMs, but it certainly doesn’t manage to be one. This is another OTP key.
nand key(变化) : 这把AES钥匙被用于加密nand 芯片的文件系统数据;它可能是随机产生的制造过程中,也储存在Starlet的OTP区域 。 ,这把KEY被用于防止NAND文件系统内容用闪存芯片读取器读取出来。 任天堂实际上也许或并没有在任何地方记录这个key ,因为他们(理论上) 不需要使用它。 实际上,在一些相似的系统,象这样的KEY是自动地由设备生成的,并且(理论上)不要保留它— Wii共享一些设计原则和 HSMs(Hardware Security Module,硬体安全模组),但它肯定不成为这其中一个。 这是另一把OTP钥匙。
RSA keys: The Wii uses RSA-based authentication in several different places. This is fundamentally different than the AES encryption used for data-hiding, because RSA is an asymmetric cipher, meaning there are no shared secrets — nothing to be extracted from the Wii. The only RSA keys stored on the Wii are public keys, used to verify authenticity of content.
CP: Content Protection? This key is used to sign the TMD associated with every title. The TMD contains a SHA1 hash of the contents of that title, proving that it had not been modified. My 24c3 presentation was done by injecting a new .DOL into a Lego Star Wars disc and then forging the signature on its TMD, using a flaw originally discovered by Segher. After that presentation, people eventually discovered the common key needed to decrypt update partitions, allowing others to analyze / disassemble IOS. xt5 (who I had the pleasure of meeting at 24c3) was then able to find the same flaw and implemented it in his Trucha Signer. In fact, from disassembling his code, the core part of it was almost identical to our never-released code — great minds think alike, eh?
XS: ”Access”? This is the key that signs tickets, which contain the title keys for individual titles.
CA: Certification Authority: This key signs both the XS and CP keys.
MS: “Master?” This key is used to sign the certificate that contains a copy of your Wii’s public ECC key. This certificate is then appended to savegames on SD cards, so that any other Wii can verify that the key was issued by Nintendo.
Root: This is the “grand master key”, which signs the CA key. The public half of this can be found here.
ECC keys: The Wii uses Elliptic Curve Cryptography in a few select places — primarily, it uses this when it signs savegames before writing them to SD card. ECC is used in ways similar to RSA, but it’s somewhat newer and much faster to run on an embedded system.
Other: For lack of a better place to put it, there is also an HMAC key — a 20-byte value that is used in a SHA1-based HMAC of the NAND flash contents to prevent them from being tampered with. This is a commonly used scheme in embedded systems, where a device wants to “sign” something itself, for itself. There are no public vs private keys here — you need to know this value in order to verify the hash, and you need the same value to generate the hash. This isn’t appropriate for communications between two people, but is perfectly fine for letting the Wii test to see if the chip was pulled, rewritten, and resoldered.
Key storage: The public keys are stored in various places — these aren’t sensitive, so they don’t really need to be concealed (although at least one of them needs to be protected from modification, and it can then sign the others). The rest are stored in two places:
Hollywood SEEPROM: After meeting him at 24c3, bunnie was kind enough to decap some chips for me, including a Hollywood. One of those chips is 2kbit serial EEPROM, which stores the MS signature on the the ECC key.
One-Time Programmable Area: Inside the Starlet ARM core, there are a bunch of things:
1。SHA1 hash of boot1
2。Common key
3。ECC private key
4。NAND HMAC
5。NAND AES key
6。RNG seed
7。other stuff we can’t yet decipher
All of that info comes from tmbinc, who recovered it with a method he described here.
RSA密钥: wii使用RSA信息为基础的认证在几个不同的地方。这是根本的不同,比AES加密技术用于数据隐藏,因为RSA的是一个非对称加密,意思是有没有共享的秘密-无关摘自w ii。唯一的RSA密钥存储在wii是公开密码匙,用以核实内容的真实性。
cp:内容保护?这关键是用来签署加入TMD相关的每一个标题。 TMD的包含一个sha1哈希的内容,标题,证明它没有被修改。我24c3介绍所做的注入新的。 dol成为一个读星球大战光盘,然后伪造签名就其战区导弹防御,利用原来的一个缺陷所发现的segher 。后介绍,人们终于发现了共同的关键,需要解密更新分区,让别人来分析/拆解内部监督办公室。 xt5 (我曾有幸在24c3 认识) ,当时能找到相同的缺陷和实施在他的trucha签字。事实上,从拆解他的代码,其核心的一部分,这是几乎相同的,我们从来没有发布的代码-伟大的头脑,认为无论是吧?
XS的: “准入”呢?这是关键的迹象门票,其中包含了标题为个别键的标题。
钙:核证机关:这个关键的迹象,无论是XS的和CP键。
女士: “师父? : ”这关键是用来签署证书包含一份贵wii的公共ECC的关键。本证书,然后附在savegames对SD卡,使任何其他wii可以验证的关键是所发出的任天堂。
根:这是“大***匙” ,其中的迹象, CA的关键。市民的一半,这可以在这里找到。
ECC的钥匙: wii利用椭圆曲线密码体制在未来数选择的地方-主要是,它会使用这个标志时, s avegames前,以书面他们的S D卡。 ECC的是使用的方式类似RSA信息,但它的一些较新和快得多上运行的嵌入式系统。
其他:由于缺乏一个更美好的地方,把它,也有一hmac的关键-一个2 0字节的值是用来在一个s ha1基于h mac的N AND快闪记忆体的内容,以防止它们被篡改。这是一个常用的计划,在嵌入式系统中,凡装置要“签”的东西本身,为自己。有没有公共与私人密码匙在这里-你必须知道这个值,以便核实散列,而您又需要相同的值来生成散列。这是不恰当的沟通,两个人,但是绝对的罚款,让wii测试,看看如果芯片拖出,改写,并resoldered 。
密钥存储:公共密码匙储存在不同地方-这些都是不敏感,所以他们并不真的需要被隐瞒(虽然其中至少一项需要得到保护,免受修改,并且可以然后签署等) 。其余的则存放在两个地方:
好莱坞seeprom :会面后,他在24c3 , bunnie是一种足以decap一些芯片对我来说,包括好莱坞。一,这些芯片是2kbit串行EEPROM ,储存女士签署关于该***会的关键。
一时间,可编程地区:内的明星ARM内核,有一大堆的事情:
1 。 sha1哈希boot1
2 。共同的关键
3 。 ECC的私人密码匙
4 。 NAND型hmac
5 。 NAND型的AES的关键
6 。 rng种子
7 。其他的东西我们还不能破译
所有这些信息来自tmbinc ,他收回它了一种新方法,他这里。 |
|
楼主: ff1981
川公网安备 51019002005286号
楼主
