Skip to content

Latest commit

 

History

History
200 lines (149 loc) · 13.4 KB

README.md

File metadata and controls

200 lines (149 loc) · 13.4 KB

wad2bin

Converts installable Wii WAD packages to backup WAD packages (*.bin files) using console-specific keydata. These files can be stored on a SD card and used to launch channels via System Menu 4.0+, or used with games that save/read data in this format.

Usage:

wad2bin <keys.txt> <device.cert> <input WAD> <output dir> [<parent title ID> [--nullkey]]

Paths must not exceed 259 characters. Relative paths are supported.
The required directory tree for the *.bin file(s) will be created at the output directory.
You can set your SD card root directory as the output directory.

Notes about DLC support:
* Parent title ID is only required if the input WAD is a DLC. A 16 character long hex string is expected.
* If "--nullkey" is set after the parent title ID, a null key will be used to encrypt DLC content data.
  Some older games (like Rock Band 2) depend on this to properly load DLC data when launched via the Disc Channel.

Building instructions:

  • Windows (should you really bother? 32-bit binaries are provided):

    1. A collection of Unix/Linux utilities such as make, mkdir, rm, ar and cp, as well as a gnu11 standard compliant C compiler, are needed to build this project. There are a few ways to achieve this under Windows:
      • Install TDM-GCC, or...
      • Install devkitPro + MSYS2:
        • Install the gcc package by using the pacman -Syu and pacman -S gcc commands.
      • Install MinGW + MSYS, or...
      • (Untested) Under Windows 10:
        • Install the Windows Subsystem for Linux (WSL) distribution of your preference (I'll assume you chose Ubuntu).
        • Install the gcc package by using the sudo apt update and sudo apt install gcc commands.
        • Modify the Makefiles to use wsl.exe before each Unix command call.
      • Regardless of the option you end up choosing, please make sure your PATH environment variable has been properly updated!
    2. Create a copy of config.mk.template in the same directory and rename it to config.mk. Modify it if you need to change the compiler name/alias.
    3. Build using the make command.
  • Unix-like OS (Linux / MacOS):

    1. Install your preferred C compiler compatible with the gnu11 standard using your OS's package manager (e.g. apt, pacman, brew, etc.).
    2. Create a copy of config.mk.template in the same directory and rename it to config.mk. Open it with a text editor.
    3. Update the CC variable to make it point to your installed C compiler (leaving gcc is usually fine), and wipe the value from the EXE_EXT variable.
    4. Build using the make command.

Guidelines:

  • Console-specific data is required to perform the conversion. Dump it from the target console using xyzzy-mod.
    • The program expects two different files with console specific data: a text file with keydata (check keys.txt.template for the actual format) and device.cert. Both files are generated by xyzzy-mod.
  • Both ticket and TMD for each converted WAD package must be installed on the target Wii console in order for this to work.
    • For this matter, the program generates a bogus WAD package at the provided output directory, using the <title_id>_bogus.wad naming convention. It can be used with regular WAD Managers to install both ticket and TMD if needed.
    • Bogus WAD packages don't have any encrypted content data, thus they're expected to return errors like -1022 during installation with regular WAD Managers - this is expected behaviour, so don't panic.
    • If you can't get your converted WAD package to work, try uninstalling the bogus WAD before installing it (for real). This fixes the problem most of the time.
  • Channel WADs get converted to content.bin files, while DLC WADs get converted to <index>.bin files.
  • If a DLC WAD is provided, it doesn't matter if it's an uncomplete WAD with missing contents, a WAD with a tampered TMD that only references the packaged contents or a full WAD with all contents: all cases are supported by wad2bin. There's no need to provide any content indexes.
  • DLCs can use a parent title ID that's different from the title ID from the game they belong if other games are capable of using them. That's why a parent title ID is required to convert DLCs.
  • Converted DLC data can be encrypted using either a null key (used by older games) or the console-specific PRNG key (used by newer games, and also old games when launched with a cIOS).
  • If the WAD ticket wasn't issued for the target console, or if the WAD isn't legit (e.g. homebrew WAD), a patched IOS must be installed and used. This varies depending on the converted WAD type:
    • Channels: the IOS used by the System Menu must be patched to enable the signing bug on it:
    • DLCs: the game must be launched using a cIOS, or its required IOS version must be patched to enable the signing bug on it. This greatly depends on:
      • How old the game is: if it enforces the usage of a null key when launched through the Disc Channel.
      • The used launch method: cIOS enforce the usage of the PRNG key, even on older games.
      • Ticket/TMD signature validity: if it's not valid, or if the ticket wasn't issued for the target console, a patched IOS or a cIOS will always be necessary.
      • Because of all these reasons, it's difficult to establish a clear procedure that works for every single case. Further trial and error by the user is encouraged.

Supported DLCs:

Not all DLCs can be converted to <index>.bin files - this is because not all games with DLCs are capable of loading DLC data stored on the SD card. For this purpose, wad2bin holds a hardcoded DLC title ID list, in order to avoid converting a DLC WAD that simply won't work from the SD card.

The title ID from the parent game must be provided as an additional command line argument, because some games can "import" DLC data that belongs to other games. Only the following DLCs are supported:

  • Rock Band 2 (00010000-535A41xx) (SZAx):

    • 00010005-735A41xx (sZAx).
    • 00010005-735A42xx (sZBx).
    • 00010005-735A43xx (sZCx).
    • 00010005-735A44xx (sZDx).
    • 00010005-735A45xx (sZEx).
    • 00010005-735A46xx (sZFx).
  • The Beatles: Rock Band (00010000-52394Axx) (R9Jx):

    • 00010005-72394Axx (r9Jx).
  • Rock Band 3 (00010000-535A42xx) (SZBx):

    • 00010005-735A4Axx (sZJx).
    • 00010005-735A4Bxx (sZKx).
    • 00010005-735A4Cxx (sZLx).
    • 00010005-735A4Dxx (sZMx).
  • Guitar Hero: World Tour (00010000-535841xx) (SXAx):

    • 00010005-735841xx (sXAx).
    • 00010005-73594Fxx (sYOx).
  • Guitar Hero 5 (00010000-535845xx) (SXEx):

    • 00010005-735845xx (sXEx).
    • 00010005-735846xx (sXFx).
    • 00010005-735847xx (sXGx).
    • 00010005-735848xx (sXHx).
  • Guitar Hero: Warriors of Rock (00010000-535849xx) (SXIx):

    • 00010005-735849xx (sXIx).
  • Just Dance 2 (00010000-534432xx) (SD2x):

    • 00010005-734432xx (sD2x).
  • Just Dance 3 (00010000-534A44xx) (SJDx):

    • 00010005-734A44xx (sJDx).
  • Just Dance 4 (00010000-534A58xx) (SJXx):

    • 00010005-734A58xx (sJXx).
  • Just Dance 2014 (00010000-534A4Fxx) (SJOx):

    • 00010005-734A4Fxx (sJOx).
  • Just Dance 2015 (00010000-534533xx) (SE3x):

    • 00010005-734533xx (sE3x).

Any DLCs not appearing on this list will return an error if used as the input WAD package for the program. If you come across a DLC that can be loaded from the SD card and doesn't appear on this list, please contact me or open an issue and I'll gladly add it.

GUI:

A Python-based graphical frontend for the program is available as gui.py. Big thanks to LyfeOnEdge for developing it!

Differences between content.bin files and <index>.bin files:

  • content.bin files are used to store data from 00010001 (downloadable channels) and 00010004 (disc-based channels) titles, and get saved to sd:/private/wii/title/<ascii_lower_tid>/content.bin. Whilst <index>.bin files are used to store data from 00010005 (DLC) titles, and get saved to sd:/private/wii/data/<ascii_lower_tid>/<index>.bin - where <index> represents a specific content index from its TMD (000 - 511).
  • Both content.bin and <index>.bin files are backup WAD packages with a "Bk" header block, a TMD data block and encrypted contents using AES-128-CBC with the console-specific PRNG key and the content index as their IV (followed by 14 zeroes).
  • However, content.bin files hold two leading blocks before the "Bk" header that are both encrypted using the SD key and the SD IV (which are not console specific):
    • A 0x640 byte-long title info header, which holds data such as title ID and a copy of the IMET header from the channel's opening.bnr (00000000.app).
    • A copy of the /meta/icon.bin file entry from the opening.bnr U8 archive, with a variable size.
  • content.bin files also hold a trailing certificate area placed after the encrypted contents, which contains:
    • An ECDSA signature calculated over the whole backup WAD package area (using the console-specific ECC private key).
    • A copy of the console-specific ECC-B233 device certificate (also known as "NG" cert).
    • A title-issued ECC-B233 certificate (also known as "AP" cert), signed using the console-specific ECC private key. Its ECC public key is an ECDH shared secret generated with a custom ECC private key. The issuer title is always the System Menu (00000001-00000002).
  • On the other hand, while <index>.bin files don't include any of the leading and trailing blocks from content.bin files, they are only allowed to hold a single encrypted content at a time, which index is used as part of the filename expressed in base 10 notation (e.g. 000.bin).

Dependencies:

  • ninty-233 (licensed under GPLv3 or later) is used for ECDH data generation and ECDSA signing/verification.
  • mbedtls (licensed under Apache 2.0) is used for hash calculations, AES-CBC crypto operations and RSA signature verification.
  • Keydata parsing based on code from hactool (licensed under ISC).

License:

wad2bin is licensed under GPLv3 or (at your option) any later version.

Changelog:

v0.8:

  • Print errno values as part of error messages whenever possible.
  • Use GCC format function attribute on utilsPrintErrorMessage().

v0.7:

  • Removed parent title ID generation for DLC WADs. This doesn't work properly with games that are capable of using DLCs from other games.
    • The hardcoded DLC title ID list is still being used as a filter to know if any converted DLCs will work or not.
  • Added support for encrypting converted DLC data with a null key. Fixes issues with older games launched through the Disc Channel, such as Rock Band 2.
    • Please read the guidelines from the readme! Even if a null key is used, a patched IOS is still needed if the DLC ticket wasn't issued for the target console and you intend to launch the game through the Disc Channel.
  • Added The Beatles: Rock Band DLC to the hardcoded DLC title ID list.
  • Written content padding is now encrypted as well.
  • Several fixes to the U8 archive parsing code.
  • Fixed a silly ECSDA -> ECDSA typo.
  • Reworked certificate chain, ticket and TMD handling.
  • Implemented RSA signature verification in certificates, tickets and TMDs.
    • Fixes a bug where the ticket would have been fakesigned even if it was perfectly valid.
  • Useful info is now displayed at the end of the conversion process. Please read it.

v0.6:

  • Added a hardcoded list with title IDs from DLCs that can be converted to the <index>.bin format. Any other DLCs will return an error. Thanks to this, it's no longer necessary to input a parent title ID.
  • Fixed support for WAD packages with content data bigger than U32_MAX (0xFFFFFFFF).

v0.5:

Implemented bogus installable WAD package generation (header + certificate chain + ticket + TMD), saved at the provided output directory using the <title_id>_bogus.wad naming convention.

These bogus WAD packages can be used to install both ticket and TMD if needed, using regular WAD Managers. Errors such as -1022 can be safely ignored (e.g. content data isn't available in these WADs).

v0.4:

Fixed seeking after a missing content is detected while unpacking a DLC WAD.

v0.3:

Force the user to provide the full parent title ID for DLC WADs.

v0.2:

Added proper support for DLC WADs, even if they're incomplete (e.g. full TMD with missing content files).

v0.1:

Initial release.