ModChips | HDD | Online | Miscellaneous | Exploits | Tutorials | Media Players | Launchers | SwapMagic Tools | Emulators
Wii Savegame Parser
The following Perl script can decompile a Wii savedata file which
was copied from the Wii to an SD card. These are stored in files called
data.bin. The script only decompiles the data.bin file. It does
not decrypt the files contained therein to plaintext nor does it
encrypt the plaintext again and reassemble the data.bin file. So it
cannot use it to create data.bin's that can be copied over to the Wii
All multiple byte numbers (e.g. LONG = 4 bytes) are encoded in big
endian format. While some information in the data.bin is plaintext and
can therefore be used by the script below to parse the bin-file. The
two encrypted blocks of data are the header and the actual savegame
files stored in the data bin. LONGs or BYTEs that are fixed and
therefore have he same value in each data.bin file are called magics.
The header is one big block of encrypted data at the beginning of the data.bin. It consists of 64 byte blocks and ends in front of the first 64 byte block starting with 0x00000070 followed by 0x42B0001.
Basic File Information
The ID number of the Wii the data.bin was encoded on follows after that, then a LONG with the number of files contained in the data.bin. This concludes the first 16 bytes after the header.
The next 16 bytes contain one LONG with the size of the block of encrypted file data, two zero LONGs and one LONG describing the number of bytes from the end of the header (including 0x00000070) up to the end of file. A 64 byte of zeros follows the data size information.
After another fixed magic LONG (0x00010000) the savegame's parent program's ID is stored in another LONG. Then follows the Wii's MAC address in another LONG. Another fixed LONG (0xF5550000) completes another 16 byte block.
A 16 byte hash of unknown purpose.
The data.bin contains as many files as indicated by the number of files in the Basic File Information. Each file starts with a file header begining with a magic LONG 0x03ADF17E and then a LONG describing the individual file size in bytes. Three BYTE magics 0x34, 0x00, 0x01 are followed by a zero-terminated string containing the file's name (e.g."zeldaTp.dat"). A block of of 117 minus the string's length artificially increses each single file header's size to 128 bytes. Then follows the actual encrypted file content followed by a block of randon data to force the file data to fit into complete 64 byte blocks.
After the file data the certificates that were (probably) used to encrypted and should be used to decrypt the data are given. A 60 byte hash is followed by two LONG magics (0x00000000, 0x00010002) and another 60 byte hash. Then follows a 64 byte block of zeros and a 64 byte zero-terminated string ("Root-CA00000001-MS00000001") patched with zeros. Another magic (0x00000002) is followed by a string containing the Wii's ID in ASCII ("NG0???????"). This is followed by a 64 byte hash and a 60 byte block of zeros. Then follows a magic (0x00010002), a 60 byte hash, a 64 byte block of zeros and another 64 byte string ("Root-CA00000001-MS00000002-NG0???????") followed by a 64 byte block of zeros. A 0x00000002 magic is followed by another string ("AP0000000100000002") followed by 64 zeros. Then follows a 0x00000000 magic and a 60 byte hash which is finally concluded by 60 zeros bytes till the end of file.
This Perl script will decompile a data.bin file displaying the values of the LONGs and BYTEs and sizes of hashes, strings and data blocks. The hashes and data blocks will furthermore be saved in single binary files with according suffixes.
Powered by vBadvanced CMPS v3.2.3
All times are GMT -7. The time now is 04:41 PM.
Copyright 2000 - 2011, Jelsoft Enterprises Ltd.
Page generated in 0.09521 seconds.
Copyright © 2004 - 2017 SKSApps.com
All rights reserved.
No affiliation with Sony Computer Entertainment or Nintendo Company, Ltd.