-
Welcome to Smashboards, the world's largest Super Smash Brothers community! Over 250,000 Smash Bros. fans from around the world have come to discuss these great games in over 19 million posts!
You are currently viewing our boards as a visitor. Click here to sign up right now and start on your path in the Smash community!
SSBB Snapshot files. We need to crack em!
- Thread starter Kakkoii
- Start date
Not sure. People have asked a few times for someone to try and see if the files are transferable between Wiis, but for some reason, no one's tried and/or told us yet.
holizz
Smash Cadet
For those with short attention spans, the files have been decrypted, but the format has yet to be deciphered.
It's possible to trade saved things between consoles since they are encrypted by a key held on the Brawl disk.
I've read this over, but I can't understand what you mean.
Since they're encrypted with a general Brawl Key, it means we can upload our Stage Builder files for anyone to download and play on. Is that what you meant?
Cheezball
Smash Ace
I'd like to know this as well, I may purposely fill up my internal memory if I can get some of my pics on my pc.
Okay, sorry guys.
Been busy for awhile.
I've tried ECB and CBC modes. I would try a few others but those ones didn't seem logical to me seeing as how we'd need an intialization vector I don't know. And also The file is in multiples of 16 which leads me to ECB. CBC more no because of needing an IV.
And no, I am not sure that its working seeing as how none of us can get a spark of image data out of them...
I'll try once more to e-mail Nintendo. (Mainly to maintain legality of this project, but hey).
And I have from now for about 6-8 hours of time where I will be trying to decrypt them. We might have the wrong key too. (Maybe, I am using the one for decrypting wii iso's).
And where's Xane? He knew more about the way these images were compressed (or seemed too, i dunno) than anyone else? Wonder if he could lend us a hand.
Been busy for awhile.
I've tried ECB and CBC modes. I would try a few others but those ones didn't seem logical to me seeing as how we'd need an intialization vector I don't know. And also The file is in multiples of 16 which leads me to ECB. CBC more no because of needing an IV.
And no, I am not sure that its working seeing as how none of us can get a spark of image data out of them...
I'll try once more to e-mail Nintendo. (Mainly to maintain legality of this project, but hey).
And I have from now for about 6-8 hours of time where I will be trying to decrypt them. We might have the wrong key too. (Maybe, I am using the one for decrypting wii iso's).
And where's Xane? He knew more about the way these images were compressed (or seemed too, i dunno) than anyone else? Wonder if he could lend us a hand.
Lemon Drop
Smash Lord
The way you all describe how Brawl saves images, you can't get a normal image type unless you hook your Wi up to your computer and take snapshots through a program.
What? It does that?
I figured at that point it would just make you delete some rather than give you that kind of option...
Surgo
Smash Apprentice
Correct me if I'm wrong as it's been a while, but you shouldn't have to know the IV to fully decrypt CBC, right? Just decrypt from the last block and work your way backwards instead of forwards. Your first block will be nonsense because you can't decrypt it, or it could just be the IV or something.Blob said:
Not that it really makes a difference here, but I want to make sure I'm correct.
Other save data has been a mix of clear-text (doubtful here) and AES-128CBC with a special key/IV different from the Wii disc/master key. You'll see these listed at various places as the sd-key and the sd-iv. I haven't actually found a copy of them yet even thought finding the master key was fairly easy
Well then my best bet would be that the key is in.Other save data has been a mix of clear-text (doubtful here) and AES-128CBC with a special key/IV different from the Wii disc/master key. You'll see these listed at various places as the sd-key and the sd-iv. I haven't actually found a copy of them yet even thought finding the master key was fairly easy
http://kakkoister.com/snapshot/Snap_ja.brres
But it could also be in some of the other files on that directory.
(I tried using Heinermann's tool to extract the files from the .brres file. And it shows all the files it's supposedly extracted. But when I go to the folder where it's extracted to. All there is, are the folders for the files, but not files in them. And I know theres files cause it shows the bytes of all the files that should have been extracted into the folder, in the cp.)
It's using the sd-key and sd-iv.
I can't ask for the key and iv here but I wouldn't mind if someone were to give it to me? Maybe?
Remfin got me thinking and I checked it out. Apparently theres a header portion encrpyted using sd-key and sd-iv that contains the file-key and iv.
I can't ask for the key and iv here but I wouldn't mind if someone were to give it to me? Maybe?
Remfin got me thinking and I checked it out. Apparently theres a header portion encrpyted using sd-key and sd-iv that contains the file-key and iv.
This might help.
http://wiibrew.org/index.php?title=Content.bin_file_structure
http://wiibrew.org/index.php?title=Content.bin_file_structure
Hell, anyone know Sakurai's e-mail? lol 
And kakkoil, yes, I did read through that (which is how I confirmed sd-key & iv are being used) but thanks for posting the link.
And ****it it seems the sd-key & iv... well.. hmm... I'll start looking for it myself.
And kakkoil, yes, I did read through that (which is how I confirmed sd-key & iv are being used) but thanks for posting the link.
And ****it it seems the sd-key & iv... well.. hmm... I'll start looking for it myself.
Heinermann
Smash Apprentice
- Joined
- Jul 31, 2007
- Messages
- 80
Ok, it appears my program works properly only if the file is associated with it. I guess I didn't take into account the other options of execution. Thanks Kakkoii. I'll fix it right away.
The files are evidently either encrypted or proprietary. I think you can give up emailing Nintendo about this stuff
If the first 16 bytes are the same it most likely means that is either a key for the rest of the data, or garbage data. If specs say "all data on SD cards must be encrypted" then they may just re-use the normal SD-Key/IV, and make the first 16 bytes 0's to account for the IV (if I understand AES correctly), and shove it on there. If one of you finds and uses the SD-Key/IV on the original files you will hopefully get 16 0's and then the REAL file, possibly a JPEG or PNG (or something proprietary). Just hack off those first 16 bytes and it may open up fine.
If the first 16 bytes are the same it most likely means that is either a key for the rest of the data, or garbage data. If specs say "all data on SD cards must be encrypted" then they may just re-use the normal SD-Key/IV, and make the first 16 bytes 0's to account for the IV (if I understand AES correctly), and shove it on there. If one of you finds and uses the SD-Key/IV on the original files you will hopefully get 16 0's and then the REAL file, possibly a JPEG or PNG (or something proprietary). Just hack off those first 16 bytes and it may open up fine.
Emura
Smash Rookie
Good news everyone!
Work on analyzing the screenshot BINs is going well, though unfortunately there is nothing I can do to help without the SD-key. As I suspected, the BINs are AES encrypted using the Wii's SD-key. As I guessed a few pages ago, the encrypted data does contain a JPEG image (usually). However, it will still take some work to extract the image, then further work to write a utility to convert them to a viewable image.
Also, the utility will require anyone who wishes to use it to have access to the SD-key. It is possible to obtain all of your Wii's encryption keys (not just the SD-key!) by performing a tweezer attack, and there are murmurings of a homebrew app that might be able to extract the keys without needing to crack open your Wii.
One interesting property of these BINs is that they do not always use JPEG compression. This might explain why the image of the black screen from Final Destination only takes up ~4 KB of disk space; Even using the most lossy compression available to the JPEG format, a 640 x 480 pixel screenshot should usually take ~40 KB of disk space. That was something that confused me last week, and I thought you all might find it interesting.
By the way, if you do have the SD-key and feel like sharing it, I live in a country where reverse engineering for personal use is legal (ie no DMCA), so feel free to send it to me in a PM or e-mail!
Work on analyzing the screenshot BINs is going well, though unfortunately there is nothing I can do to help without the SD-key. As I suspected, the BINs are AES encrypted using the Wii's SD-key. As I guessed a few pages ago, the encrypted data does contain a JPEG image (usually). However, it will still take some work to extract the image, then further work to write a utility to convert them to a viewable image.
Also, the utility will require anyone who wishes to use it to have access to the SD-key. It is possible to obtain all of your Wii's encryption keys (not just the SD-key!) by performing a tweezer attack, and there are murmurings of a homebrew app that might be able to extract the keys without needing to crack open your Wii.
One interesting property of these BINs is that they do not always use JPEG compression. This might explain why the image of the black screen from Final Destination only takes up ~4 KB of disk space; Even using the most lossy compression available to the JPEG format, a 640 x 480 pixel screenshot should usually take ~40 KB of disk space. That was something that confused me last week, and I thought you all might find it interesting.
By the way, if you do have the SD-key and feel like sharing it, I live in a country where reverse engineering for personal use is legal (ie no DMCA), so feel free to send it to me in a PM or e-mail!
h1roshi
Smash Hero
same thing goes for saved vid files. i tried to save a vid to the sd card, and put it on my comp and its the same problem...peace
-hiro
-hiro
UncleGrandfather
Smash Cadet
This is good work that you guys are doing. I wish you luck but sadly I can't contribute because alot of this is over my head. I'll keep subscribed and wait for you to finish. Good luck.
Emura
Smash Rookie
Those aren't actually video files. There is no easy way to convert them.
This should be the OP's screenshot:
All glory and praise belong to segher of team twiizers. A conversion utility may appear soon!
Didn't he say it was of Sonic and a Lakitu or something?Those aren't actually video files. There is no easy way to convert them.
This should be the OP's screenshot:
All glory and praise belong to segher of team twiizers. A conversion utility may appear soon!
Edit: "The picture is of Sonic and that little cloud guy from Mario games flying in the air with his mushroom on a string."
Emura
Smash Rookie
Whoops, I guess that was someone else's photo. Here is Wiwiweb's "colorfulest" photo from the trophy room instead:
As far as source code for the conversion goes, segher is not interested in releasing it due to copyright concerns, and frankly, I don't blame him. It doesn't really matter though, because only a handful of people know the SD-key anyway and can make use of it.
That doesn't mean there won't be a SSBB BIN2JPG available in the future... *ahem*
Just not yet.
I should understand this better, but I don't. So, dumb question:
Is there one or two keys that are required for the AES description? I'm not quite understanding the SD-key. Is it unique to individual Wiis, or the same for all Wiis (which would seem to make sense)?
And if it's unique for all, and AES decryption is readily understood, I'm sure someone besides segher should be able to come up with a simple utility, unless the image data itself also needs some weird processing. Like, I could try to code something up, if I had the key and the info. Or is the issue merely that producing such a conversion utility would involve having the SD key in the conversion utility, and would thus violate some rule?
Emura
Smash Rookie
My file server appears to be down right now... please bear with me.
Edit: nvm, it seems to be back up now.
The source code is more of a grey area, but we've all heard of lawyers suing first and asking questions later.
Edit: nvm, it seems to be back up now.
AES is a symmetic-key cryptography system, which means that the same key that is used to encrypt the file is the only key that can be used to decrypt the file. Since this key is not public knowledge, and publishing the key would make the publisher liable for copyright infringement under the Digital Milennium Copyright Act (DMCA), those that do know it are reluctant to publish it.
The source code is more of a grey area, but we've all heard of lawyers suing first and asking questions later.
It is the same for everyone.
Surgo
Smash Apprentice
The DMCA: strangling the free market since the '90s. Sigh :/
Ondo
Smash Apprentice
- Joined
- Jun 20, 2007
- Messages
- 160
Thanks for the news.
This is not the case. Simpler images will compress better, and a 640x480 image that is entirely black compresses very well. As a simple test, it's only 3k using GIMP's default quality settings.
Torrent's would be the most logical way of distributing it. That way no websites or single person can be held accountable. Then after it's been spread all over, It would slowly be released onto websites.
Considering that the Wii's SD key is used to encrypt the files, would that then mean that a screencap of a file sent to another Wii would have a different MD5 checksum than the original file?
Also, could the game be choosing a different image format depending on what the best compression format for a particular given image is?
Also, could the game be choosing a different image format depending on what the best compression format for a particular given image is?
Yeah, segher...you reading this?
Perhaps the sd-key is hidden away in one of segher files?
http://git.infradead.org/?p=users/segher/wii.git
http://wiibrew.org/index.php?title=Segher's_Wii.git
One of those must contain the key to do there operations.
Primary tools
* negentig -- decode and unpack a disc image
* tachtig -- decode and unpack a saved data wad (data.bin)
* zeventig -- decode and unpack an installer wad
* twintig -- pack and encode a saved data wad
http://git.infradead.org/?p=users/segher/wii.git
http://wiibrew.org/index.php?title=Segher's_Wii.git
One of those must contain the key to do there operations.
Primary tools
* negentig -- decode and unpack a disc image
* tachtig -- decode and unpack a saved data wad (data.bin)
* zeventig -- decode and unpack an installer wad
* twintig -- pack and encode a saved data wad
Eh, let's not delve into it.
We now know that you can indeed extract image data from the bin files, so I'm sure if we wait, there will be an app someday.
It's not going to be different for the English version, is it?
Ah, dont discourage these guys, they're freakin' geniuses . They'll put out a converter in a couple days at this rate.
