Encryption keys

From WiiUBrew
Jump to navigation Jump to search

There are lots of encryption keys used on the Wii U. They're seperated into two types, Espresso and Starbuck (for the normal and security processors), aside from a few exceptions. Only SHA1 hashes will be posted here, but several keys are publicly available, as it's possible to dump the Espresso key bank from the OTP. See Fail0verflow's writeup for more details.

Espresso Keys

The Espresso keybank is 64 bytes, with the first 32 being the Ancast Keys. After the Boot ROM reads these keys, it disables access until the Espresso is reset again.

vWii Ancast Key

ce3641b2660253f5a7e789db297be2c1585b3054

Used by the Espresso Boot ROM to decrypt vWii System Menu and new NANDloader binaries at load time. See Fail0verflow's talk for more information on the NANDloader.

Wii U Ancast Key

2ba6f692ddbf0b3cd267e9374fa7dd849e80f8ab

Used by the Espresso Boot ROM to decrypt the Cafe OS kernel at load time.

Starbuck Keys

Wii U common key

6a0b87fc98b306ae3366f0e0a88d0b06a2813313

Used to decrypt the title key for every Wii U application. System titles and installable applications are decrypted at install time, disc-based games are decrypted at load time.

Cafe OS and Starbuck binaries are double-encrypted with this and the Starbuck Wii U Ancast Key.

vWii common key

2b30b703c6676c8124c7347b30c7972ffeae2b39

Used to decrypt the title key for vWii system updates (as part of the Wii U's update process, meaning vWii doesn't have access to it).

Wii U ancast key

d8b4970a7ed12e1002a0c4bf89bee171740d268b

Used to decrypt Starbuck Ancast binaries at load time (namely IOSU for Wii U and cafe2wii for vWii).

boot1 ancast key

Used by boot0 to decrypt boot1 on boot.