In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Difference between revisions of "Ancast image"

From WiiUBrew
Jump to navigation Jump to search
m (→‎Entry info: sha1 size mismatch)
Line 1: Line 1:
Ancast images are encrypted and signed binaries for the Espresso processor to execute. The Espresso contains a secure [[Espresso Boot ROM|boot ROM]] that runs upon a PowerPC hard reset, which will only boot signed code. This code comes in the form of an ancast image. Before resetting the PPC, the currently running ARM code (either IOSU or vWii IOS) must load the ancast image to the physical address 0x08000000 (Wii U images) or 0x1330000 (vWii images) for the boot ROM to verify and decrypt. The Cafe OS kernel, vWii System Menu, and vWii NANDLoader are all in the form of ancast images.
+
Ancast images are encrypted and signed binaries for the Espresso and Starbuck processors to execute.<br>
 +
The Espresso contains a secure [[Espresso Boot ROM|boot ROM]] that runs upon a PowerPC hard reset, which will only boot signed code. This code comes in the form of an ancast image. Before resetting the PPC, the currently running ARM code (either IOSU or vWii IOS) must load the ancast image to the physical address 0x08000000 (Wii U images) or 0x01330000 (vWii images) for the boot ROM to verify and decrypt. The Cafe OS kernel, vWii System Menu, and vWii NANDLoader are all in the form of ancast images.<br>
 +
The Starbuck's boot chain ([[boot0]] and [[boot1]]) only boots signed code in the form of an ancast image as well.
 +
On the ARM side, the IOS-MCP module is responsible for launching cafe2wii and relaunching the IOSU (warm boot). IOS-MCP loads ARM ancast images into MEM1 (0x01000000), verifies and decrypts them before executing with full privileges (all memory protection is disabled and must be re-enabled by the binary itself).
 +
 
 +
ARM and PPC ancast images both use AES-128-CBC for encryption, but differ in signature algorithms. For this reason, their headers are also different.
  
 
"Ancast" is an unofficial acronym for "The princess is in <u>an</u>other <u>cast</u>le", which is a pun introduced during fail0verflow's initial hacking efforts. It doesn't transmit any actual meaning besides that.
 
"Ancast" is an unofficial acronym for "The princess is in <u>an</u>other <u>cast</u>le", which is a pun introduced during fail0verflow's initial hacking efforts. It doesn't transmit any actual meaning besides that.
  
== Structure ==
+
== ARM ancast image ==
  
 
=== Header ===
 
=== Header ===
Line 13: Line 18:
 
|-
 
|-
 
| 0x00
 
| 0x00
| 4
+
| 0x04
| Magicbytes 0xEFA282D9
+
| Magic (0xEFA282D9)
 +
|-
 +
| 0x04
 +
| 0x04
 +
| NULL
 
|-
 
|-
 
| 0x08
 
| 0x08
| 4
+
| 0x04
| Entry offset or header size
+
| Signature offset (0x20)
 +
|-
 +
| 0x0C
 +
| 0x04
 +
| NULL
 +
|-
 +
| 0x10
 +
| 0x10
 +
| NULL
 +
|-
 +
| 0x20
 +
| 0x04
 +
| Signature type (0x02)
 +
|-
 +
| 0x24
 +
| 0x100
 +
| Ancast image signature
 +
|-
 +
| 0x124
 +
| 0x7C
 +
| Padding (must be NULL)
 +
|-
 +
| 0x1A0
 +
| 0x02
 +
| Must be NULL
 +
|-
 +
| 0x1A2
 +
| 0x01
 +
| Must be NULL
 +
|-
 +
| 0x1A3
 +
| 0x01
 +
| Must be NULL
 +
|-
 +
| 0x1A4
 +
| 0x04
 +
| Unknown (0x21)
 +
|-
 +
| 0x1A8
 +
| 0x04
 +
| Hash type (0x02)
 +
|-
 +
| 0x1AC
 +
| 0x04
 +
| Ancast image body size
 +
|-
 +
| 0x1B0
 +
| 0x14
 +
| Ancast image body hash
 +
|-
 +
| 0x1C4
 +
| 0x04
 +
| Version (always 0x02 for fw.img and c2w.img, matches Title ID version for boot1)
 +
|-
 +
| 0x1C8
 +
| 0x38
 +
| Padding (must be NULL)
 
|}
 
|}
=== Entry info ===
+
 
 +
=== Body ===
 +
The image's body is composed of AES-128-CBC encrypted (with the Starbuck WiiU, vWii or boot1 ancast keys) data.
 +
 
 +
 
 +
== PPC ancast image ==
 +
 
 +
=== Header ===
 
{| class="wikitable"
 
{| class="wikitable"
 
|- style="background-color: #ddd;"
 
|- style="background-color: #ddd;"
Line 28: Line 100:
 
|-
 
|-
 
| 0x00
 
| 0x00
| 4
+
| 0x04
| Signature type
+
| Magic (0xEFA282D9)
 
|-
 
|-
 
| 0x04
 
| 0x04
| 56
+
| 0x04
| Signature
+
| NULL
 +
|-
 +
| 0x08
 +
| 0x04
 +
| Signature offset (0x20)
 
|-
 
|-
| 0x84
+
| 0x0C
| 4
+
| 0x04
| Unknown, maybe content ID
+
| NULL
 
|-
 
|-
| 0x88
+
| 0x10
| 4
+
| 0x10
| Unknown, maybe index and flags
+
| NULL
 +
|-
 +
| 0x20
 +
| 0x04
 +
| Signature type (0x01)
 +
|-
 +
| 0x24
 +
| 0x38
 +
| Ancast image signature
 +
|-
 +
| 0x5C
 +
| 0x44
 +
| Padding (must be NULL)
 +
|-
 +
| 0xA0
 +
| 0x02
 +
| Must be NULL
 +
|-
 +
| 0xA2
 +
| 0x01
 +
| Must be NULL
 +
|-
 +
| 0xA3
 +
| 0x01
 +
| Must be NULL
 +
|-
 +
| 0xA4
 +
| 0x04
 +
| Unknown (0x11 on Wii U images, 0x13 on vWii images)
 +
|-
 +
| 0xA8
 +
| 0x04
 +
| Hash type (0x02)
 +
|-
 +
| 0xAC
 +
| 0x04
 +
| Ancast image body size
 
|-
 
|-
| 0x8C
+
| 0xB0
| 4
+
| 0x14
| Size
+
| Ancast image body hash
 
|-
 
|-
| 0x90
+
| 0xC4
| 20
+
| 0x3C
| SHA1
+
| Padding (must be NULL)
 
|}
 
|}
  
This is followed by AES-128-CBC encrypted data.
+
=== Body ===
 +
The image's body is composed of AES-128-CBC encrypted (with the Espresso WiiU or vWii ancast keys) data.

Revision as of 21:48, 4 April 2016

Ancast images are encrypted and signed binaries for the Espresso and Starbuck processors to execute.
The Espresso contains a secure boot ROM that runs upon a PowerPC hard reset, which will only boot signed code. This code comes in the form of an ancast image. Before resetting the PPC, the currently running ARM code (either IOSU or vWii IOS) must load the ancast image to the physical address 0x08000000 (Wii U images) or 0x01330000 (vWii images) for the boot ROM to verify and decrypt. The Cafe OS kernel, vWii System Menu, and vWii NANDLoader are all in the form of ancast images.
The Starbuck's boot chain (boot0 and boot1) only boots signed code in the form of an ancast image as well. On the ARM side, the IOS-MCP module is responsible for launching cafe2wii and relaunching the IOSU (warm boot). IOS-MCP loads ARM ancast images into MEM1 (0x01000000), verifies and decrypts them before executing with full privileges (all memory protection is disabled and must be re-enabled by the binary itself).

ARM and PPC ancast images both use AES-128-CBC for encryption, but differ in signature algorithms. For this reason, their headers are also different.

"Ancast" is an unofficial acronym for "The princess is in another castle", which is a pun introduced during fail0verflow's initial hacking efforts. It doesn't transmit any actual meaning besides that.

ARM ancast image

Header

Start Length Description
0x00 0x04 Magic (0xEFA282D9)
0x04 0x04 NULL
0x08 0x04 Signature offset (0x20)
0x0C 0x04 NULL
0x10 0x10 NULL
0x20 0x04 Signature type (0x02)
0x24 0x100 Ancast image signature
0x124 0x7C Padding (must be NULL)
0x1A0 0x02 Must be NULL
0x1A2 0x01 Must be NULL
0x1A3 0x01 Must be NULL
0x1A4 0x04 Unknown (0x21)
0x1A8 0x04 Hash type (0x02)
0x1AC 0x04 Ancast image body size
0x1B0 0x14 Ancast image body hash
0x1C4 0x04 Version (always 0x02 for fw.img and c2w.img, matches Title ID version for boot1)
0x1C8 0x38 Padding (must be NULL)

Body

The image's body is composed of AES-128-CBC encrypted (with the Starbuck WiiU, vWii or boot1 ancast keys) data.


PPC ancast image

Header

Start Length Description
0x00 0x04 Magic (0xEFA282D9)
0x04 0x04 NULL
0x08 0x04 Signature offset (0x20)
0x0C 0x04 NULL
0x10 0x10 NULL
0x20 0x04 Signature type (0x01)
0x24 0x38 Ancast image signature
0x5C 0x44 Padding (must be NULL)
0xA0 0x02 Must be NULL
0xA2 0x01 Must be NULL
0xA3 0x01 Must be NULL
0xA4 0x04 Unknown (0x11 on Wii U images, 0x13 on vWii images)
0xA8 0x04 Hash type (0x02)
0xAC 0x04 Ancast image body size
0xB0 0x14 Ancast image body hash
0xC4 0x3C Padding (must be NULL)

Body

The image's body is composed of AES-128-CBC encrypted (with the Espresso WiiU or vWii ancast keys) data.

Retrieved from "https://wiiubrew.org/w/index.php?title=Ancast_image&oldid=1771"