346
edits
Changes
Many minor edits, but also listed some terminology.
Line 1:
Line 1:
−The Espresso contains a secure [[Espresso Boot ROM|boot ROM]] that runs upon a PowerPC hard reset, which will only boot signed code. This code comes in the form of an ancast image. Before resetting the PPC, the currently running ARM code (either IOSU or vWii IOS) must load the ancast image to the physical address 0x08000000 (Wii U images) or 0x01330000 (vWii images) for the boot ROM to verify and decrypt. The Cafe OS kernel, vWii System Menu, and vWii NANDLoader are all in the form of ancast images.<br>
−The Starbuck's boot chain ([[boot0]] and [[boot1]]) only boots signed code in the form of an ancast image as well.
−On the ARM side, the IOS-MCP module is responsible for launching cafe2wii and relaunching the IOSU (warm boot). IOS-MCP loads ARM ancast images into MEM1 (0x01000000), verifies and decrypts them before executing with full privileges (all memory protection is disabled and must be re-enabled by the binary itself).
−
+
+
Ancast images are encrypted and signed binaries for the Espresso and Starbuck processors to execute.<br>
+Ancast images are encrypted and signed binaries for the [[Hardware/Espresso|Espresso]] and [[Hardware/Starbuck|Starbuck]] processors to execute.
−ARM and PPC ancast images both use AES-128-CBC for encryption, but differ in signature algorithms. For this reason, their headers are also different.
+The Espresso contains a secure [[Espresso Boot ROM|boot ROM]] that runs upon a PowerPC hard reset, which will only boot signed code. This code comes in the form of an ancast image. Before resetting the PPC, the currently running ARM code (either [[IOSU]] or vWii [https://wiibrew.org/wiki/IOS IOS]) must load the ancast image to the physical address 0x08000000 (Wii U images) or 0x01330000 (vWii images) for the boot ROM to verify and decrypt. The [[Cafe OS]] kernel, [[WiiMode|vWii]] [https://wiibrew.org/wiki/System_Menu System Menu], and vWii [https://wiibrew.org/wiki/NANDLoader NANDLoader] are all in the form of ancast images.
+The Starbuck's boot chain ([[boot0]] and [[boot1]]) only boots signed code in the form of an ancast image as well. On the ARM side, the IOS-MCP module is responsible for launching [[cafe2wii]] and relaunching IOSU (warm boot). IOS-MCP loads ARM ancast images into MEM1 (0x01000000), verifies and decrypts them before executing with full privileges (all memory protection is disabled and must be re-enabled by the binary itself).
+Ancast images consist of a signature and related information, known as the ancast header, and the AES-encrypted code, known as the cipher text. ARM and PPC ancast images both use AES-128-CBC for encryption, but differ in signature algorithms. For this reason, their headers are also different.
"Ancast" is an unofficial acronym for "The princess is in <u>an</u>other <u>cast</u>le", which is a pun introduced during fail0verflow's initial hacking efforts. It doesn't transmit any actual meaning besides that.
"Ancast" is an unofficial acronym for "The princess is in <u>an</u>other <u>cast</u>le", which is a pun introduced during fail0verflow's initial hacking efforts. It doesn't transmit any actual meaning besides that.