Results 1 to 5 of 5

Thread: Argon Channel = failure

  1. #1

    Argon Channel = failure

    Modchips + homebrew - free + illegal = ArgonChannel
    Modchips + homebrew - free + illegal = ArgonChannel
    January 9th, 2009 by marcan

    The Argon modchip guys have been trumping up this new cool thing they call the Argon Channel. At first details were sketchy, but as time passed what it was started to become obvious: some homebrew launching or installing “solution”, locked to a modchip.

    Update: Their solution seems to be to install homebrew packaged as channels, complete with stolen banners and probably using my nandloader without permission. Scroll down for more details.

    Recently, the Argon guys showed up on IRC and had an interesting conversation with me, where they tried to get me to help them get the channel to work on System Menu 3.4 by convincing me of the wonderful world of modchip software. The conversation was somewhere along the lines of this, excluding the broken English: “By bundling it with our modchip we make homebrew more popular”. “But it’s locked to your modchip, how will that make it more popular?” “Yes, that makes it even more popular because it’s exclusive and people will want it.”

    The response, obviously, was no.

    Now the channel has showed up and gasp, it’s compatible with 3.4. Wait, did they find an exploit?

    Of course they didn’t.

    By watching the video you’ll see that it consists of a two-stage process. This should start ringing alarm bells: why on earth would they have to install two things to install the channel? You’ll also notice that before installing the second half, they do some sort of serial number verification. This seems to be their way of locking it to the chip.

    Download their package. First alarm bell. They’re bundling the Twilight Hack, which they’re not authorized to do. Hmm.

    Let’s look inside the first DOL file - which turns out to be the one labeled part2. They’re backwards. Shows how much time they spent preparing this package. This file looks suspiciously like a Waninkoko product - same banner and console style. Let’s look inside.

    0004e980 00 00 00 20 49 73 00 00 00 00 0a 00 00 00 00 00 |... Is..........|
    0004e990 00 00 02 a4 00 00 02 2c 00 18 8c 00 00 00 00 40 |.......,.......@|
    0004e9a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    0004e9b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    0004e9c0 00 01 00 00 b3 ad b3 22 6b 3c 3d ff 1b 4b 40 77 |......."k<=..K@w|

    That looks like a WAD header. Interestingly, `strings’ didn’t show any readable four-letter Title ID among the Root-CA strings from the certs, TMD, and ticket. Let’s run it through a WAD extraction tool that I have, which prints out information:

    Wii Wad:
    Header 0x20 Type 'Is' Certs 0xa00 Tik 0x2a4 TMD 0x22c Data 0x188c00 @ 0xf40 Footer 0x40
    Title ID: '\x00\x00\x00\x01\x00\x00\x00\x10'
    Title key IV: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 00
    Title key (encrypted): 52 6b 1a 2a d0 db 6a 80 c2 95 25 63 80 98 f8 82
    Common key index: 0
    Title key (decrypted): 34 9e 8a c5 ed 3c e1 51 72 f2 b9 3e 1b cb 06 3b
    ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: ec f8... [OK]
    Versions: 0, CA CRL 0, Signer CRL 0, System 0-0
    Title ID: 00000001-00000010 ('\x00\x00\x00\x01'-'\x00\x00\x00\x10')
    Title Type: 1
    Group ID: '\x00\x01'
    Access Rights: 0x00000000
    Title Version: 0x101
    Boot Index: 1
    ID Index Type Size Hash
    00000000 0 0x1 0x40 ca 2e 8c 59 e9 7e e9 fe...
    00000001 1 0x1 0x188b81 65 3e 5e 0f 1d ea 72 f2...
    TMD signed by Root-CA00000001-CP00000004 using RSA-2048: 8b 1a... [OK]
    - CA00000001 (RSA-2048)
    Certificate signed by Root using RSA-4096: 6f 47... [OK]
    - CP00000004 (RSA-2048)
    Certificate signed by Root-CA00000001 using RSA-2048: 8d 4f... [OK]
    - XS00000003 (RSA-2048)
    Certificate signed by Root-CA00000001 using RSA-2048: d7 0a... [OK]

    Title ID 00000001-00000010 is IOS16. So this is how they get it to work on 3.4. And this is also why there’s a two-stage process. They’re bundling a private, repair center only, leaked IOS from nintendo.

    Ladies and gentlemen, epic fail.
    So, Argon's "Channel" is nothing more than the Homebrew Channel and IOS16 bundled and locked to their modchip. Wow.

    Helpful Threads:
    Dump & Burn discs | 3.3 / 3.4 Firmware FYI | Wii Disassemble | WiiClip Install

    Wii - 4.1U - WiiKey 2 - USBLoader GX - SNES9X GX, Genesis Plus GX, FCE GX w. cover flow mods
    360 - Resident Evil S.E. - iXtreme LT 1.1 - JTag - FreeBoot 0.032 9199 Dash - NXE2GOD, XM360, XeXMenu 1.1, Flash360
    PSP - CFW 5.00m33, 16GB MSPD | DS Lite - DSTT w.1.17a r12, 8GB SDHC

  2. #2
    Member trekster's Avatar
    Join Date
    Nov 2008
    That is what you call a true cake.

  3. #3
    Quote Originally Posted by e3NiNe View Post
    So, Argon's "Channel" is nothing more than the Homebrew Channel and IOS16 bundled and locked to their modchip. Wow.
    the sad thing was... i expected more since that team hasnt done Jack shit in ages =\ what a shame Y=Y

  4. #4
    lol "An Elephant" WTF?

    | Wii LU64 | USB Loader GX | Western Digital 320GB Passport Essential HD |

  5. #5
    Member trekster's Avatar
    Join Date
    Nov 2008
    Quote Originally Posted by Jiiprah View Post
    lol "An Elephant" WTF?
    She must be American


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts