Wiihacks Staff ~*********~ *UNDERSTAFFED*ONLY MK Contestants & ***** Supporters can PM MODS if u pm me for help... you better be a ***** donator
Join Date: Dec 2008
Posts: 1,047
Downloads: 3
Uploads: 0
Thanks: 15
Thanked 864 Times in 181 Posts
Points: 11,645, Level: 32
Activity: 0%
Argon Channel = failure
Modchips + homebrew - free + illegal = ArgonChannel [Only Registered Users Can See Links. Click Here To Register]
January 9th, 2009 by marcan
Quote:
The Argon modchip guys have been trumping up this new cool thing they call the Argon Channel. At first details were sketchy, but as time passed what it was started to become obvious: some homebrew launching or installing “solution”, locked to a modchip.
Update: Their solution seems to be to install homebrew packaged as channels, complete with stolen banners and probably using my nandloader without permission. Scroll down for more details.
Recently, the Argon guys showed up on IRC and had an interesting conversation with me, where they tried to get me to help them get the channel to work on System Menu 3.4 by convincing me of the wonderful world of modchip software. The conversation was somewhere along the lines of this, excluding the broken English: “By bundling it with our modchip we make homebrew more popular”. “But it’s locked to your modchip, how will that make it more popular?” “Yes, that makes it even more popular because it’s exclusive and people will want it.”
The response, obviously, was no.
Now the channel has showed up and gasp, it’s compatible with 3.4. Wait, did they find an exploit?
Of course they didn’t.
By watching the video you’ll see that it consists of a two-stage process. This should start ringing alarm bells: why on earth would they have to install two things to install the channel? You’ll also notice that before installing the second half, they do some sort of serial number verification. This seems to be their way of locking it to the chip.
Download their package. First alarm bell. They’re bundling the Twilight Hack, which they’re not authorized to do. Hmm.
Let’s look inside the first DOL file - which turns out to be the one labeled part2. They’re backwards. Shows how much time they spent preparing this package. This file looks suspiciously like a Waninkoko product - same banner and console style. Let’s look inside.
That looks like a WAD header. Interestingly, `strings’ didn’t show any readable four-letter Title ID among the Root-CA strings from the certs, TMD, and ticket. Let’s run it through a WAD extraction tool that I have, which prints out information:
Wii Wad:
Header 0x20 Type 'Is' Certs 0xa00 Tik 0x2a4 TMD 0x22c Data 0x188c00 @ 0xf40 Footer 0x40
ETicket:
Title ID: '\x00\x00\x00\x01\x00\x00\x00\x10'
Title key IV: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 00
Title key (encrypted): 52 6b 1a 2a d0 db 6a 80 c2 95 25 63 80 98 f8 82
Common key index: 0
Title key (decrypted): 34 9e 8a c5 ed 3c e1 51 72 f2 b9 3e 1b cb 06 3b
ETicket signed by Root-CA00000001-XS00000003 using RSA-2048: ec f8... [OK]
TMD:
Versions: 0, CA CRL 0, Signer CRL 0, System 0-0
Title ID: 00000001-00000010 ('\x00\x00\x00\x01'-'\x00\x00\x00\x10')
Title Type: 1
Group ID: '\x00\x01'
Access Rights: 0x00000000
Title Version: 0x101
Boot Index: 1
Contents:
ID Index Type Size Hash
00000000 0 0x1 0x40 ca 2e 8c 59 e9 7e e9 fe...
00000001 1 0x1 0x188b81 65 3e 5e 0f 1d ea 72 f2...
TMD signed by Root-CA00000001-CP00000004 using RSA-2048: 8b 1a... [OK]
Certificates:
- CA00000001 (RSA-2048)
Certificate signed by Root using RSA-4096: 6f 47... [OK]
- CP00000004 (RSA-2048)
Certificate signed by Root-CA00000001 using RSA-2048: 8d 4f... [OK]
- XS00000003 (RSA-2048)
Certificate signed by Root-CA00000001 using RSA-2048: d7 0a... [OK]
Title ID 00000001-00000010 is IOS16. So this is how they get it to work on 3.4. And this is also why there’s a two-stage process. They’re bundling a private, repair center only, leaked IOS from nintendo.
Ladies and gentlemen, epic fail.
So, Argon's "Channel" is nothing more than the Homebrew Channel and IOS16 bundled and locked to their modchip. Wow.
button for me, Thank you! 
| USB Loader GX | Western Digital 320GB Passport Essential HD |
Linear Mode
