... ok forget it XD an iQue coust less than this .. right? :v
iQue Player hacking possibility with ique_diag.exe?
- Thread starter HNKii
- Start date
- Views 54,026
- Replies 243
- Likes 7
Just out of curiosity, can you use someone else's card points on the full offline version of ique at home if someone else (not you) has used it?
Sent from my Q5 using Tapatalk 2
Sent from my Q5 using Tapatalk 2
Once the code is used it is unusable or shareable.
--------------------- MERGED ---------------------------
Or are you asking if I connect an ique that has all games bought on iquehome could I disconect and plug one withought games bought and redownload them to that one?
If so, answer is no. Each ique has a unique id and so when they are plugged in the information is transferred to ique at home and when disconnected the information is removed.
--------------------- MERGED ---------------------------
Or are you asking if I connect an ique that has all games bought on iquehome could I disconect and plug one withought games bought and redownload them to that one?
If so, answer is no. Each ique has a unique id and so when they are plugged in the information is transferred to ique at home and when disconnected the information is removed.
I do not think there is a way to still use the points cards at all? You are talking about for purchasing games right?
The service for the iQue was discontinued at the start of the year. Can you actually still redeem codes? I thought that was gone with the online service.
Ok, that's what I thought. It would be nice if you could still redeem them though.
I had a look at encrypted (1 time only) roms downloaded from online service: they are smaller than the real-web-found .z64 dumps so hypothesis can be 2:
1) final FFFFFFFF padding was removed from the iQue ROMs;
2) iQue ROMs are encrypted but also compressed before encryption (probably using zip looking at the compression rate of original-web-found .z64 dumps)
No more news on that front.
1) final FFFFFFFF padding was removed from the iQue ROMs;
2) iQue ROMs are encrypted but also compressed before encryption (probably using zip looking at the compression rate of original-web-found .z64 dumps)
No more news on that front.
Hi all, I've been working on reversing the PC side client but think it might be missing some things due to it being such an early version... Does anyone know if the latest client can be found anywhere? The only links I can find are for the earliest version, and seems the updater doesn't work anymore 
Or does anyone here still have the updated client installed and could post the files for it somewhere? Would be appreciated a lot!
Also many thanks to OP (can't post your name due to spam filter?) for the ique_diag Managed to reverse most of it, you can see some of the work here: i.imgur dot com/IiQVxjP.png
ATM I'm waiting on some parts to arrive so I can try updating my unit to enable the USB interface, crossing my fingers hoping it'll work!
Or does anyone here still have the updated client installed and could post the files for it somewhere? Would be appreciated a lot!
Also many thanks to OP (can't post your name due to spam filter?) for the ique_diag
Managed to reverse most of it, you can see some of the work here: i.imgur dot com/IiQVxjP.pngATM I'm waiting on some parts to arrive so I can try updating my unit to enable the USB interface, crossing my fingers hoping it'll work!
Last edited by emoose,
Hi all, I've been working on reversing the PC side client but think it might be missing some things due to it being such an early version... Does anyone know if the latest client can be found anywhere? The only links I can find are for the earliest version, and seems the updater doesn't work anymore
Or does anyone here still have the updated client installed and could post the files for it somewhere? Would be appreciated a lot!
Also many thanks to OP (can't post your name due to spam filter?) for the ique_diag
ATM I'm waiting on some parts to arrive so I can try updating my unit to enable the USB interface, crossing my fingers hoping it'll work!
Good job on the ique_diag project! I'm looking forward to seeing what happens next. Unfortunately, I do not have the updated iQue@Home so I cannot help you with that. Good luck though!
https://archive.org/details/iquehomelatest
Here's the latest @Zhongtiao1 @emoose
--------------------- MERGED ---------------------------
http://web.archive.org/web/20171223...m/viewthread.php?action=printable&tid=6021027
Sorry for double post but HNKii said that linking the ISBNs could help. The names are in Chinese though. Yo @HNKii , want to translate these and explain how you know the ISBNs are important to remember?
Here's the latest @Zhongtiao1 @emoose
--------------------- MERGED ---------------------------
http://web.archive.org/web/20171223...m/viewthread.php?action=printable&tid=6021027
Sorry for double post but HNKii said that linking the ISBNs could help. The names are in Chinese though. Yo @HNKii , want to translate these and explain how you know the ISBNs are important to remember?
- Joined
- Jan 28, 2014
- Messages
- 477
- Trophies
- 0
- Location
- Mario Kart Wii-DS Link Play Stadium
- XP
- 603
- Country
Hi there! Thank you so much for reverse engineering the client! It seems that you've done quite a lot of progress!Hi all, I've been working on reversing the PC side client but think it might be missing some things due to it being such an early version... Does anyone know if the latest client can be found anywhere? The only links I can find are for the earliest version, and seems the updater doesn't work anymore
Or does anyone here still have the updated client installed and could post the files for it somewhere? Would be appreciated a lot!
Also many thanks to OP (can't post your name due to spam filter?) for the ique_diag
ATM I'm waiting on some parts to arrive so I can try updating my unit to enable the USB interface, crossing my fingers hoping it'll work!
And yes, I do have the updated (V1.4.2) version, here is it:http://www.mediafire.com/file/t6gka8a9n2nv03c/iQue@home V1.4.2.zip
I'll try my best to explain what each directory and folder does:
/root:
SERVER: A file with only the string "rms.idc.ique.com" Possibly the server domain of the iQue@Home service?
VERSION: A file with only the string "104022005101909". (The iQue Player's client version is V1.4.2 2005101909)
神游在线(iQue@Home): Opens the index page of iQue. (www.ique.com)
uninst.exe: Uninstalls the iQue@Home application. Nothing special here.
/root/data:
/cache: Contains all the files and encrypted game cache obtained from http://cds.idc.ique.com:16963/cds/download?content_id=x (x is the content ID, also the file name of the downloaded cache). The ones bundled with the full iQue@Home client download are identical to the ones obtained from the server. I deleted the 11~61 folders to save from space.
/etc: Contains 2 config files that are also included in the iQue@Home client download.(Full or simple version) Not sure what they do.
/incoming: Temporary storage for any downloading cache files. Once downloaded they will be moved to the corresponding folders in /cache, but the folders created in the /incoming directory will not be deleted.
/logs: record of all the link visited and purchases made by the user, and store them in the file "error-YYMMDD.log" (Everything will be recorded, not just errors)
The logsnote file seem to record the user's iQue Club user name (In my case, HNK)
/tmp: Stores thumbnails of games and manuals. These images are used both on the iQue Player and on the iQue@Home client. The file name of the image matches the content ID of the game/manual.
/root/pkgs:
/base: Contains an executable called POSTINST.exe. Purpose of the executable is unknown.
/core/bin: The iQue@Home main program.
/core/share/xlate: Contains a file called GB2312 (GB2312 is the registered internet name for a key official character set of the People's Republic of China, used for simplified Chinese characters.)
Possibly an open-source GB2312 to Unicode table included to make sure the app uses Simplified Chinese characters properly.
/core: Contains a VERSION file with only the string "104022005101909"
/diag: Contains the iQue_diag.exe diagnosis tool as well as a diag.cont file that contains cycles of HEX values. Not sure what the txt files are.
The VERSION file here has the string "103042005031806"(Possibly meaning V1.3.4 2005031806)--older than the version of the client (V1.4.2 2005101909) but newer than the version of the iQue@Home client download (V1.3.2 2004092411)
/driver: Contains only a VERSION file with version (V1.3.2 2004092411). It could be that this file remain unmodified as I updated my V1.4.2 from the V1.3.2 Client.
/loc: VERSION file says version V1.4.2 2005101909
/loc/res: Contains DLL files that seemed to contain web pages for offline usage (Thus the directory name /loc (local)). Not sure what's different between iqahc409 and iqahc804.
/update: Contains an updater executable and a VERSION file V1.3.2 2004092411 It could be that this file remain unmodified as I updated my V1.4.2 from the V1.3.2 Client.
Last edited by HNKii,
Many thanks for the help guys! Will take a look into this client now, hopefully they added some more things to look into.
Anyway if anyone's interested here's what I've figured out so far:
- around ~50% of ticket.sys format
- NAND (ique card) filesystem format (+ a working implementation, but only have a single non-properly dumped NAND to test with atm... hopefully can dump something from mine soon)
- cert.sys & cert revocation list format (VERY similar to the Wii's cert format)
- learnt a little about the 'system-app'/'secure-kernel' NAND section (basically the encrypted code for the game menu afaik, games with codes 1009-1106 are this system-app, I suppose different revisions of it, unlike other apps it has a signature block at 0x10000 which is the same format signature used in ticket.sys, got a feeling that block probably contains encryption keys too but not really sure atm)
- small parts of the USB protocol (could be useful for fuzzing perhaps?)
Also a few things I'm planning on trying soon:
- hooking up my NAND to a RPi so I can try updating that 'system-app' section, which should hopefully enable USB support on my unit (will probably write up a guide for this if successful since there's not really any other way to update non-USB models anymore)
- modding the ique_diag.exe to allow NAND r/w through USB (most of the ique_diag functions interact with the NAND directly via USB already, so all the code for it is there, just have to hook the exe and write something to use that code)
- maybe some old Wii bugs could work, since the cert/signature related things seem really similar to the Wii
- also thinking of tracing some of the AV-output pins too, seems the depot USB cable connects to the device through here, maybe some of the pins go straight to the NAND or something?
Sadly no progress on the encryption front right now, PC client doesn't seem to have anything related to it, looks like all the re-encrypting/decrypting is handled on the device itself
Anyway if anyone's interested here's what I've figured out so far:
- around ~50% of ticket.sys format
- NAND (ique card) filesystem format (+ a working implementation, but only have a single non-properly dumped NAND to test with atm... hopefully can dump something from mine soon)
- cert.sys & cert revocation list format (VERY similar to the Wii's cert format)
- learnt a little about the 'system-app'/'secure-kernel' NAND section (basically the encrypted code for the game menu afaik, games with codes 1009-1106 are this system-app, I suppose different revisions of it, unlike other apps it has a signature block at 0x10000 which is the same format signature used in ticket.sys, got a feeling that block probably contains encryption keys too but not really sure atm)
- small parts of the USB protocol (could be useful for fuzzing perhaps?)
Also a few things I'm planning on trying soon:
- hooking up my NAND to a RPi so I can try updating that 'system-app' section, which should hopefully enable USB support on my unit (will probably write up a guide for this if successful since there's not really any other way to update non-USB models anymore)
- modding the ique_diag.exe to allow NAND r/w through USB (most of the ique_diag functions interact with the NAND directly via USB already, so all the code for it is there, just have to hook the exe and write something to use that code)
- maybe some old Wii bugs could work, since the cert/signature related things seem really similar to the Wii
- also thinking of tracing some of the AV-output pins too, seems the depot USB cable connects to the device through here, maybe some of the pins go straight to the NAND or something?
Sadly no progress on the encryption front right now, PC client doesn't seem to have anything related to it, looks like all the re-encrypting/decrypting is handled on the device itself
Last edited by emoose,
if you do manage to decrypt the games, where would you post them? I don't think you can link them here--oor are they being added to a non-good N64 set?
--------------------- MERGED ---------------------------
Don't know if you also saw this but these are all the encrypted titles for iQue Player: https://archive.org/details/iQuePlayerEncryptedGames
If you read the earlier posts, there's even a mystery 15th game that me and HNKii found. Really happy to see what happens next
--------------------- MERGED ---------------------------
Don't know if you also saw this but these are all the encrypted titles for iQue Player: https://archive.org/details/iQuePlayerEncryptedGames
If you read the earlier posts, there's even a mystery 15th game that me and HNKii found. Really happy to see what happens next
Might be majoras maskif you do manage to decrypt the games, where would you post them? I don't think you can link them here--oor are they being added to a non-good N64 set?
--------------------- MERGED ---------------------------
Don't know if you also saw this but these are all the encrypted titles for iQue Player: https://archive.org/details/iQuePlayerEncryptedGames
If you read the earlier posts, there's even a mystery 15th game that me and HNKii found. Really happy to see what happens next
if you do manage to decrypt the games, where would you post them? I don't think you can link them here--oor are they being added to a non-good N64 set?
[..]
If you read the earlier posts, there's even a mystery 15th game that me and HNKii found. Really happy to see what happens next
Hmm, I guess if the encryption is figured out I'd probably just post a tool for it and let others decide how to release them, that'd probably be the safest option (we're not anywhere near that yet though
but I'm hoping Kevinpuerta's CD could have some surprises for us)Yeah I did see talk about that mystery game, would be sweet if we can get somewhere with that.
Right now I'm not sure if we'd be able to just decrypt any app using a common key or if we'd need a matching eticket for it though... with Wii/3DS the eticket contains the encryption key IIRC, could be the same here too but I'm not really sure.
Most likely, I saw you guys work out that it was an RPG, and since they only released first-party games I can't really think of any other first-party RPG besides MM that isn't already on there.
(but who knows, perhaps cracking the iQue crypto and decrypting that mystery game is how Miyamoto wanted Ura Zelda to be released?
)Similar threads
