iQue Player hacking possibility with ique_diag.exe?

[KevinLSX]

Wow! That's incredible! Are you a hardware engineer or something?

hahaha nah all it took was a little bit of soldering and knowing where the wires had to go.

--------------------- MERGED ---------------------------

I meant the iQue menu where you can select games from

I remember someone trying and they broke there Ique. I dont know if id risk breaking it.

 

[Krem Quay]

http://retroactive.be/personal/ique/ - I don't know if I linked this already but this is a detailed notes page on the iQue

 

[KevinLSX]

http://club.tgfcer.com/viewthread.php?tid=7143235 - Also, I found this thread, which links to that AssemblerGames thread. It's a Chinese forum thread on the iQue Player.

I found something similar earlier today, the poster also included a nand dump of his ique along with files and icons.

http://lacklustre.net/n64/ique/

 

[Sliter]

Pictures

"an expansion port? so let's expand it"
well done! haha

 

[KevinLSX]

"an expansion port? so let's expand it"
well done! haha

Lol yeah I took advantage of the unused port so I could have the n64 contol plugs

 

[Krem Quay]

what is a nand dump again?

 

[KevinLSX]

Pretty much the whole sytems memory is in the nand dump. I think bios too.

 

[Krem Quay]

Yeah, well the guy said it was a partial dump.

 

[KevinLSX]

Not sure if it matters or not but when I inserted the depot disc it started download game files and those files were put in a cache folder.

 

[Krem Quay]

Those are the same encrypted games we've been trying to crack.

 

[KevinLSX]

Those are the same encrypted games we've been trying to crack.

Oh

--------------------- MERGED ---------------------------

Video

 

[Krem Quay]

You know, i'm pretty sure that text before the ROOT CPCA is the encrypted titlekey or something.

 

[KevinLSX]

Those random symbols might be it.

 

[Krem Quay]

It's a little over 32 characters, and from what I know, Wii/Wii U title keys are around that size.

 

[KevinLSX]

It's a little over 32 characters, and from what I know, Wii/Wii U title keys are around that size.

Yeah but how would we decrypt those or what would we need to do?

 

[Krem Quay]

Extensive research on title keys (tickets) of Nintendo systems, especially the Wii, which probably has the most similar encryption method.

 

[KevinLSX]

Couldnt we see if someone on here could help. If it similar to wii or other systems, then someone with the experience could probably do it.
We need to reach out to someone who has the experience on these kind of things.

 

[Krem Quay]

Yes, i agree. This is just leaving me really confused when i try to tfigure this out.

 

[Byokugen]

I dont why you are unable to sync it with pc, I would love to help somehow. I will dl all the archives and start probing around. I need to get my hands on one asap

 

[asper]

Well, .rec file is the game that, reading the above link, is encrypted with a per-console specific key that probably is inside recrypt.sys. Keys are usually 16bytes and Nintendo encryption formats are (read here and here for more info):

0x010000 RSA_4096 SHA1 (Unused for 3DS) 0x200 0x3C
0x010001 RSA_2048 SHA1 (Unused for 3DS) 0x100 0x3C
0x010002 Elliptic Curve with SHA1 (Unused for 3DS) 0x3C 0x40
0x010003 RSA_4096 SHA256 0x200 0x3C
0x010004 RSA_2048 SHA256 0x100 0x3C
0x010005 ECDSA with SHA256 0x3C 0x40

Also more info about Nintendo ticket system can be read here.

Then the decrypted game must be decrypted again with a "common key" that must stored somewhere in the system dump.

Can someone post a screenshot of the 1st bytes (at least 0x200) .sys files opened with an hex editor ?

EDIT: 0-8192 partial dump taken from one of the above posted-link is surely encrypted.