├── .gitignore
├── LICENSE
├── README.md
└── OTPKeySplitter.py


/.gitignore:
--------------------------------------------------------------------------------
1 | Output
2 | otp.bin
3 | Keys.txt
4 | Information


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2016 Whovian9369
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Hello!
 2 | I suggest using [`Coffee-Reading`](https://github.com/Nightkingale/Coffee-Reading) by [Nightkingale](https://github.com/Nightkingale) instead!
 3 | `OTPKeySplitter` was basically thrown together for my own use at the time, but I don't know Python so it was *incredibly* bad code that was copy and pasted many times. 
 4 | [`Coffee-Reading`](https://github.com/Nightkingale/Coffee-Reading) is far better and does the job, so I highly suggest using it instead!
 5 | 
 6 | Original `README.md` is below:
 7 | 
 8 | # OTP Key Extractor
 9 | 
10 | This script lets you extract various keys from a dumped Wii U OTP, as outlined on [the WiiUBrew site](http://wiiubrew.org/wiki/Hardware/OTP#OTP_Contents).
11 | ----------------------------------------
12 | 
13 | ### How to use it:
14 | 
15 |  * Extract your OTP to your SD card by using the following:
16 | 	* [OTP2SD](https://github.com/dimok789/otp2sd_dumper) (for a less complete OTP dump)
17 |  	* [hexCFW](https://github.com/hexkyz/hexFW) (for an OTP with two extra keys, which were previously inaccessible.)
18 |          * This is done via getting access to boot1... Which I'm unable to explain on WHY it works.
19 | 	 	* No, we don't have the boot1 key. Yet. This dumps the OTP without the boot1 decryption key.
20 |  * Download the script to a directory.
21 |  * Copy the resulting OTP.bin to the directory containing the OTPKeySplitter.py script.
22 |  	* If you forget to do so or put it in the wrong place before running the script - It will let you know where to put it.
23 |  * Install pycrypto somehow. Like `sudo pip install pycrypto` or `sudo pip3 install pycrypto` or however else.
24 |  * Run the script using Python 3.
25 |  	* This can likely be done by running `python3 OTPKeySplitter.py`
26 |  * Use a hex editor to copy out your keys OR grab the key directly from the Keys.txt file.
27 |  	* If you want to use the hex editor technique, I personally would suggest using [HxD](https://mh-nexus.de/en/hxd/) on Windows, or [Bless](http://home.gna.org/bless) on Linux distros.
28 | 
29 | ### BIG thanks goes to (in no particular order):
30 | 
31 |  * Dimok, for the original [OTP2SD](https://github.com/dimok789/otp2sd_dumper) homebrew that started me on this
32 |  	* For the unofficial GBATemp thread: [Click Here](http://gbatemp.net/threads/otp2sd-by-dimok.447353/)
33 |  * The WiiUBrew team that got the list up in the first place.
34 |  * Audiosurf for helping shorten the script itself in quite a few places.
35 |  * My friends that I've complained about this to.
36 |  	* Especially those that were great help with helping keep me sane and sanity check me when I needed it!
37 |  * Thank you dogcow for giving me the missing `binascii.hexlify(variable).decode('utf-8')` hint that I needed for writing the keys to a text file!
38 | 


--------------------------------------------------------------------------------
/OTPKeySplitter.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | import os, sys, zlib, binascii
  3 | import codecs
  4 | from Crypto.Cipher import AES
  5 | 
  6 | otpbin = os.path.abspath("otp.bin")
  7 | if not os.path.exists(otpbin):
  8 |     print("Put the otp.bin into this directory, please!")
  9 |     sys.exit(1)
 10 | keytxt = open('Keys.txt', 'a')
 11 | #Thank you Audiosurf for the initial directory creation help.
 12 | #Mine was way too messy originally!
 13 | 
 14 | x = "Output/"
 15 | k = " - Wii U Bank"
 16 | outputfol = [x, x+"00 - Wii Bank" , x+"01"+k, x+"02"+k, x+"03"+k, x+"04 - Wii U NG Bank", x+"05 - Wii U Certificate Bank" , x+"06 - Wii Certificate Bank", x+"07 - Misc Bank"]
 17 | for f in outputfol:
 18 |     if not os.path.exists(f):
 19 |         os.makedirs(f)
 20 | 
 21 | #Other Variables that will be used later down the line:
 22 | out0 = x+"00 - Wii Bank"+"/"
 23 | out1 = x+"01"+k+"/"
 24 | out2 = x+"02"+k+"/"
 25 | out3 = x+"03"+k+"/"
 26 | out4 = x+"04 - Wii U NG Bank/"
 27 | out5 = x+"05 - Wii U Certificate Bank/"
 28 | out6 = x+"06 - Wii Certificate Bank/"
 29 | out7 = x+"07 - Misc Bank/"
 30 | #End other variables
 31 | 
 32 | #prepare keys
 33 | #Thanks FIX94 for this code snippet from the iosuhax
 34 | #fw.img grabber in his IOSUHax fork.
 35 | #For the source of this code, see:
 36 | #https://github.com/FIX94/iosuhax/blob/master/bin/getfwimg.py
 37 | 
 38 | with open(otpbin,'rb') as f:
 39 |     print("Key extraction time!")
 40 | 
 41 |     # First, vWii.
 42 | 
 43 |     f.seek(0x000)
 44 |     wii_boot1_sha1 = f.read(20)
 45 |     f.seek(0x014)
 46 |     wii_common_key = f.read(16)
 47 |     f.seek(0x024)
 48 |     wii_ng_id = f.read(4)
 49 |     f.seek(0x028)
 50 |     wii_ng_priv_key = f.read(29)
 51 |     f.seek(0x044)
 52 |     wii_nand_hmac = f.read(20)
 53 |     f.seek(0x058)
 54 |     wii_nand_key = f.read(16)
 55 |     f.seek(0x068)
 56 |     wii_rng_key = f.read(16)
 57 |     f.seek(0x078)
 58 |     wii_unknown01_padding = f.read(8)
 59 | #Wiki switches to Bank 1 (Wii U) right here. See #L78 // 0x300 begins Bank 6.
 60 | 
 61 |     f.seek(0x300)
 62 |     wii_root_cert_ms_id_0x00000002 = f.read(4)
 63 |     f.seek(0x304)
 64 |     wii_root_cert_ca_id_0x00000001 = f.read(4)
 65 |     f.seek(0x308)
 66 |     wii_root_cert_ng_key_id = f.read(4)
 67 |     f.seek(0x30C)
 68 |     wii_root_cert_ng_signature = f.read(60)
 69 |     f.seek(0x348)
 70 |     wii_korean_key = f.read(16)
 71 |     f.seek(0x358)
 72 |     wii_unknown02_unused = f.read(8)
 73 |     f.seek(0x360)
 74 |     wii_private_nss_device_cert_key = f.read(32)
 75 | 
 76 | # Wii U
 77 | 
 78 |     f.seek(0x080)
 79 |     security_level_flag = f.read(4)
 80 |     f.seek(0x084)
 81 |     iostrength_config_flag = f.read(4)
 82 |     f.seek(0x088)
 83 |     seeprom_manual_clk_pulse_length = f.read(4)
 84 |     f.seek(0x08C)
 85 |     SigType_00010000 = f.read(4)
 86 |     f.seek(0x090)
 87 |     wiiu_starbuck_ancast_key = f.read(16)
 88 |     f.seek(0x0A0)
 89 |     wiiu_seeprom_key = f.read(16)
 90 |     f.seek(0x0B0)
 91 |     unknown_01_unused = f.read(16)
 92 |     f.seek(0x0C0)
 93 |     unknown_02_unused = f.read(16)
 94 |     f.seek(0x0D0)
 95 |     vwii_common_key = f.read(16)
 96 |     f.seek(0x0E0)
 97 |     wiiu_common_key = f.read(16)
 98 |     f.seek(0x0F0)
 99 |     unknown_03_unused = f.read(16)
100 |     f.seek(0x100)
101 |     unknown_04_unused = f.read(16)
102 |     f.seek(0x110)
103 |     unknown_05_unused = f.read(16)
104 |     f.seek(0x120)
105 |     encrypt_decrypt_ssl_rsa_key = f.read(16)
106 |     f.seek(0x130)
107 |     usb_storage_key_seed_encryption_key = f.read(16)
108 |     f.seek(0x140)
109 |     unknown_06 = f.read(16)
110 |     f.seek(0x150)
111 |     wiiu_xor_key = f.read(16)
112 |     f.seek(0x160)
113 |     wiiu_rng_key = f.read(16)
114 |     f.seek(0x170)
115 |     wiiu_slc_nand_key = f.read(16)
116 |     f.seek(0x180)
117 |     wiiu_mlc_emmc_key = f.read(16)
118 |     f.seek(0x190)
119 |     encrypt_decrypt_shdd_key = f.read(16)
120 |     f.seek(0x1A0)
121 |     encryption_key_for_drh_wlan_data = f.read(16)
122 |     f.seek(0x1B0)
123 |     unknown_07_unused = f.read(48)
124 |     f.seek(0x1E0)
125 |     wiiu_slc_nand_hmac = f.read(20)
126 |     f.seek(0x1F4)
127 |     unknown_08_padding = f.read(12)
128 |     f.seek(0x200)
129 |     unknown_09_unused = f.read(16)
130 |     f.seek(0x210)
131 |     unknown_10_unused = f.read(12)
132 |     f.seek(0x21C)
133 |     wiiu_ng_id = f.read(4)
134 |     f.seek(0x220)
135 |     wiiu_ng_private_key = f.read(32)
136 |     f.seek(0x240)
137 |     wiiu_private_nss_device_cert_key = f.read(32)
138 |     f.seek(0x260)
139 |     wiiu_otp_rng_seed = f.read(16)
140 |     f.seek(0x270)
141 |     unknown_12_unused = f.read(16)
142 |     f.seek(0x280)
143 |     wiiu_root_cert_ms_id_0x00000012 = f.read(4)
144 |     f.seek(0x284)
145 |     wiiu_root_cert_ca_id_0x00000003 = f.read(4)
146 |     f.seek(0x288)
147 |     wiiu_root_cert_ng_key_id = f.read(4)
148 |     f.seek(0x28C)
149 |     wiiu_root_cert_ng_signature = f.read(64)
150 |     f.seek(0x2C8)
151 |     unknown_14_unused = f.read(20)
152 |     f.seek(0x2E0)
153 |     unknown_15_locked_by_boot1 = f.read(32)
154 | 
155 |     # MISC
156 | 
157 |     f.seek(0x380)
158 |     boot1_locked_unknown_01 = f.read(32)
159 |     f.seek(0x3A0)
160 |     boot1_key_locked_by_b0 = f.read(16)
161 |     f.seek(0x3B0)
162 |     boot0_locked_unused_01 = f.read(16)
163 |     f.seek(0x3C0)
164 |     misc_empty1 = f.read(32)
165 |     f.seek(0x3E0)
166 |     misc_empty2 = f.read(4)
167 |     f.seek(0x3E4)
168 |     otp_version_and_revision = f.read(4)
169 |     f.seek(0x3E8)
170 |     otp_date_code = f.read(8)
171 |     f.seek(0x3F0)
172 |     otp_version_name_string = f.read(8)
173 |     f.seek(0x3F8)
174 |     misc_empty3 = f.read(4)
175 |     f.seek(0x3FC)
176 |     jtag_status = f.read(4)
177 | 
178 | #Output to files. This will be messy.
179 | #Probably way messier than above.
180 | #vWii
181 | 
182 |  # 0. Wii Bank
183 | 
184 | targetfol=out0
185 | keytxt.write("(Most of) vWii:\n\n")
186 | 
187 | WII = (
188 |     ("01. Wii boot1 SHA-1 hash", wii_boot1_sha1),
189 |     ("02. Wii common key", wii_common_key),
190 |     ("03. Wii NG ID", wii_ng_id),
191 |     ("04. Wii NG private key", wii_ng_priv_key),
192 |     ("05. Wii NAND HMAC (overlaps with NG private key)", wii_nand_hmac),
193 |     ("06. Wii NAND key", wii_nand_key),
194 |     ("07. Wii RNG key", wii_rng_key),
195 |     ("08. Unknown (Padding)", wii_unknown01_padding)
196 | )
197 | 
198 | for name, data in WII:
199 |     with open(targetfol+name+".bin", "wb") as fi:
200 |         fi.write(data)
201 |     keytxt.write("\n{}: {}\n".format(
202 |         name, binascii.hexlify(data).decode('utf-8')))
203 | 
204 | 
205 | keytxt.write("\n------------------------------------------------")
206 | 
207 | # Wii U
208 | keytxt.write("\n\n*(Mostly) Wii U:\n")
209 | keytxt.write("\n	1. Wii U Bank\n")
210 |  # 1. Wii U Bank
211 | 
212 | targetfol=out1
213 | 
214 | name="01. Security level flag"
215 | fi = open(targetfol+name+".bin", "wb")
216 | fi.write(security_level_flag)
217 | fi.close()
218 | keytxt.write("\n"+name+": " + binascii.hexlify(security_level_flag).decode('utf-8')+"\n")
219 | 
220 | name="02. Some flag for IOStrength configurations"
221 | fi = open(targetfol+name+".bin", "wb")
222 | fi.write(iostrength_config_flag)
223 | fi.close()
224 | keytxt.write("\n"+name+": " + binascii.hexlify(iostrength_config_flag).decode('utf-8')+"\n")
225 | 
226 | name="03. Pulse length for SEEPROM manual CLK"
227 | fi = open(targetfol+name+".bin", "wb")
228 | fi.write(seeprom_manual_clk_pulse_length)
229 | fi.close()
230 | keytxt.write("\n"+name+": " + binascii.hexlify(seeprom_manual_clk_pulse_length).decode('utf-8')+"\n")
231 | 
232 | name="04. Seems_To_Be_A_Sig_Type_(0x00010000)"
233 | fi = open(targetfol+name+".bin", "wb")
234 | fi.write(SigType_00010000)
235 | fi.close()
236 | keytxt.write("\n"+name+": " + binascii.hexlify(SigType_00010000).decode('utf-8')+"\n")
237 | 
238 | name="05. Wii U Starbuck ancast key"
239 | fi = open(targetfol+name+".bin", "wb")
240 | fi.write(wiiu_starbuck_ancast_key)
241 | fi.close()
242 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_starbuck_ancast_key).decode('utf-8')+"\n")
243 | 
244 | name="06. Wii U SEEPROM key"
245 | fi = open(targetfol+name+".bin", "wb")
246 | fi.write(wiiu_seeprom_key)
247 | fi.close()
248 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_seeprom_key).decode('utf-8')+"\n")
249 | 
250 | name="07. Unknown (01)"
251 | fi = open(targetfol+name+".bin", "wb")
252 | fi.write(unknown_01_unused)
253 | fi.close()
254 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_01_unused).decode('utf-8')+"\n")
255 | 
256 | name="08. Unknown (02)"
257 | fi = open(targetfol+name+".bin", "wb")
258 | fi.write(unknown_02_unused)
259 | fi.close()
260 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_02_unused).decode('utf-8')+"\n")
261 | 
262 | name="09. vWii common key"
263 | fi = open(targetfol+name+".bin", "wb")
264 | fi.write(vwii_common_key)
265 | fi.close()
266 | keytxt.write("\n"+name+": " + binascii.hexlify(vwii_common_key).decode('utf-8')+"\n")
267 | 
268 | name="10. Wii U Common Key"
269 | fi = open(targetfol+name+".bin", "wb")
270 | fi.write(wiiu_common_key)
271 | fi.close()
272 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_common_key).decode('utf-8')+"\n")
273 | 
274 | name="11. Unknown (03)"
275 | fi = open(targetfol+name+".bin", "wb")
276 | fi.write(unknown_03_unused)
277 | fi.close()
278 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_03_unused).decode('utf-8')+"\n")
279 | 
280 |  # 2. Wii U Bank
281 | keytxt.write("\n	2. Wii U Bank\n")
282 | 
283 | targetfol=out2
284 | 
285 | name="01. Unknown (04)"
286 | fi = open(targetfol+name+".bin", "wb")
287 | fi.write(unknown_04_unused)
288 | fi.close()
289 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_04_unused).decode('utf-8')+"\n")
290 | 
291 | name="02. Unknown (05)"
292 | fi = open(targetfol+name+".bin", "wb")
293 | fi.write(unknown_05_unused)
294 | fi.close()
295 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_05_unused).decode('utf-8')+"\n")
296 | 
297 | name="03. Key to encrypt or decrypt SSL RSA key"
298 | fi = open(targetfol+name+".bin", "wb")
299 | fi.write(encrypt_decrypt_ssl_rsa_key)
300 | fi.close()
301 | keytxt.write("\n"+name+": " + binascii.hexlify(encrypt_decrypt_ssl_rsa_key).decode('utf-8')+"\n")
302 | 
303 | name="04. Key to encrypt seeds for USB storage keys"
304 | fi = open(targetfol+name+".bin", "wb")
305 | fi.write(usb_storage_key_seed_encryption_key)
306 | fi.close()
307 | keytxt.write("\n"+name+": " + binascii.hexlify(usb_storage_key_seed_encryption_key).decode('utf-8')+"\n")
308 | 
309 | name="05. Unknown (06)"
310 | fi = open(targetfol+name+".bin", "wb")
311 | fi.write(unknown_06)
312 | fi.close()
313 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_06).decode('utf-8')+"\n")
314 | 
315 | name="06. Wii U XOR key"
316 | fi = open(targetfol+name+".bin", "wb")
317 | fi.write(wiiu_xor_key)
318 | fi.close()
319 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_xor_key).decode('utf-8')+"\n")
320 | 
321 | name="07. Wii U RNG key"
322 | fi = open(targetfol+name+".bin", "wb")
323 | fi.write(wiiu_rng_key)
324 | fi.close()
325 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_rng_key).decode('utf-8')+"\n")
326 | 
327 | name="08. Wii U SLC (NAND) key"
328 | fi = open(targetfol+name+".bin", "wb")
329 | fi.write(wiiu_slc_nand_key)
330 | fi.close()
331 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_slc_nand_key).decode('utf-8')+"\n")
332 | 
333 |  # 3. Wii U Bank
334 | keytxt.write("\n	3. Wii U Bank\n")
335 | 
336 | targetfol=out3
337 | 
338 | name="01. Wii U MLC (eMMC) key"
339 | fi = open(targetfol+name+".bin", "wb")
340 | fi.write(wiiu_mlc_emmc_key)
341 | fi.close()
342 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_mlc_emmc_key).decode('utf-8')+"\n")
343 | 
344 | name="02.  Key to encrypt and decrypt SHDD key"
345 | fi = open(targetfol+name+".bin", "wb")
346 | fi.write(encrypt_decrypt_shdd_key)
347 | fi.close()
348 | keytxt.write("\n"+name+": " + binascii.hexlify(encrypt_decrypt_shdd_key).decode('utf-8')+"\n")
349 | 
350 | name="03. Key to encrypt DRH WLAN data"
351 | fi = open(targetfol+name+".bin", "wb")
352 | fi.write(encryption_key_for_drh_wlan_data)
353 | fi.close()
354 | keytxt.write("\n"+name+": " + binascii.hexlify(encryption_key_for_drh_wlan_data).decode('utf-8')+"\n")
355 | 
356 | name="04. Unknown (07)"
357 | fi = open(targetfol+name+".bin", "wb")
358 | fi.write(unknown_07_unused)
359 | fi.close()
360 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_07_unused).decode('utf-8')+"\n")
361 | 
362 | name="05. Wii U SLC (NAND) HMAC"
363 | fi = open(targetfol+name+".bin", "wb")
364 | fi.write(wiiu_slc_nand_hmac)
365 | fi.close()
366 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_slc_nand_hmac).decode('utf-8')+"\n")
367 | 
368 | name="06. Unknown (08 - Padding)"
369 | fi = open(targetfol+name+".bin", "wb")
370 | fi.write(unknown_08_padding)
371 | fi.close()
372 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_08_padding).decode('utf-8')+"\n")
373 | 
374 |  # 4. Wii U Bank
375 | keytxt.write("\n	4. Wii U Bank\n")
376 | 
377 | targetfol=out4
378 | 
379 | name="01. Unknown (09)"
380 | fi = open(targetfol+name+".bin", "wb")
381 | fi.write(unknown_09_unused)
382 | fi.close()
383 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_09_unused).decode('utf-8')+"\n")
384 | 
385 | name="02. Unknown (10)"
386 | fi = open(targetfol+name+".bin", "wb")
387 | fi.write(unknown_10_unused)
388 | fi.close()
389 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_10_unused).decode('utf-8')+"\n")
390 | 
391 | name="03. Wii U NG ID"
392 | fi = open(targetfol+name+".bin", "wb")
393 | fi.write(wiiu_ng_id)
394 | fi.close()
395 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_ng_id).decode('utf-8')+"\n")
396 | 
397 | name="04. Wii U NG Private Key"
398 | fi = open(targetfol+name+".bin", "wb")
399 | fi.write(wiiu_ng_private_key)
400 | fi.close()
401 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_ng_private_key).decode('utf-8')+"\n")
402 | 
403 | name="05. Wii U private key for NSS device certificate"
404 | fi = open(targetfol+name+".bin", "wb")
405 | fi.write(wiiu_private_nss_device_cert_key)
406 | fi.close()
407 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_private_nss_device_cert_key).decode('utf-8')+"\n")
408 | 
409 | name="06. Wii U RNG seed (only the first 0x04 bytes are used)"
410 | fi = open(targetfol+name+".bin", "wb")
411 | fi.write(wiiu_otp_rng_seed)
412 | fi.close()
413 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_otp_rng_seed).decode('utf-8')+"\n")
414 | 
415 | name="07. Unknown (12)"
416 | fi = open(targetfol+name+".bin", "wb")
417 | fi.write(unknown_12_unused)
418 | fi.close()
419 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_12_unused).decode('utf-8')+"\n")
420 | 
421 | # 5. Wii U Bank
422 | keytxt.write("\n	5. Wii U Bank\n")
423 | 
424 | targetfol=out5
425 | 
426 | name="01. Wii U root certificate MS ID"
427 | fi = open(targetfol+name+".bin", "wb")
428 | fi.write(wiiu_root_cert_ms_id_0x00000012)
429 | fi.close()
430 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_root_cert_ms_id_0x00000012).decode('utf-8')+"\n")
431 | 
432 | name="02. Wii U root certificate CA ID"
433 | fi = open(targetfol+name+".bin", "wb")
434 | fi.write(wiiu_root_cert_ca_id_0x00000003)
435 | fi.close()
436 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_root_cert_ca_id_0x00000003).decode('utf-8')+"\n")
437 | 
438 | name="03.  Wii U root certificate NG key ID"
439 | fi = open(targetfol+name+".bin", "wb")
440 | fi.write(wiiu_root_cert_ng_key_id)
441 | fi.close()
442 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_root_cert_ng_key_id).decode('utf-8')+"\n")
443 | 
444 | name="04. Wii U root certificate NG signature"
445 | fi = open(targetfol+name+".bin", "wb")
446 | fi.write(wiiu_root_cert_ng_signature)
447 | fi.close()
448 | keytxt.write("\n"+name+": " + binascii.hexlify(wiiu_root_cert_ng_signature).decode('utf-8')+"\n")
449 | 
450 | name="04. Unknown (14 - Unused)"
451 | fi = open(targetfol+name+".bin", "wb")
452 | fi.write(unknown_14_unused)
453 | fi.close()
454 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_14_unused).decode('utf-8')+"\n")
455 | 
456 | name="05. Unknown (locked out by boot1)"
457 | fi = open(targetfol+name+".bin", "wb")
458 | fi.write(unknown_15_locked_by_boot1)
459 | fi.close()
460 | keytxt.write("\n"+name+": " + binascii.hexlify(unknown_15_locked_by_boot1).decode('utf-8')+"\n")
461 | 
462 | # 7. Misc Bank
463 | keytxt.write("\n	7. Wii U Bank\n")
464 | 
465 | targetfol=out7
466 | 
467 | name="01. Unknown (locked by boot1)"
468 | fi = open(targetfol+name+".bin", "wb")
469 | fi.write(boot1_locked_unknown_01)
470 | fi.close()
471 | keytxt.write("\n"+name+": " + binascii.hexlify(boot1_locked_unknown_01).decode('utf-8')+"\n")
472 | 
473 | name="02. boot1 key (locked by boot0)"
474 | fi = open(targetfol+name+".bin", "wb")
475 | fi.write(boot1_key_locked_by_b0)
476 | fi.close()
477 | keytxt.write("\n"+name+": " + binascii.hexlify(boot1_key_locked_by_b0).decode('utf-8')+"\n")
478 | 
479 | name="03. Unknown (locked out by boot0, not used)"
480 | fi = open(targetfol+name+".bin", "wb")
481 | fi.write(boot0_locked_unused_01)
482 | fi.close()
483 | keytxt.write("\n"+name+": " + binascii.hexlify(boot0_locked_unused_01).decode('utf-8')+"\n")
484 | 
485 | name="04. Empty 1"
486 | fi = open(targetfol+name+".bin", "wb")
487 | fi.write(misc_empty1)
488 | fi.close()
489 | keytxt.write("\n"+name+": " + binascii.hexlify(misc_empty1).decode('utf-8')+"\n")
490 | 
491 | name="05. Empty 2"
492 | fi = open(targetfol+name+".bin", "wb")
493 | fi.write(misc_empty2)
494 | fi.close()
495 | keytxt.write("\n"+name+": " + binascii.hexlify(misc_empty2).decode('utf-8')+"\n")
496 | 
497 | name="06. OTP Version and Revision"
498 | fi = open(targetfol+name+".bin", "wb")
499 | fi.write(otp_date_code)
500 | fi.close()
501 | keytxt.write("\n"+name+": " + binascii.hexlify(otp_date_code).decode('utf-8')+"\n")
502 | 
503 | name="07. OTP Date Code"
504 | fi = open(targetfol+name+".bin", "wb")
505 | fi.write(otp_version_and_revision)
506 | fi.close()
507 | keytxt.write("\n"+name+": " + binascii.hexlify(otp_version_and_revision).decode('utf-8')+"\n")
508 | 
509 | name="08. OTP Version Name String"
510 | fi = open(targetfol+name+".bin", "wb")
511 | fi.write(otp_version_name_string)
512 | fi.close()
513 | keytxt.write("\n"+name+": " + binascii.hexlify(otp_version_name_string).decode('utf-8')+"\n")
514 | 
515 | name="09. Empty 3"
516 | fi = open(targetfol+name+".bin", "wb")
517 | fi.write(misc_empty3)
518 | fi.close()
519 | keytxt.write("\n"+name+": " + binascii.hexlify(misc_empty3).decode('utf-8')+"\n")
520 | 
521 | name="10. JTAG status"
522 | fi = open(targetfol+name+".bin", "wb")
523 | fi.write(jtag_status)
524 | fi.close()
525 | keytxt.write("\n"+name+": " + binascii.hexlify(jtag_status).decode('utf-8')+"\n")
526 | #End file output
527 | 


--------------------------------------------------------------------------------