WiiLi.org

[CGHA]

because of the algorithem in the handshake of the connection.
do you have some idea of how to work it out?

[Cha0s]

There are encryption algorithms for the data, but since we know one of them, we can just reverse that one and it should work. The only other issue is the device ID: it has to be the same as the nunchuck's ID. Once you've got those two things, you're all set.
_________________
Cha0s

[CGHA]

i haven't heard the nunchuck ID.
We can simulate the master to obtain data from the nunchuck,so we not only have one set of plaintext and password.

in my analysis of the data(i have got the logic analyzer), if we retrun to the wii the right data according to the 16 bytes of plaintext from wii, the wii will continuslly write/ get data from IIC address 0x52, if not,it wii cut off the data exchange.

[TiagoTiago]

it shoudl be possible to have some sort of hardware intercept the data sent between the wiimtoe and the nunchuk thru the plug in a mim attack, no? (somthinglike having a device in the cabel between the nunchuk and the wiimote, and have the device tell the computer what is going thru it whiel at the same time letting everything pass so the wiimote nor the nunchuk would realize there was somthign diferent going on there)
_________________
please put the scripts on the wiki so they dont get lost as new stuff is posted!
phpBB doesnt like me,somtimes it will forget to warn me about new replies to threads I asked it to,if you see a thread I should have responded, could please email me?

[CGHA]

i've disassemble the nunchuk and find nothing except the acceleration sensor, gamestick and a mcu have IIC bus.
i try to figure out the algorithem from scratch,but find nothing.
i am dejected .