diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp
index b974c92a7c..de7d6aadc9 100644
--- a/Source/Core/Core/IOS/ES/ES.cpp
+++ b/Source/Core/Core/IOS/ES/ES.cpp
@@ -490,9 +490,9 @@ IPCCommandResult ES::ESGetDeviceID(const IOCtlVRequest& request)
 {
   _dbg_assert_msg_(IOS_ES, request.io_vectors.size() == 1, "IOCTL_ES_GETDEVICEID no io vectors");
 
-  EcWii& ec = EcWii::GetInstance();
-  INFO_LOG(IOS_ES, "IOCTL_ES_GETDEVICEID %08X", ec.getNgId());
-  Memory::Write_U32(ec.getNgId(), request.io_vectors[0].address);
+  const EcWii& ec = EcWii::GetInstance();
+  INFO_LOG(IOS_ES, "IOCTL_ES_GETDEVICEID %08X", ec.GetNGID());
+  Memory::Write_U32(ec.GetNGID(), request.io_vectors[0].address);
   return GetDefaultReply(IPC_SUCCESS);
 }
 
@@ -1246,8 +1246,8 @@ IPCCommandResult ES::GetDeviceCertificate(const IOCtlVRequest& request)
   _dbg_assert_(IOS_ES, request.io_vectors.size() == 1);
   u8* destination = Memory::GetPointer(request.io_vectors[0].address);
 
-  EcWii& ec = EcWii::GetInstance();
-  get_ng_cert(destination, ec.getNgId(), ec.getNgKeyId(), ec.getNgPriv(), ec.getNgSig());
+  const EcWii& ec = EcWii::GetInstance();
+  MakeNGCert(destination, ec.GetNGID(), ec.GetNGKeyID(), ec.GetNGPriv(), ec.GetNGSig());
   return GetDefaultReply(IPC_SUCCESS);
 }
 
@@ -1259,9 +1259,8 @@ IPCCommandResult ES::Sign(const IOCtlVRequest& request)
   u32 data_size = request.in_vectors[0].size;
   u8* sig_out = Memory::GetPointer(request.io_vectors[0].address);
 
-  EcWii& ec = EcWii::GetInstance();
-  get_ap_sig_and_cert(sig_out, ap_cert_out, m_TitleID, data, data_size, ec.getNgPriv(),
-                      ec.getNgId());
+  const EcWii& ec = EcWii::GetInstance();
+  MakeAPSigAndCert(sig_out, ap_cert_out, m_TitleID, data, data_size, ec.GetNGPriv(), ec.GetNGID());
 
   return GetDefaultReply(IPC_SUCCESS);
 }
diff --git a/Source/Core/Core/IOS/Network/Net.cpp b/Source/Core/Core/IOS/Network/Net.cpp
index 5380bdfcb6..106bef8f0e 100644
--- a/Source/Core/Core/IOS/Network/Net.cpp
+++ b/Source/Core/Core/IOS/Network/Net.cpp
@@ -149,8 +149,8 @@ IPCCommandResult NetKDRequest::IOCtl(const IOCtlRequest& request)
         u8 id_ctr = config.IdGen();
         u8 hardware_model = GetHardwareModel(model);
 
-        EcWii& ec = EcWii::GetInstance();
-        u32 HollywoodID = ec.getNgId();
+        const EcWii& ec = EcWii::GetInstance();
+        u32 HollywoodID = ec.GetNGID();
         u64 UserID = 0;
 
         s32 ret = NWC24MakeUserID(&UserID, HollywoodID, id_ctr, hardware_model, area_code);
diff --git a/Source/Core/Core/ec_wii.cpp b/Source/Core/Core/ec_wii.cpp
index b756f666a2..89a68ee396 100644
--- a/Source/Core/Core/ec_wii.cpp
+++ b/Source/Core/Core/ec_wii.cpp
@@ -7,25 +7,27 @@
 // Licensed under the terms of the GNU GPL, version 2
 // http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 
+#include "Core/ec_wii.h"
+
 #include <cstdio>
 #include <string.h>
 
 #include <mbedtls/sha1.h>
 
+#include "Common/CommonFuncs.h"
 #include "Common/Crypto/ec.h"
 #include "Common/FileUtil.h"
 #include "Common/Logging/Log.h"
-#include "Core/ec_wii.h"
 
-static u32 default_NG_id = 0x0403AC68;
-static u32 default_NG_key_id = 0x6AAB8C59;
+constexpr u32 default_NG_id = 0x0403AC68;
+constexpr u32 default_NG_key_id = 0x6AAB8C59;
 
-static u8 default_NG_priv[] = {
+constexpr u8 default_NG_priv[] = {
     0x00, 0xAB, 0xEE, 0xC1, 0xDD, 0xB4, 0xA6, 0x16, 0x6B, 0x70, 0xFD, 0x7E, 0x56, 0x67, 0x70,
     0x57, 0x55, 0x27, 0x38, 0xA3, 0x26, 0xC5, 0x46, 0x16, 0xF7, 0x62, 0xC9, 0xED, 0x73, 0xF2,
 };
 
-static u8 default_NG_sig[] = {
+constexpr u8 default_NG_sig[] = {
     // R
     0x00, 0xD8, 0x81, 0x63, 0xB2, 0x00, 0x6B, 0x0B, 0x54, 0x82, 0x88, 0x63, 0x81, 0x1C, 0x00, 0x71,
     0x12, 0xED, 0xB7, 0xFD, 0x21, 0xAB, 0x0E, 0x50, 0x0E, 0x1F, 0xBF, 0x78, 0xAD, 0x37,
@@ -34,7 +36,18 @@ static u8 default_NG_sig[] = {
     0xB8, 0xA8, 0x90, 0x1F, 0xA8, 0x2A, 0x0E, 0x4E, 0x76, 0xEF, 0x44, 0x72, 0x99, 0xF8,
 };
 
-// get_ng_cert
+static void MakeBlankSigECCert(u8* cert_out, const char* signer, const char* name,
+                               const u8* private_key, u32 key_id)
+{
+  memset(cert_out, 0, 0x180);
+  *(u32*)cert_out = Common::swap32(0x10002);
+
+  strncpy((char*)cert_out + 0x80, signer, 0x40);
+  *(u32*)(cert_out + 0xc0) = Common::swap32(2);
+  strncpy((char*)cert_out + 0xc4, name, 0x40);
+  *(u32*)(cert_out + 0x104) = Common::swap32(key_id);
+  ec_priv_to_pub(private_key, cert_out + 0x108);
+}
 
 // ng_cert_out is a pointer to a 0x180 byte buffer that will contain the device-unique certificate
 // NG_id is the device-unique id to use
@@ -43,7 +56,7 @@ static u8 default_NG_sig[] = {
 // NG_sig is the device-unique signature blob (from issuer) to use
 // if NG_priv iis nullptr or NG_sig is nullptr or NG_id is 0 or NG_key_id is 0, default values
 // will be used for all of them
-void get_ng_cert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, const u8* NG_sig)
+void MakeNGCert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, const u8* NG_sig)
 {
   char name[64];
   if ((NG_id == 0) || (NG_key_id == 0) || (NG_priv == nullptr) || (NG_sig == nullptr))
@@ -55,7 +68,7 @@ void get_ng_cert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, c
   }
 
   sprintf(name, "NG%08x", NG_id);
-  make_blanksig_ec_cert(ng_cert_out, "Root-CA00000001-MS00000002", name, NG_priv, NG_key_id);
+  MakeBlankSigECCert(ng_cert_out, "Root-CA00000001-MS00000002", name, NG_priv, NG_key_id);
   memcpy(ng_cert_out + 4, NG_sig, 60);
 }
 
@@ -70,8 +83,8 @@ void get_ng_cert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, c
 // NG_priv is the device-unique private key to use
 // NG_id is the device-unique id to use
 // if NG_priv is nullptr or NG_id is 0, it will use builtin defaults
-void get_ap_sig_and_cert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u32 data_size,
-                         const u8* NG_priv, u32 NG_id)
+void MakeAPSigAndCert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u32 data_size,
+                      const u8* NG_priv, u32 NG_id)
 {
   u8 hash[20];
   u8 ap_priv[30];
@@ -94,7 +107,7 @@ void get_ap_sig_and_cert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u
 
   sprintf(signer, "Root-CA00000001-MS00000002-NG%08x", NG_id);
   sprintf(name, "AP%08x%08x", (u32)(title_id >> 32), (u32)(title_id & 0xffffffff));
-  make_blanksig_ec_cert(ap_cert_out, signer, name, ap_priv, 0);
+  MakeBlankSigECCert(ap_cert_out, signer, name, ap_priv, 0);
 
   mbedtls_sha1(ap_cert_out + 0x80, 0x100, hash);
   generate_ecdsa(ap_cert_out + 4, ap_cert_out + 34, NG_priv, hash);
@@ -103,19 +116,6 @@ void get_ap_sig_and_cert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u
   generate_ecdsa(sig_out, sig_out + 30, ap_priv, hash);
 }
 
-void make_blanksig_ec_cert(u8* cert_out, const char* signer, const char* name,
-                           const u8* private_key, u32 key_id)
-{
-  memset(cert_out, 0, 0x180);
-  *(u32*)cert_out = Common::swap32(0x10002);
-
-  strncpy((char*)cert_out + 0x80, signer, 0x40);
-  *(u32*)(cert_out + 0xc0) = Common::swap32(2);
-  strncpy((char*)cert_out + 0xc4, name, 0x40);
-  *(u32*)(cert_out + 0x104) = Common::swap32(key_id);
-  ec_priv_to_pub(private_key, cert_out + 0x108);
-}
-
 EcWii::EcWii()
 {
   bool init = true;
@@ -158,6 +158,26 @@ EcWii::~EcWii()
 {
 }
 
+u32 EcWii::GetNGID() const
+{
+  return Common::swap32(BootMiiKeysBin.ng_id);
+}
+
+u32 EcWii::GetNGKeyID() const
+{
+  return Common::swap32(BootMiiKeysBin.ng_key_id);
+}
+
+const u8* EcWii::GetNGPriv() const
+{
+  return BootMiiKeysBin.ng_priv;
+}
+
+const u8* EcWii::GetNGSig() const
+{
+  return BootMiiKeysBin.ng_sig;
+}
+
 void EcWii::InitDefaults()
 {
   memset(&BootMiiKeysBin, 0, sizeof(BootMiiKeysBin));
diff --git a/Source/Core/Core/ec_wii.h b/Source/Core/Core/ec_wii.h
index 9142c666fb..99b1bafeaf 100644
--- a/Source/Core/Core/ec_wii.h
+++ b/Source/Core/Core/ec_wii.h
@@ -24,15 +24,11 @@
 
 #pragma once
 
-#include "Common/CommonFuncs.h"
 #include "Common/CommonTypes.h"
 
-void get_ng_cert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, const u8* NG_sig);
-void get_ap_sig_and_cert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u32 data_size,
-                         const u8* NG_priv, u32 NG_id);
-
-void make_blanksig_ec_cert(u8* cert_out, const char* signer, const char* name,
-                           const u8* private_key, u32 key_id);
+void MakeNGCert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, const u8* NG_sig);
+void MakeAPSigAndCert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u32 data_size,
+                      const u8* NG_priv, u32 NG_id);
 
 class EcWii
 {
@@ -40,10 +36,11 @@ public:
   EcWii();
   ~EcWii();
   static EcWii& GetInstance();
-  u32 getNgId() { return Common::swap32(BootMiiKeysBin.ng_id); }
-  u32 getNgKeyId() { return Common::swap32(BootMiiKeysBin.ng_key_id); }
-  const u8* getNgPriv() { return BootMiiKeysBin.ng_priv; }
-  const u8* getNgSig() { return BootMiiKeysBin.ng_sig; }
+  u32 GetNGID() const;
+  u32 GetNGKeyID() const;
+  const u8* GetNGPriv() const;
+  const u8* GetNGSig() const;
+
 private:
   void InitDefaults();