Re: BootMii as boot2 on new Wii's January 21, 2010 03:34AM | Registered: 15 years ago Posts: 858 |
Re: BootMii as boot2 on new Wii's January 21, 2010 03:35AM | Registered: 15 years ago Posts: 137 |
Re: BootMii as boot2 on new Wii's January 21, 2010 03:40AM | Registered: 15 years ago Posts: 1,141 |
Re: BootMii as boot2 on new Wii's January 21, 2010 04:01AM | Registered: 15 years ago Posts: 858 |
Re: BootMii as boot2 on new Wii's January 21, 2010 05:46PM | Registered: 15 years ago Posts: 5,075 |
Quote
WikiFSX
If we found that private key, we could sign anything. Channels, saves, the like. We could do anything that Nintendo could.
Re: BootMii as boot2 on new Wii's January 22, 2010 01:41PM | Registered: 16 years ago Posts: 384 |
Re: BootMii as boot2 on new Wii's January 22, 2010 05:10PM | Registered: 15 years ago Posts: 5,075 |
Quote
profetylen
Just a thought (which doesn't probably work because it's so obvious, so someone must have thought about and done it already if it would work, but I have to mention it anyway because ***if*** it will work and I just sit and hold the information for myself that would be just horrible):
If I understand things correctly the fakesigning bug works as follows:
The Wii checks whether 2 strings (=keys) match using strcmp() which tells whether they match if the first x characters in the strings match, where x is the length of the shortest string and neither string must be an empty string. This would mean that "WiiProgrammingIsFun" and "W" would be considered matching, so all that has to be done to fakesign is try every 1 character long key until it matches, which would take a maximum of 256 tries if I've got things right (since a 1-byte-character can be 1 of 256 possible values).
In this case, we could think of "WiiProgrammingIsFun" as the private key. Then, wouldn't we know the first character in the key and can just contrinue testing every key starting with"W" and wait until we find the second character of the string (in maximum 256 tries), then repeat the process, starting with "Wi" until we have the whole private key? This way, we could find the private key with maximum only 256*256=65536 (the number of bytes in a 2048-bit-key times the number of possible values of each byte) tries, which is far (FAR!!!) less than the billions of billions of billions of billions of billions of billions of billions... of tries it would take to guess it "the natural way".
Edit: Reworked calculations
Re: BootMii as boot2 on new Wii's January 22, 2010 06:04PM | Registered: 15 years ago Posts: 286 |
Re: BootMii as boot2 on new Wii's January 22, 2010 07:15PM | Registered: 15 years ago Posts: 5,075 |
Quote
Crisco
We could even speed up the proccess by linking many computers together and using the spare processor to create on semi super computer. sorta like this.
Re: BootMii as boot2 on new Wii's January 22, 2010 07:31PM | Registered: 16 years ago Posts: 384 |
Re: BootMii as boot2 on new Wii's January 22, 2010 07:41PM | Registered: 16 years ago Posts: 276 |
Quote
profetylen
Just a thought (which doesn't probably work because it's so obvious, so someone must have thought about and done it already if it would work, but I have to mention it anyway because ***if*** it will work and I just sit and hold the information for myself that would be just horrible):
If I understand things correctly the fakesigning bug works as follows:
The Wii checks whether 2 strings (=keys) match using strcmp() which tells whether they match if the first x characters in the strings match, where x is the length of the shortest string and neither string must be an empty string. This would mean that "WiiProgrammingIsFun" and "W" would be considered matching, so all that has to be done to fakesign is try every 1 character long key until it matches, which would take a maximum of 256 tries if I've got things right (since a 1-byte-character can be 1 of 256 possible values).
In this case, we could think of "WiiProgrammingIsFun" as the private key. Then, wouldn't we know the first character in the key and can just contrinue testing every key starting with"W" and wait until we find the second character of the string (in maximum 256 tries), then repeat the process, starting with "Wi" until we have the whole private key? This way, we could find the private key with maximum only 256*256=65536 (the number of bytes in a 2048-bit-key times the number of possible values of each byte) tries, which is far (FAR!!!) less than the billions of billions of billions of billions of billions of billions of billions... of tries it would take to guess it "the natural way".
Edit: Reworked calculations
Re: BootMii as boot2 on new Wii's January 23, 2010 12:39AM | Registered: 15 years ago Posts: 137 |
Re: BootMii as boot2 on new Wii's January 23, 2010 03:44AM | Registered: 15 years ago Posts: 858 |
Re: BootMii as boot2 on new Wii's January 23, 2010 08:30AM | Registered: 15 years ago Posts: 137 |
Re: BootMii as boot2 on new Wii's January 23, 2010 12:34PM | Registered: 16 years ago Posts: 384 |
Re: BootMii as boot2 on new Wii's January 23, 2010 01:10PM | Registered: 15 years ago Posts: 858 |
Re: BootMii as boot2 on new Wii's January 23, 2010 01:23PM | Registered: 16 years ago Posts: 384 |
Re: BootMii as boot2 on new Wii's January 23, 2010 02:12PM | Registered: 15 years ago Posts: 858 |
Re: BootMii as boot2 on new Wii's January 23, 2010 03:25PM | Registered: 16 years ago Posts: 384 |
Re: BootMii as boot2 on new Wii's January 23, 2010 05:35PM | Registered: 15 years ago Posts: 5,075 |