It's the scene's name for a bug in the signature check, present in many IOS and boot1
Before data is executed or copied to the Wii, a mathematical function returns a rather unique and very large number, it's hash. That number is then stored in memory and will be compared to another number in the signature that comes along with the data.
For reasons that would take a lot of text to explain just consider the second number to be secure.
Both numbers are now present, and the Wii compares them. If they are equal, it will it to be executed or copied, or whatever.
Though it is not known what the real source code looks like, it is very likely, that the programmer responsible for the signature check used the c library function "strncmp", instead of "memcmp".
Both compare memory areas, byte for byte, but strcmp does handle the memory as a string (str).
Strings usually contain printable bytes and can have any length.
In many implementations a byte filled with zeros is considered to mark the end of a string, that's called a "null terminated string".
If the function "strncmp" finds a byte full of zeros, it will consider it to be the end of a string.
If the part before the zero byte is equal, both strings are considered equal, or at least the code found on the wii does.
An exception is the first byte, it has to be a match. A byte on the Wii can have 256 differnet values.
A fake signature can be created easily by testing all 256 combinations for the first byte, on will be a match, and setting the second byte to 0.
This takes just about a second.
If the bug were not present, we would have to try a lot more combinations: a 15 with 47 zeros behind.
Edited 2 time(s). Last edit at 06/24/2009 02:58AM by daniel_c_w.