Content Installation
Posted by whodares
|
Re: Content Installation January 02, 2009 08:43AM | Registered: 15 years ago Posts: 443 |
Actually, you're presentation at 25C3 made more sense about altering the data so the first byte is null.
Does the strcmp from the Wii check lengths as well? I would assume so, and if it does, you still need to get the second byte on the real hash to equal 0.
Is that really what Datel did? Hmmm, maybe they found an easy way to get the 2nd byte of the hash to 0. Otherwise it wouldn't make sense that they just wouldn't try and get the first byte.
Does the strcmp from the Wii check lengths as well? I would assume so, and if it does, you still need to get the second byte on the real hash to equal 0.
Is that really what Datel did? Hmmm, maybe they found an easy way to get the 2nd byte of the hash to 0. Otherwise it wouldn't make sense that they just wouldn't try and get the first byte.
|
Re: Content Installation January 02, 2009 10:37PM | Registered: 15 years ago Posts: 93 |
|
Re: Content Installation January 02, 2009 10:42PM | Admin Registered: 15 years ago Posts: 180 |
How else would they fix it? It's not like they need to write any new code or anything--there's nothing to screw up here.Quote
WiiCrazy
By the way, what was the Nintendo's fix to the fakesigning bug?
Is there still exists a silly mistake like the initial twilight hack removal code?
Did they actually replace the strcmp with memcmp?
|
Re: Content Installation January 02, 2009 10:43PM | Moderator Registered: 15 years ago Posts: 44 |
|
Re: Content Installation January 04, 2009 01:43AM | Registered: 15 years ago Posts: 93 |
Quote
tonaHow else would they fix it? It's not like they need to write any new code or anything--there's nothing to screw up here.Quote
WiiCrazy
By the way, what was the Nintendo's fix to the fakesigning bug?
Is there still exists a silly mistake like the initial twilight hack removal code?
Did they actually replace the strcmp with memcmp?
Maybe sampling some fake signatures and just adding a few extra checks for them... I don't know, if I did know some arm assembly then in the first place I wouldn't have asked that question...
What we are talking about is the last step of a huge process... maybe the easisest part of it... I can't see any reason they might still fail in the other parts of that big picture...
|
Re: Content Installation January 04, 2009 11:14AM | Registered: 15 years ago Posts: 443 |
A thought just occured to me. Please stop me if you see me go wrong.
1. The Wii has a private and public key
2. Nintendo have a private and public key
3. Nintendo signs content with their private key
4. The Wii validates signatures against Nintendo's public key
This means that Nintendo's public key must be registered within the Wii.
Would it not be possible to add a new "trusted" public key from a keyset we generate to the Wii's system? Then we could sign our own content properly.
1. The Wii has a private and public key
2. Nintendo have a private and public key
3. Nintendo signs content with their private key
4. The Wii validates signatures against Nintendo's public key
This means that Nintendo's public key must be registered within the Wii.
Would it not be possible to add a new "trusted" public key from a keyset we generate to the Wii's system? Then we could sign our own content properly.
|
Re: Content Installation January 04, 2009 08:35PM | Registered: 15 years ago Posts: 136 |
|
Re: Content Installation January 04, 2009 08:54PM | Registered: 15 years ago Posts: 443 |
That's not what I meant. Let me try and explain a different way.
From what I remember of PGP, you create a keyset (Public and Private). You distribute the public key to your friends, and you receive their public keys. You add your friends' public keys into a "key pool" so you can easily encrypt stuff for them and validate their messages.
Now I'm working on the assumption that the Wii has a "key pool", and it has Nintendo's public key listed in it (in order to validate incoming code signing). Could we not add a Homebrew public key to this pool so it would then validate code signed by either Nintendo or Homebrew.
It's not that you want to remove or edit Nintendo's public key (because you'd still want to be able to play official games), so regardless where this is stored doesn't matter.
I did have concerns on the piracy side of this, but considering they can already pirate everything anyway, I thought I'd ask.
Edited 1 time(s). Last edit at 01/04/2009 08:55PM by whodares.
From what I remember of PGP, you create a keyset (Public and Private). You distribute the public key to your friends, and you receive their public keys. You add your friends' public keys into a "key pool" so you can easily encrypt stuff for them and validate their messages.
Now I'm working on the assumption that the Wii has a "key pool", and it has Nintendo's public key listed in it (in order to validate incoming code signing). Could we not add a Homebrew public key to this pool so it would then validate code signed by either Nintendo or Homebrew.
It's not that you want to remove or edit Nintendo's public key (because you'd still want to be able to play official games), so regardless where this is stored doesn't matter.
I did have concerns on the piracy side of this, but considering they can already pirate everything anyway, I thought I'd ask.
Edited 1 time(s). Last edit at 01/04/2009 08:55PM by whodares.
|
Re: Content Installation January 05, 2009 12:28AM | Moderator Registered: 15 years ago Posts: 44 |
You can do two things with RSA:
* Encrypt data with your public key and decrypt it with your private key.
* Encrypt data with your private key and decrypt it with your public key.
Signatures are basically hashes encrypted with the private key.
Nintendo's public key is stored in boot1, boot2 and every IOS. You could easily modify it given that you can install titles on the NAND. But why would you want to that then?
You can already run code on both CPUs. Adding a homebrew key would just make things way more complicated. It's easier to just patch out the signature check or make it always return true (1 byte patch) .
And you can't just magically add a new key when you can't install titles on the NAND. It therefore doesn't help you to run your own code.
Edited 1 time(s). Last edit at 01/05/2009 12:28AM by svpe.
* Encrypt data with your public key and decrypt it with your private key.
* Encrypt data with your private key and decrypt it with your public key.
Signatures are basically hashes encrypted with the private key.
Nintendo's public key is stored in boot1, boot2 and every IOS. You could easily modify it given that you can install titles on the NAND. But why would you want to that then?
You can already run code on both CPUs. Adding a homebrew key would just make things way more complicated. It's easier to just patch out the signature check or make it always return true (1 byte patch) .
And you can't just magically add a new key when you can't install titles on the NAND. It therefore doesn't help you to run your own code.
Edited 1 time(s). Last edit at 01/05/2009 12:28AM by svpe.
|
Re: Content Installation January 05, 2009 12:15PM | Admin Registered: 15 years ago Posts: 271 |
|
Re: Content Installation January 05, 2009 12:25PM | Registered: 15 years ago Posts: 443 |
Sorry, only registered users may post in this forum.