Wii:The Signing Bug

From ConsoleMods Wiki
Revision as of 20:53, 4 June 2022 by TrolleyMC (talk | contribs) (hello derf)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

WIP - DO NOT LINK TO ON MAIN PAGE - todo list:

explain further how the signing bug impacted homebrew

maybe include some pictures?


The Signing Bug (Also known as the trucha bug) was a massive security hole in the early versions of IOS (and Boot1) that allowed software to be easily fakesigned. The bug happened as a result of Nintendo's faulty use of strncmp in C, combined with the issue of signatures being binary hash's and not ASCII strings. Binary hash's may contain NULL bytes and if strncmp finds a NULL byte in the hash, it will stop and yield a positive result early if both hashes have the same NULL byte. This effectively made bruteforcing the signature doable in a matter of seconds. The Homebrew Channel was one of the first pieces of homebrew that took advantage of the signing bug. It was discovered by Team Twiizers that Boot1 also had the signing bug, thus effectively allowing modders to replace Boot2. The first software made to do this was Bootmii, a piece of software injected into Boot2 that allowed excellent brick protection and recovery.