Fail0verflow release more... somethings.

Discussion in 'Wii U - Hacking & Homebrew' started by Gnargle, Dec 30, 2012.

Thread Status:
Not open for further replies.
Dec 30, 2012
    • Member

    Gnargle I am not a New Member, I've been here since 2008!

    Member Since:
    Jul 29, 2008
    Message Count:
    568
    Location:
    England
    Country:
    United Kingdom
    http://fail0verflow.com/blog/2012/30days.html
    These guys. I don't know what's going on but also, I don't care. I AM EXCITE.


    • Member

    mike333 New Member

    Member Since:
    Aug 30, 2010
    Message Count:
    666
    Country:
    Poland
    this looks like status update from 29C3
    we should get more info in a few days
    • Member

    SifJar Not a pirate

    Member Since:
    Apr 4, 2009
    Message Count:
    6,022
    Country:
    United Kingdom
    Hashes. They are hashes. SHA-1 hashes.
    • Member

    Gnargle I am not a New Member, I've been here since 2008!

    Member Since:
    Jul 29, 2008
    Message Count:
    568
    Location:
    England
    Country:
    United Kingdom
    I am fully aware of that, but they're hashes for... things. And we don't know what things.
    • Member

    Supercool330 New Member

    Member Since:
    Sep 28, 2008
    Message Count:
    594
    Country:
    United States
    I would guess that these are file hashes for some sort of exploit that they are sharing on some sort of anonymous file sharing network that uses sha-1 hashes. Those that the messages are intended for know how to use the hashes to get the files, and it doesn't leave a peer to peer file trail. Either that, or they could be hashes of keys, but that would be stupid as Nintendo could easily figure out which keys had been compromised without them being released to the community.

    I'm sure the congress thing is a reference to 29C3 (which ends today). That I know of, Failoverflow didn't have any talks scheduled, but they almost certainly had tables. Maybe one of the 29 people cheering on the one will shed some light on what is happening. Recordings of the talks can be found here.
    Last edited by Supercool330, Dec 30, 2012
    • Member

    Vappy New Member

    Member Since:
    May 23, 2012
    Message Count:
    575
    Country:
    United Kingdom
    Likely a reference to
    Hector Martin@marcan42
    At 29C3. My Wii has a public IP. HBC has a class B (/16) filter. The 29c3 net is a class B. The entire congress can upload code to my Wii.
    Hector Martin@marcan42
    I mean, what could possibly go wrong?

    then, after f0f tweeted that, he posted
    Hector Martin@marcan42
    I love it when people forget to strip their binaries. Thanks, Nintendo!
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Usually the trick is to run UNSIGNED code some how. 360 was JTAG then RGH, PS3 I avoided but was figured out, BUT if they have THE key to sign programs with, that would probably be WIDE OPEN system then. This is all speculation here guys, was part of PSP days, WII days, 360 days, handy with the soldering iron, RGH 360s for people, and honestly I am very excited about the releases of information. ANTICIPATION is killing me;-)
    • Member

    Vappy New Member

    Member Since:
    May 23, 2012
    Message Count:
    575
    Country:
    United Kingdom
    Could be possible they've found a way to calculate the private keys. I think it was mentioned that what they'd found would be difficult for Nintendo to fix.
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Have not seen anything mentioning hard for Nintendo to fix. Proof? Link? A guy posted a conversation and I realized it involved reverse engineering. No other reason for a "non stripped binary" to be relevant that I could imagine. Did not see all conversation either.
    Edit: correction, that guy was you vappy. Have more convo to share, please?
    Last edited by Ray Lewis, Dec 31, 2012
    • Member

    Vappy New Member

    Member Since:
    May 23, 2012
    Message Count:
    575
    Country:
    United Kingdom
    No first party account, I read it in a thread on NeoGAF.
    http://www.neogaf.com/forum/showpost.php?p=45571876&postcount=389


    Normally I wouldn't hold much trust to someone I've never heard of posting some rumor mill stock, but with NeoGAF being known as on the whole much more reliable than your average forum, and with the post seeming believable, I reckon it's worth not ignoring.
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Thanks for that. Any specific forums or places where failoverlow talks can be seen? Anymore info?
    • Newcomer

    lampjese New Member

    Member Since:
    Oct 11, 2009
    Message Count:
    84
    Location:
    Schoorl
    Country:
    Netherlands
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Thanks, added that to favorites
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Anyone run sha-1 hashes through decryption? Found some websites that claim they can be decrypted once hashes are found;-). Not my specialty but possibly this is hash for private keys;-)
    • Newcomer

    whinis New Member

    Member Since:
    Apr 16, 2010
    Message Count:
    24
    Country:
    United States
    SHA-1 can't be decrypted its not an encryption but rather a sum of the parts. The best you can do is find a value that gives the same SHA-1. This would be useless to us unfortunately,
    • Member

    mike333 New Member

    Member Since:
    Aug 30, 2010
    Message Count:
    666
    Country:
    Poland
    What if You are calculating sha of sensitive data which is short? There are techniques which allows You to make collision and still provide useful data from You standpoint.

    edit:
    About fail overflow blog, they are hovering 16 bytes of 20byte hash.
    So maybe wiiu software only checks for 16 bytes which makes collisions easier?
    Last edited by mike333, Dec 31, 2012
    • Newcomer

    whinis New Member

    Member Since:
    Apr 16, 2010
    Message Count:
    24
    Country:
    United States
    Seems rather unlikely and more that they are replicating their logo. Also I believe a key would be 32 or 64 bytes but its not my specialty. And while you could possibly we have no idea what they are hashing, it might be a file or a key or even a memory dump.
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Interesting stuff. I keep checking around for updated or even leaked inside info.
    • Member

    Ray Lewis New Member

    Member Since:
    Dec 30, 2012
    Message Count:
    1,306
    Country:
    United States
    Did not find much, surprised more people are not fiending over what this is and what it COULD mean.

SPONSORED LINKS
 
Thread Status:
Not open for further replies.

Share This Page