Hacking Fail0verflow release more... somethings.

Status
Not open for further replies.

Supercool330

Well-Known Member
Member
Joined
Sep 28, 2008
Messages
752
Trophies
1
XP
1,108
Country
United States
I would guess that these are file hashes for some sort of exploit that they are sharing on some sort of anonymous file sharing network that uses sha-1 hashes. Those that the messages are intended for know how to use the hashes to get the files, and it doesn't leave a peer to peer file trail. Either that, or they could be hashes of keys, but that would be stupid as Nintendo could easily figure out which keys had been compromised without them being released to the community.

I'm sure the congress thing is a reference to 29C3 (which ends today). That I know of, Failoverflow didn't have any talks scheduled, but they almost certainly had tables. Maybe one of the 29 people cheering on the one will shed some light on what is happening. Recordings of the talks can be found here.
 

Vappy

Well-Known Member
Member
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
Likely a reference to
Hector Martin@marcan42
At 29C3. My Wii has a public IP. HBC has a class B (/16) filter. The 29c3 net is a class B. The entire congress can upload code to my Wii.
Hector Martin@marcan42
I mean, what could possibly go wrong?

then, after f0f tweeted that, he posted
Hector Martin@marcan42
I love it when people forget to strip their binaries. Thanks, Nintendo!
 

Ray Lewis

Banned!
Banned
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Usually the trick is to run UNSIGNED code some how. 360 was JTAG then RGH, PS3 I avoided but was figured out, BUT if they have THE key to sign programs with, that would probably be WIDE OPEN system then. This is all speculation here guys, was part of PSP days, WII days, 360 days, handy with the soldering iron, RGH 360s for people, and honestly I am very excited about the releases of information. ANTICIPATION is killing me;-)
 

Vappy

Well-Known Member
Member
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
Could be possible they've found a way to calculate the private keys. I think it was mentioned that what they'd found would be difficult for Nintendo to fix.
 

Ray Lewis

Banned!
Banned
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Could be possible they've found a way to calculate the private keys. I think it was mentioned that what they'd found would be difficult for Nintendo to fix.
Have not seen anything mentioning hard for Nintendo to fix. Proof? Link? A guy posted a conversation and I realized it involved reverse engineering. No other reason for a "non stripped binary" to be relevant that I could imagine. Did not see all conversation either.
Edit: correction, that guy was you vappy. Have more convo to share, please?
 

Vappy

Well-Known Member
Member
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
No first party account, I read it in a thread on NeoGAF.
http://www.neogaf.com/forum/showpost.php?p=45571876&postcount=389

Anyway. Heard some chatter on IRC about failoverflows find. Not much to go on, but for what its worth, it sounds like the kind of exploit that Nintendo are going to find it INCREDIBLY hard to patch. This is Wii levels of hacked, all due to a shoddily put together OS.

This isn't just a small user mode exploit. This blows the console wide open. Full kernel access.

Homebrew? Of course. Backups? Definitely. Piracy? Unfortunately, yes.

I'm excited for homebrew. Not happy about piracy, and neither is Marcan from what I see.


Normally I wouldn't hold much trust to someone I've never heard of posting some rumor mill stock, but with NeoGAF being known as on the whole much more reliable than your average forum, and with the post seeming believable, I reckon it's worth not ignoring.
 

Ray Lewis

Banned!
Banned
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Anyone run sha-1 hashes through decryption? Found some websites that claim they can be decrypted once hashes are found;-). Not my specialty but possibly this is hash for private keys;-)
 

whinis

Active Member
Newcomer
Joined
Apr 16, 2010
Messages
42
Trophies
1
XP
257
Country
United States
SHA-1 can't be decrypted its not an encryption but rather a sum of the parts. The best you can do is find a value that gives the same SHA-1. This would be useless to us unfortunately,
 

mike333

Well-Known Member
Member
Joined
Aug 30, 2010
Messages
718
Trophies
0
XP
233
Country
Poland
SHA-1 can't be decrypted its not an encryption but rather a sum of the parts. The best you can do is find a value that gives the same SHA-1. This would be useless to us unfortunately,
What if You are calculating sha of sensitive data which is short? There are techniques which allows You to make collision and still provide useful data from You standpoint.

edit:
About fail overflow blog, they are hovering 16 bytes of 20byte hash.
So maybe wiiu software only checks for 16 bytes which makes collisions easier?
 

whinis

Active Member
Newcomer
Joined
Apr 16, 2010
Messages
42
Trophies
1
XP
257
Country
United States
What if You are calculating sha of sensitive data which is short? There are techniques which allows You to make collision and still provide useful data from You standpoint.

edit:
About fail overflow blog, they are hovering 16 bytes of 20byte hash.
So maybe wiiu software only checks for 16 bytes which makes collisions easier?

Seems rather unlikely and more that they are replicating their logo. Also I believe a key would be 32 or 64 bytes but its not my specialty. And while you could possibly we have no idea what they are hashing, it might be a file or a key or even a memory dump.
 

Ray Lewis

Banned!
Banned
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Did not find much, surprised more people are not fiending over what this is and what it COULD mean.
 
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    straferz @ straferz: Anybody know why this is happening to my ACWW town...