What I'm interested in is whether Nintendo is going to sue Foxconn for the leaking of the design related docs. If this were to happen to Apple design schematics, which values it's secrecy highly, Foxconn would be sued like you wouldn't believe.
The consoles would have the public keys coded into the systems, not the private, but the private key is required to sign the programs that will be installed onto the system. Assymetric encryption and signatures: When you sign a program, what happens is the system creates a checksum of the program or a file, something that is used to verify the file isn't corrupted. Then the private key is use to encrypt the checksum, so that when you verify the signature, the public key decrypts the checksum and compares that with the file again. Signatures ensure 2 things. That the file isn't corrupted and thereby won't screw up the system, and verifies that it came from official sources and hasn't been altered in any way that could cause problems, like for PCs, installing a virus unknowingly.Clearly a lot of people here don't understand any cryptography.
Obviously the article is fake, but Foxconn most likely don't have the private keys anyway since they have no need for them. The file packages they'd be flashing would already be signed. Private keys never leave the business that created them, otherwise they can't be considered private. Finally, consoles only contain public keys and nothing more. Public keys are of course useless for hackers because they're only used to verify that signed packages are legitimate.
Nope, OTP can ONLY be flashed one way. Every single byte by default is 0 in OTP. When it is being written, some bytes are changed to 1. It is impossible to change a byte back to 0 once it has been changed to 1. Bytes that are still 0 can be changed to 1, this can theoretically even be done by the system (if someone wanted to really mess up a Wii, they could change a few 0s in OTP to 1s).
You mention flashing NANDs - that has nothing to do with this. If keys are being stored in OTP, as they were on Wii, they cannot be reflashed (well, they can be increased in value by changing some 0s to 1s, but not properly rewritten to any new randomly generated key).
Today is not April Fools day. Plus, I don't know how to write any bit of a good article, especially one that isn't all about how fucking great I am. When it comes down to PR type stuff, I leave it all up to XFlak to write up everything, I just give him ideas on what basically needs to be said. I haven't even gotten the chance to talk with XFlak about this yet.Shush it. He wouldn't do that to us!Wait so no one else but DeadlyFoez has seen the article?
For all we know, he could have made it up. :/
Exception: the never-ending update, which he did do to us.
Dear snikerz,
I can hereby confirm that no such article has been published on Engadget. As an organization that supports the freedom of the press, we're also offended by the reproach of removing that article.
Yours sincerely,
Darren Murph
Engadget Managing Editor, Weblogs, Inc.
[email protected]
Sounds to me almost like acknowledgement of said article with that wording....Dear snikerz,
I can hereby confirm that no such article has been published on Engadget. As an organization that supports the freedom of the press, we're also offended by the reproach of removing that article.
Yours sincerely,
Darren Murph
Engadget Managing Editor, Weblogs, Inc.
[email protected]
FYI, there is no such FTP server. All their drivers are only available via HTTP download.Electronics manufacturer Foxconn has mistakenly placed the private keys and other design related documents for the Nintendo Wii-U on the public portion of their FTP server that they use for hosting drivers and software. The mistake was noticed by an engineer early Wednesday, but not before the documents had been downloaded more than a dozen times.
Thank you for the clarification.Hey guys, this is Tim Stevens, editor-in-chief at Engadget.
First off, we did not run this post. We've checked all our system logs and nothing like this ran on our site. Additionally, that post is not written using our grammatical and style standards. It just isn't an Engadget post. I don't know who made it up or why, but someone did.
Secondly, the supposed email from Darren Murph posted above is also a fake. I don't know why someone would fake a denial email but it is, indeed fake.
Finally, as proof that I am indeed the real Tim Stevens, I'll be tweeting about this shortly. I'm @Tim_Stevens and you can check it out yourself.
Thanks all for reading, we love you all -- even those making up junk.
-tim stevens
editor-in-chief, Engadget