Hacking Secret Fail0verflow key leak?

[lismati]

@fail0verflow, 5 hours ago
As usual, we failed. Correction: 3d331b3165f9638c6cd6221702b2f736f7fcf931 . We forgot to trim a bit of garbage padding.

 

[Bryon15]

If it was the Wii U private key, what would that mean exactly? (I don't know much about hacking)

 

[Deltaechoe]

If it was the Wii U private key, what would that mean exactly? (I don't know much about hacking)

If it was the private key, then it means that Nintendo picked a whole bouquet of oopsie daisies

 

[Bryon15]

Come on man. You know what I meant. What could hackers do with the key?

 

[McHaggis]

Come on man. You know what I meant. What could hackers do with the key?

Private keys are used to sign things, so it would allow us to sign software to run on a Wii U. It's not the private key, though.

Even if they did find the private key, I sincerely hope they would not release it. fail0verflow made a mistake blowing their load, a so-called, pwn everything hack, too early into the PS3's life which resulted in Sony recovering and many people on newer firmwares unable to run homebrew. To do the same thing less than a month after the Wii U was launched would be a mistake. A discovery or hack like that should only be released much later in a product's life cycle (ie when the successor is announced), though it could be used to find other exploits in the meantime.

 

[Ericthegreat]

Private keys are used to sign things, so it would allow us to sign software to run on a Wii U. It's not the private key, though.

Even if they did find the private key, I sincerely hope they would not release it. fail0verflow made a mistake blowing their load, a so-called, pwn everything hack, too early into the PS3's life which resulted in Sony recovering and many people on newer firmwares unable to run homebrew. To do the same thing less than a month after the Wii U was launched would be a mistake. A discovery or hack like that should only be released much later in a product's life cycle (ie when the successor is announced), though it could be used to find other exploits in the meantime.

Why in the world would we want to wait longer for "homebrew", when new fw are released there are always fixes found in the future.

 

[SifJar]

This is very interesting....

EDIT: Ok i got it, if you inspect the highlighted section(as element) its says sha1sum.

Nope.

<div class="sha1sum"><span class="overflow">3d331b3165f9638c6cd6221702b2f736</span>f7fcf931</div>

The entire thing is "sha1sum", not just the highlighted section.

 

[hergipotter]

@fail0verflow, 5 hours ago
As usual, we failed. Correction: 3d331b3165f9638c6cd6221702b2f736f7fcf931 . We forgot to trim a bit of garbage padding.

So it was no key. A key has no garbage padding. Maybe first WiiU firmware dump?

 

[lismati]

So it was no key. A key has no garbage padding. Maybe first WiiU firmware dump?

Not a clue what it is, but every time I see the word padding, I instantly imagine a Big Mac

 

[pwsincd]

ex wifes bra

 

[Cyan]

Sha1 of a key?
That way, they show to Nintendo that they found it (they can sha1 whatever they have), but don't provide it to other users.

Are they going to 29c3, or it's too late to register this year? maybe not enough data to show, but the first year they had things to display for the Wii.
Edit: even if we already know few things on WiiU/vWii, they could explain it to less scene-aware people.

 

[lismati]

Oh, I love the Wii Hacking talk (25-I-Think-C3, marcan and bushing only on-stage) and PS3 hacking talk as Fail0verflow on 27c3

 

[muskieratboi]

It seems like fail0verflow won't be at 29C3 (according to the speaker's list today, unless that gets updated closer to time), but there is an interesting talk on 1024 Bit RSA attack vectors that seems rather interesting for the WiiU and 3DS (not to mention, like.. every 7th gen console out there!)

http://events.ccc.de/congress/2012/Fahrplan/events/5275.en.html

There's also a talk about low-cost microprobing which could be a possible alternative to the current 3DS decapping fundraiser: http://events.ccc.de/congress/2012/Fahrplan/events/5275.en.html

 

[McHaggis]

Why in the world would we want to wait longer for "homebrew", when new fw are released there are always fixes found in the future.

Because the private key is the holy grail, no other hack compares. Waiting longer than three months after the previous exploithad been found would have meant more consoles hackable. But, of course, most people only care about themselves, as your post indicates.

 

[Rydian]

So it was no key. A key has no garbage padding. Maybe first WiiU firmware dump?

... or maybe there was garbage padding of the thing they hashed?
'Cause that'll change the hash since thew input is changing (and SHA-1's a decent hash).

 

[SifJar]

Sha1 of a key?

A key probably wouldn't have garbage padding (by "garbage padding", they mean extra bytes added to the thing they took the hash of e.g. at the start or end; a key most likely wouldn't have that). Probably some file from the WiiU system menu or whatever.

 

[Carl Rivest]

Sha1 of a key?
That way, they show to Nintendo that they found it (they can sha1 whatever they have), but don't provide it to other users.

Are they going to 29c3, or it's too late to register this year? maybe not enough data to show, but the first year they had things to display for the Wii.
Edit: even if we already know few things on WiiU/vWii, they could explain it to less scene-aware people.

They are going to 29c3 this year, and they talks about Wiiu on this page!
http://events.ccc.de/congress/2012/wiki/Fail0verflow

 

[lismati]

So when is their talk? The page doesn't give a time or even a date.

 

[SifJar]

So when is their talk? The page doesn't give a time or even a date.

That's because they aren't making a talk. They're going to be present at the conference, but they aren't giving a talk. They'll just have a few tables in the hack centre.

 

[pwsincd]

Is that a fact ?