lets talk boot1

Discussion in 'Wii - Hacking' started by Apekop, May 14, 2009.

May 14, 2009

lets talk boot1 by Apekop at 10:24 PM (2,706 Views / 0 Likes) 19 replies

  1. Apekop
    OP

    Member Apekop GBAtemp Regular

    Joined:
    Apr 9, 2009
    Messages:
    223
    Location:
    Location, location, location.
    Country:
    Netherlands
    so, with the release of Bootmii beta, were coming to a new chapter in files we'd like to break open. The boot files.
    How are we going to go about overwriting these files with truncha bugged older versions?
    I hear these are supposed to be write once files, but is it possible to work around that?
     
  2. superrob

    Member superrob H4X H4X H4X!

    Joined:
    Apr 4, 2007
    Messages:
    2,465
    Location:
    GBATemp factory.
    Country:
    Denmark
    *Edit* Whoops nevermind i was wrong!
     
  3. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    Dunno if it's writable or not but guess it's checksum or secure hash could be in the otp area... so no modifications, otherwise system will not boot...
     
  4. joda

    Member joda GBAtemp Fan

    Joined:
    Jul 12, 2007
    Messages:
    436
    Location:
    Umeå
    Country:
    Sweden
    This unless someone discovers a weakness in SHA1 making it possible to spoof a boot1 (or boot2 for those with unvulnerable boot1s) which produces the same hash. This is however not veeeeeeeery likely since SHA1 is still considered safe, and is one of the most widely used hashing algoritms as of today. If there'd be a weakness, it'd probably be found elsewhere already.
     
  5. icefireicefire

    Member icefireicefire GBATemp Fails.

    Joined:
    Dec 19, 2008
    Messages:
    961
    Country:
    United States
    could be = is.
     
  6. Dialexio

    Member Dialexio GBAtemp Advanced Maniac

    Joined:
    Mar 14, 2009
    Messages:
    1,546
    Country:
    United States
    It is possible to modify boot1. The problem is, boot1 has its SHA-1 hash written into the OTP. That, and the fact SHA-1 was not entirely cracked means it's currently impossible to change boot1. (It's a safe assumption that the Wii will brick if the hashes don't match up.) Collision attacks have been found in SHA-1, but it is not enough to brute force the entire string.
     
  7. beegee7730

    Banned beegee7730 ITS PAAFEKUTO!

    Joined:
    Mar 31, 2009
    Messages:
    1,693
    Location:
    England
    Country:
    United Kingdom
    It is possible though right?
    I mean, it was done on the Nintendo DS?
     
  8. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
  9. piratesmack

    Member piratesmack GBAtemp Advanced Fan

    Joined:
    Mar 28, 2009
    Messages:
    787
    Location:
    $(pwd)
    Country:
    United States
    http://hackmii.com/2009/02/bootmii-and-the-new-boot1/
     
  10. beegee7730

    Banned beegee7730 ITS PAAFEKUTO!

    Joined:
    Mar 31, 2009
    Messages:
    1,693
    Location:
    England
    Country:
    United Kingdom
    Thats talking about other non-Nintendo consoles.
    Since the Wii and DS are both Nintendo consoles i would call it an educated guess.
     
  11. WiiPower

    Member WiiPower GBAtemp Guru

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Germany
    How about 10% of the GBAtemp members combining their PCs to brute force it? If we had a BootMii that is final, and had some space left that could be changed to brute force the signature? A correctly signed BootMii could be installed on every Wii that is hacked. Ok, i know it's not realistic, because even with such a high number of PCs, it would take 1 or 10 or 100 or 1000 or 10000... years?
     
  12. beegee7730

    Banned beegee7730 ITS PAAFEKUTO!

    Joined:
    Mar 31, 2009
    Messages:
    1,693
    Location:
    England
    Country:
    United Kingdom
    This would also make it impossible to fix unless nintendo change their signature.
     
  13. WiiPower

    Member WiiPower GBAtemp Guru

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Germany
    No. I imagine that it would be very easy for nintendo to block that in new Wiis then, because they would know EXACTLY what to block.
     
  14. Athlon-pv

    Member Athlon-pv GBAtemp Advanced Fan

    Joined:
    Feb 25, 2005
    Messages:
    621
    Country:
    United States
    That largely depends on how well the client is written if you can get something like CUDA and cpu's in the mix (and the ATI counterpart (stream?) it shouldnt be that long of an excercise ....
     
  15. BlackEnigma

    Member BlackEnigma GBAtemp Fan

    Joined:
    Mar 1, 2009
    Messages:
    342
    Country:
    United States
    Was it scene activity that caused Nintendo to release the new boot1s in the later half of 2008 or whatever? Somehow I don't think that they just decided hey lets make a new more secure boot1.

    Basically what I'm asking is, did they take the initiative or was it a reaction?
     
  16. superrob

    Member superrob H4X H4X H4X!

    Joined:
    Apr 4, 2007
    Messages:
    2,465
    Location:
    GBATemp factory.
    Country:
    Denmark
    Hmm well.. its still a large "safety" disorder at Nintendo's side. And since its kinda burned in it would be logic to permanently save it in the future.
     
  17. joda

    Member joda GBAtemp Fan

    Joined:
    Jul 12, 2007
    Messages:
    436
    Location:
    Umeå
    Country:
    Sweden
    Well, without homebrew, piracy, and Datel, they probably wouldn't even know about the trucha bug ...
     
  18. WiiPower

    Member WiiPower GBAtemp Guru

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Germany
    Just general security i guess. Boot1 had the trucha bug, and so they updated it. BootMii was announced earlier and nintendo is going to close one known hole after the other, ok they do it slowly, but they eventually do it. Imagine the various anti twilight hack updates, how long trucha was known until it was fixed in all IOS, and how long the IOS16 hole wasn't fixed.
     
  19. Apekop
    OP

    Member Apekop GBAtemp Regular

    Joined:
    Apr 9, 2009
    Messages:
    223
    Location:
    Location, location, location.
    Country:
    Netherlands
    thats true but since 4.0 just came out I cant imagine N coming up with games that require 4.1 for quite some time.
     
  20. WiiPower

    Member WiiPower GBAtemp Guru

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Germany
    Next step to higher security will be WiiMotion Plus. Since it will be used by a lot of games, and will require a new driver, nintendo would be stupid not to bundle the new required IOS with some new security.
     

Share This Page