1. Apekop

    OP Apekop GBAtemp Regular
    Member

    Joined:
    Apr 9, 2009
    Messages:
    223
    Country:
    Netherlands
    so, with the release of Bootmii beta, were coming to a new chapter in files we'd like to break open. The boot files.
    How are we going to go about overwriting these files with truncha bugged older versions?
    I hear these are supposed to be write once files, but is it possible to work around that?
     
  2. superrob

    superrob H4X H4X H4X!
    Member

    Joined:
    Apr 4, 2007
    Messages:
    2,464
    Country:
    *Edit* Whoops nevermind i was wrong!
     
  3. WiiCrazy

    WiiCrazy Be water my friend!
    Member

    Joined:
    May 8, 2008
    Messages:
    2,395
    Country:
    Dunno if it's writable or not but guess it's checksum or secure hash could be in the otp area... so no modifications, otherwise system will not boot...
     
  4. joda

    joda GBAtemp Fan
    Member

    Joined:
    Jul 12, 2007
    Messages:
    436
    Country:
    This unless someone discovers a weakness in SHA1 making it possible to spoof a boot1 (or boot2 for those with unvulnerable boot1s) which produces the same hash. This is however not veeeeeeeery likely since SHA1 is still considered safe, and is one of the most widely used hashing algoritms as of today. If there'd be a weakness, it'd probably be found elsewhere already.
     
  5. icefireicefire

    icefireicefire GBATemp Fails.
    Member

    Joined:
    Dec 19, 2008
    Messages:
    961
    Country:
    United States
    could be = is.
     
  6. Dialexio

    Dialexio GBAtemp Advanced Maniac
    Member

    Joined:
    Mar 14, 2009
    Messages:
    1,567
    Country:
    United States
    It is possible to modify boot1. The problem is, boot1 has its SHA-1 hash written into the OTP. That, and the fact SHA-1 was not entirely cracked means it's currently impossible to change boot1. (It's a safe assumption that the Wii will brick if the hashes don't match up.) Collision attacks have been found in SHA-1, but it is not enough to brute force the entire string.
     
  7. It is possible though right?
    I mean, it was done on the Nintendo DS?
     
  8. cwstjdenobs

    cwstjdenobs Sodomy non sapiens
    Member

    Joined:
    Mar 10, 2009
    Messages:
    1,756
    Country:
  9. piratesmack

    piratesmack GBAtemp Advanced Fan
    Member

    Joined:
    Mar 28, 2009
    Messages:
    787
    Country:
    United States
    http://hackmii.com/2009/02/bootmii-and-the-new-boot1/
     
  10. Thats talking about other non-Nintendo consoles.
    Since the Wii and DS are both Nintendo consoles i would call it an educated guess.
     
  11. WiiPower

    WiiPower GBAtemp Guru
    Member

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Gambia, The
    How about 10% of the GBAtemp members combining their PCs to brute force it? If we had a BootMii that is final, and had some space left that could be changed to brute force the signature? A correctly signed BootMii could be installed on every Wii that is hacked. Ok, i know it's not realistic, because even with such a high number of PCs, it would take 1 or 10 or 100 or 1000 or 10000... years?
     
  12. This would also make it impossible to fix unless nintendo change their signature.
     
  13. WiiPower

    WiiPower GBAtemp Guru
    Member

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Gambia, The
    No. I imagine that it would be very easy for nintendo to block that in new Wiis then, because they would know EXACTLY what to block.
     
  14. Athlon-pv

    Athlon-pv GBAtemp Advanced Fan
    Member

    Joined:
    Feb 25, 2005
    Messages:
    717
    Country:
    United States
    That largely depends on how well the client is written if you can get something like CUDA and cpu's in the mix (and the ATI counterpart (stream?) it shouldnt be that long of an excercise ....
     
  15. BlackEnigma

    BlackEnigma GBAtemp Fan
    Member

    Joined:
    Mar 1, 2009
    Messages:
    344
    Country:
    United States
    Was it scene activity that caused Nintendo to release the new boot1s in the later half of 2008 or whatever? Somehow I don't think that they just decided hey lets make a new more secure boot1.

    Basically what I'm asking is, did they take the initiative or was it a reaction?
     
  16. superrob

    superrob H4X H4X H4X!
    Member

    Joined:
    Apr 4, 2007
    Messages:
    2,464
    Country:
    Hmm well.. its still a large "safety" disorder at Nintendo's side. And since its kinda burned in it would be logic to permanently save it in the future.
     
  17. joda

    joda GBAtemp Fan
    Member

    Joined:
    Jul 12, 2007
    Messages:
    436
    Country:
    Well, without homebrew, piracy, and Datel, they probably wouldn't even know about the trucha bug ...
     
  18. WiiPower

    WiiPower GBAtemp Guru
    Member

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Gambia, The
    Just general security i guess. Boot1 had the trucha bug, and so they updated it. BootMii was announced earlier and nintendo is going to close one known hole after the other, ok they do it slowly, but they eventually do it. Imagine the various anti twilight hack updates, how long trucha was known until it was fixed in all IOS, and how long the IOS16 hole wasn't fixed.
     
  19. Apekop

    OP Apekop GBAtemp Regular
    Member

    Joined:
    Apr 9, 2009
    Messages:
    223
    Country:
    Netherlands
    thats true but since 4.0 just came out I cant imagine N coming up with games that require 4.1 for quite some time.
     
  20. WiiPower

    WiiPower GBAtemp Guru
    Member

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Gambia, The
    Next step to higher security will be WiiMotion Plus. Since it will be used by a lot of games, and will require a new driver, nintendo would be stupid not to bundle the new required IOS with some new security.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - boot1,