Hacking New Update Is Live

[sphere9]

any word from the developers of the homebrew channel about this?

 

[ProdigySim]

a hash is a sum of the bytes its a version of a checksum.
a signature is a password that everything (sometimes hashes) are signed with.
MD5 sums can be signed to make the signature but MD5 itself isnt anymore then
a glorified Checksum (checksums can be fooled MD5 not so much as it is a sum of
all data that can be worked out independant of the file as well)

MD5 is not cryptography

a signature is

Uh... you're not too familiar with cryptography, are you?

MD5 itself describes an algorithm for producing hashes, which are aptly named MD5 sums.

MD5 sums are: A) hashes(as they're formed from tables), and B) signatures used in cryptography.

They're used as signature keys because they are nice and random. You can't, however, USE MD5 to sign anything. Just being an MD5 hash doesn't make it any more secure. You need to get off YOUR high horse because all you're doing now is spreading misinformation. Read Wikipedia for god sakes and you'd know why you're not making sense.

I don't have a Wii but I had to read this thread out of curiosity of what is going on.

Has anyone tried hex editing the exploited TP save in case it is as simple as an MD5/CRC check? Just change something that you know won't break the exploit -- text.

The problem is that the saves (As you copy them from your SD card) are signed/encrypted. This means that you'd have to decrypt them, make a change, and encrypt them again, otherwise the saves will appear corrupt. Alternative, you could use the Save Extractor/Installer by Waninkoko which will give you unsigned, unencrypted files.

But yeah I have yet to hear from anyone who has tried this. bushing et. al. are hard at work.

Edit:
QUOTE

any word from the developers of the homebrew channel about this?

Topic on #wiidev: Don't update. Don't ask about the update. More info when we've had time to fully analyze it | Stay tuned to http://hackmii.com/2008/06/june-16-wii-update/

It actually just got updated with that link

 

[sphere9]

a hash is a sum of the bytes its a version of a checksum.
a signature is a password that everything (sometimes hashes) are signed with.
MD5 sums can be signed to make the signature but MD5 itself isnt anymore then
a glorified Checksum (checksums can be fooled MD5 not so much as it is a sum of
all data that can be worked out independant of the file as well)

MD5 is not cryptography

a signature is

Uh... you're not too familiar with cryptography, are you?

MD5 itself describes an algorithm for producing hashes, which are aptly named MD5 sums.

MD5 sums are: A) hashes(as they're formed from tables), and B) signatures used in cryptography.

They're used as signature keys because they are nice and random. You can't, however, USE MD5 to sign anything. Just being an MD5 hash doesn't make it any more secure. You need to get off YOUR high horse because all you're doing now is spreading misinformation. Read Wikipedia for god sakes and you'd know why you're not making sense.

I don't have a Wii but I had to read this thread out of curiosity of what is going on.

Has anyone tried hex editing the exploited TP save in case it is as simple as an MD5/CRC check? Just change something that you know won't break the exploit -- text.

The problem is that the saves (As you copy them from your SD card) are signed/encrypted. This means that you'd have to decrypt them, make a change, and encrypt them again, otherwise the saves will appear corrupt. Alternative, you could use the Save Extractor/Installer by Waninkoko which will give you unsigned, unencrypted files.

But yeah I have yet to hear from anyone who has tried this. bushing et. al. are hard at work.

Edit:
QUOTE

any word from the developers of the homebrew channel about this?

Topic on #wiidev: Don't update. Don't ask about the update. More info when we've had time to fully analyze it | Stay tuned to http://hackmii.com/2008/06/june-16-wii-update/

It actually just got updated with that link

thanks

 

[littlestevie]

a hash is a sum of the bytes its a version of a checksum.
a signature is a password that everything (sometimes hashes) are signed with.
MD5 sums can be signed to make the signature but MD5 itself isnt anymore then
a glorified Checksum (checksums can be fooled MD5 not so much as it is a sum of
all data that can be worked out independant of the file as well)

MD5 is not cryptography

a signature is

Uh... you're not too familiar with cryptography, are you?

MD5 itself describes an algorithm for producing hashes, which are aptly named MD5 sums.

MD5 sums are: A) hashes(as they're formed from tables), and B) signatures used in cryptography.

i am familiar with cryptography (i mainly work with the "RSA" encryption protocals) and was merely simplifying it

the fact is MD5 is a 1 way sceme as someone already said.

if you MD5 sum a file then embed it in the header it would verify the fact that the file is good for the wii, but then if you edited the file
then re-MD5'd it replaced th current MD5 in place then everything would get the all clear, the only way to make it safe would be to sign the MD5 with a private-public key pair (everything else would be able to expose the password to sign it) in the case of a save file the wii would need to sign the MD5 so the encryption key for it could be extracted (remember there is a program called tweezeSD that dumps the ram which runs in Gamecube mode) once an MD5 sum is calculated the original data is not easily recoverable, the xbox and xbox360 use a similar method for signing executables. a SHA-1 hash is made of the file. The SHA-1 hash is signed with an RSA-2048 private key. The Hash is then Decrypted with the Public Key. The Hash is then compared against the current Hash of the file. If any step is broken (like the signature has been broken of the SHA-1 Hash or the SHA-1 hash does not match the current hash of the file) it is known it has been tampered with, and fails the signature check and is rejected.

MD5 is not a Signing method....

but can be used as part of it

 

[teq]

They're used as signature keys because they are nice and random. You can't, however, USE MD5 to sign anything. Just being an MD5 hash doesn't make it any more secure. You need to get off YOUR high horse because all you're doing now is spreading misinformation. Read Wikipedia for god sakes and you'd know why you're not making sense.

Maybe I should get all of my information from Wikipedia... then I'd be as smart as you.


You might want to do a little research before making posts: http://www.w3.org/PICS/DSig/RSA-MD5_1_0.html



Edit: And just to clarify, I was not being vague by not specifying that MD5 is a valid signing method through a container/padding.

 

[homesickalien]

I'm going to encrypt both of your MD5's if you don't stop this pointless bitchfight.

 

[ProdigySim]

Maybe I should get all of my information from Wikipedia... then I'd be as smart as you.


You might want to do a little research before making posts: http://www.w3.org/PICS/DSig/RSA-MD5_1_0.html



Edit: And just to clarify, I was not being vague by not specifying that MD5 is a valid signing method through a container/padding.
If I googled to try to justify all of my answers, I'd be as smart as you.

Even in that, MD5 is only used as a checksum/identifier for the signature key. It is doing no part of the signing. It's using an RSA encryption scheme. MD5 would help Nintendo secure saves in no way. Just stop. Please. This doeesn't belong in this thread.

Edit: Bushing has updated his post. I think most people will find this most useful:
QUOTEThe strncmp signing bug has been fixed in IOS30, which is what the system menu uses. (The new signature-checking code is identical to that in IOS37.) This probably means that it will no longer boot Trucha-signed discs, but I have not yet tried it. Early reports on IRC indicate that the Homebrew Channel still works; this is consistent with my understanding that the system menu does not verify the content of already-installed content.

I don’t know why IOS31 was patched.

 

[sphere9]

why are we still having this argument

is there anyway to downgrade the firmware safely?

 

[jservs7]

More info from bushing via hackmii.com:

Update 1: IOS30 and IOS31 have been changed — specifically, the kernel. The old timestamps read:

$IOSVersion: FFS: 06/08/07 18:10:10 64M $
$IOSVersion: ES: 07/10/07 18:11:26 64M $
$IOSVersion: IOSP: 06/25/07 14:17:16 64M $

The new timestamps read

$IOSVersion: FFS: 06/08/07 18:10:10 64M $
$IOSVersion: ES: 07/10/07 18:11:26 64M $
$IOSVersion: IOSP: 04/03/08 19:37:33 64M $

It’s interesting that Nintendo bothered to update the IOSP timestamp, because the only change I see in IOSP is that the version reported changed (there’s a variable that stores the value “040308?). They’re trying to be clever; the actual bug fix was in ES, where the encryption code lives.

The strncmp signing bug has been fixed in IOS30, which is what the system menu uses. (The new signature-checking code is identical to that in IOS37.) This probably means that it will no longer boot Trucha-signed discs, but I have not yet tried it. Early reports on IRC indicate that the Homebrew Channel still works; this is consistent with my understanding that the system menu does not verify the content of already-installed content.

I don’t know why IOS31 was patched.

 

[ProdigySim]

why are we still having this argument

is there anyway to downgrade the firmware safely?

At this moment? No. Is it possible? Sure. "Safely" is a matter of opinion but there are various possibilities that should cause no harm if you're aware of what you're doing.

 

[teq]

why are we still having this argument

is there anyway to downgrade the firmware safely?

Currently, the only way is through overwriting the firmware with an earlier image of your firmware...


You're better off using a drivechip.

 

[.TakaM]

question:

Is it possible for the homebrew channel to have an update that allows you to put the HBC on an SD card and install it on another Wii that doesn't have TP save hack/modchip/etc?

 

[ProdigySim]

question:

Is it possible for the homebrew channel to have an update that allows you to put the HBC on an SD card and install it on another Wii that doesn't have TP save hack/modchip/etc?

Definitely not possible. You're just going to have to wait for another save game hack.

 

[sphere9]

question:

Is it possible for the homebrew channel to have an update that allows you to put the HBC on an SD card and install it on another Wii that doesn't have TP save hack/modchip/etc?

well thats an interesting idea...

 

[littlestevie]

why are we still having this argument

is there anyway to downgrade the firmware safely?

Currently, the only way is through overwriting the firmware with an earlier image of your firmware...


You're better off using a drivechip.

how is it better to use a drive chip

please enlighten me

@.TakaM: no it is not

 

[jservs7]

Update #2 from bushing via hackmii:

Update 2: Okay, now this is just silly. Two functions have been added to the system menu. Guess what they do:

* ipl::utility::ESMisc:eleteSavedata( (unsigned long long, EGG::Heap *))
* ipl::utility::ESMisc::VerifySavedataZD( (unsigned long long, EGG::Heap *))

We Are Not Impressed.

A good chance this might open up even more possibilities.

 

[datahoarder]

Update 2: Okay, now this is just silly. Two functions have been added to the system menu. Guess what they do:

* ipl::utility::ESMisc:eleteSavedata( (unsigned long long, EGG::Heap *))
* ipl::utility::ESMisc::VerifySavedataZD( (unsigned long long, EGG::Heap *))

EDIT: WADCheckSavedataZD

Seems like bushing added that little portion to something that was added/changed.

 

[sphere9]

i don't even know what a drivechip is...


but i know that i don't want to mod my wii :S

 

[littlestevie]

i don't even know what a drivechip is...


but i know that i don't want to mod my wii :S

All a drive chip allows is to play imported/burned games. and imported/burned/homebrew Gamecube mode stuff

 

[littlestevie]

Update #2 from bushing via hackmii:

Update 2: Okay, now this is just silly. Two functions have been added to the system menu. Guess what they do:

* ipl::utility::ESMisc:eleteSavedata( (unsigned long long, EGG::Heap *))
* ipl::utility::ESMisc::VerifySavedataZD( (unsigned long long, EGG::Heap *))

We Are Not Impressed.

A good chance this might open up even more possibilities.

please explain?

im under the impression that this means the system menu verifies all savegames and deletes ones that fail verification