The trucha bug!

Discussion in 'Wii - Hacking' started by jesquinas, Feb 28, 2011.

Feb 28, 2011

The trucha bug! by jesquinas at 4:44 PM (1,305 Views / 0 Likes) 5 replies

  1. jesquinas
    OP

    Member jesquinas GBAtemp Regular

    Joined:
    Apr 14, 2010
    Messages:
    124
    Country:
    Spain
    Id like to understand well the "IOS trucha bug".I understand it well when its referred to boot1 .When boot1 has got the trucha bug its possible to install a fakesigned boot2.But I dont understand that "a IOS has the trucha bug".Can anyone say me what does "the IOS trucha bug" mean?

    Thx.
     
  2. zizer

    Member zizer GBAtemp Addict

    Joined:
    Aug 23, 2010
    Messages:
    2,035
    Country:
    The trucha bug is a very silly security hole in earlier versions of IOS that allows homebrew users to easily bypass Nintendo's security checks, which lets them to do things such as install modified content to the NAND or read altered game discs. Nintendo has pushed a number of updates to try squashing this loophole, but other exploits have been discovered that allow us to reinstall older, bugged versions of IOS which are vulnerable to the trucha bug. The IOS236 installer will install a Patched IOS36 in IOS slot 236. By using HW_AHBPROT, it is no longer needed to downgrade other IOSs first. Homebrew such as wad managers, cIOS installers, or backup loaders depend on the trucha bug being present, so this guide will walk you through the process of restoring this bug to your Wii's firmware.
     
  3. ZRicky11

    Newcomer ZRicky11 Member

    Joined:
    Feb 26, 2011
    Messages:
    37
    Country:
    Italy
    An IOS has the Trucha Bug when it's patched.
    The most famous is 36/236.

    A patched IOS can install .wad files with a WAD Manager
     
  4. WiiPower

    Member WiiPower GBAtemp Guru

    Joined:
    Oct 17, 2008
    Messages:
    8,165
    Country:
    Germany
    Patched IOS doesn't mean trucha bugged IOS. The Trucha Bug is a huge mistake somebody at nintendo did and implemeted a string compare function where a memory compare function is required. On old Wiis, boot1 has the bug, same as all IOS versions that were part of system menu 3.2 and earlier.

    Everytime you install something with the IOS functions, the signature is checked. If the used IOS has the trucha bug, then you can install fakesigned content, as the signature checking is passed. Patched IOS on the other hand ignore the signatures completely, so you could even skip the fakesigning if you use one of them.
     
  5. Wiimm

    Member Wiimm Developer

    Joined:
    Aug 11, 2009
    Messages:
    2,052
    Location:
    Germany
    Country:
    Germany
    Is this really true. Half year ago I made some tests with fake signing not ticket/tmd but other parts of the cert chain. It seems ok. But if I remember right, my Wii hangs if I try totally bad signs (=first byte oh SHA1 not null). But now I'm not sure any longer.
     
  6. SifJar

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    The commonly used patch first featured in PatchMii removes the signature check completely.
     

Share This Page