The trucha bug!

Discussion in 'Wii - Hacking' started by jesquinas, Feb 28, 2011.

  1. jesquinas
    OP

    jesquinas GBAtemp Regular

    Member
    124
    0
    Apr 14, 2010
    Id like to understand well the "IOS trucha bug".I understand it well when its referred to boot1 .When boot1 has got the trucha bug its possible to install a fakesigned boot2.But I dont understand that "a IOS has the trucha bug".Can anyone say me what does "the IOS trucha bug" mean?

    Thx.
     
  2. zizer

    zizer GBAtemp Addict

    Member
    2,035
    4
    Aug 23, 2010
    The trucha bug is a very silly security hole in earlier versions of IOS that allows homebrew users to easily bypass Nintendo's security checks, which lets them to do things such as install modified content to the NAND or read altered game discs. Nintendo has pushed a number of updates to try squashing this loophole, but other exploits have been discovered that allow us to reinstall older, bugged versions of IOS which are vulnerable to the trucha bug. The IOS236 installer will install a Patched IOS36 in IOS slot 236. By using HW_AHBPROT, it is no longer needed to downgrade other IOSs first. Homebrew such as wad managers, cIOS installers, or backup loaders depend on the trucha bug being present, so this guide will walk you through the process of restoring this bug to your Wii's firmware.
     
  3. ZRicky11

    ZRicky11 Member

    Newcomer
    37
    4
    Feb 26, 2011
    Italy
    An IOS has the Trucha Bug when it's patched.
    The most famous is 36/236.

    A patched IOS can install .wad files with a WAD Manager
     
  4. WiiPower

    WiiPower GBAtemp Guru

    Member
    8,165
    72
    Oct 17, 2008
    Gambia, The
    Patched IOS doesn't mean trucha bugged IOS. The Trucha Bug is a huge mistake somebody at nintendo did and implemeted a string compare function where a memory compare function is required. On old Wiis, boot1 has the bug, same as all IOS versions that were part of system menu 3.2 and earlier.

    Everytime you install something with the IOS functions, the signature is checked. If the used IOS has the trucha bug, then you can install fakesigned content, as the signature checking is passed. Patched IOS on the other hand ignore the signatures completely, so you could even skip the fakesigning if you use one of them.
     
  5. Wiimm

    Wiimm Developer

    Member
    2,159
    368
    Aug 11, 2009
    Gambia, The
    Germany
    Is this really true. Half year ago I made some tests with fake signing not ticket/tmd but other parts of the cert chain. It seems ok. But if I remember right, my Wii hangs if I try totally bad signs (=first byte oh SHA1 not null). But now I'm not sure any longer.
     
  6. SifJar

    SifJar Not a pirate

    Member
    6,022
    892
    Apr 4, 2009
    The commonly used patch first featured in PatchMii removes the signature check completely.