Hacking The trucha bug!

[jesquinas]

Id like to understand well the "IOS trucha bug".I understand it well when its referred to boot1 .When boot1 has got the trucha bug its possible to install a fakesigned boot2.But I dont understand that "a IOS has the trucha bug".Can anyone say me what does "the IOS trucha bug" mean?

Thx.

 

[zizer]

The trucha bug is a very silly security hole in earlier versions of IOS that allows homebrew users to easily bypass Nintendo's security checks, which lets them to do things such as install modified content to the NAND or read altered game discs. Nintendo has pushed a number of updates to try squashing this loophole, but other exploits have been discovered that allow us to reinstall older, bugged versions of IOS which are vulnerable to the trucha bug. The IOS236 installer will install a Patched IOS36 in IOS slot 236. By using HW_AHBPROT, it is no longer needed to downgrade other IOSs first. Homebrew such as wad managers, cIOS installers, or backup loaders depend on the trucha bug being present, so this guide will walk you through the process of restoring this bug to your Wii's firmware.

 

[ZRicky11]

An IOS has the Trucha Bug when it's patched.
The most famous is 36/236.

A patched IOS can install .wad files with a WAD Manager

 

[WiiPower]

Patched IOS doesn't mean trucha bugged IOS. The Trucha Bug is a huge mistake somebody at nintendo did and implemeted a string compare function where a memory compare function is required. On old Wiis, boot1 has the bug, same as all IOS versions that were part of system menu 3.2 and earlier.

Everytime you install something with the IOS functions, the signature is checked. If the used IOS has the trucha bug, then you can install fakesigned content, as the signature checking is passed. Patched IOS on the other hand ignore the signatures completely, so you could even skip the fakesigning if you use one of them.

 

[Wiimm]

Patched IOS on the other hand ignore the signatures completely, so you could even skip the fakesigning if you use one of them.

Is this really true. Half year ago I made some tests with fake signing not ticket/tmd but other parts of the cert chain. It seems ok. But if I remember right, my Wii hangs if I try totally bad signs (=first byte oh SHA1 not null). But now I'm not sure any longer.

 

[SifJar]

Patched IOS on the other hand ignore the signatures completely, so you could even skip the fakesigning if you use one of them.

Is this really true. Half year ago I made some tests with fake signing not ticket/tmd but other parts of the cert chain. It seems ok. But if I remember right, my Wii hangs if I try totally bad signs (=first byte oh SHA1 not null). But now I'm not sure any longer.

The commonly used patch first featured in PatchMii removes the signature check completely.