:::::::I can now confirm that BC did have the signing bug and it was fixed in v4; the function that checks the signature can be found by looking for the hex constant 0x000ac004 in memory, and then looking at either of the two function calls with that value as a parameter (both of which just call another function that does the actual check). In v2, there's a call to strncmp at ffff2236. In later versions, they do the comparison directly (at around ffff0fd2 (v4) or ffff0fca (v5, v6)). I'm still not sure what it's actually checking the signature ''of''; figuring that out would require a deeper understanding of the way NAND is laid out I think. --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 22:26, 2 May 2021 (CEST) | :::::::I can now confirm that BC did have the signing bug and it was fixed in v4; the function that checks the signature can be found by looking for the hex constant 0x000ac004 in memory, and then looking at either of the two function calls with that value as a parameter (both of which just call another function that does the actual check). In v2, there's a call to strncmp at ffff2236. In later versions, they do the comparison directly (at around ffff0fd2 (v4) or ffff0fca (v5, v6)). I'm still not sure what it's actually checking the signature ''of''; figuring that out would require a deeper understanding of the way NAND is laid out I think. --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 22:26, 2 May 2021 (CEST) |