WiiBrew

Changes

Signing bug (view source)

Revision as of 14:48, 24 March 2008

551 bytes added ,  14:48, 24 March 2008
no edit summary
Line 1: Line 1: −
Here is a rough example implementation of roughly the same type of bug that existed until [[IOS37]]:
+
Here is a pseudocode implementation of roughly the same type of bug that existed until [[IOS37]]:
   −
  char *hash1=hash(realstuff);
+
  struct rsa_cert {
+
    u32 key_id;
invalid=strncmp(hash1,signaturehash,HASHLENGTH);
+
    char rsa_signature[1024];
+
    char metadata[32];
if(invalid!=0) {
+
    char content_hash[20];
  pretendItsNotAWiiDisc();
+
};
 +
 
 +
int verify_cert (struct rsa_cert cert) {
 +
  char *cert_hash=SHA1(cert.metadata + cert.content_hash);
 +
  char *sig_hash=rsa_decrypt(cert.rsa_signature, cert.key_id);
 +
 
 +
  if (strncmp(cert_hash, sig_hash, SHA1_LENGTH) == 0) {
 +
      return CERT_OK;
 +
  } else {
 +
      return CERT_BAD;
 +
  }
 
  }
 
  }
    +
int is_a_valid_disc(struct rsa_cert cert, char *disc_hash) {
 +
    if(memcmp(disc_hash, cert.content_hash, SHA1_LENGTH) != 0)  {
 +
      return DISC_BAD;
 +
    }
 +
 +
    if(verify_cert (cert) == CERT_BAD) {
 +
      return DISC_BAD;
 +
    } else {
 +
      return DISC_OK;
 +
}
 +
 +
   
 
The bug here is that the hash can (and very likely does) contain a NULL byte, (chr)0 that is.
 
The bug here is that the hash can (and very likely does) contain a NULL byte, (chr)0 that is.
 
To quote from the first google hit for strncmp:
 
To quote from the first google hit for strncmp:
Retrieved from "https://wiibrew.org/wiki/Special:MobileDiff/6357"