82
edits
Changes
Jump to navigation
Jump to search
Undo revision 93784 by Ynurisuhy (talk)
Line 1:
Line 1:
−----
−<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
−----
−=[http://elykogit.co.cc Under Construction! Please Visit Reserve Page. Page Will Be Available Shortly]=
−----
−=[http://elykogit.co.cc CLICK HERE]=
−----
−</div>
<source lang=c>+</source>+
== Simple explanation ==
== Simple explanation ==
The signing (also known as Trucha) bug was a bug present in earlier IOS versions that allowed the digital signatures (which show that Nintendo had approved the content in question) of software to be easily faked, which allowed the installation of software that Nintendo hadn't approved. Shortly after its widespread use appeared, it was patched; first in [[IOS37]]. This exploit was used in the original version of the Homebrew Channel installer, and is still used in many applications.
The signing (also known as Trucha) bug was a bug present in earlier IOS versions that allowed the digital signatures (which show that Nintendo had approved the content in question) of software to be easily faked, which allowed the installation of software that Nintendo hadn't approved. Shortly after its widespread use appeared, it was patched; first in [[IOS37]]. This exploit was used in the original version of the Homebrew Channel installer, and is still used in many applications.
Line 12:
Line 4:
== Detailed explanation ==
== Detailed explanation ==
Here is a pseudocode implementation that shows the hash-comparison bug present in some versions of IOS:
Here is a pseudocode implementation that shows the hash-comparison bug present in some versions of IOS:
−<source lang=c>
struct rsa_cert {
struct rsa_cert {
u32 key_id;
u32 key_id;
Line 42:
Line 34:
}
}
}
}
−</source>
The bug here is that cert_hash may contain a NULL byte ('\0').
The bug here is that cert_hash may contain a NULL byte ('\0').
Line 58:
Line 50:
tmbinc has a more thorough explanation [http://debugmo.de/?p=61 here].
tmbinc has a more thorough explanation [http://debugmo.de/?p=61 here].
−This bug was first fixed in [[IOS37]]. As of the [[System Menu 3.3|3.3 update]] the fix had spread to IOS30 & 31, and by [[23 Oct Updates|Oct 23, 2008]] it was in all but one IOS. This [[IOS16|last IOS]] was fixed with the [[System Menu 4.0|4.0 update]].
+This bug was first fixed in [[IOS37]]. As of the [[System Menu 3.3|3.3 update]] the fix had spread to IOS30 & 31, and by [[23 Oct Updates|Oct 23, 2008]] it was in all but one IOS. This [[IOS16|last IOS]] was fixed with the [[System Menu 4.0|4.0 update]].
[[Category:Exploits]]
[[Category:Exploits]]
[[Category:IOS Exploits]]
[[Category:IOS Exploits]]