Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While null-terminated strings aren't helping matters, the meat of the problem is much worse:

Effectively, they're using strcmp with memcpy on the same data -- it's just ridiculously stupid.



Wasn't it a similar bug that facilitated the first successful software-only Wii cracking attempt?


I actually thought about mentioning that...

All software (code+data) on the Wii must be signed, but the code burned into the supervisor chip does a strcmp on the raw binary signature. It's pretty trivial to generate a hash collision when you can force only the first byte to be compared :)


Yes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: