top | item 46654017

(no title)

ipython | 1 month ago

I was just about to say the same thing - why go through all the effort to patch the binaries when you can just redirect the DNS to your own server?

Then I saw something about signing with RSA - btw OP, the link doesn't work in your blog - there's some markup issues. But there's no discussion of where the RSA key comes from (just that you create one with OpenSSL). Does the Wii just accept any "signed" content? If so, wow, 2007 was a crazy time...

discuss

rucury|1 month ago

"btw OP, the link doesn't work in your blog - there's some markup issues"

Whoops, thanks for catching that! Just fixed it, here is the link just in case: https://github.com/rnegron/WiiNewsPR/blob/11df0e242bb1f4134e...

"Does the Wii just accept any "signed" content? If so, wow, 2007 was a crazy time..."

Yup! I suppose they assumed that hard-coding the URL was enough of a safeguard!

CursedSilicon|1 month ago

There was notoriously a bug with the Wii's RSA implementation

https://wiibrew.org/wiki/Signing_bug

hn92726819|1 month ago

Unrelated, but in that link:

> Interestingly, the code continues to check the entire hash after a mismatch.

This is a standard practice in cryptography, but maybe not at the time.