Sunday, January 11, 2009

Comparing Strings in C: Wii hack

I've just read an article about game console hacking: Console Hacking 2008: Wii Fail.
One interesting code fragment that was acquired in binary decompilation process:
strncmp(SHA1_sig, SHA1_in, 20);

SHA1_sig, SHA1_in are actually binaries, but are compared like strings, and if both of them start with \0 the strncmp will say that they are equal even if everything else is different.
(As I'm not a C expert to believe it right away) I made a simple code fragment to see it myself:


int main(){
char* x;
char* y;
int res;

x = "\0hello";
y = "\0bye";

res = strncmp(x, y, 20);

printf("The C strings %s and %s are ", x, y);
if (res == 0){
} else {
printf("not equal\n");
return 0;

So the result will be:
$> ant@ubuntu:~$ gcc test.c ; ./a.out
The C strings and are equal

So ... happy hacking! :)

No comments:

Disqus for Code Impossible