strncmp() stops comparing at the first null byte (\x00). So if both strings have a null byte early, it only compares up to that point.

Looking at the code:

If either string has a null byte, the comparison stops there. If they match up to that null byte, strncmp() returns 0 (equal) even though the full hashes don't match.

Step 1: Extract the public key

We need the public key from the launcher binary. It's in a custom .wii_key section:

Extract the PEM encoded public key and save it as public_key.pem.

Step 2: Find a game with null byte hash

We need a game whose SHA256 hash starts with 0x00. This way, strncmp() will stop immediately and only compare 0 bytes, which always match.

After some brute forcing, we find a game whose hash is:

It starts with 00.

Step 3: Forge the signature

Now we need a signature that when decrypted has 0x00 at byte 224 (the start of the hash region in the 256-byte decrypted block).

Since our game's hash starts with 00, and we want the decrypted signature's hash region to also start with 00, we can use signature value 1:

Step 4: Exploit

Execute:

The launcher will:

1. Compute hash: 00 04 BA D4... (starts with 00)
2. Decrypt signature: 00 00 00 00... (starts with 00)
3. Compare with strncmp(): compares 0 bytes, returns 0 (match!)
4. Execute the game, reads /app/flag.txt

We get the flag: RM{Wii_W4s_S3cUr3_but_N0t_for_Fail0verflow!}