Hacking [Attempt] Running GW3.0 Web Exploit on a Local Network

[azza900]

How do i connect to the androPHP server on 3DS?

 

[gohan123]

with mobile tethering 192.168.43.1:8080

 

[felystar]

I just do this lol

Does it create an ad hoc network to connect the 3DS without the need of an existing WiFi or Data connection? In case it does, where can I get that beautiful thing? :eek:

 

[Duo8]

Does it create an ad hoc network to connect the 3DS without the need of an existing WiFi or Data connection? In case it does, where can I get that beautiful thing? :eek:

I just use the hotspot feature on my phone. Also made a QR code to go with it.
The app is Servers Ultimate. However any http server should work.

 

[azza900]

Which files do you host with the server. do you just lead to the folder with frame.heml, payload_x, etc?

 

[azza900]

Still cant figure this out..

 

[Reisyukaku]

for 9.2 EU: "Mozilla/5.0 (Nintendo 3DS; U; ; de) Version/1.7567.EU"

here the payload as hex dump:
it's a rop chain, useless without ram dumps... ( "dmc:/Launcher.dat" ^^)
-snip-

I didnt need to dump ram to get the 9.0 web browser CXI
Although I dont think this 'payload' will tell much since it's just a heap spray to trigger the use-after-free exploit and what not.. i assume it uses that to control the stack and then loads Launcher ROP etc.

 

[VerseHell]

So there's still no way to launch the browser exploit without an internet connection?

 

[Reisyukaku]

So there's still no way to launch the browser exploit without an internet connection?

cache the page.. thats about it

 

[VerseHell]

And how to do that please?

 

[Shadowtrance]

Well you can run it with no internet connection at all.

Just tested it with androPHP with wifi hotspot active on my phone (again, no internet connection at all to anywhere) and with the hotspot added to my 3ds connections and it works.

Not perfect but it works. haha

 

[Duo8]

OK phone hosting:

1. Get the right webpage for your 3DS: Use HTTrack on go.gateway-3ds.com , remember to change your UA (in Browser ID tab). UA ref:

Mozilla/5.0 (Nintendo 3DS; U; ; <lang>) Version/<version>.<region>

<lang> is "en", "fr", etc. <region> is "US", "EU", etc. Version is shown in browser settings

Alternatively download the archive above.

2. Use a http server app like kWS. Set it up so it uses some directory as http root (I use /sdcard/gwweb). Copy the webpages from step 1 there (there should be an "index.html", which should contain the ROP chain, then a "frame.html"). You can set a custom port as well, kWS uses 8080 by default.

3. Start a hotspot on your phone then setup the 3DS to connect to it.

4. Start the server on your phone.

5. Clear the cookie and history then on the 3DS go to http://<phone's IP, should be 192.168.43.1 for hotspot>:<port, 8080 is kWS's default>

 

[:-infern:]

I got this to run as a POC with no internet at all! However i have not been able to test it loading Gateway as I have an N3DS XL. This is what you do.

1. Download the files attached
2. Unzip the files to your android phone in the phone memory/gw3ds folder
3. Android: On the Play Store download and install Servers Ultimate App
4. Android: On the Play Store download and install Servers Pack C app
5. On your android phoen open the Servers Ultimate App > Servers > + > PHP and Lightttpd Server
6.In the General Tab > server name call it gateway, in the Specific Tab > Tick "Force use root to start the server" and set document root to the gw3ds folder
7. Then save
8. On your android phone disable your mobile data and turn off your wifi (VERY IMPORTANT STEP TO PREVENT 3DS CONNECTING TO NINTENDO SERVERS)
9. Set up the Android Access Point on your android phone and turn it on
10. On your 3DS Go to settings and connect to your Android Phone
11. Go to your Android Phone and run the Server, Go to Servers Ultimate > Servers > Gateway > Start
12. On your 3DS go to your internet browser, clear cookies
13. In the address type "http://192.168.43.1/index2.html"
14. You should see a small text which says gateway hyperlink on the top, click this text
15. The gateway exploit should load

Enjoy!!

I can add images and pictures if you guys request

 

[escherbach]

Any one who has python installed on a home computer (eg by default on linux) can just type 'python -m SimpleHTTPServer' in the directory where the index and payload files are copied - the access from the 3DS with http://ip.of.your.computer:8000/index.htm

(In windows you may need to open port 8000 in your firewall)

edit: ah scrap that - also need a PHP interpreter

http://serverfault.com/questions/338394/how-to-run-php-with-simplehttpserver

so install php and just type 'php -S 127.0.0.1:8000' in the directory with index and payload files

 

[Ivan Garcia]

I might try and see if I can't make an Android app which just lets you choose the sysNAND firmware and then start up a small file server + ad-hoc network where you can go to with your 3DS. Would be good in case you have to start it up on the go.

If you need help developing this... i can help you.
I have few apps on Google Play Store =)

 

[kevin_1351]

I don't know what the current homebrew actually has access to in terms of services and rights, but could someone potentially build a local server app from where you then launch the browser? Much like the ninja game does. Would that be possible?

 

[Samwix]

In summary, how can I use GW Exploit without Internet connection with a 3DS XL 5.1EU ?

 

[Ivan Garcia]

In summary, how can I use GW Exploit without Internet connection with a 3DS XL 5.1EU ?

You should use your mobile as Xploit Server... I'm currently developing an Android App as other users says.

 

[Samwix]

You should use your mobile as Xploit Server... I'm currently developing an Android App as other users says.

I don't need internet to use my mobile as Exploit Server?
Your app will be dedied to Gateway Exploit ?

 

[Ivan Garcia]

I don't need internet to use my mobile as Exploit Server?
Your app will be dedied to Gateway Exploit ?

With the app that i'm going to develop... you only will need a mobile phone with thetering (Maybe if i develop also for iOS, just with an iPod can do that)... it will create an APN that you will connect 3ds to (3DS-Gateway will be APN name) and then load the url given by mobile...

I'm developing it as fast as i can... but maybe i will release it in a 1 or 2 days =)