TL;DR there's an oversight in SmileBASIC that leads to RAM viewing and editing on any 3DS, hacked or unhacked. It could lead to a primary exploit, but it probably won't. I don't know for sure though, so I'm posting it here to see what comes of it.
In the SmileBASIC interpreter, there's a bug with the BGSCREEN command, which resizes the background layer. The area of the background layer isn't supposed to exceed 16383, but the checks the interpreter performs on the parameters are insufficient and can be bypassed with large enough numbers.
The game will crash if the area is too large; however, there's a window where the game doesn't crash and the BG layer occupies sizes never meant to be possible. Because of this, it contains memory allocated for other purposes by the interpreter, like variable and function storage and the current program's code.
With the BG commands, this area of memory can be edited by any 3DS, hacked or unhacked.
All that is needed to trigger this glitch is this one line of code:
Could a primary exploit be made with this bug?
It is an area of RAM allocated for the interpreter, so it's probably not executable and so likely not exploitable. However I know that there are pointers in the memory that can be edited, as well as many unknown segments of memory. Perhaps a variable's pointer could be edited to use executable memory or some other attack could be developed that could lead to an exploit?
EDIT: I'm stupid and forgot to give credit.
This glitch was found by a group of users at smilebasicsource.com, including slackerSnail, 12Me21, and incvoid.
I was somewhat part of it.
In the SmileBASIC interpreter, there's a bug with the BGSCREEN command, which resizes the background layer. The area of the background layer isn't supposed to exceed 16383, but the checks the interpreter performs on the parameters are insufficient and can be bypassed with large enough numbers.
The game will crash if the area is too large; however, there's a window where the game doesn't crash and the BG layer occupies sizes never meant to be possible. Because of this, it contains memory allocated for other purposes by the interpreter, like variable and function storage and the current program's code.
With the BG commands, this area of memory can be edited by any 3DS, hacked or unhacked.
All that is needed to trigger this glitch is this one line of code:
Code:
BGSCREEN 0,134217728,16
Could a primary exploit be made with this bug?
It is an area of RAM allocated for the interpreter, so it's probably not executable and so likely not exploitable. However I know that there are pointers in the memory that can be edited, as well as many unknown segments of memory. Perhaps a variable's pointer could be edited to use executable memory or some other attack could be developed that could lead to an exploit?
EDIT: I'm stupid and forgot to give credit.
This glitch was found by a group of users at smilebasicsource.com, including slackerSnail, 12Me21, and incvoid.
I was somewhat part of it.
Last edited by Trinitro21,