It's a PHP page
Maybe there is hidden PHP code on it? Not sure

 

Just to get it out of the way, this is the html on the page in question,

HTML:

<html>
<head>
<style>
    body {
        color:white;
        background:black;
    }
   
   
</style>
<script>
    function magicfun(mem, size, v) {
        var a = new Array(size - 20);
        nv = v + unescape("%ucccc");
        for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
        var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));
 
        mem.push(t);
    }
 
    function dsm(evnt) {
        var mem = [];
 
        for (var j = 20; j < 430; j++) {
            magicfun(mem, j, unescape("\u0000\u08e0\u0004\u08e0\u0008\u08e0\u000c\u08e0\u0010\u08e0\u0014\u08e0\u0018\u08e0\u001c\u08e0\u0020\u08e0\u0024\u08e0\u0028\u08e0\u002c\u08e0\u0030\u08e0\u0034\u08e0\u0038\u08e0\u003c\u08e0\u0040\u08e0\u0044\u08e0\u0048\u08e0\u004c\u08e0\u0050\u08e0\u0054\u08e0\u0058\u08e0\u005c\u08e0\u0060\u08e0\u0064\u08e0\u0068\u08e0\u006c\u08e0\u0070\u08e0\u0074\u08e0\u0078\u08e0\u007c\u08e0\u0080\u08e0\u0084\u08e0\u0088\u08e0\u008c\u08e0\u0090\u08e0\u0094\u08e0\u0098\u08e0\u009c\u08e0\u00a0\u08e0\u00a4\u08e0\u00a8\u08e0\u00ac\u08e0\u00b0\u08e0\u00b4\u08e0\u00b8\u08e0\u00bc\u08e0\u00c0\u08e0\u00c4\u08e0\u00c8\u08e0\u00cc\u08e0\u00d0\u08e0\u00d4\u08e0\u00d8\u08e0\u00dc\u08e0\u00e0\u08e0\u00e4\u08e0\u00e8\u08e0\u00ec\u08e0\u00f0\u08e0\u00f4\u08e0\u00f8\u08e0\u00fc\u08e0\u0100\u08e0\u0104\u08e0\u0108\u08e0\u010c\u08e0\u0110\u08e0\u0114\u08e0\u0118\u08e0\u011c\u08e0\u0120\u08e0\u0124\u08e0\u0128\u08e0\u012c\u08e0\u0130\u08e0\u0134\u08e0\u0138\u08e0\u013c\u08e0\u0140\u08e0\u0144\u08e0\u0148\u08e0\u014c\u08e0\u0150\u08e0\u0154\u08e0\u0158\u08e0\u015c\u08e0\u0160\u08e0\u0164\u08e0\u0168\u08e0\u016c\u08e0\u0170\u08e0\u0174\u08e0\u0178\u08e0\u017c\u08e0\u0180\u08e0\u0184\u08e0\u0188\u08e0\u018c\u08e0\u0190\u08e0\u0194\u08e0\u0198\u08e0\u019c\u08e0\u01a0\u08e0\u01a4\u08e0\u01a8\u08e0\u01ac\u08e0\u01b0\u08e0\u01b4\u08e0\u01b8\u08e0\u01bc\u08e0\u01c0\u08e0\u01c4\u08e0\u01c8\u08e0\u01cc\u08e0\u01d0\u08e0\u01d4\u08e0\u01d8\u08e0\u01dc\u08e0\u01e0\u08e0\u01e4\u08e0\u01e8\u08e0\u01ec\u08e0\u01f0\u08e0\u01f4\u08e0\u01f8\u08e0\u01fc\u08e0"));
        }
    }
</script>
</head>
<body>
        <h1 align="center">GATEWAY 3DS LOADING...</h1>
</body>
</html>

It should run no matter what server it is on right? ( local or not )

 

so thats the issue, will move to a normal internet connection and try again.

Does anyone have the contents of the iframe?

 

It would be great if we could save the exploit to the 3ds somehow and navigate to it in the browser to run it without a server

 

Can you paste the contents of iframe.html somewhere. I'd love to look at it.

 

Thanks, will try it

 

Are y'all entirely certain the web browser entrypoint only loads launcher.dat? If so, why--do you have evidence to suggest so?
If not, I'd probably try sniffing the network to see if the 3DS downloads any other data when the exploit is executed (in the normal way, from the GW website).

Also, could you clarify "just loads the page and does nothing"? I assume this means 'I see "GATEWAY 3DS LOADING"; the web browser does not close with an error or otherwise misbehave'; is this correct?

(I'm a useless asshole who can't help you anyway--sorry ;_;. I'm just interested in the browser exploit.)

 

Read
"The payload included is also different as well depending on the user agent. Will not include it here though, if it should contain encoded personal information"

That code is incomplete

Source:
https://gbatemp.net/threads/gateway-3-0-ultra.378041/page-12#post-5265690

 

The browser closes with an error after the page loads asking me to restart the 3ds when I load the exploit locally. I do see gateway 3ds loading... before it closes.

 

The first error you mentioned is the one. I looked at the javascript functions that I see and it's a buffer overload I think. Wonder why it's not working. The console doesn't throw any errors with default settings. I wonder what firebug would report if anything.

*edit
Just an undefined error, no specifics so far. It's my network I'm positive but I wonder why it can't be executed off their server. If it matters to anyone with the same error, I also get "Failed to load part of this page" when trying to use it locally.

If they enabled ssl for the /go/ folder, that would solve some problems for me (and others?).

Another note, wish they would release the index.php and javascript for a backup url and even better, offline mode. I suppose offline mode is in the next update maybe? The index file has some of the exploit, calculations I think?

Any ideas?