Does the new wiiu browser exploit have any possible implications for the 3ds?

Discussion in '3DS - Flashcards & Custom Firmwares' started by reaper527, Jun 20, 2014.

  1. reaper527
    OP

    reaper527 GBAtemp Regular

    Member
    103
    25
    Aug 22, 2011
    United States
    i was reading about the following exploit earlier today:

    http://wololo.net/2014/06/20/wiiu-browser-exploit-leaked-possible-vita-compatibility/

    while the exploit may look like a dead end on the vita due to the permissions given to their webbrowser, it doesn't seem unrealistic to suspect that the 3ds's webbrowser could be implemented in a similar way to the wii-u.

    has anyone heard anything about if a similar browser based exploit would be possible on the 3ds?
     
  2. Abcdfv

    Abcdfv What comes around goes around.

    Member
    1,458
    592
    Dec 24, 2013
    United States
    Might not go anywhere. I'll set it up later and see what happens.
     
  3. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    I try it, the 3DS Browser can't load the web page.

    And, i think if it really work, will work in user-mode.
     
  4. Huntereb

    Huntereb GBAtemp Addict

    Member
    2,748
    949
    Sep 1, 2013
    United States

    If it does this, it probably means it's a handled error on the 3DS. It would be cool to see if it can be tweaked to actually get loading, though.
     
  5. Duo8

    Duo8 I don't like video games

    Member
    3,444
    1,144
    Jul 16, 2013
    Should be user mode and sandboxed.
    People tried crashing it before, it just exits to HOME Menu.
     
  6. Thirty3Three

    Thirty3Three Musician Member

    Member
    3,580
    1,969
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    Vita would be so cool, hacked. I love my eCFW, but I'd gladly change that for a native exploit.
     
  7. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,669
    21,704
    Sep 13, 2009
    Poland
    Gaming Grotto
    The reason why the exploit works on the Wii U's web browser is that it somehow overrides the eXecute Never routine of the CPU, so it won't translate to platforms which have this problem covered, or at least so I've read.
     
    Huntereb likes this.
  8. Thirty3Three

    Thirty3Three Musician Member

    Member
    3,580
    1,969
    Mar 22, 2013
    United States
    Wherever you want me, baby.

    I've read the same, friend. I dislike linking sites, but if you look on Wololo's /Talk forum, you'll see a guy is trying to work with it. I really don't know much about hacking. Only what I've learned through reading up on 3DS/PSP hacking, but I don't really see it going anywhere on the Vita. Kind of bummed though because you know... Sony... and their whole, "We're treating it as an accessory now" thing.
     
  9. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,669
    21,704
    Sep 13, 2009
    Poland
    Gaming Grotto
    I'm still not giving up hope, it's a great device and I'm sure third-parties will continue to support it, no doubt we'll see the occasional first-party as well. I mean, Sony's announced three upcoming localizations of their games, that should have users covered for 2014 and early 2015 in terms of first-party content.

    That being said, cracking the device wide open would be pretty sweet too. The CPU and GPU might've aged since it was first released, but they're still up to scratch and unlike most mobile devices, the PSVita comes with fast-speed VRAM, not just standard RAM system memory, which is a big plus when it comes to working with the GPU.

    There are some native hacks for the PSVita, but developers have been hush-hush about them since their initial announcement - SKFU's content instantly comes to mind. I guess only time will tell when the device gets officially and publicly hacked, until then, we can only wait and speculate. For now, all the exploit does on the PSVita is putting it in a refresh loop, which doesn't build my confidence - it looks like the exception is handled by the system. Then again, so were initial DS Profile edits on the 3DS, so what do I know? I'm not a hacker myself. ;)
     
  10. Thirty3Three

    Thirty3Three Musician Member

    Member
    3,580
    1,969
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    Ya never know, then, eh? Hah. I personally love my Vita. I was a day-1 buyer. I've got one for homebrew, and one for... Vita... stuff. I'd like to see if someone could possibly put this "browser" thing to use. That'd be Christmas, haha!

    And pfft. Oh yeah, no, I'm sure Sony will still bring games to the Vita. I'm anxiously awaiting my InFAMOUS: Vita B)

    And good to know! I'm confident it'll be hacked eventually. In the meantime, however, looks like I'll keep playing my Mario (pronounced, "mair-ee-oh") Kart 7 on my 3DS, and Oracle of Ages on my Veeter. It's a fine day to be a gamer, eh?
     
  11. Relys

    Relys Master of Computer Science

    Member
    863
    789
    Jan 5, 2007
    United States
    Code:
    <Relys> Would it be possible to use the Web Browser as a new entry point to replace the mset DS user settings exploit?
    <sm> yes
    <Relys> I wonder if the webkit bug that was in the recent Wii U browser is also present in the 3DS browser....
    <Relys> I have a complete writeup of the vuln with complete changelogs. I'm compairing the Wii U and 3DS webkit sources.
    <shuffle2> the vuln was published before it was used on wiiu
    <yifanlu> it's a pretty known vuln afaik. used at pwn2own right?
    <shuffle2> https://twitter.com/MrMarionumber1/status/478270117227151360
    <Relys> Does anyone know if it exsists in the 3DS webkit version?
    <@yellows8> Relys: already tried that on 3ds >=v7.1, no crash.
    <Relys> Hmmmm, any other potential canidates? I know comex's original webkit based exploit for the wii u used a different vuln which allowed him to dump memory but was patched after 3.x. I started researching the wii u last week but I just got a 3DS with firmware 4.4 so I'm going to start working on that too.
    <Relys> Took me freaking forever to find one with a low serial number XD LOL
    <Namidairo> yeah they're starting to get rarer
    <Namidairo> iirc the 3ds uses some browser from a japanese comany
    <Namidairo> but it's still webkit underneath
    <Namidairo> hmm ninty nuked the old link to the 3ds webkit source
    <profi200> I guess the 3DS web browser is way more secure than the Wii U web browser. We very rarely find something vulnerable.
    <Namidairo> the features lists is weird
    <Namidairo> lists compliance with some noname japanese law about parental controls
    <Namidairo> "Equipped with a function to notify applications of connected URLs, making it possible for the application to accept or reject the connection"
    <Namidairo> I call it a stop button but ok
    <profi200> I can say that we have a vuln which is in use currently, but it's a vuln which is of no use for the public because it works like 1 of 10 times. And as always. It only allows ROP.
    <nakami> what does ROP stand for?
    <profi200> Return oriented programming.
    <profi200> Using code already in memory, because we can't load our own.
    <Relys> Does that vuln work with 7.2?
    <profi200> Every browser version to date.
    <nakami> Relys: i think that's not too important right now
    <nakami> yeah the browser is one of the most obvious nintendo vulnerability over all
    <Relys> Isn't that what ssspwn is for? privledge escilation.
    <sm> I don't have ssspwn so I could be wrong but I'm pretty sure it's just a way to bypass DEP
    <nakami> i think wiiu's browser supports flash and javascript while the 3ds's does not
    <nakami> correct me if im wrong
    <nakami> in the wiiu browser?
    <profi200> 3DS.
    <Namidairo> depends how much you want your 3ds to crash and burn
     
    jacobas92 likes this.
  12. Thirty3Three

    Thirty3Three Musician Member

    Member
    3,580
    1,969
    Mar 22, 2013
    United States
    Wherever you want me, baby.

    Hey guy. Care to "TL;DR" this for us?
     
  13. Relys

    Relys Master of Computer Science

    Member
    863
    789
    Jan 5, 2007
    United States

    If you don't read all the details you'll never learn anything.

    The Wii U free after use vuln isn't in the 3DS Webkit. However, there's another vuln that works.

    Also, the source for the 3DS webkit is completely available since it is under open source licensing:

    http://www.nintendo.co.jp/support/oss/

    To find exploits you can search http://www.webkit.org/ changelog for pull requests for patched vulnerabilities in the date range of the 3DS/Wii U Webkit versions.. You can then compare the 3DS/Wii U webkit source to see if they still exist.
     
    NEP and jacobas92 like this.
  14. Thirty3Three

    Thirty3Three Musician Member

    Member
    3,580
    1,969
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    I'm not in it for the lesson. It's just 2am, and I'd like my posts summarized. But thanks for the explanation. I appreciate it.
     
  15. reaper527
    OP

    reaper527 GBAtemp Regular

    Member
    103
    25
    Aug 22, 2011
    United States
    thanks for the input and irc log. it's a shame that there wasn't more common code between the 3ds and wiiu. would have been great to have seen this existing in both.
     
  16. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    I tried the Wii U exploit in my DSi(it's just say: can't load complete page), and 3DS don't load complete page.

    I think, really exist a Browser exploit, but this is not the correct way to do it :P