Exploit in youtube, might lead to something?

Discussion in '3DS - Flashcards & Custom Firmwares' started by rondoh70, Feb 20, 2014.

  1. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    Using the exploit in this forum: http://gbatemp.net/threads/use-the-youtube-3ds-app-to-watch-videos-on-other-sites.358618/
    Would it be possible to create a .mp4 video with code in that somehow exploits the 3ds? I've noticed that if the player tries to load a certain video type( I can't remeber it at the moment) it will display a yellow glitchy screen, freeze, then restart the system. The yellow glitchy screen shows that the code is loading no matter what as long as its a readable filetype. I havent seen this idea yet so i thought i would post it. probably just another dead end, but who knows.
     


  2. Luigi2012SM64DS

    Luigi2012SM64DS G-old member

    Banned
    2,060
    309
    Aug 27, 2011
    Canada
    Minecrapt
    Freeze's mean nothing. Its been said over and over again.
    inb43paragraphlongeassyonthesubjectbyfoxi4
     
    Foxi4 likes this.
  3. cloud1250000

    cloud1250000 Advanced Member

    Newcomer
    78
    8
    Dec 18, 2008
    Canada
    well, it does mean something a bit... there's a flaw, maybe not an exploitable one.. but there's one at least (like how something correctly coded can freeze a system????). Now if you can give a link to the said video, it would help a lot I guess...
     
  4. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york

    Yes, I know that. The point I was trying to make is that the youtube app is executing files it shouldn't be loading, and this can be possibly exploited. You are right though. A freeze means nothing.
     
    B4rtj4h likes this.
  5. cloud1250000

    cloud1250000 Advanced Member

    Newcomer
    78
    8
    Dec 18, 2008
    Canada
    This kind of freeze probably means a lot...
     
  6. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    It probably does. I'm trying to find the video type that caused the freeze right now.
     
  7. Saturosias

    Saturosias Sakura-sō Resident

    Member
    594
    290
    Dec 27, 2010
    United States
  8. gamesquest1

    gamesquest1 Nabnut

    Member
    14,082
    9,417
    Sep 23, 2013
    Maybe it was on a site you don't want to share :rofl2:

    But anyways isn't the bug cause with the page that the youtube app loads having external links.....so it could probably be fixed by them simply editing page to exclude the links.......I wonder if page redirection could re-enable it though, or would the youtube app not load if it was being redirected
     
    filfat and Ericthegreat like this.
  9. cloud1250000

    cloud1250000 Advanced Member

    Newcomer
    78
    8
    Dec 18, 2008
    Canada
    well, by using a little proxy, you could use a custom dns to redirect this exact page to a local one with a link to google or to the video file?
     
  10. kyogre123

    kyogre123 Mexican Pride

    Member
    2,919
    1,260
    Sep 23, 2013
    Mexico
    Can seriously a video contain executable code? I mean, I think the way these files are handled doesn't allow the execution of code other than decodable video and audio data.
     
    NEP likes this.
  11. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    The filetype that crashed the app was .3gp
     
  12. cloud1250000

    cloud1250000 Advanced Member

    Newcomer
    78
    8
    Dec 18, 2008
    Canada
    so all 3gp crash the 3ds?
     
  13. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    idk. I cant find a good source of 3gp videos to fuly test the theory. As gamesques1 guessed it was on an adult site.
     
  14. loco365

    loco365 GBAtemp Guru

    Member
    5,458
    2,673
    Sep 1, 2010
    Are you able to upload it to dropbox? I can see if it crashes my version. I have the original version of YouTube still unupdated on my system.
     
    cloud1250000 likes this.
  15. cloud1250000

    cloud1250000 Advanced Member

    Newcomer
    78
    8
    Dec 18, 2008
    Canada
    http://wiilook.netau.net/

    one of these? 3gp file from youtube. (oh the irony)

    if you look for wiilook on google, you should find the page ;)
     
  16. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    some 3gp files work and others dont. search "3gp test" in google and select the first result. sample 50kbit at the bottom of the page crashes, while the blackberry ad above it works
     
  17. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,088
    3,987
    Oct 7, 2007
    United States
    Levelland, Texas
    Even if this causes a crash it has to be exploitable. I recall the exploit used by gateway caused the 3DS to crash and load a launcher.dat file. I don't think a YouTube app crashing will suddenly cause the 3DS looking for something to load. It has to happen a certain way and one must have a way of injecting code into the process to make the 3DS load the hack. I don't think YouTube will be the entry point. Most likely the best route is to find a flaw in a app that has greater access to the 3DS system. I don't think YouTube is one of them.
     
  18. cloud1250000

    cloud1250000 Advanced Member

    Newcomer
    78
    8
    Dec 18, 2008
    Canada
    Well, it could.. but the magic in gateway exploit reside in the ropchain. If by any mean, this is exploitable, it would need a different ropchain to load the launcher.dat. It's not like the 3ds itself look for launcher.dat when accessing the ds settings... it's because of the ropchain.
     
    dot7z likes this.
  19. greyneon

    greyneon Advanced Member

    Newcomer
    74
    15
    Sep 5, 2013
    Hidden Nuclear Base
    Yes a video can contain executable code. Example psp tiff exploit. You can even mask a compressed container as a png gif you name it
     
  20. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,722
    2,473
    Jul 23, 2012
    United States
    Octo Canyon
    Nintendo reads these forums, so I'm sure the exploit will be patched soon. Good job, OP.