From youtube exploit??

Discussion in '3DS - Flashcards & Custom Firmwares' started by tokidoki11, Dec 1, 2013.

  1. tokidoki11
    OP

    tokidoki11 Member

    Newcomer
    34
    0
    Dec 30, 2011
    Indonesia
    Well, i downloaded youtube today, when i wanted to play a video, it displayed me an alert, then prompt me to restart my system...
    I dont know why it happened though
    I tried to retrace what i did, the error didn't occur
     
  2. Chaldron

    Chaldron GBATemp's Official Attorney

    Member
    434
    238
    Mar 29, 2013
    United States
    `Murica
    Honestly, I'm starting to feel anything about 4.5 is a lost cause. Gone are the days where devs rushed to every crash/bug - systems just aren't that exploitable, who knows.

    It may sound pessimistic, sure, and if someone finds an exploit that'd be amazing, but it's not looking good for us. PS3 above 3.55 hasn't been hacked yet - and it released before the 3DS.
     
    Boy12 and the_randomizer like this.
  3. justinkb

    justinkb GBAtemp Advanced Fan

    Member
    619
    210
    Oct 7, 2012
    Netherlands
    Well, if a system uses proper crypto and doesn't run (with high privileges) software which can be exploited, then nothing software-based can be done about it. PS3 likely would never have been hacked, had Sony not fucked up with their crypto implementation in firmwares 3.55 and lower.

    We don't exactly know how much effort Nintendo puts into vetting code for buffer overflows and the like (likely a whole lot for first party games and apps, but I'm unsure about 3rd party software). I do find it telling that the hole being abused for gateway is in essentially legacy software (3DS code interfacing with legacy, DS user supplied data), which may not have gotten the attention it should have gotten in preventing this kind of exploitation.
     
  4. profi200

    profi200 Banned

    Banned
    330
    216
    Sep 3, 2011
    Gambia, The
    A crash alone doesn't mean anything. It is only usable, if it is reproducible and if it is possible to start a ROP-chain with it (XN prevents you from running code directly).
     
  5. Duo8

    Duo8 I don't like video games

    Member
    3,444
    1,144
    Jul 16, 2013
    Can that "XN" disabled somehow ?
     
  6. TakuyaZack

    TakuyaZack Member

    Newcomer
    32
    6
    Oct 16, 2013
    Senegal
    My humble abode
    The crash is reproducible here, i just load a video and choose another video, bam it crashes.

    but it probably won`t be any use, since it is just a crash. but according to the method of making it crash, seems like it is out of memory (correct me here if im wrong)
     
    Technicmaster0 likes this.
  7. profi200

    profi200 Banned

    Banned
    330
    216
    Sep 3, 2011
    Gambia, The
    If you have kernelmode code execution you can set all memory pages to r/w/x (read/write/execute). So, it is possible, yes.
     
  8. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,668
    21,702
    Sep 13, 2009
    Poland
    Gaming Grotto
    The app crashes because it's crap - the error isn't necessarily exploitable and if it is, then it's likely going to give you usermode access since it occurs during loading additional data to an already running binary. It's not a system error per se, it's crappy programming, and that's completely different than the DS Profile NVRAM exploiting which is a system vulnerability.
     
  9. Chaosruler

    Chaosruler GBAtemp Fan

    Member
    496
    53
    Jun 5, 2009
    Israel
    p1ngpong's dream
    XN = Execute Never
    meaning it will never execute unless kernel access code changes it to executeable, meaning that we can't load a firmware from an exploit in a memory around XN
    a good usermode exploit might benefit us more than a crap kernel exploit, learning about the system can be done via usermode exploit too
     
  10. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,668
    21,702
    Sep 13, 2009
    Poland
    Gaming Grotto
    Considering the fact that Youtube is unlikely to use a whole lot of resources, not to mention zero 3D rendering whatsoever and no access to the 3D rendering context, I'm pretty sure the feature set would be poor.
     
  11. CFallenleaf

    CFallenleaf GBAtemp Fan

    Member
    311
    54
    Mar 19, 2010
    United States
    PS3 doesn't need to be hacked anymore. You just need a Cobra ODE. They work on 4.50 OFW. you can do everything with Cobra that you can with CFW on ps3.
     
  12. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    22,636
    10,924
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    So glad I decided to sell my 3DS. I too gave up the hope of seeing that happening, waiting around just wasn't worth it IMHO. I though the PS3 firmware could be downgraded, albeit with a USB dongle, at least I thought that was the only way to go back to 3.55.
     
  13. justinkb

    justinkb GBAtemp Advanced Fan

    Member
    619
    210
    Oct 7, 2012
    Netherlands
    Wrong. It doesn't support homebrew which utilizes certain syscalls.
     
  14. CFallenleaf

    CFallenleaf GBAtemp Fan

    Member
    311
    54
    Mar 19, 2010
    United States
    Now you're wrong.

    Q - [Falcon80] What other homebrew can run using the COBRA ODE ?

    A - Homebrew apps which don't use CFW-specific syscalls should be supported.

    Not ALL homebrew requires the CFW syscalls. some just use the systems syscalls. Get your facts straight before telling someone they are wrong. It can do everything CFW can do except run CFW specific syscalls. The fact is the MAJORITY of users of this thing and of CFW don't use it for homebrew.
     
  15. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,668
    21,702
    Sep 13, 2009
    Poland
    Gaming Grotto
    ...so he's right - it doesn't support Homebrew which uses certain syscalls - CFW syscalls. :)
     
    Ammako and Sicklyboy like this.
  16. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    22,636
    10,924
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    Then why does the FAQ answer say "apps that don't use CFW-specific syscalls"? That implies that there are some apps that don't.
     
  17. CFallenleaf

    CFallenleaf GBAtemp Fan

    Member
    311
    54
    Mar 19, 2010
    United States
    No fox he was wrong, He said HOMEBREW he did not specify CFW specific homebrew. Like Random just pointed out there are homebrew that dont use CFW specific syscalls
     
  18. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,668
    21,702
    Sep 13, 2009
    Poland
    Gaming Grotto
    Which part of "certain" requires explaination? "Certain" implies that some don't work and some do.
    I'm not "wrong", I just read what he actually typed, which was that homebrew apps which use certain syscalls don't work, not that homebrew in general doesn't.
     
  19. CFallenleaf

    CFallenleaf GBAtemp Fan

    Member
    311
    54
    Mar 19, 2010
    United States
    Fox, dude, seriously. I never said you were wrong i said justin was. The point here now is that he said just said homebrew. He did not say CFW SPECIFIC HOMEBREW. Just homebrew, period.
     
  20. Luigi2012SM64DS

    Luigi2012SM64DS G-old member

    Banned
    2,060
    309
    Aug 27, 2011
    Canada
    Minecrapt
    I was expecting another OMG CRASH WE CAN HAX THE 4DS WIT DIS SHIT thrread.
    Seriously, no. You cannot hack the 3DS with a crash.