Homebrew Ideas for an offline webkit exploit

F

fürdielulz

New Member
OP
Newbie
Level 1
Joined
Jul 24, 2015
Messages
2
Trophies
0
Age
36
XP
61
Country
Hello all.

First of all, excuse me if this is the wrong section for this thread. Feel free to move it accordingly.

I am fairly new to the 3DS scene (bought a 2DS like two weeks ago), but I've already gone through most of the concepts and managed to mess around with my unit.

The thing is, my 2DS came with version 8.1.0 preinstalled, so the only known exploit I could use was the webkit exploit. Everyone is well aware of the "must have an internet connection" limitation, and some may also know that there are several Android apps to set up a hotspot with the payloads hosted there.

Still, this feels like it's not enough. Thus, I have two ideas for possible offline exploitation of the webkit vulnerability:
  1. Check if the Internet Browser mounts the SD card, and if it does, browse to the payloads directly in the SD card. This fairly trivial, so I guess someone else must have checked before. If not, what would I need to check if the Internet Browser app mounts the SD card? Extract the NAND, decrypt it, then reverse-engineer the binaries? Any pointers for this last step?
  2. Modify the content of certain apps that use HTML and flash it back to sysNAND. I've seen (at the 3dbrew wiki) that title 0004001B00018102 includes some HTML files for the Miiverse offline mode starting from 7.0.0-13. In principle, if these are rendered using a vulnerable version of webkit (apparently in 0004001B00018202), it would be possible to modify them and then trigger the exploit by going to the Miiverse offline mode. Again, has anyone tried this before, or is anyone aware of any hash/signature checks performed on these HTML files before they are rendered?
Thanks for reading!
 
V

Vappy

Well-Known Member
Member
Level 11
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
I've no idea if either of those ideas could play out or not, but it might be worth you looking into downgrading MSET (the System Settings app). This allows you to exploit the console via the DS Profile Settings, no internet connection needed, and probably far less effort than trying to figure out a way to trigger the webkit bug without internet. :P
 
F

fürdielulz

New Member
OP
Newbie
Level 1
Joined
Jul 24, 2015
Messages
2
Trophies
0
Age
36
XP
61
Country
Oh, wow. I didn't know such a thing was possible on the 2DS. That's much simpler... Still, out of curiosity it would be fun to explore the other two alternatives.
 
NicEXE

NicEXE

Well-Known Member
Member
Level 5
Joined
Dec 6, 2009
Messages
411
Trophies
1
XP
706
Country
Cyprus
You can try and see if file://... works but I am 99% that its disabled. Why would you have it on a handheld console anyway?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

So what's the current state of hacking and freeshop?

General chit-chat
Help Users
    BigOnYa @ BigOnYa: I haven't played my Switch n a month or so, just been playing Xbox, and just picked to play lil...