Homebrew Is tubehax finally patched away?

[VaiCorinthians]

Browserhax>>>Tubehax

I have ironhax, but I prefer to use the themehax.

 

[fmkid]

The 3ds Friend Service makes the version checks for the YT app before it makes any http requests itself.

I'm just hoping they can't do the same for the browser.

Not only the browser, but another app or game too!

 

[teampleb]

The 3ds Friend Service makes the version checks for the YT app before it makes any http requests itself.
here let yellows fill you in:


I'm just hoping they can't do the same for the browser.

I doubt it can. The browser isn't like other apps. It can only be updated via a system update.

 

[MasterLel]

Tubehax is dead, it's a sad time for us the 3DS homebrew community... I really enjoyed it, even if it was a bit unstable. Rest in peace, tubehax, i'll miss you

 

[zoogie]

I doubt it can. The browser isn't like other apps. It can only be updated via a system update.

If we can update single apps via cia installs I don't see why Nintendo couldn't.
The dsi had it's browser installed (and updated) from the eshop, so if Nintendo wanted to do that with the 3ds, I'm sure they could. It's a good idea from a security standpoint.

 

[teampleb]

If we can update single apps via cia installs I don't see why Nintendo couldn't.
The dsi had it's browser installed (and updated) from the eshop, so if Nintendo wanted to do that with the 3ds, I'm sure they could. It's a good idea from a security standpoint.

Yes, I should have been more clear. The browser is a multitasking app vs a regular app. It doesn't launch or run like a regular app does.

 

[Jwiz33]

What if you manually go to smea.mtheall.com through the google trick?

 

[MasterLel]

Hmm I just tried to change the DNS to a non-existent one, and the update box didn't pop-up... It may be exploitable

 

[zoogie]

What if you manually go to smea.mtheall.com through the google trick?

Can't, the app stops you at the door.

 

[Jwiz33]

Can't, the app stops you at the door.

Oh. What if you turn off your router, open the app, then turn on your router?

 

[zoogie]

Oh. What if you turn off your router, open the app, then turn on your router?

If it can't connect to the internet it will return an error. If it can, it will see it's outdated. Checkmate.

 

[Jwiz33]

If it can't connect to the internet it will also return an error. If it can, it will see it's outdated. Checkmate.

Oh. Well then. I still have Ironhax, Ninjhax, and Themehax though

 

[MasterLel]

Someone has tried to setup a dns that bypass the "friend service" check requests ? Like it would redirects the requests to a malicious server that will send back an "ok" code and the application would run again because it needs no update according to the (malicious) server response

 

[teampleb]

Someone has tried to setup a dns that bypass the "friend service" check requests ? Like it would redirects the requests to a malicious server that will send back an "ok" code and the application would run again because it needs no update according to the (malicious) server response

That seems like a lot of work and reverse engineering when we already have other exploits.

 

[MasterLel]

Yeah, you're right, but as a "tubehax maniac" I would really love to see it resurrected. Plus it would also work for other applications blocked by that friend service, so it's not a total waste of time and effort..

 

[Pandaxclone2]

Agreed with the above. We would learn a thing or two by reverse engineering it.

 

[teampleb]

Yeah, you're right, but as a "tubehax maniac" I would really love to see it resurrected. Plus it would also work for other applications blocked by that friend service, so it's not a total waste of time and effort..

Good point. But other apps won't need it. If the hack works offline you could just turn off wifi and start it.

 

[hacksn5s4]

well tius gone all the other entry poirns suh as browser hax are going to be patched by a sytstem update

 

[the assaf]

Someone has tried to setup a dns that bypass the "friend service" check requests ? Like it would redirects the requests to a malicious server that will send back an "ok" code and the application would run again because it needs no update according to the (malicious) server response

The custom dns is just for manipulating yt app so YouTube.com will refer to smea's hax page which trigger hb payload. The friend service is done before http request happen, so the only way is to bypass it to fake friend service so it think it's the last update, but this data likely to be encrypted, and using ssl. The only thing can bypass it is kernel exploit.

 

[Februarysn0w]

its fully patched.
I tried to backup unpatched version into my conputer then update the app.

after that restore old version app into my 3ds but 3ds said like the pic above.

You must reinstall the app frim eshop. and the update managed to old one. its mean you can not delete update files and reinstall old app for ever.