Maybe there are an other way to execute the webkit exploit

Discussion in '3DS - Flashcards & Custom Firmwares' started by dosseum, Jan 21, 2015.

  1. dosseum
    OP

    dosseum Advanced Member

    Newcomer
    93
    22
    Jan 2, 2015
    France
    I'm not english so my english is not very good.

    I have an idea, i think Nintendo has maybe only patch the webkit exploit on the browser but not on youtube app ?

    On the youtube app you can go on google.com and visiting site with some click, but only the website with "HTTPS://" so go.gateway-3ds.com doesn't work but gbatemp.net yes.

    Maybe if someone can succeed to put the exploit on a website with https://, if we visite this website the exploit works.


    Thanks for reading
     
  2. GTOnizuka

    GTOnizuka Newbie

    Newcomer
    4
    0
    Apr 29, 2012
    Italy
    A better title for this topic should be provided...

    Anyway good idea, but I'm quite sure that the app is using the shared webkit engine that the browser is using also (it would be really absurd to embed the engine inside the app).
    Although you can even try something else. You can just run an hotspot on your computer with an advanced routing application and set the routing table to point "google.com" domain to your own IP (where you have a running http server) and enable https on your own local http server installation.

    This way you could fake it even easier that doing the whole stuff online :)
     
  3. Nollog

    Nollog GBAtemp Addict

    Member
    2,703
    472
    Oct 10, 2008
    It is my belief that the browser hasn't been patched, just the exploit beyond the browser, so this isn't really an issue.
     
  4. mastermodr94

    mastermodr94 GBAtemp Regular

    Member
    136
    84
    Dec 3, 2014
    United States
    Even that exploit may not be patched. Im guesing its just a different range of memory addresses to call the functions that cause the crash.
     
  5. UraKn0x

    UraKn0x Official senpai

    Member
    360
    268
    Mar 20, 2014
    France
    I think Nintendo may have patched some of the different exploits used, at least the most critical ones, like the kernel-owning. The webkit exploit itself hasn't been patched as shown by smea's RegionThree.