Hacking Maybe there are an other way to execute the webkit exploit

[Deleted User]

I'm not english so my english is not very good.

I have an idea, i think Nintendo has maybe only patch the webkit exploit on the browser but not on youtube app ?

On the youtube app you can go on google.com and visiting site with some click, but only the website with "HTTPS://" so go.gateway-3ds.com doesn't work but gbatemp.net yes.

Maybe if someone can succeed to put the exploit on a website with https://, if we visite this website the exploit works.


Thanks for reading

 

[GTOnizuka]

A better title for this topic should be provided...

Anyway good idea, but I'm quite sure that the app is using the shared webkit engine that the browser is using also (it would be really absurd to embed the engine inside the app).
Although you can even try something else. You can just run an hotspot on your computer with an advanced routing application and set the routing table to point "google.com" domain to your own IP (where you have a running http server) and enable https on your own local http server installation.

This way you could fake it even easier that doing the whole stuff online

 

[Nollog]

It is my belief that the browser hasn't been patched, just the exploit beyond the browser, so this isn't really an issue.

 

[mastermodr94]

It is my belief that the browser hasn't been patched, just the exploit beyond the browser, so this isn't really an issue.

Even that exploit may not be patched. Im guesing its just a different range of memory addresses to call the functions that cause the crash.

 

[UraKn0x]

I think Nintendo may have patched some of the different exploits used, at least the most critical ones, like the kernel-owning. The webkit exploit itself hasn't been patched as shown by smea's RegionThree.