[MIGHT NOT WORK] 9.2+ Youtube Exploit (Should work on 9.4 and 9.5)

Discussion in '3DS - Homebrew Development and Emulators' started by 0xFFFF, Feb 10, 2015.

  1. 0xFFFF
    OP

    0xFFFF Advanced Member

    Newcomer
    63
    43
    Jan 17, 2015
    Saint Kitts and Nevis
    What I am saying here is probably something that doesn't even work.
    But I am sure there is something that can be exploiting in this, so give it a go.

    1. Make a proxy that redirects all Youtube requests to your own server.
    2. The server must contains Gateway's iFrame exploit.
    3. Youtube will load that web page instead.
    4. Possible hax?
     


  2. froatsnook

    froatsnook Advanced Member

    Newcomer
    70
    48
    Mar 18, 2014
    United States
    I think I read that someone already tried this and the exploit doesn't work in youtube.
     
  3. Vappy

    Vappy GBAtemp Advanced Maniac

    Member
    1,507
    1,154
    May 23, 2012
    Might want to ask for the misleading title to be changed.
     
  4. SelfDEstruction

    SelfDEstruction Member

    Newcomer
    16
    0
    Jan 25, 2015
    Gambia, The
    But the youtube app is useful to watch other videos from the internet.
    Just find a google link on the mobile page, look under settings :D
     
  5. ShawnTRods

    ShawnTRods GBAtemp Psycho!

    Member
    4,343
    453
    Mar 26, 2011
    London
    Holy shit. I thought there was a new exploit.
    Let's go people. Nothing to see here.
     
    MAXLEMPIRA likes this.
  6. 0xFFFF
    OP

    0xFFFF Advanced Member

    Newcomer
    63
    43
    Jan 17, 2015
    Saint Kitts and Nevis
    Explain?
     
  7. 0xFFFF
    OP

    0xFFFF Advanced Member

    Newcomer
    63
    43
    Jan 17, 2015
    Saint Kitts and Nevis
    And what relation it have with my theory?
     
  8. VinsCool

    VinsCool Delusional

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,690
    27,700
    Jan 7, 2014
    Canada
    End of Time
    And you told me to not share :rolleyes:
     
  9. N3XU5

    N3XU5 Member

    Newcomer
    29
    1
    Dec 3, 2013
    Netherlands
    Could be possible, since youtube app is just a simple browser with flash support, if someone creates a script that will lead into a crash, than we will succeed..

    Remember that you can leave the youtube itself and watch even porn with the system ( not that ive done it ....... Lol )

    But hope you guys understand what im telling.
     
  10. 0xFFFF
    OP

    0xFFFF Advanced Member

    Newcomer
    63
    43
    Jan 17, 2015
    Saint Kitts and Nevis
    It would be fun that people try the theory I posted instead of shooting file names that may or may not work with the 3DS that have 0 relations with my theory.
     
  11. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,608
    Nov 3, 2013
    United States
    Ah yes, the fabled "my" exploit. hehe
    Hax through youtube are completely possible, but aren't done since it's a little easier to hook onto spider.
     
    VinsCool and Kelton2 like this.
  12. DarkFlare69

    DarkFlare69 GBAtemp Psycho!

    Member
    4,680
    2,509
    Dec 8, 2014
    United States
    Ohio
    Nothing here... The browser is probably the best (and only) way to go. They dont check every individual website to make sure it's not an exploit. And if they did, someone could just mirror that shit onto another host everytime it gets patched.
     
  13. SelfDEstruction

    SelfDEstruction Member

    Newcomer
    16
    0
    Jan 25, 2015
    Gambia, The
    The youtube app can be patched every minute, they just need to change their site. So i guess the web browser might be better.
     
  14. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,608
    Nov 3, 2013
    United States
    Youtube also suffers from some MITM stuff and runs an older version of webkit. But yeah, browser's generally better.
     
  15. gamesquest1

    gamesquest1 Nabnut

    Member
    14,118
    9,453
    Sep 23, 2013
    iirc part of what makes the browser exploit so useful is that its runs as an applet, allowing other games to be loaded+applet, which allows stuff like the rom injection hacks
    not to mention the browser is just the entry point, all the big boy stuff is the later stages, taking over the system etc........and finally, how useful would an exploit be that's dependent on the user having an app that you can only download from eshop, and to download it from the eshop you need to update to the latest version.

    one update later and anyone that will ever be able to use it will have to of downloaded it before the update hits.....nobody else can join the club......its always better to have any sort of exploit to be run from something that is free to use with anyone on a specific FW, not based on specific FW + specific app that can only be obtained via eshop, if it was released on retail cart, yeah sure, but that's still another cubic ninja story all over again
     
  16. WeedZ

    WeedZ Possibly an enlightened being

    Member
    GBAtemp Patron
    WeedZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,787
    5,449
    Jan 13, 2015
    United States
    Whether you use the web browser or an app, the software still requires the same exploit. Is it possible to use youtube instead of spider? Doubtful considering the exploit is in spider. Even if it did work you would be confined to the resources that youtube has access to. Like with cubic ninja, you have no access to anything that the game doesn't.

    It's not as simple as redirecting instructions from a proxy. In all probability it would return a 404 or crash.

    How did you even decide what fw would work and which wouldn't? You could address to the gateway exploit in 9.5 but it just errors. why would any other software that uses the web browser have any different results, where ever the exploit is hosted?

    And how exactly would you reach this page. You would need access to edit the youtube app to change what page it looks for, and I don't think a proxy can trick the app to look for a local ip instead of a domain which is pretty much a mask for an external ip.

    Tl;Dr this is a pointless thread
     
  17. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,608
    Nov 3, 2013
    United States
    The exploit is in webkit, a library used by both youtube and spider. Youtube actually uses an even older version, in fact. It IS as easy as redirecting traffic. Like I literally just said, the youtube app is prone to MITM attacks. This was figured out like a year ago.
    Version detection isn't possible with the youtube app since all versions have the same webkit version (and that doesn't update with system), but it's easy to tell users which link to go to for their system version.

    Youtube still isn't a practical entry point since it's not on all devices and requires some mitm stuff rather than being entirely on-device, but I wanted to make it clear that technically there's nothing stopping an exploit from launching through the youtube app.
     
  18. Bug_Checker_

    Bug_Checker_ GBAtemp Advanced Fan

    Member
    950
    444
    Jun 10, 2006
    United States
  19. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,608
    Nov 3, 2013
    United States
  20. Bug_Checker_

    Bug_Checker_ GBAtemp Advanced Fan

    Member
    950
    444
    Jun 10, 2006
    United States
    I believe he phrased it even funnier like "my bug". Most people would not take credit for screwed up code.
    It is like saying "I am proud 'my code' brought down xyz (like healthcare.gov). Hire me I know how to break stuff!"

    After all that drama, It would be funny if that were "his bug".
     
    WulfyStylez likes this.