Homebrew [MIGHT NOT WORK] 9.2+ Youtube Exploit (Should work on 9.4 and 9.5)

0xFFFF

Well-Known Member
OP
Newcomer
Joined
Jan 17, 2015
Messages
63
Trophies
0
Age
74
XP
88
Country
Saint Kitts and Nevis
What I am saying here is probably something that doesn't even work.
But I am sure there is something that can be exploiting in this, so give it a go.

  1. Make a proxy that redirects all Youtube requests to your own server.
  2. The server must contains Gateway's iFrame exploit.
  3. Youtube will load that web page instead.
  4. Possible hax?
 

0xFFFF

Well-Known Member
OP
Newcomer
Joined
Jan 17, 2015
Messages
63
Trophies
0
Age
74
XP
88
Country
Saint Kitts and Nevis
Can't.
Ah well, saying the name means it's already out. It's a not yet confirmed unexploitable html file that crashes the Wii U browser-haven't tested it on 3DS, might be exploitable there.

And what relation it have with my theory?
 

VinsCool

Persona Secretiva Felineus
Global Moderator
Joined
Jan 7, 2014
Messages
14,614
Trophies
4
Location
Another World
Website
www.gbatemp.net
XP
25,375
Country
Canada
Can't.
Ah well, saying the name means it's already out. It's a not yet confirmed unexploitable html file that crashes the Wii U browser-haven't tested it on 3DS, might be exploitable there.

And you told me to not share :rolleyes:
 

N3XU5

Active Member
Newcomer
Joined
Dec 3, 2013
Messages
29
Trophies
0
Age
35
XP
99
Country
Netherlands
Could be possible, since youtube app is just a simple browser with flash support, if someone creates a script that will lead into a crash, than we will succeed..

Remember that you can leave the youtube itself and watch even porn with the system ( not that ive done it ....... Lol )

But hope you guys understand what im telling.
 

DarkFlare69

Well-Known Member
Member
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,752
Country
United States
Nothing here... The browser is probably the best (and only) way to go. They dont check every individual website to make sure it's not an exploit. And if they did, someone could just mirror that shit onto another host everytime it gets patched.
 

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
iirc part of what makes the browser exploit so useful is that its runs as an applet, allowing other games to be loaded+applet, which allows stuff like the rom injection hacks
not to mention the browser is just the entry point, all the big boy stuff is the later stages, taking over the system etc........and finally, how useful would an exploit be that's dependent on the user having an app that you can only download from eshop, and to download it from the eshop you need to update to the latest version.

one update later and anyone that will ever be able to use it will have to of downloaded it before the update hits.....nobody else can join the club......its always better to have any sort of exploit to be run from something that is free to use with anyone on a specific FW, not based on specific FW + specific app that can only be obtained via eshop, if it was released on retail cart, yeah sure, but that's still another cubic ninja story all over again
 

WeedZ

Possibly an Enlightened Being
Global Moderator
Joined
Jan 13, 2015
Messages
3,825
Trophies
1
Location
The State of Denial
Website
gbatemp.net
XP
5,666
Country
United States
What I am saying here is probably something that doesn't even work.
But I am sure there is something that can be exploiting in this, so give it a go.

  1. Make a proxy that redirects all Youtube requests to your own server.
  2. The server must contains Gateway's iFrame exploit.
  3. Youtube will load that web page instead.
  4. Possible hax?
Whether you use the web browser or an app, the software still requires the same exploit. Is it possible to use youtube instead of spider? Doubtful considering the exploit is in spider. Even if it did work you would be confined to the resources that youtube has access to. Like with cubic ninja, you have no access to anything that the game doesn't.

It's not as simple as redirecting instructions from a proxy. In all probability it would return a 404 or crash.

How did you even decide what fw would work and which wouldn't? You could address to the gateway exploit in 9.5 but it just errors. why would any other software that uses the web browser have any different results, where ever the exploit is hosted?

And how exactly would you reach this page. You would need access to edit the youtube app to change what page it looks for, and I don't think a proxy can trick the app to look for a local ip instead of a domain which is pretty much a mask for an external ip.

Tl;Dr this is a pointless thread
 

WulfyStylez

SALT/Bemani Princess
Member
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,877
Country
United States
Whether you use the web browser or an app, the software still requires the same exploit. Is it possible to use youtube instead of spider? Doubtful considering the exploit is in spider. Even if it did work you would be confined to the resources that youtube has access to. Like with cubic ninja, you have no access to anything that the game doesn't.

It's not as simple as redirecting instructions from a proxy. In all probability it would return a 404 or crash.

How did you even decide what fw would work and which wouldn't? You could address to the gateway exploit in 9.5 but it just errors. why would any other software that uses the web browser have any different results, where ever the exploit is hosted?

And how exactly would you reach this page. You would need access to edit the youtube app to change what page it looks for, and I don't think a proxy can trick the app to look for a local ip instead of a domain which is pretty much a mask for an external ip.

Tl;Dr this is a pointless thread

The exploit is in webkit, a library used by both youtube and spider. Youtube actually uses an even older version, in fact. It IS as easy as redirecting traffic. Like I literally just said, the youtube app is prone to MITM attacks. This was figured out like a year ago.
Version detection isn't possible with the youtube app since all versions have the same webkit version (and that doesn't update with system), but it's easy to tell users which link to go to for their system version.

Youtube still isn't a practical entry point since it's not on all devices and requires some mitm stuff rather than being entirely on-device, but I wanted to make it clear that technically there's nothing stopping an exploit from launching through the youtube app.
 

Bug_Checker_

Well-Known Member
Member
Joined
Jun 10, 2006
Messages
950
Trophies
0
XP
664
Country
United States
Ah, alright. Either way, I was just poking fun at the whole 'i discovered this bug, it's mine' business.

I believe he phrased it even funnier like "my bug". Most people would not take credit for screwed up code.
It is like saying "I am proud 'my code' brought down xyz (like healthcare.gov). Hire me I know how to break stuff!"

After all that drama, It would be funny if that were "his bug".
 
  • Like
Reactions: WulfyStylez

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    BigOnYa @ BigOnYa: Night night