Possible to trigger an exploit through the QR code reader?

Discussion in '3DS - Homebrew Development and Emulators' started by HakJobbr, Dec 25, 2015.

  1. HakJobbr
    OP

    HakJobbr Newbie

    Newcomer
    1
    0
    Dec 25, 2015
    United States
    I did research and determined that a buffer overflow (or underflow) is possible by tampering with a QR code. A QR code can store about 7k character, but I think it is possible to stuff a whole script inside a QR. I highly doubt the 3DS's QR code reader can even read 7k characters to begin with. So, is it possible to trigger an exploit through the reader itself?
     
  2. Uziskull

    Uziskull Picture may not be real

    Member
    265
    178
    Nov 15, 2015
    Somewhere, probably
    Hey, that seems like an alright idea. It probably won't work, since messing with QR seems to be a common 3DS hacking practice and nobody ever came up with a triggerable exploit through it, but how about you try that out and tell us the results?
     
    The9thBit likes this.
  3. shaneod

    shaneod GBAtemp Fan

    Member
    346
    252
    Mar 3, 2011
  4. Uziskull

    Uziskull Picture may not be real

    Member
    265
    178
    Nov 15, 2015
    Somewhere, probably
    I think he meant outside of any games, using just the system QR scanner on the Camera app.
     
  5. shaneod

    shaneod GBAtemp Fan

    Member
    346
    252
    Mar 3, 2011
    Oh, right. My bad.
    I'm sure somebody would have thought of this at some point or another. The system itself would have been the first target, and in particular the QR scanner since there have been a bunch of exploits involving it in various games.
     
  6. Uziskull

    Uziskull Picture may not be real

    Member
    265
    178
    Nov 15, 2015
    Somewhere, probably
    Yeah, that's what I mentioned before. But still, OP, feel free to try something out and report your findings :)
     
  7. DarkFlare69

    DarkFlare69 GBAtemp Psycho!

    Member
    4,626
    2,460
    Dec 8, 2014
    United States
    Ohio
    I thought of this a couple years ago and asked some people who knew what they were doing and they said probably not.

    Anyway, the QR reader doesn't really "import" (I guess this is the wrong term) any data, all it does is displays a URL. Ninjhax actually tried to put the data from the QR code into the game, as a level.
     
    Ammako likes this.
  8. Jack_Sparrow

    Jack_Sparrow Ruthless Pirate

    Banned
    855
    477
    Nov 17, 2015
    United States
    The Black Pearl
    Exactly this is how MenuHax (Or browserhax? There are too many hax) Works
     
  9. DarkFlare69

    DarkFlare69 GBAtemp Psycho!

    Member
    4,626
    2,460
    Dec 8, 2014
    United States
    Ohio
    yep
     
  10. ketal

    ketal aiueo

    Member
    744
    569
    Aug 20, 2015
    Italy
    afaik, the only (discovered) entrypoint left in the home menu is the notifications applet.
    due to an out-of-bounds array index, you can actually ROP from the news module
     
  11. Seriel

    Seriel Worshipper of Skiddos

    Member
    2,703
    4,729
    Aug 18, 2015
    Anyone thought about working on that some more? :P
     
  12. ketal

    ketal aiueo

    Member
    744
    569
    Aug 20, 2015
    Italy
    This was discovered about one year ago. I tried messing around with newss:SetNotificationHeader myself but I don't have much free time
     
    Seriel likes this.
  13. SomeGamer

    SomeGamer Within Hyrule Castle

    Member
    5,729
    2,676
    Dec 19, 2014
    Hungary
    I wouldn't be surprised if yellows8 made a surprise release, just like menuhax. It was also discovered years ago.
     
  14. kje123

    kje123 this title is false

    Member
    385
    229
    Aug 9, 2015
    United States
    Seattle
    Isn't that literally what ninjhax is?
     
  15. SomeGamer

    SomeGamer Within Hyrule Castle

    Member
    5,729
    2,676
    Dec 19, 2014
    Hungary
     
  16. RainCode

    RainCode The Temper that Tampers

    Member
    162
    57
    Sep 29, 2015
    /dev/null
    You should note that in Cubic Ninja's case, its QR code reader is supposed to load custom levels and that would involve executing the code that would be decrypted. In a way, it works like IronHax.
     
    Ailuros27 and Ammako like this.