Homebrew Possible to trigger an exploit through the QR code reader?

[HakJobbr]

I did research and determined that a buffer overflow (or underflow) is possible by tampering with a QR code. A QR code can store about 7k character, but I think it is possible to stuff a whole script inside a QR. I highly doubt the 3DS's QR code reader can even read 7k characters to begin with. So, is it possible to trigger an exploit through the reader itself?

 

[Uziskull]

Hey, that seems like an alright idea. It probably won't work, since messing with QR seems to be a common 3DS hacking practice and nobody ever came up with a triggerable exploit through it, but how about you try that out and tell us the results?

 

[shaneod]

The Ninjhax exploit worked via a buffer overflow exploit in the QR code scanner in Cubic Ninja.
http://wiki.gbatemp.net/wiki/Ninjhax

 

[Uziskull]

The Ninjhax exploit worked via a buffer overflow exploit in the QR code scanner in Cubic Ninja.
http://wiki.gbatemp.net/wiki/Ninjhax

I think he meant outside of any games, using just the system QR scanner on the Camera app.

 

[shaneod]

I think he meant outside of any games, using just the system QR scanner on the Camera app.

Oh, right. My bad.
I'm sure somebody would have thought of this at some point or another. The system itself would have been the first target, and in particular the QR scanner since there have been a bunch of exploits involving it in various games.

 

[Uziskull]

Oh, right. My bad.
I'm sure somebody would have thought of this at some point or another. The system itself would have been the first target, and in particular the QR scanner since there have been a bunch of exploits involving it in various games.

Yeah, that's what I mentioned before. But still, OP, feel free to try something out and report your findings

 

[DarkFlare69]

Oh, right. My bad.
I'm sure somebody would have thought of this at some point or another. The system itself would have been the first target, and in particular the QR scanner since there have been a bunch of exploits involving it in various games.

I thought of this a couple years ago and asked some people who knew what they were doing and they said probably not.

Anyway, the QR reader doesn't really "import" (I guess this is the wrong term) any data, all it does is displays a URL. Ninjhax actually tried to put the data from the QR code into the game, as a level.

 

[Jack_Sparrow]

I thought of this a couple years ago and asked some people who knew what they were doing and they said probably not.

Anyway, the QR reader doesn't really "import" (I guess this is the wrong term) any data, all it does is displays a URL. Ninjhax actually tried to put the data from the QR code into the game, as a level.

Exactly this is how MenuHax (Or browserhax? There are too many hax) Works

 

[DarkFlare69]

Exactly this is how MenuHax (Or browserhax? There are too many hax) Works

yep

 

[ketal]

afaik, the only (discovered) entrypoint left in the home menu is the notifications applet.
due to an out-of-bounds array index, you can actually ROP from the news module

 

[Seriel]

afaik, the only (discovered) entrypoint left in the home menu is the notifications applet.
due to an out-of-bounds array index, you can actually ROP from the news module

Anyone thought about working on that some more?

 

[ketal]

Anyone thought about working on that some more?

This was discovered about one year ago. I tried messing around with newss:SetNotificationHeader myself but I don't have much free time

 

[SomeGamer]

Anyone thought about working on that some more?

I wouldn't be surprised if yellows8 made a surprise release, just like menuhax. It was also discovered years ago.

 

[kje123]

Isn't that literally what ninjhax is?

 

[SomeGamer]

Isn't that literally what ninjhax is?

I think he meant outside of any games, using just the system QR scanner on the Camera app.

 

[NodePoint]

You should note that in Cubic Ninja's case, its QR code reader is supposed to load custom levels and that would involve executing the code that would be decrypted. In a way, it works like IronHax.