Homebrew Sourcecode 3DS webbrowser

[Slyakin]

Well, that is interesting, but if they have had the capability for months, something should have happened by now.

 

[chyyran]

LOL, so Nintendo want us that we make a exploit soon? They beg so they can update the 3DS.
No, if Nintendo doesn't release the sourcecode, they would soon get a hefty fee from the free software foundation, which is kind of ironic. Thus, it is illegal not to release the source code, as Nintendo used GPL licensed code. Their fault for being lazy and using open-source code.

Well, that is interesting, but if they have had the capability for months, something should have happened by now.
Well, they might want to keep it a secret for now, also they still might have to find out how to access the SD.

Correct me if i'm wrong.


QUOTE(Kyohack @ Aug 27 2011, 02:10 PM)

TeamTwiizers already had access to the European source code MONTHS ago. And yes, many exploits were discovered. For an example of what they have done so far, visit this in your 3DS browser:
http://96.26.172.219:8080/3ds.php

That exploit creates a buffer overflow, which crashes the 3DS. All that is left for team twiizers to do, is to attach an executable payload.

Crashing mah 3DS is fun

 

[ProtoSphere]

Are you all from Florida or something?!
THIS IS NOT EXPLOITABLE, NOT EVEN CLOSE TO IT.
It's just WebKit, not the fkng entire thing. Because Nintendo isn't stupid like everybody here...

If you're looking for bugs in a web browser, the rendering engine is usually the best target. The key thing to remember is that not all bugs are exploitable due to the way memory is allocated.

 

[qlum]

Its almost certain that Nintendo really doesn't release anything that could lead directly to an exploit.
Maybe some of this code may help hackers understand how the 3ds does things, which may in the future help them to find exploits.
The chance that Nintendo leaves things like encryption keys or formulas for them in the released code is almost zero.
If bugs are found in the source code that could lead to exploits the exploits will most likely be just as easy to fix with a simple update of the browser however ones hackers gain more access to the 3ds they may find new exploits that could lead to more permanent hacks.

Note: I don't know a lot about hacking so I may just be plain wrong here.

 

[bri_]

I'd just like to mention that every iPhone userland jailbreak has been done using an exploit in WebKit. It's possible that those same exploits may be able to be adapted for the 3DS.

 

[Arras]

Wait, Ninty used GPL code? I thought if you used GPL code to make something you had to upload the source of that as well?

Does the GPL require that source code of modified versions be posted to the public?

The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.

Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.

is what the GNU site has to say about it.

EDIT: Huh, that's for the normal GPL license and Ninty used the library version. Might be different. I'll read the license. I assume the 3DS browser counts as "a work that uses the library" and not "a work derived on the library", right?
According to this, the source code should include the 3DS browser executable and the modified library source... I think. I'm not a lawyer.
It also says any data and utility programs needed to reproduce the executable must be included...

 

[Harakiri23]

^ you are correct - what they did is not complying with the GPL at all

if they use GPL code (not LGPL because then it wouldnt apply) they have to release the source of anything they used the GPL code for - it does not matter if it is a libary or something else - if it is in
any way connected to the GPL they have to release their own source code too - and when i skimmed over the archive it was only webkit source that is available anyway - they did not include their own source

 

[Cancel]

TeamTwiizers already had access to the European source code MONTHS ago. And yes, many exploits were discovered. For an example of what they have done so far, visit this in your 3DS browser:
http://96.26.172.219:8080/3ds.php

That exploit creates a buffer overflow, which crashes the 3DS. All that is left for team twiizers to do, is to attach an executable payload.

If you start a game from your SD Card then press the home button and leave the game open and go to that url on your browser wait for it to "crash" and then unplug your SD Card it throws a error telling you to press the home button. I'm not sure if that's useful or not but I thought it was interesting. It also works with game cartridges.

 

[koji2009]

The problem is that simply causing a buffer overflow is just the start... You have to be able to inject code that runs.

 

[chyyran]

It seems the crashing site is down.

 

[Cancel]

It seems the crashing site is down.

You're right it is down. If someone could host the following html code that would be great.






var i= 0;
var str = "x";
while(i++ < 32){
str += str;
}
window.alert(str);

 

[chyyran]

It seems the crashing site is down.

You're right it is down. If someone could host the following html code that would be great.
CODE




ÂÂÂÂvar i= 0;
ÂÂÂÂvar str = "x";
ÂÂÂÂwhile(i++ < 32){
ÂÂÂÂÂÂÂÂstr += str;
ÂÂÂÂ}
ÂÂÂÂwindow.alert(str);

That's what's crashing the 3DS? A mere 14 lines?

Anyways, here
3dspwn.webs.com

 

[Deleted_171835]

It seems the crashing site is down.

You're right it is down. If someone could host the following html code that would be great.

Spoiler: Code

var i= 0;
var str = "x";
while(i++ < 32){
str += str;
}
window.alert(str);

If you insist,
http://soulsnatcher.bplaced.net/3dscrashthing.html

Why do I have a feeling my site is going to be blacklisted by Google for hosting this?

 

[Deleted_171835]

It seems the crashing site is down.

You're right it is down. If someone could host the following html code that would be great.

Spoiler: Code

CODE




ÂÂÂÂvar i= 0;
ÂÂÂÂvar str = "x";
ÂÂÂÂwhile(i++ < 32){
ÂÂÂÂÂÂÂÂstr += str;
ÂÂÂÂ}
ÂÂÂÂwindow.alert(str);

That's what's crashing the 3DS? A mere 14 lines?

It's not just a mere 14 lines.

It's a trojan program that crashes the browser by staying in an infinite loop (or in other cases, opening an infinite number of browser windows).

 

[T.Kuranari]

This is not the source code of the netfront browser used with the 3DS, but only an uninteresting part of it and it's certainly not GPL, but LGPL. Nintendo has to release this part because the libraries that are licensed under LGPL have been altered by Nintendo. If they weren't altered Nintendo wouldn't have to release anything.

 

[chyyran]

It seems the crashing site is down.

You're right it is down. If someone could host the following html code that would be great.

Spoiler: Code

var i= 0;
var str = "x";
while(i++ < 32){
str += str;
}
window.alert(str);

If you insist,
-snip-

Why do I have a feeling my site is going to be blacklisted by Google for hosting this?

Behold the power of Robots.txt'

Actually, just to be on the safe side..
I removed the punyman.com mirror, and I just made that mirror
http://3dspwn.webs.com/

 

[Terminator02]

It seems the crashing site is down.

You're right it is down. If someone could host the following html code that would be great.

Spoiler: Code

CODE




ÂÂÂÂvar i= 0;
ÂÂÂÂvar str = "x";
ÂÂÂÂwhile(i++ < 32){
ÂÂÂÂÂÂÂÂstr += str;
ÂÂÂÂ}
ÂÂÂÂwindow.alert(str);

That's what's crashing the 3DS? A mere 14 lines?

It's not just a mere 14 lines.

It's a trojan program that crashes the browser by staying in an infinite loop (or in other cases, opening an infinite number of browser windows).

i loaded that page in chrome, got an error "Script on the page used too much memory. Reload to enable scripts again"

Edit: bump

 

[rondoh70]

Does anyone know if you could host the trojan website as the eShope. If you could that would allow you permission to the system files.

 

[Cancel]

Does anyone know if you could host the trojan website as the eShope. If you could that would allow you permission to the system files.

It gives a generic error if you try to spoof the server through DNS settings. I think there's a some sort of certificate check client and server side.

 

[rondoh70]

what if the the html runs before the security check and freezes the eshop