I think it's patched too. But try it, go on duckduckgo and type the URI. If it crashes, then there could be. But it's most likely patched.
I can't do it since I don't have access to eShop (on 10.1). But if anyone wants to try, this is the url for N3DS
http://yls8.mtheall.com/browserhax_fright.php
I was thinking the same thing. My sister's 3DS got the browser pop up of doom, but she has Youtube app on 9.9. Does the Youtube app even work at all on 9.9, or does it give a pop up like the browser does?
You won't be able to use it unless you have the latest app version, and you won't be able to download it because the eShop spoof doesn't work on 10.1 and below anymore.
No, it's not. YouTube asks you to update the app. The browser asks you to update the firmware.
- Joined
- Oct 12, 2015
- Messages
- 1,753
- Trophies
- 0
- Location
- kys
- Website
- camilla.hostfree.pw
- XP
- 1,447
- Country
All the point of this thread is to try again and to attack it from another way.
This is the way to discover vulns- to see something weak and to dig dip until you see an exploit or until you see that it is not exploitable 100%.
With that attitude of "it won't work because Nintendo is strong and smart in all security issue" you won't find any exploits.
And if hax don't work you can say that Nintendo patched gspwn or you can say that you need to update the payload.
Meh, I figured that out back in 2013, the day after its European release (published my findings two days later, on 30 Nov '13). http://3dspaint.com/memberblog.php?blog=92107
Good on you for discovering it independently, though. ^.^
Also, to clear up any confusion, I did some tests back then and the YT app gets weirded out when you feed it anything other than an MP4/3GP that came from YouTube. Also, max resolution it can realistically handle is 360p, and it just can't decode over 854x480. I spent ages messing with FFMpeg and MP4Box to try and get non-YouTube videos to work but to no avail, sadly. This was in an attempt to get BBC iPlayer on the 3DS. Made it work on the New 3DS browser, though, since it can actually handle standard H.264/AAC videos, and even Live TV via HLS. (Still max 854x480) Also, it can play MP3/AAC audio but not via the <audio> tag - <video> works though!
I also got Twitch working on the New 3DS, too.
See sig for links. vvvv
Last edited by jsa,
Going to another website is not a vuln, tubehax dns was just automating the process.
And as I stated before: when you don't know how it works, stop saying that it should work (or even giving lessons to people, as far as I know, I never stated that anywhere.)
To update the payload you still have to get a vuln... If you don't have one it's useless. Please refer to the previous statement.
And I don't think that gspwn will be patched ever.
Going to another website is a vuln in userland. However, there was (or maybe it still there) a vuln in code (WebKit bug) which allow us to execute homebrew code.
I never said it should work, but it definitely worth a try.
When I talked about payload I didn't explained myself right: I talked about a new firmware update which "block" homebrew. You can be optimistic and say that the payload is outdated or you can choose the attitude of saying gspwn patched.
It's not a vuln. It's a trick.
And they still have to find another vuln in webkit. And it'll be patched really easily.
And a firmware update that would magically block homebrew isn't likely to happen. And gspwn won't ever be patched.
It is a vulnerability that allow using YouTube app as web browser and hopefully triggering an exploit.
When there is a system update most likely the previous payload won't work, and if gspwn isn't patched, smea can update the payloads like he always do.
They can still patch entry points like they did with tubehax, browserhax and themehax. Cart exploit sounds promising, but we don't know it won't be be patched by 100%
Similar threads
