We found an "Exploitable Exploit"

[NeoSlyde]

So today a guys named "migles" brought an idea! a good idea, there is his message:

"I FOUND A SECURITY BUG

YOU CAN SEND MIIS FROM THE WII TO 3DS,
DID ANYONE TRIED MIIFLOW? (mii+overflow, send overflow via mii to launch data)
OMG EXPLOIT!"

----->That mean that if we put exploit code with mii+overflow in a wii and then send the mii to the 3ds that will launch it!

then another guys named "weatMod" said:

"thanks best korea
so i assume it works on latest FW right?
i never use MM so can you do it from another 3ds also?

i wonder if this was GW's original N3ds solution with mii maker perhaps they found a way to trigger the sameor similar bug without using a wii?
maybe they had setup spoofed sever?is that possible for someone to make a site that 3ds mii maker connects to and thinks it's a wii using miimaker and send it the overflow?"

----->So if we found a trick to make a spoofed server that the 3ds Mii Maker that thinks that is using wii Mii Editor and send the Mii with the overflow without a Wii


So i think that is possible but we need some Devloppers and Hackers that can do it!

 

[migles]

i posted that on EOF, "edge of forum", where we play and just say random shit,
think of EOF like the kids sandbox where they can build castles and talk about the uncle who works at fbi... nothing is serious on there... i was just kidding.

TL;DR it was a joke, nothing on that area of the forum is serious, please don't startle the gateway hypetrain based on a joke

 

[NeoSlyde]

that was EOF, it means, edge of forum, where we play and just say random shit,
think of EOF like the kids sandbox where they can build castles and talk about the uncle who works at fbi...

TL;DD it was a joke, nothing on that area of the forum is serious, please don't startle the gateway witch

but your idea is possible

 

[Mazamin]

But we already have two entrypoints on 9.8: CN and OOT
The only problem is that we need another exploit to execute code, like rohax, gspwn...

 

[NeoSlyde]

But we already have two entrypoints on 9.8: CN and OOT
The only problem is that we need another exploit to execute code, like rohax, gspwn...

the Mii Maker Exploit ?

 

[Mazamin]

the Mii Maker Exploit ?

Same thing, we need another exploit in the system to execute code, for now it's only an entrypoint

 

[Ghost]

Omg

 

[Retr0Capez]

 

[Gadorach]

the Mii Maker Exploit ?

Even the real Mii Maker Exploit wouldn't work that way, in reference to Gateway's version. That's actually a working QR-Code based exploit, though it isn't public. The issue being that you need two exploits to take over a 3DS, or really any modern system. First, you need to take control of code execution at a low level. Think of it like stealing a car key. This is known as an "entry point", and is needed to set up and perform the next exploit. You can drive the car with just that, but you still don't own the car in the eyes of the law. The second exploit, the one that really matters, is a privilege escalation exploit to increase that process's rights in the system, and ultimately take over the console. You can think of it like forging the ownership documents for the car, and getting a government worker to sign off on it. You then "own" the car, and can sell it and keep it legally. Same idea, as we can then make the 3DS do whatever we want, within the console's abilities. The issue, is every time we reveal the best way to forge those ownership documents, the government changes them up and adds more security features, making it progressively harder to get your car signed off on. Same deal with the 3DS. That's why getting more entry points isn't either particularly useful right now, or required. We need more privilege escalation exploits before anything else. The top hackers have all given the current update a good hard look over though, and they say it's pretty solid. Don't expect a new one of those exploits to come out any time soon as a direct result. 9.2.0 will likely stay the definitive firmware for a good year minimum.

 

[Mazamin]

Even the real Mii Maker Exploit wouldn't work that way, in reference to Gateway's version. That's actually a working QR-Code based exploit, though it isn't public. The issue being that you need two exploits to take over a 3DS, or really any modern system. First, you need to take control of code execution at a low level. Think of it like stealing a car key. This is known as an "entry point", and is needed to set up and perform the next exploit. You can drive the car with just that, but you still don't own the car in the eyes of the law. The second exploit, the one that really matters, is a privilege escalation exploit to increase that process's rights in the system, and ultimately take over the console. You can think of it like forging the ownership documents for the car, and getting a government worker to sign off on it. You then "own" the car, and can sell it and keep it legally. Same idea, as we can then make the 3DS do whatever we want, within the console's abilities. The issue, is every time we reveal the best way to forge those ownership documents, the government changes them up and adds more security features, making it progressively harder to get your car signed off on. Same deal with the 3DS. That's why getting more entry points isn't either particularly useful right now, or required. We need more privilege escalation exploits before anything else. The top hackers have all given the current update a good hard look over though, and they say it's pretty solid. Don't expect a new one of those exploits to come out any time soon as a direct result. 9.2.0 will likely stay the definitive firmware for a good year minimum.

This is just what I was trying to explain

 

[DarkFlare69]

Why are we taking something in the EoF seriously?

 

[Gadorach]

Why are we taking something in the EoF seriously?

Because this was originally in the main 3DS Flashcarts and Custom Firmwares section, and was moved here for being trash-tier.