Homebrew [WIP]Flipnotehax, Flipnote 3D Exploit

[Deleted User]

Hello:
In my search of new exploits, I have found something interesting:
Flipnote Studio 3D has a vulnerability on the browser: The flipnotes (.kwz) are stored on an uncrypted amazonaws hosting. This can be easly modified or redirected, cause there are on plain text.
Servers:

Spoiler

Main server: https://web.jkz.ctr.app.nintendo.net (protected)
Server for UI images, .kwpcfs and certificates: *
Server for Flipnotes (.kwz): *
Server for Comments (.kwc): *
Server for Flipnote thumbnail images: *
Server for User's icons: #
NOTE: The servers with an (*) are the important servers for the exploit, so I can't release them preventing a Nintendo patch.
NOTE(2): Due to requests, I have decided to hide the servers (at least for now) preventing patch. You can still request them, or help me developing this. All the servers with (#) are hidden servers. There are also deleted servers that can be shown if neccesary. Thanks for your help!

If you want to help please create an issue on the github repository. NOTE: The code is currently private.
NOTE 3:

Spoiler

I think you guys are not going to belive me so I'm gonna close this and create another with a release (when I have it).
Thanks to the guys that belived this!

COULD A MOD DELETE THIS THREAD?

 

[Xenon Hacks]

I'll keep an eye on this thread as will Nintendo.

 

[farias0]

Any smart guy around here can confirm the info before the hype starts?

 

[Xenon Hacks]

Any smart guy around here can confirm the info before the hype starts?

There shouldn't be any hype anyways OP just said this is a POC and may or may not lead to anything

 

[zoogie]

It's probably not a good idea to publicize an exploit before you've released it (if you even have one).
Nintendo has shown in the past it will pull (or block) games based on a threat alone.

 

[farias0]

There shouldn't be any hype anyways OP just said this is a POC and may or may not lead to anything

Not mine, but I'm sure you know GBATemp.

 

[VinsCool]

Watching thread.

 

[Deleted User]

Well if Nintendo sees this and fixes it, it wont really matter because the game isnt even available on the e-shop. The most they could do is a "An update is available" thing like Ironfall and you can just not update.

 

[iHavezMyBirdo]

I'm assuming this is only for the Japanese version? From what I can tell, the non-Japanese versions don't have online functionality.

 

[randomUsernamee]

what firmware version???

 

[genericmelancholy]

Nononononono, PLEASE don't make this. You'll delay the European version even more.

 

[Warft]

Yeah, sure 100% legit

 

[darklordrs]

I have my doubts this is real, but if it is, god bless me having Flipnote 3D.

imagine somehow getting kernel through this (it's never happening. fully admitted. -1% chance of it happening. but still)

 

[Googie2149]

The repo is just a readme.md. This is literally nothing.

 

[Deleted User]

The repo is just a readme.md. This is literally nothing.

I said: The code is currently private. If it is private, it means that it isn't public. And, if it isn't public, you can't view it.

 

[amback]

Nintendo used to focus just on making good games, now they are focues on watching gbatemp

 

[GalladeGuy]

I wonder where this goes...
(probably nowhere)

 

[Googie2149]

The repo is just a readme.md. This is literally nothing.

I said: The code is currently private. If it is private, it means that it isn't public. And, if it isn't public, you can't view it.

Based on your history (both here and reddit), I don't think you've ever actually released anything. If you have something that's awesome, but at least don't create a hype thread on something that might not go anywhere before you have a proof of concept. A video even.

 

[Deleted User]

The repo is just a readme.md. This is literally nothing.


Based on your history (both here and reddit), I don't think you've ever actually released anything. If you have something that's awesome, but at least don't create a hype thread on something that might not go anywhere before you have a proof of concept. A video even.

If i post this here is because i am searching collaborators, not to promote me.

 

[noatpad]

I'm positive this is fake.
Not only does this post have little to no proof, but you're also the same person to steal credit from another developer's homebrew, the online SMDH Creator made by this guy.
Here's the doppelganger site for those who are interested. The paypal button even redirects to his own paypal account. :/