Homebrew Another Web Browser Freeze

[loco365]

Note I'm not using the word "hack" because I doubt it will lead to one, but I was testing out crap on my forum earlier, and one of the drop-down menus crashed it! I thought it was fluke, so I tried it again. Same result! It locked my 3DS up! So, I crashed it for a 3rd time, and pulled out the SD card. Nothing happened. Want instructions?

1. Visit my forum. You DO NOT have to register. http://rhonline.co.cc (and it's safe- don't worry)
2. Browse to the bottom of any page. There is a drop-down menu that says English (American). Tap it. The system should lock up.

I don't think it will lead to an exploit, but I also don't think it uses the same code that is on 3dspwn.webs.com. I'll see if I can get the code for that menu later on.

btw I found out the word "crapper" is in the 3DS dictionary. lol

 

[Quincy]

Note I'm not using the word "hack" because I doubt it will lead to one, but I was testing out crap on my forum earlier, and one of the drop-down menus crashed it! I thought it was fluke, so I tried it again. Same result! It locked my 3DS up! So, I crashed it for a 3rd time, and pulled out the SD card. Nothing happened. Want instructions?

1. Visit my forum. You DO NOT have to register. http://rhonline.co.cc (and it's safe- don't worry)
2. Browse to the bottom of any page. There is a drop-down menu that says English (American). Tap it. The system should lock up.

I don't think it will lead to an exploit, but I also don't think it uses the same code that is on 3dspwn.webs.com. I'll see if I can get the code for that menu later on.

btw I found out the word "crapper" is in the 3DS dictionary. lol

Pulling out the SD card does nothing? Congrats, you just found a COMPLETE system locker

. Maybe because the browser runs on the OS ARM11.

 

[synce]

Hey something's better than nothing.. Hopefully we can make some progress before the new Love Plus. Goddamn region lock

 

[loco365]

Hey something's better than nothing.. Hopefully we can make some progress before the new Love Plus. Goddamn region lock

I'd love to play imports. XD

Anyways, I did a bit more research. And, like 3dspwn, it ISN'T a complete crash. If you have suspended software beforehand, and then remove the SD card, it will say, "The SD card has been removed. Press the Home button." just like the Metroid one.

 

[dicamarques]

My browser freezes alot special when i get out of sleep mode and load another page sometimes turning of wifi it works other only pressing power button for a while.

 

[RupeeClock]

This might be slightly more valuable than some other finds, since the source for the 3DS web browser was made public for licensing reasons.

 

[lismati]

Only part of the code was released. I highly doubt the freeze you found will lead to anything, but I'm not a hacker so...
I think that browser hack (if released) would be like payload injection, not a freeze.

 

[yifan_lu]

"3dspwn.webs.com" I can't believe someone took the browser crash I found that I clearly stated is not useful and made a site out of it. I wouldn't spend too much time on the browser. It was outsourced to netfront which used the webkit engine. You would have a better change "exploiting" netfront as webkit is pretty widely used and developed, a hack that would allow control of the system would make any computer using chrome/safari, iPhone, and android phones aviable to be hacked.

 

[shakirmoledina]

i am just waiting for mega mario's response... u out there?

 

[sychotix]

afaik, the web browser is run in a sandbox, isn't it?

 

[Geirskogul]

You're not going to be hacking the 3DS with the browser, period. Good effort, though.

 

[DeadlyFoez]

You're not going to be hacking the 3DS with the browser, period. Good effort, though.

You should not go far as to say that. The browser is most likely where the first exploit will take place, but to really gain access to the system there needs to be 2 exploits done, 1 on the browser and 1 for the system itself. Getting the combination of them both to work will be a huge feat in itself especially with no real core knowledge of how the system runs. But it will be the internet browser exploit that will allow people to dumpo the ran with specific contents in it that give hints to how the rest of the system works.

 

[Geirskogul]

You're not going to be hacking the 3DS with the browser, period. Good effort, though.

You should not go far as to say that. The browser is most likely where the first exploit will take place, but to really gain access to the system there needs to be 2 exploits done, 1 on the browser and 1 for the system itself. Getting the combination of them both to work will be a huge feat in itself especially with no real core knowledge of how the system runs. But it will be the internet browser exploit that will allow people to dumpo the ran with specific contents in it that give hints to how the rest of the system works.

The browser is run in a sandbox, and no exploit will allow access to direct hardware tasks and processes. Not trying to be pessimistic, but it will not happen through the browser.

 

[Pippin666]

Browser + Sandbox, how does one know for sure if the 3DS is not hacked or documented ??

Pip'

 

[chyyran]

"3dspwn.webs.com" I can't believe someone took the browser crash I found that I clearly stated is not useful and made a site out of it. I wouldn't spend too much time on the browser. It was outsourced to netfront which used the webkit engine. You would have a better change "exploiting" netfront as webkit is pretty widely used and developed, a hack that would allow control of the system would make any computer using chrome/safari, iPhone, and android phones aviable to be hacked.

I made the site simply to host the crashing code, because the original site went down. It's there cause it's there, doesn't have to be useful.

 

[Geirskogul]

Browser + Sandbox, how does one know for sure if the 3DS is not hacked or documented ??

Pip'

You don't have to fucking hack something to know it's boundaries.

 

[DeadlyFoez]

You're not going to be hacking the 3DS with the browser, period. Good effort, though.
You should not go far as to say that. The browser is most likely where the first exploit will take place, but to really gain access to the system there needs to be 2 exploits done, 1 on the browser and 1 for the system itself. Getting the combination of them both to work will be a huge feat in itself especially with no real core knowledge of how the system runs. But it will be the internet browser exploit that will allow people to dumpo the ran with specific contents in it that give hints to how the rest of the system works.

The browser is run in a sandbox, and no exploit will allow access to direct hardware tasks and processes. Not trying to be pessimistic, but it will not happen through the browser.

I also believe that the browser is run in a sandbox... but do YOU have any proof of it? It certainly is possible for the hacking to happen through the browser even if in a sandbox, but like I said there would also need to be an exploit in the sandbox which is completely possible knowing how nintendo does it's coding.
QUOTE(Geirskogul @ Sep 14 2011, 08:38 PM) QUOTE(Pippin666 @ Sep 14 2011, 10:57 PM)

Browser + Sandbox, how does one know for sure if the 3DS is not hacked or documented ??

Pip'

You don't have to fucking hack something to know it's boundaries.

Right, you don't have to hack something to know it's boundaries IF it is already well documented, but the 3DS is not publicly well documented, so we are stuck with hacking it to find out.

I take it that you don't have much experience with hacking or coding and that you must be trolling or a script kiddy that thinks he knows all.

 

[loco365]

You're not going to be hacking the 3DS with the browser, period. Good effort, though.

You should not go far as to say that. The browser is most likely where the first exploit will take place, but to really gain access to the system there needs to be 2 exploits done, 1 on the browser and 1 for the system itself. Getting the combination of them both to work will be a huge feat in itself especially with no real core knowledge of how the system runs. But it will be the internet browser exploit that will allow people to dumpo the ran with specific contents in it that give hints to how the rest of the system works.

The browser is run in a sandbox, and no exploit will allow access to direct hardware tasks and processes. Not trying to be pessimistic, but it will not happen through the browser.

I also believe that the browser is run in a sandbox... but do YOU have any proof of it? It certainly is possible for the hacking to happen through the browser even if in a sandbox, but like I said there would also need to be an exploit in the sandbox which is completely possible knowing how nintendo does it's coding.

I do too, but all apps run on the 3DS have a way to go back to the 3DS mode via the home button. I think, that if it is done correctly and a loophole around the home button is found, anything can boot into 3DS mode.

 

[DeadlyFoez]

Ok, let me just add in this bit of info to put it into perspective about the whole 'sandbox' dilemma.

A few years ago a researcher had found a way to run some code inside of a virtual machine that cause malicious code to be run inside the host OS. Although this is comparing apples to oranges, a virtual machine is certainly one form of sandboxing. All that there needs to be is just one possible exploit in the sandbox and for someone to find it and then unsigned code can be run. It is not an easy task, especially on the 3DS, but I would not be surprised if that is how the first exploit becomes publicly available.

 

[ninjaapple]

Ok, let me just add in this bit of info to put it into perspective about the whole 'sandbox' dilemma.

A few years ago a researcher had found a way to run some code inside of a virtual machine that cause malicious code to be run inside the host OS. Although this is comparing apples to oranges, a virtual machine is certainly one form of sandboxing. All that there needs to be is just one possible exploit in the sandbox and for someone to find it and then unsigned code can be run. It is not an easy task, especially on the 3DS, but I would not be surprised if that is how the first exploit becomes publicly available.

hah that would be funny!
the sandbox is meant to stop exploiting the program and having direct access to the system.
if they found an exploit in the sandbox itself hah!