Homebrew TubeHax 10.3?

[Deleted-236924]

It is a vulnerability that allow using YouTube app as web browser and hopefully triggering an exploit.
When there is a system update most likely the previous payload won't work, and if gspwn isn't patched, smea can update the payloads like he always do.

While it may be a vulnerability in the broad sense of the term, in that it allows you to go do stuff that weren't intended to be possible, it isn't a vulnerability that would allow you to run the hax payloads.

 

[Mrrraou]

They can still patch entry points like they did with tubehax, browserhax and themehax. Cart exploit sounds promising, but we don't know it won't be be patched by 100%

They can only patch entrypoints, kernel vulns and service vulns. However, cartridges games can't be updated permanently, without releasing a new revision.

 

[chaoszerobillion]

Meh, I figured that out back in 2013, the day after its European release (published my findings two days later, on 30 Nov '13). http://3dspaint.com/memberblog.php?blog=92107

Good on you for discovering it independently, though. ^.^

Also, to clear up any confusion, I did some tests back then and the YT app gets weirded out when you feed it anything other than an MP4/3GP that came from YouTube. Also, max resolution it can realistically handle is 360p, and it just can't decode over 854x480. I spent ages messing with FFMpeg and MP4Box to try and get non-YouTube videos to work but to no avail, sadly. This was in an attempt to get BBC iPlayer on the 3DS. Made it work on the New 3DS browser, though, since it can actually handle standard H.264/AAC videos, and even Live TV via HLS. (Still max 854x480) Also, it can play MP3/AAC audio but not via the <audio> tag - <video> works though!

I also got Twitch working on the New 3DS, too.

See sig for links. vvvv

That's weird, when I used it i could use kissanime and stuff on it. It uses 3gp.

 

[jsa]

That's weird, when I used it i could use kissanime and stuff on it. It uses 3gp.

Could you upload a sample file to pastebin or something? Because I spent ages, I mean ages trying to find the right format

 

[chaoszerobillion]

Could you upload a sample file to pastebin or something? Because I spent ages, I mean ages trying to find the right format

You mean like a video from the site? I guess

 

[MsMidnight]

@smealum if you're here please clear the nonsense

 

[chaoszerobillion]

Could you upload a sample file to pastebin or something? Because I spent ages, I mean ages trying to find the right format

Actually, I don't know if I can because I'm only on a phone.

 

[Favna]

Ok im sorry, but I think it would bring EVEN MORE ATTENTION on YouTube.

^^^^^^^^^^^^

Preach. The common logic is stronk with you young padawan

 

[jsa]

Actually, I don't know if I can because I'm only on a phone.

Don't convert it or anything though
that would screw everything up

 

[MsMidnight]

The YouTube app is pretty much WebKit. And its rare to find another vuln within a patched application. We are better off getting a new browserhax instead of trying to revive Tubehax

 

[jsa]

The YouTube app is pretty much WebKit. And its rare to find another vuln within a patched application. We are better off getting a new browserhax instead of trying to revive Tubehax

If we find another browserhax for O3DS then in theory that would work in the YT app. ^.^

 

[MsMidnight]

If we find another browserhax for O3DS then in theory that would work in the YT app. ^.^

No it wouldn't. The YouTube app only browses videos (even if there's a "browser") for Tubehax you're pretty much redirecting the YouTube application's connecting to the Tubehax DNS while activating a vuln. Browserhax uses a WebKit exploit

 

[Deleted-236924]

If we find another browserhax for O3DS then in theory that would work in the YT app. ^.^

If they made another browserhax for newer 3DS firmwares then why not just use browserhax directly

 

[jsa]

No it wouldn't. The YouTube app only browses videos (even if there's a "browser") for Tubehax you're pretty much redirecting the YouTube application's connecting to the Tubehax DNS while activating a vuln. Browserhax uses a WebKit exploit

The YouTube app (along with the Miiverse applet) actually uses an identical browser component as the standard "spider" O3DS browser.

The YouTube app has only three differences to the standard browser - it has a video playback component embedded in it (presumably provided by the system as it is used by the Netflix app too afaik, though I'm in the UK so can't vouch for that), it uses a custom font and has a custom, stripped-back UI.

The Miiverse app is different in that it sends a client SSL certificate to Nintendo's Miiverse server for authentication and again, ha

--------------------- MERGED ---------------------------

If they made another browserhax for newer 3DS firmwares then why not just use browserhax directly

Just because we can xD

 

[MsMidnight]

The YouTube app (along with the Miiverse applet) actually uses an identical browser component as the standard "spider" O3DS browser.

The YouTube app has only three differences to the standard browser - it has a video playback component embedded in it (presumably provided by the system as it is used by the Netflix app too afaik, though I'm in the UK so can't vouch for that), it uses a custom font and has a custom, stripped-back UI.

The Miiverse app is different in that it sends a client SSL certificate to Nintendo's Miiverse server for authentication and again, ha

--------------------- MERGED ---------------------------


Just because we can xD

Again, we are better off getting browserhax back instead of reviving Tubehax ._.

 

[jsa]

Again, we are better off getting browserhax back instead of reviving Tubehax ._.

Yeah, you're right, but it's nice that finding another browserhax will most likely also mean a tubehax too.

 

[MsMidnight]

Yeah, you're right, but it's nice that finding another browserhax will most likely also mean a tubehax too.

We found browserhax we didn't get a new tuvehax so

 

[jsa]

We found browserhax we didn't get a new tuvehax so

They patched the browserhax at the same time see.

 

[MsMidnight]

No. The patched YT and then a few weeks later then activated the nag

 

[jsa]

No. The patched YT and then a few weeks later then activated the nag

Nag?