11.4.0-37: Difference between revisions
| Line 57: | Line 57: | ||
===[[Internet Browser]]=== | ===[[Internet Browser]]=== | ||
The web-browser was updated, only for New3DS. See [[Internet Browser|here]] for details. | The web-browser was updated, only for New3DS. See [[Internet Browser|here]] for details. | ||
===[[Nintendo_3DS_Sound]]=== | |||
soundhax was fixed, it appears other vulns were fixed too. | |||
Exactly 8 functions were changed in the codebin. | |||
L_1d3ba8 | |||
updated, prev ver @ L_1d3ba8. | |||
Added only the following code: | |||
if(len<2)return; | |||
if(len>=0xfe)len=0xfe; | |||
*lenstorage = len; | |||
L_1d3d10 | |||
updated, prev ver @ L_1d3cfc. | |||
When L_1ea0b8 returns non-zero, this now clears the 4-bytes at inr1. | |||
L_1f32c4 | |||
updated, prev ver @ L_1f329c. | |||
This now writes u32 val0 to inr0+0x34 immediately after the nop instruction. | |||
L_275754 | |||
updated, prev ver @ L_27572c. | |||
This now executes the following each time L_1ea0b8 returns non-zero: sp20 = 0; | |||
L_275ed4 | |||
updated, prev ver @ L_275e94. | |||
Added the following code after the branch for "if(*(inr1+8)==0)": | |||
if(len>0xfe){len=0xfe;<jump over the code which checks len0>} | |||
Identical changes were added at 0x276054, except with len val 0x82. | |||
Likewise at 0x276138 except with len val 0x76. | |||
L_280000 | |||
updated, prev ver @ L_27ff90. | |||
This was added at 0x280444: if(len>0xfe)len=0xfe; | |||
Minor(?) other changes. | |||
L_280c74 | |||
updated, prev ver @ L_280b60. | |||
This now writes u32 val0 to inr0+0x34 immediately after the nop instruction. | |||
L_281ab0 | |||
updated, prev ver @ L_281998. | |||
Added the following: if(len>=0xfe)len=0xfe; | |||
This was added at 0x281b94: | |||
if(somelen>=0xfe) | |||
{ | |||
len=0xfe; | |||
} | |||
else | |||
{ | |||
len=somelen; | |||
} | |||
*r4 = val; | |||
Then len is used for a string data-copy(ASCII/UTF16), unless it's UTF16 and len is <=0. | |||
==See Also== | ==See Also== | ||