Difference between revisions of "Internet Browser"
Line 514: | Line 514: | ||
=== Page request === | === Page request === | ||
− | The browser(with | + | The browser(with New3DS at least) does the following with [[HTTP_Services|HTTPC]] for requesting the above page: |
* Initializes the HTTP context and uses [[HTTPC:InitializeConnectionSession]] + [[HTTPC:SetProxyDefault]]. | * Initializes the HTTP context and uses [[HTTPC:InitializeConnectionSession]] + [[HTTPC:SetProxyDefault]]. | ||
* Uses [[HTTP_Services|HTTPC]] command 0x250080 twice with cmd[1]=contexthandle: first time cmd[2]=0x3, second time cmd[2]=0x6. | * Uses [[HTTP_Services|HTTPC]] command 0x250080 twice with cmd[1]=contexthandle: first time cmd[2]=0x3, second time cmd[2]=0x6. | ||
Line 523: | Line 523: | ||
* Then [[HTTPC:GetDownloadSizeState]] is used. | * Then [[HTTPC:GetDownloadSizeState]] is used. | ||
* Then the HTTP context is closed. | * Then the HTTP context is closed. | ||
+ | |||
+ | Raw request data(New3DS USA v10.2 browser): | ||
+ | 000000: 47 45 54 20 2f 53 4e 41 4b 45 2f 32 2f 55 53 41 GET /SNAKE/2/USA | ||
+ | 000010: 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a HTTP/1.1..Host: | ||
+ | 000020: 20 63 62 76 63 2e 63 64 6e 2e 6e 69 6e 74 65 6e cbvc.cdn.ninten | ||
+ | 000030: 64 6f 2e 6e 65 74 0d 0a 0d 0a do.net.... | ||
== v9.9 dummy web-browser == | == v9.9 dummy web-browser == |
Revision as of 18:57, 2 November 2015
The 3DS Internet Browser was added in the June 2011 Update for JPN/EUR/USA.
From the Internet Browser help section: In compliance with the LGPL, the source code of the OSS is available via the Nintendo website. This source code can be downloaded here: [1] [2]
The 3DS Internet Browser is Netfront Browser NX v1.0 based on WebKit engine.
The browser supports up to 64 bookmarks.
The exheader name of this title is "spider".
The only difference between the ExeFS .code for each region of the Old3DS/New3DS browser, is byte values for the title uniqueID/region, otherwise the binaries are identical.
A "dummy" browser (which replaces the actual browser) is now being included beginning with games shipping the 9.9.0-X system update. In addition, versions of the real browser since 9.9.0-26X now attempt to check-in with a Nintendo server to determine if the existing browser version is out of date.
New 3DS Internet Browser
New3DS has a separate browser title, the exheader name is "SKATER".
Unlike the Old3DS browser, this New3DS browser has videos+HTML5 support. This browser also has a filter enabled by default(ExeFS codebin is same for all regions, this filter only applies for JPN region). Disabling it requires paying money with a credit-card, for purchasing web-browser DLC.
During startup the browser does various HTTPS comms. When visting an URL, the browser sends a plaintext HTTP POST to here: [3]. The raw POST data begins with "ARS/2.0\r\n\x00", the rest appears to be encrypted. The server reply content also has this ARS header + encrypted data. This appears to use a fixed xorpad, likely from a fixed encryption CTR/IV. The server content responses for allowed sites, and blocked sites, are fixed. When the server returns that the site is blocked, the browser goes to this page: [4](the Referrer header value is set to the same URL it's actually requesting).
The WebKit source was updated since the Old3DS browser.
Unlike the Old3DS browser, the New3DS browser uses the following services: mvd:STD and ir:rst(DLC-related services are used too but those aren't New3DS specific).
Video decoding is done with mvd:STD. Audio decoding/playback is done with a browser-specific DSP binary. The Old3DS browser used CSND for audio playback, the New3DS browser doesn't have access to that at all since it uses DSP instead.
The browser manual includes licenses for Android and PacketVideo. The browser uses libstagefright from Android.
User-Agent and Browser Versions
Normal user-agent format: Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/<WebKit version> (KHTML, like Gecko) NX/<Netfront version> Mobile NintendoBrowser/<Mobile NintendoBrowser version>.<region>
<region> can be one of the following: "JP", "US", or "EU".
Mobile NintendoBrowser version(displayed in browser settings) | Normal UA | Mobile UA | CDN Title-version | Network-only system-update version | Notes |
---|---|---|---|---|---|
1.0.9934 | Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.8 Mobile NintendoBrowser/1.0.9934.<region> | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 | v10 | 9.0.0-20 | Initial version. |
1.1.9996 | Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.10 Mobile NintendoBrowser/1.1.9996.<region> | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 | v1027 | 9.3.0-21 | See below regarding OSS changes. |
1.2.10085 | Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.13 Mobile NintendoBrowser/1.2.10085.<region> | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 | v2051 | 9.6.0-24 | See below. |
None | None | None | v3075 | v9.9 CUP | v9.9 CUP dummy web-browser, see below. |
1.3.10126 | Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.US | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 | v3077 | 9.9.0-26 | See below. |
1.4.10138 | Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.US | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 | v4096 | 10.2.0-28 | See below. |
Note that the latest Old3DS browser WebKit version at the time the initial New3DS browser was released, was the following: 532.8.
OSS 9.0 and 9.3 diff
The following is a diff of the OSS archives from here, for v9.0 and v9.3.
Files NewNintendo3DS_OpenSources9.0.0-/WKC/WebCore/platform/network/WKC/ResourceHandleManagerWKC.cpp and NewNintendo3DS_OpenSources9.3.0-/WKC/WebCore/platform/network/WKC/ResourceHandleManagerWKC.cpp differ Files NewNintendo3DS_OpenSources9.0.0-/WKC/WebKit/WKC/webkit/WKCVersion.h and NewNintendo3DS_OpenSources9.3.0-/WKC/WebKit/WKC/webkit/WKCVersion.h differ
WKC_CUSTOMER_RELEASE_VERSION was changed from "0.5.8" to "0.5.10".
The following code was added to ResourceHandleManager::doRedirect(): curl_easy_setopt(d->m_handle, CURLOPT_SHARE, 0);
v9.6
WebKit/OSS code was actually updated. ExeFS .code was updated. The following files in RomFS were updated:
- "/banner/CN/Skater.icn" and "/banner/KR/Skater.icn".
- "/browser/rootca.pem"
- "/build/buildinfo.dat"
- "/cairo.cro.lex" and "/.crr/static.crr"
- "/lyt/Button/ButtonSelectHSearch.arc"
- "/lyt/Kbd/Swkbd.arc"
- "lyt/Kbd.arc"
- "skater.msbt" under all of the "/message/<region>_<language>/" directories.
- "/oss.cro.lex", "/peer.cro.lex", "/static.crs", and "/webkit.cro.lex".
The following was added to RomFS:
- "/favicon/naver.dat"
- A "KO" directory under "/iwnn".
v9.9
ExeFS:/.code was updated.
The only RomFS changes is file-updating, all of the following files were updated:
/browser/rootca.pem /build/buildinfo.dat /cairo.cro.lex /.crr/static.crr /message/CN_Simp_Chinese/skater.msbt /message/EU_Dutch/skater.msbt /message/EU_English/skater.msbt /message/EU_French/skater.msbt /message/EU_German/skater.msbt /message/EU_Italian/skater.msbt /message/EU_Portuguese/skater.msbt /message/EU_Russian/skater.msbt /message/EU_Spanish/skater.msbt /message/JP_Japanese/skater.msbt /message/KR_Hangeul/skater.msbt /message/TW_English/skater.msbt /message/TW_Trad_Chinese/skater.msbt /message/US_English/skater.msbt /message/US_French/skater.msbt /message/US_Portuguese/skater.msbt /message/US_Spanish/skater.msbt /oss.cro.lex /peer.cro.lex /static.crs /webkit.cro.lex
See here for a diff of the OSS(WebKitLibraries/ is not included due to the massive cairo library diff). An exploitable security vuln(which was already known in the context of 3DS webkit) was fixed. Yellows8' private(at the time of writing) exploit for it is based on the PoC from here(see the pastebin for the actual pastebin author).
v10.2
The libstagefright build in the main SKATER codebin was updated to a version which fixed libstagefright vuln(s): the vuln used in browserhax_fright at the time of sysupdate release was fixed. The *only* code changed in the main codebin, was code related to libstagefright.
The only RomFS changes is file-updating, all of the following files were updated:
/browser/rootca.pem differ /build/buildinfo.dat differ /.crr/static.crr differ /message/CN_Simp_Chinese/skater.msbt differ /message/EU_Dutch/skater.msbt differ /message/EU_English/skater.msbt differ /message/EU_French/skater.msbt differ /message/EU_German/skater.msbt differ /message/EU_Italian/skater.msbt differ /message/EU_Portuguese/skater.msbt differ /message/EU_Russian/skater.msbt differ /message/EU_Spanish/skater.msbt differ /message/JP_Japanese/skater.msbt differ /message/KR_Hangeul/skater.msbt differ /message/TW_English/skater.msbt differ /message/TW_Trad_Chinese/skater.msbt differ /message/US_English/skater.msbt differ /message/US_French/skater.msbt differ /message/US_Portuguese/skater.msbt differ /message/US_Spanish/skater.msbt differ /oss.cro.lex differ /static.crs differ /webkit.cro.lex differ
OSS diff:
diff --git a/NewNintendo3DS_OpenSources9.9.0-/WKC/WebKit/WKC/webkit/WKCVersion.h b/NewNintendo3DS_OpenSources10.2.0-/WKC/WebKit/WKC/webkit/WKCVersion.h index 4543297..0860336 100644 --- a/NewNintendo3DS_OpenSources9.9.0-/WKC/WebKit/WKC/webkit/WKCVersion.h +++ b/NewNintendo3DS_OpenSources10.2.0-/WKC/WebKit/WKC/webkit/WKCVersion.h @@ -29,7 +29,7 @@ #define WKC_VERSION_CHECK(major, minor, micro) \ (((major)*10000) + ((minor)*100) + (micro)) >= ((WKC_VERSION_MAJOR*10000) + (WKC_VERSION_MINOR*100) + (WKC_VERSION_MICRO)) -#define WKC_CUSTOMER_RELEASE_VERSION "0.5.15" +#define WKC_CUSTOMER_RELEASE_VERSION "0.5.17" #define WKC_WEBKIT_VERSION "536.30" diff --git a/NewNintendo3DS_OpenSources9.9.0-/webkit/WebCore/ChangeLog b/NewNintendo3DS_OpenSources10.2.0-/webkit/WebCore/ChangeLog index a5abb35..cf5a9fa 100644 --- a/NewNintendo3DS_OpenSources9.9.0-/webkit/WebCore/ChangeLog +++ b/NewNintendo3DS_OpenSources10.2.0-/webkit/WebCore/ChangeLog @@ -1,3 +1,12 @@ +2013-11-05 Ryosuke Niwa <rniwa@webkit.org> + + Use-after-free in SliderThumbElement::dragFrom + https://bugs.webkit.org/show_bug.cgi?id=123873 + + Reviewed by Andreas Kling. + + Merge https://chromium.googlesource.com/chromium/blink/+/04a23bfca2d04101a1828d36ff36c29f3a24f34b + 2015-02-06 Maciej Stachowiak <mjs@apple.com> REGRESSION(r179706): Caused memory corruption on some tests (Requested by _ap_ on #webkit). @@ -879,7 +888,7 @@ * rendering/RenderLineBoxList.cpp: (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): -2014-01-21 László Langó <llango.u-szeged@partner.samsung.com> +2014-01-21 Laszlo Lango <llango.u-szeged@partner.samsung.com> Assertion failure in Range::nodeWillBeRemoved https://bugs.webkit.org/show_bug.cgi?id=121694 @@ -1879,7 +1888,7 @@ 2012-09-14 Simon Fraser <simon.fraser@apple.com> - REGRESSION: transition doesnât always override transition-property + REGRESSION: transition doesnft always override transition-property https://bugs.webkit.org/show_bug.cgi?id=96658 Reviewed by Dean Jackson. @@ -3691,8 +3700,8 @@ glyph with font data for the primary font, presumably to meet the SVG spec requirement: "If the references to alternate glyphs do not result in successful identification of alternate glyphs to use, then the - character(s) that are inside of the 窶åltGlyph窶?element are rendered as - if the 窶åltGlyph窶?element were a 窶?span窶?element instead." + character(s) that are inside of the âaltGlyphâ?element are rendered as + if the âaltGlyphâ?element were a â?spanâ?element instead." If the alt glyph is not then found we are in the case from the spec and indeed we should use the primary font. However, we end up replacing the GlyphPage diff --git a/NewNintendo3DS_OpenSources9.9.0-/webkit/WebCore/html/RangeInputType.cpp b/NewNintendo3DS_OpenSources10.2.0-/webkit/WebCore/html/RangeInputType.cpp index 484adec..d7e9e8d 100644 --- a/NewNintendo3DS_OpenSources9.9.0-/webkit/WebCore/html/RangeInputType.cpp +++ b/NewNintendo3DS_OpenSources10.2.0-/webkit/WebCore/html/RangeInputType.cpp @@ -164,7 +164,7 @@ void RangeInputType::handleMouseDownEvent(MouseEvent* event) ASSERT(element()->hasShadowRoot()); if (targetNode != element() && !targetNode->isDescendantOf(element()->shadowTree()->oldestShadowRoot())) return; - SliderThumbElement* thumb = sliderThumbElementOf(element()); + RefPtr<SliderThumbElement> thumb = sliderThumbElementOf(element()); if (targetNode == thumb) return; thumb->dragFrom(event->absoluteLocation());
New3DS Browser Specifications
English version(Google translate):
- "Browser engine: NetFront® Browser NX v3.0"
- "User agent: Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.*.*.* Mobile NintendoBrowser/1.0.****.JP
- The *** is described version information.
- When you use the "mobile version of the request" function, which is different from those described above string."
- "Supported protocols: HTTP1.0/HTTP1.1/SSL3.0/TLS1.0/TLS1.1/TLS1.2"
- "Web standard: HTML4.01 / HTML5 / XHTML1.1 / Fullscreen / Gamepad / SVG / WebSocket / Video Subtitle / WOFF / Web Messaging / Server-Sent / Web Storage of part / XMLHttpRequest / canvas / Video / DOM1-3 / ECMAScript / CSS1 / CSS2.1 / CSS3 part of"
- "Image format: bmp / gif / ico / jpeg / png / svg (There are, however, it is not possible to display some image.)"
- "Image preview: mpo / jpeg (There are, however, it is not possible to display some image.)"
- "Video format: MP4, M3U8 + TS (HTTPLiveStreaming) (However, there are some you can not play the video.)"
- "Video codec: H.264 - MPEG-4 AVC Video (max 854x480 level 3.2, 3D compatible) (However, there are some you can not play the video.)"
- "Audio codec: AAC - ISO / IEC 14496-3 MPEG-4AAC, MP3
(However, there are some you can not play the video.)" - "Of 3D video at the time of upload format: .mkv (However, in order to play the video, you must format is converted in the upload to the site. In addition, even if it is converted you might not be able to play.)"
- "It does not correspond to the plug-ins such as plug-in Adobe Flash."
- "Use the Active Rating System of filtering function: Digital Arts, Inc. provides. At the time of access to Web content, and implementing the decision of whether access is permitted based on the category information. Feature that can limit access to Web content that may be inappropriate for viewing by the determination result."
- "I will request the display of the mobile version page of the web page you are viewing request function the mobile version. (However, if the web page does not correspond to the mobile version of the page does not change the display.)"
MJPEG + .avi is also supported.
Old3DS browser
User-Agent and Browser Versions
User-agent format: Mozilla/5.0 (Nintendo 3DS; U; ; <lang>) Version/<version>.<region>
.
<lang> is "en", "fr", etc. <region> is "US", "EU", etc. See below for <version>.
Browser version | CDN Title-version | Network-only system-update version | Notes |
---|---|---|---|
1.7412 | v6 | 2.0.0-2 | This was the initial version. |
1.7455 | v1024 | 2.1.0-4 | ExeFS .code was updated, both of the CROs(webkit/OSS) were updated too. |
1.7498 | v2050 | 4.0.0-7 | ExeFS .code was updated, both of the CROs(webkit/OSS) were updated too. The manual CFA was updated as well. |
1.7552 | v3075 | 5.0.0-11 | ExeFS .code and icon were updated, both of the CROs(webkit/OSS) were updated too. The manual CFA was updated as well. |
1.7552 | v3088 | 7.0.0-13 | The main NCCH wasn't updated at all(same TMD contentID/content-hash as the previous version), only the manual CFA for this title was updated. |
1.7567 | v4096 | 7.1.0-16 | The CXI .code was updated, some data in the RomFS was updated(none of the CROs such as webkit.cro were updated). The manual CFA was updated too. |
1.7585 | v5121 | 9.5.0-23 | The CXI .code was updated, and the manual CFA was updated. RomFS changes:
A vuln used in a public(at the time of this sysupdate) webkit exploit for spider was fixed, which also fixed the removewinframe exploit from here. |
None | v6147 | v9.9 CUP | v9.9 CUP dummy web-browser, see below. |
1.7610 | v6149 | 9.9.0-26 | See below. |
1.7616 | v7168 | 10.2.0-28 | See below. |
Old3DS v9.9
ExeFS:/.code was updated.
The only changes in RomFS were file-updating, the following files were updated:
/browser/rootca.pem /cro/oss.cro /cro/static.crs /cro/webkit.cro /.crr/static.crr /message/CN_Simp_Chinese/spider.msbt /message/EU_Dutch/spider.msbt /message/EU_English/spider.msbt /message/EU_French/spider.msbt /message/EU_German/spider.msbt /message/EU_Italian/spider.msbt /message/EU_Portuguese/spider.msbt /message/EU_Russian/spider.msbt /message/EU_Spanish/spider.msbt /message/JP_Japanese/spider.msbt /message/KR_Hangeul/spider.msbt /message/TW_English/spider.msbt /message/TW_Trad_Chinese/spider.msbt /message/US_English/spider.msbt /message/US_French/spider.msbt /message/US_Portuguese/spider.msbt /message/US_Spanish/spider.msbt
OSS diff for v9.5 and v9.9, without the .dox changes:
diff --git a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.5.0(23J_23U_23E_19K_18T_3C)/WKC/WebKit/WKC/webkit/WKCVersion.h b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/WKC/WebKit/WKC/webkit/WKCVersion.h index be5ff09..55a7274 100644 --- a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.5.0(23J_23U_23E_19K_18T_3C)/WKC/WebKit/WKC/webkit/WKCVersion.h +++ b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/WKC/WebKit/WKC/webkit/WKCVersion.h @@ -29,7 +29,7 @@ #define WKC_VERSION_CHECK(major, minor, micro) \ (((major)*10000) + ((minor)*100) + (micro)) >= ((WKC_VERSION_MAJOR*10000) + (WKC_VERSION_MINOR*100) + (WKC_VERSION_MICRO)) -#define WKC_CUSTOMER_RELEASE_VERSION "1.8.14" +#define WKC_CUSTOMER_RELEASE_VERSION "1.8.16" #define WKC_WEBKIT_VERSION "532.7" diff --git a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.5.0(23J_23U_23E_19K_18T_3C)/webkit/WebCore/rendering/RenderBox.cpp b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/webkit/WebCore/rendering/RenderBox.cpp index da4127e..d03403e 100644 --- a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.5.0(23J_23U_23E_19K_18T_3C)/webkit/WebCore/rendering/RenderBox.cpp +++ b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/webkit/WebCore/rendering/RenderBox.cpp @@ -305,23 +305,23 @@ int RenderBox::scrollHeight() const int RenderBox::scrollLeft() const { - return hasOverflowClip() ? layer()->scrollXOffset() : 0; + return layer() && hasOverflowClip() ? layer()->scrollXOffset() : 0; } int RenderBox::scrollTop() const { - return hasOverflowClip() ? layer()->scrollYOffset() : 0; + return layer() && hasOverflowClip() ? layer()->scrollYOffset() : 0; } void RenderBox::setScrollLeft(int newLeft) { - if (hasOverflowClip()) + if (hasOverflowClip() && layer()) layer()->scrollToXOffset(newLeft); } void RenderBox::setScrollTop(int newTop) { - if (hasOverflowClip()) + if (hasOverflowClip() && layer()) layer()->scrollToYOffset(newTop); }
Old3DS v10.2
The slider vuln from here was fixed in the Old3DS browser it seems.
The main codebin .text only increased by 0x10-bytes.
The only changes in RomFS was that the following files were updated:
/cro/oss.cro /cro/static.crs /cro/webkit.cro /.crr/static.crr
OSS diff:
diff --git a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/WKC/WebKit/WKC/webkit/WKCVersion.h b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_10.2.0/WKC/WebKit/WKC/webkit/WKCVersion.h index 55a7274..fc153c4 100644 --- a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/WKC/WebKit/WKC/webkit/WKCVersion.h +++ b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_10.2.0/WKC/WebKit/WKC/webkit/WKCVersion.h @@ -29,7 +29,7 @@ #define WKC_VERSION_CHECK(major, minor, micro) \ (((major)*10000) + ((minor)*100) + (micro)) >= ((WKC_VERSION_MAJOR*10000) + (WKC_VERSION_MINOR*100) + (WKC_VERSION_MICRO)) -#define WKC_CUSTOMER_RELEASE_VERSION "1.8.16" +#define WKC_CUSTOMER_RELEASE_VERSION "1.8.17" #define WKC_WEBKIT_VERSION "532.7" diff --git a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/webkit/WebCore/rendering/RenderSlider.cpp b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_10.2.0/webkit/WebCore/rendering/RenderSlider.cpp index b2f5cef..1dd3dbd 100644 --- a/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_9.9.0/webkit/WebCore/rendering/RenderSlider.cpp +++ b/3DS_InternetBrowser_OpenSources_JP_US_EU_KR_TW_HK_CN_10.2.0/webkit/WebCore/rendering/RenderSlider.cpp @@ -221,6 +221,7 @@ RenderSlider::~RenderSlider() { if (m_thumb) m_thumb->detach(); + m_thumb = 0; } int RenderSlider::baselinePosition(bool, bool) const @@ -493,7 +494,8 @@ void RenderSlider::forwardEvent(Event* event) } } - m_thumb->defaultEventHandler(event); + if (m_thumb) + m_thumb->defaultEventHandler(event); } bool RenderSlider::inDragMode() const
Forced system-update
The Old3DS/New3DS Internet Browser updated with 9.9.0-26 now includes the following message string:
In order to use the Internet browser, a system update is required. To perform a system update, select System Update from Other Settings in System Settings.
This wasn't enforced(web-browser displaying the above message when the installed browser isn't the latest version) until October 26, 2015.
This message only triggers when attempting to load a web-page. This is only handled the first time the browser accesses a web-page, during this browser session.
The browser codebins starting with v9.9 now contain the following URL strings:
- Old3DS: "https://cbvc.cdn.nintendo.net/CTR/1/<region>"
- New3DS: "https://cbvc.cdn.nintendo.net/SNAKE/1/<region>"
The <region> string is one of the following:
- "JPN"
- "USA"
- "EUR"
- "KOR"
Starting with the browser from 10.2.0-28, the "1" in the above URLs were changed to "2".
As of October 26, 2015, the "1" URLs return the browser-version for v9.9(decimal number as a string without any "."), while the "2" URLs returns 0.
if(internal_browserver > server_browserver) { <safe> } else { <update message> }
Hence, internal_browserver == server_browserver will trigger the sysupdate message, which appears to be the normal way to indicate that the current browser is outdated(see above).
There is a cache for this in savedata. The request is only done when at least 24-hours have passed since the last time the request was done(see the below savedata section).
It is still possible to guard against this update by blocking the previous URLs using a proxy. It is not possible to remove the update message by entering the Recovery Mode.
Page request
The browser(with New3DS at least) does the following with HTTPC for requesting the above page:
- Initializes the HTTP context and uses HTTPC:InitializeConnectionSession + HTTPC:SetProxyDefault.
- Uses HTTPC command 0x250080 twice with cmd[1]=contexthandle: first time cmd[2]=0x3, second time cmd[2]=0x6.
- Then HTTPC:AddTrustedRootCA is used 48 times to setup 48 trusted root CAs. This appears to be every cert in the browser "romfs:/browser/rootca.pem" file converted to DER, in the same order from there(in other words, every single root CA the browser trusts by default for normal web-browsing).
- Then HTTPC:BeginRequest is used.
- Then HTTPC:ReceiveDataTimeout is used, the recv-size seems to be fixed to 0x20.
- Then HTTPC:GetResponseStatusCodeTimeout is used.
- Then HTTPC:GetDownloadSizeState is used.
- Then the HTTP context is closed.
Raw request data(New3DS USA v10.2 browser):
000000: 47 45 54 20 2f 53 4e 41 4b 45 2f 32 2f 55 53 41 GET /SNAKE/2/USA 000010: 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a HTTP/1.1..Host: 000020: 20 63 62 76 63 2e 63 64 6e 2e 6e 69 6e 74 65 6e cbvc.cdn.ninten 000030: 64 6f 2e 6e 65 74 0d 0a 0d 0a do.net....
v9.9 dummy web-browser
The gamecard v9.9 sysupdate included with some games contains a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and RO isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".
Hence, if you update your system from pre-v9.9 using a gamecard with v9.9, the system web-browser will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here).
Savedata
New3DS
On newer SKATER versions, it appears *all* NAND savedata is stored under the 0x000200BB savedata.
0x000200BB savedata
This only contains "t.bin" with filesize 0xadf80, the format is below.
The timestamp format used here is the number of milliseconds since January 1, 2000(local-time).
When using the "Initiaize savedata" option in the browser, that deletes this savedata file/image then exits the browser. This file is then re-created when the browser gets started again.
Offset | Size | Description |
---|---|---|
0x68 | 0x4? | This counter is incremented each time the savedata is written. |
0x70 | 0x8 | Timestamp for when the savedata was last written. |
0x94 | 0x15? | This is all-zeros on non-JPN systems. On JPN systems where the browser filter is disabled, this is a string in the following format: "4110-%016llX". |
0xD8 | 0x8 | s64 timestamp, can be either a normal positive timestamp or a relative negative one. Used with the forced-update described above. When an update is detected this timestamp is negative, otherwise this is a normal positive timestamp(it's unknown how exactly this timestamp is checked). When positive, this seems to be the last time the forced-update HTTPS request was done where no update was needed. |
Web Standards
- HTML 4.01
- HTML 5 (120/400 score on HTML5Test.com)
- XHTML 1.1
- CSS 1
- CSS 2.1
- CSS 3 (some functionality is unavailable)
- DOM Levels 1-3
- ECMAScript (partial support for ECMA-262 5th Edition)
- XMLHttpRequest Level 2
- Canvas Element (some functionality is unavailable)
Protocols
- HTTP 1.0
- HTTP 1.1
- SSLv3
- TLS 1.0
Image Formats
- MPO
- GIF
- JPEG
- PNG
- BMP
- ICO (some files cannot be displayed)
Plug-Ins
Plug-ins (such as Adobe Flash) are not supported.
Other details
- It scored 90/100 on Acid3 test
- Images from the Internet can be saved to the SD Card and viewed using the Nintendo 3DS Camera application.
- Images saved to an SD Card or to the Nintendo 3DS system memory can be uploaded to blogs or other sites that allow the uploading of photos using :
<input type="file" />
- HTML5Test.com say that Drag and drop is supported but it's not (code on WebKit is ready, but it's not implemented on interface of browser)
Tips
Detect User Agent
To detect if the user agent is Nintendo 3DS Browser :
<script type="text/javascript"> if (navigator.userAgent.indexOf('Nintendo 3DS') == -1) { //If the UserAgent is not "Nintendo 3DS" location.replace('http://www.3dbrew.org'); //Redirect to an other page } </script>
- You can check navigator.platform=="Nintendo 3DS" as well.
Scrolling
Scrolling can be altered by modifying document.body.scrollTop and document.body.scrollLeft. However, there are drawbacks related to working with these properties:
- Both properties return 0 when accessed
- Setting one property resets the other property's scroll position
In order to set both at the same time (without either resetting to 0), use window.scrollTo.
Events
Key Events
The following buttons trigger the onkeydown, onkeypress and onkeyup events:
Code | Button |
---|---|
13 | A |
37 | Left |
38 | Up |
39 | Right |
40 | Down |
The events cannot have their default action cancelled. Other buttons do not trigger key events.
Touch/Mouse Events
onmousedown, onmouseup & onclick are all triggered by the browser. However, the onmousedown event doesn't trigger until you lift the stylus or you've held it on the screen for ~2 seconds—which is when text selection mode is activated—making it pretty much the same as onmouseup. The events cannot have their default action cancelled.
The onmousemove and common touch/gesture events are not supported.
Screen Resolution
The up screen resolution is 400×240. However, the viewable area in the browser is only 400×220.
The touch screen resolution is 320×240. However, the viewable area in the browser is only 320×212.
You can have a page span both screens. However, the browser will behave as if the bottom screen is the only active screen and the top screen is scrolled off. This is important when computing CSS coordinates. Items positioned from "bottom" will be positioned based on 220px and not the full 432px of both screens.
Using Both Screens
Generally the easiest way to accomplish the correct layout is to create HTML elements that "contain" the top and bottom screens. Here's an example:
<!DOCTYPE html> <html> <head> <meta name="viewport" content="width=400"> <style> body{margin:0px;} #topscreen{width:400px;height:220px;overflow:hidden;} #bottomscreen{width:320px;height:212px;overflow:hidden;margin:0 auto;} </style> </head> <body> <div id="topscreen">Top Screen</div> <div id="bottomscreen">Bottom Screen</div> </body> </html>
This scheme allows the page to be easily manipulated through JavaScript. In order to have the window snap to the correct position, use the following JavaScript code:
window.setInterval(function () { window.scrollTo(40, 220); }, 50);
This automatically resets the position if the user accidentally scrolls the page.
Example Sites
- Weapons and Colors (Short URL: http://bit.ly/3DSwc)
- jFox (Short URL: http://bit.ly/iB7FqW)
- Ditto3D (Short URL: http://bit.ly/oVreWA)
- Nintendo 3DS Bookmarks - This is the first bookmark pre-installed in the browser.