Changes

Internet Browser (edit)

Revision as of 23:08, 23 January 2018

2,328 bytes added , 23:08, 23 January 2018

m

no edit summary

Line 11: Line 11:

The only difference between the ExeFS .code for each region of the Old3DS/New3DS browser, is byte values for the title uniqueID/region.

−

A [[#~~v9.9_dummy_web~~-browser|"dummy" browser]] (which replaces the actual browser) is being included with cartdrige games shipping ~~the~~ [[9.9.0-26|9.9.0-X]] ~~system update~~.

+

A [[#Dummy_web-browser|"dummy" browser]] (which replaces the actual browser) is being included with cartdrige games shipping with system updates starting with [[9.9.0-26|9.9.0-X]].

In addition, versions of the real browser since 9.9.0-26X attempt to [[#Forced_system-update|check-in with a Nintendo server]] to determine if the existing browser version is out of date.

Line 26: Line 26:

Video decoding is done with [[MVD_Services|mvd:STD]]. Audio decoding/playback is done with a browser-specific DSP binary. The Old3DS browser used CSND for audio playback, the New3DS browser doesn't have access to that at all since it uses DSP instead.

+

=== Video / libstagefright ===

The browser manual includes licenses for Android and PacketVideo. The browser uses libstagefright from Android. Just like WebKit, the browser appears to use a very old version of libstagefright with security/other changes back-ported(for example, the v10.7 browser libstagefright codebase seems to be older than [https://android.googlesource.com/platform/frameworks/av/+/ec77122351b4e78c1fe5b60a208f76baf8c67591%5E%21/media/libstagefright/MPEG4Extractor.cpp this]). This codebase is missing certain chunk-parsing code for 3GP.

+

HTTP for libstagefright is internally handled with [[HTTP_Services|HTTPC]], with a similar(?) set of RootCAs as for browser-version-check.

===User-Agent and Browser Versions===

Line 32: Line 35:

<region> can be one of the following: "JP", "US", or "EU".

+

Mobile User-Agent is always <code>Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25</code>.

{| class="wikitable" border="1"

Line 37: Line 42:

! Mobile NintendoBrowser version(displayed in browser settings)

! Normal UA

−

~~! Mobile UA~~

! CDN Title-version

! Network-only system-update version

Line 44: Line 48:

| 1.0.9934

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.8 Mobile NintendoBrowser/1.0.9934.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v10

| [[9.0.0-20]]

Line 51: Line 54:

| 1.1.9996

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.10 Mobile NintendoBrowser/1.1.9996.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v1027

| [[9.3.0-21]]

Line 58: Line 60:

| 1.2.10085

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.13 Mobile NintendoBrowser/1.2.10085.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v2051

| [[9.6.0-24]]

| See below.

|-

−

~~| None~~

| None

Line 71: Line 71:

|-

| 1.3.10126

−

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.US

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v3077

| [[9.9.0-26]]

Line 78: Line 77:

|-

| 1.4.10138

−

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.US

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v4096

| [[10.2.0-28]]

Line 85: Line 83:

|-

| 1.5.10143

−

|

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.5.10143.<region>

−

|

| v5121

| [[10.4.0-29]]

Line 92: Line 89:

|-

| 1.6.10147

−

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.6.10147.US

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.6.10147.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v6144

| [[10.6.0-31]]

| See below.

+

|-

+

| None

+

| None

+

| v7168

+

| v10.7 CUP

+

| v10.7 CUP dummy web-browser, see below.

|-

| 1.7.10150

−

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.7.10150.US

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.7.10150.<region>

−

|

| v7184

| [[10.7.0-32]]

+

| See below.

+

|-

+

| 1.8.10156

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.20 Mobile NintendoBrowser/1.8.10156.<region>

+

| v8192

+

| [[11.1.0-34]]

+

| See below.

+

|-

+

| None

+

| None

+

| v9217

+

| v11.4 CUP

+

| v11.4 CUP dummy web-browser, see below.

+

|-

+

| 1.9.10160

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.20 Mobile NintendoBrowser/1.9.10160.<region>

+

| v9232

+

| [[11.4.0-37]]

| See below.

|}

Line 323: Line 342:

applet

2016-03-02 18:25

+

==== v11.1 ====

+

The ExeFS codebin was updated. The following files in RomFS were updated:

+

/build/buildinfo.dat

+

/.crr/static.crr

+

/oss.cro.lex

+

/static.crs

+

/webkit.cro.lex

+

cat v8192/00000026_romfs/build/buildinfo.dat

+

10156

+

applet

+

2016-08-26 19:47

+

Minus the 4 functions that changed due to compiler optimization, only 1 function was actually updated. This is LT_1a4004, previous version at LT_1a4004: libstagefright status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth)

+

Additional code was added which doesn't seem to be from upstream git, right [https://android.googlesource.com/platform/frameworks/av/+/32d6e5f0ebe9e00f80401e5f4fd6e285a474590d/media/libstagefright/MPEG4Extractor.cpp#880 before] the cprt code block: "if((*offset + chunk_size) - data_offset < 0)fail"

+

This fixed skater31hax + any other mp4 haxx which requires using a negative 64bit chunk_size value.

+

The filepath base used in the assert strings were changed from "d:\Jenkins\workspace\MPSkaterBuild\MVPlayer\Skater\Base\Android\frameworks\base\media\libstagefright\" to "d:\jenkins\workspace\MPSkaterBuild-Git\Base\Android\frameworks\base\media\libstagefright\".

+

==== v11.4 ====

+

The only changes in RomFS was for "/build/buildinfo.dat" and "/static.crs", hence no OSS in CRO(s) were updated.

+

The main codebin was updated. Exactly two functions were updated, these are not related to code exec vulns.

+

cat v9232/00000027_romfs/build/buildinfo.dat

+

10160

+

applet

+

2017-03-08 19:44

=== New3DS Browser Specifications ===

Line 356: Line 407:

* "User agent: Mozilla/5.0 (Nintendo 3DS; region; ; en) Version/1.7498.US"

* "Supported protocols: HTTP1.0/HTTP1.1/SSLv3/TLS1.0"

−

* "Web standard: HTML 4.01/XHTML 1.1/CSS 1/CSS 2.1/CSS 3 (partial functionality)/DOM Levels 1-3/ECMAScript

+

* "Web standard: HTML 4.01/XHTML 1.1/CSS 1/CSS 2.1/CSS 3 (partial functionality)/DOM Levels 1-3/ECMAScript/XMLHttpRequest/Canvas Element (partial functionality)"

−

/XMLHttpRequest/Canvas Element (partial functionality)"

* "Image format: MPO / GIF / JPEG / PNG / BMP / ICO (some images cannot be displayed)"

* "Plug-ins: Plug-ins such as Adobe Flash are not supported"

Line 442: Line 492:

| [[10.6.0-31]]

| See below.

+

|-

+

| None

+

| v9216

+

| v10.7 CUP

+

| v10.7 CUP dummy web-browser, see below.

|-

| 1.7625

| v9232

| [[10.7.0-32]]

+

| See below.

+

|-

+

| 1.7630

+

| v10240

+

| [[11.1.0-34]]

| See below.

|}

+

=== Heap ===

+

The USA/EUR/JPN + KOR browser allocates the 0x08000000 heap with size 0x01A97000. The size used by the CHN and TWN browser is 0x01997000, exactly 0x100000-bytes smaller.

=== Old3DS v9.9 ===

Line 589: Line 652:

=== Old3DS v10.7 ===

''Nothing'' changed except some words for version-values in .text being updated(RomFS wasn't changed), code for browser-version-check was [[#v10.7_2|updated]].

+

=== Old3DS v11.1 ===

+

Nothing changed in the ExeFS codebin besides the usual version values. The following files in RomFS were updated:

+

/cro/oss.cro

+

/cro/webkit.cro

+

/.crr/static.crr

== Forced system-update ==

Line 662: Line 731:

The only actual code change with Old3DS/New3DS browser v10.7 was that the code which calculates the diff_timestamp was moved to immediately after the block which initializes <state_timestamp> when <state_timestamp> is all-zero. This fixed the browser-version-check [[3DS_Userland_Flaws|bypass]].

−

== ~~v9.9 dummy~~ web-browser ==

+

== Dummy web-browser ==

−

~~The gamecard~~ v9.9 sysupdate ~~included with some games contains~~ a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and [[RO_Services|RO]] isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".

+

Gamecards v9.9 and above include, with their sysupdate, a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and [[RO_Services|RO]] isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".

+

Hence, if you update your system below v9.8 with any v9.9 or above gamecard, the system web-browser will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here).

−

~~Hence, if you update your system from pre-v9~~.~~9 using a gamecard with v9~~.9, the ~~system~~ web-browser ~~will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here)~~.

+

Gamecards v10.7 and v11.4(New3DS only) have updated the dummy web-browser, where the only difference is the title version.

== Savedata ==

Line 803: Line 874:

* [http://www.nintendo.com/3ds/internetbrowser/bookmarks Nintendo 3DS Bookmarks] - This is the first bookmark pre-installed in the browser.

* [http://3ds.andysmith.co.uk/jFox.html jFox] (Short URL: http://bit.ly/iB7FqW)

−

* [http://ditto3d.com/3ds Ditto3D] (Short URL: http://bit.ly/oVreWA)

+

* [http://ditto3d.com/3ds Ditto3D (Dead Link)] (Short URL: http://bit.ly/oVreWA)

Pigeon

18

edits

Changes

Internet Browser (edit)

Revision as of 23:08, 23 January 2018

Navigation menu

Search