2
edits
Changes
Jump to navigation
Jump to search
Line 11:
Line 11: − + Line 35:
Line 35: + + Line 40:
Line 42: − ! Mobile UA Line 47:
Line 48: − | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 Line 54:
Line 54: − | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 Line 61:
Line 60: − | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 − | None Line 74:
Line 71: − + − | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 Line 81:
Line 77: − + − | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 Line 88:
Line 83: − + − | Line 95:
Line 89: − + − | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 + + + + + + − + − | − + − + − | + + + + + + + + + + + + + + + + + + + + + + + + Line 355:
Line 376: + + + + + + + + + + Line 388:
Line 419: − + − Line 474:
Line 504: + + + + + Line 480:
Line 515: − + + + + + + + + + + + Line 708:
Line 753: − + − + Line 849:
Line 894: − + + − +
→Example Sites
The only difference between the ExeFS .code for each region of the Old3DS/New3DS browser, is byte values for the title uniqueID/region.
The only difference between the ExeFS .code for each region of the Old3DS/New3DS browser, is byte values for the title uniqueID/region.
A [[#v9.9_dummy_web-browser|"dummy" browser]] (which replaces the actual browser) is being included with cartdrige games shipping the [[9.9.0-26|9.9.0-X]] and [[10.7.0-32|10.7.0-X]] system updates.
A [[#Dummy_web-browser|"dummy" browser]] (which replaces the actual browser) is being included with cartdrige games shipping with system updates starting with [[9.9.0-26|9.9.0-X]].
In addition, versions of the real browser since 9.9.0-26X attempt to [[#Forced_system-update|check-in with a Nintendo server]] to determine if the existing browser version is out of date.
In addition, versions of the real browser since 9.9.0-26X attempt to [[#Forced_system-update|check-in with a Nintendo server]] to determine if the existing browser version is out of date.
<region> can be one of the following: "JP", "US", or "EU".
<region> can be one of the following: "JP", "US", or "EU".
Mobile User-Agent is always <code>Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25</code>.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Mobile NintendoBrowser version(displayed in browser settings)
! Mobile NintendoBrowser version(displayed in browser settings)
! Normal UA
! Normal UA
! CDN Title-version
! CDN Title-version
! Network-only system-update version
! Network-only system-update version
| 1.0.9934
| 1.0.9934
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.8 Mobile NintendoBrowser/1.0.9934.<region>
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.8 Mobile NintendoBrowser/1.0.9934.<region>
| v10
| v10
| [[9.0.0-20]]
| [[9.0.0-20]]
| 1.1.9996
| 1.1.9996
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.10 Mobile NintendoBrowser/1.1.9996.<region>
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.10 Mobile NintendoBrowser/1.1.9996.<region>
| v1027
| v1027
| [[9.3.0-21]]
| [[9.3.0-21]]
| 1.2.10085
| 1.2.10085
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.13 Mobile NintendoBrowser/1.2.10085.<region>
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.13 Mobile NintendoBrowser/1.2.10085.<region>
| v2051
| v2051
| [[9.6.0-24]]
| [[9.6.0-24]]
| See below.
| See below.
|-
|-
| None
| None
| None
| None
|-
|-
| 1.3.10126
| 1.3.10126
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.US
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.<region>
| v3077
| v3077
| [[9.9.0-26]]
| [[9.9.0-26]]
|-
|-
| 1.4.10138
| 1.4.10138
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.US
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.<region>
| v4096
| v4096
| [[10.2.0-28]]
| [[10.2.0-28]]
|-
|-
| 1.5.10143
| 1.5.10143
|
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.5.10143.<region>
| v5121
| v5121
| [[10.4.0-29]]
| [[10.4.0-29]]
|-
|-
| 1.6.10147
| 1.6.10147
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.6.10147.US
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.6.10147.<region>
| v6144
| v6144
| [[10.6.0-31]]
| [[10.6.0-31]]
| See below.
| See below.
|-
| None
| None
| v7168
| v10.7 CUP
| v10.7 CUP dummy web-browser, see below.
|-
|-
| 1.7.10150
| 1.7.10150
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.7.10150.US
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.7.10150.<region>
| v7184
| v7184
| [[10.7.0-32]]
| [[10.7.0-32]]
| See below.
| See below.
|-
|-
|
| 1.8.10156
|
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.20 Mobile NintendoBrowser/1.8.10156.<region>
| v8192
| v8192
| [[11.1.0-34]]
| [[11.1.0-34]]
| See below.
|-
| None
| None
| v9217
| v11.4 CUP
| v11.4 CUP dummy web-browser, see below.
|-
| 1.9.10160
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.20 Mobile NintendoBrowser/1.9.10160.<region>
| v9232
| [[11.4.0-37]]
| See below.
|-
| 1.10.10166
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.22 Mobile NintendoBrowser/1.10.10166.<region>
| v10272
| [[11.9.0-42]]
| See below.
|-
| 1.11.10172
| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.23 Mobile NintendoBrowser/1.11.10172.<region>
| v11264
| [[11.14.0-46]]
| See below.
| See below.
|}
|}
The filepath base used in the assert strings were changed from "d:\Jenkins\workspace\MPSkaterBuild\MVPlayer\Skater\Base\Android\frameworks\base\media\libstagefright\" to "d:\jenkins\workspace\MPSkaterBuild-Git\Base\Android\frameworks\base\media\libstagefright\".
The filepath base used in the assert strings were changed from "d:\Jenkins\workspace\MPSkaterBuild\MVPlayer\Skater\Base\Android\frameworks\base\media\libstagefright\" to "d:\jenkins\workspace\MPSkaterBuild-Git\Base\Android\frameworks\base\media\libstagefright\".
==== v11.4 ====
The only changes in RomFS was for "/build/buildinfo.dat" and "/static.crs", hence no OSS in CRO(s) were updated.
The main codebin was updated. Exactly two functions were updated, these are not related to code exec vulns.
cat v9232/00000027_romfs/build/buildinfo.dat
10160
applet
2017-03-08 19:44
=== New3DS Browser Specifications ===
=== New3DS Browser Specifications ===
* "User agent: Mozilla/5.0 (Nintendo 3DS; region; ; en) Version/1.7498.US"
* "User agent: Mozilla/5.0 (Nintendo 3DS; region; ; en) Version/1.7498.US"
* "Supported protocols: HTTP1.0/HTTP1.1/SSLv3/TLS1.0"
* "Supported protocols: HTTP1.0/HTTP1.1/SSLv3/TLS1.0"
* "Web standard: HTML 4.01/XHTML 1.1/CSS 1/CSS 2.1/CSS 3 (partial functionality)/DOM Levels 1-3/ECMAScript
* "Web standard: HTML 4.01/XHTML 1.1/CSS 1/CSS 2.1/CSS 3 (partial functionality)/DOM Levels 1-3/ECMAScript/XMLHttpRequest/Canvas Element (partial functionality)"
/XMLHttpRequest/Canvas Element (partial functionality)"
* "Image format: MPO / GIF / JPEG / PNG / BMP / ICO (some images cannot be displayed)"
* "Image format: MPO / GIF / JPEG / PNG / BMP / ICO (some images cannot be displayed)"
* "Plug-ins: Plug-ins such as Adobe Flash are not supported"
* "Plug-ins: Plug-ins such as Adobe Flash are not supported"
| [[10.6.0-31]]
| [[10.6.0-31]]
| See below.
| See below.
|-
| None
| v9216
| v10.7 CUP
| v10.7 CUP dummy web-browser, see below.
|-
|-
| 1.7625
| 1.7625
| See below.
| See below.
|-
|-
|
| 1.7630
| v10240
| v10240
| [[11.1.0-34]]
| [[11.1.0-34]]
| See below.
|-
| 1.7636
| v11297
| [[11.9.0-42]]
| See below.
|-
| 1.7639
| v12288
| [[11.14.0-46]]
| See below.
| See below.
|}
|}
The only actual code change with Old3DS/New3DS browser v10.7 was that the code which calculates the diff_timestamp was moved to immediately after the block which initializes <state_timestamp> when <state_timestamp> is all-zero. This fixed the browser-version-check [[3DS_Userland_Flaws|bypass]].
The only actual code change with Old3DS/New3DS browser v10.7 was that the code which calculates the diff_timestamp was moved to immediately after the block which initializes <state_timestamp> when <state_timestamp> is all-zero. This fixed the browser-version-check [[3DS_Userland_Flaws|bypass]].
== v9.9+/v10.7+ dummy web-browser ==
== Dummy web-browser ==
Gamecards v9.9 and above include, with their sysupdate, a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and [[RO_Services|RO]] isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".
Gamecards v9.9 and above include, with their sysupdate, a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and [[RO_Services|RO]] isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".
Hence, if you update your system below v9.8 with any v9.9 or above gamecard, the system web-browser will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here).
Hence, if you update your system below v9.8 with any v9.9 or above gamecard, the system web-browser will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here).
Gamecards v10.7 and above include an updated dummy web-browser, where the only difference is the title version.
Gamecards v10.7 and v11.4(New3DS only) have updated the dummy web-browser, where the only difference is the title version.
== Savedata ==
== Savedata ==
==Example Sites==
==Example Sites==
<!-- If you have a website that demonstrates these techniques, place it here! -->
<!-- If you have a website that demonstrates these techniques, place it here! -->
* [http://www.nintendo.com/3ds/internetbrowser/bookmarks Nintendo 3DS Bookmarks] - This is the first bookmark pre-installed in the browser.
* [http://www.nintendo.com/3ds/internetbrowser/bookmarks Nintendo 3DS Bookmarks]: This is the first bookmark pre-installed in the browser.
* [https://imgsharetool.herokuapp.com ImageShare]: Image uploader for the 3DS ([https://github.com/corbindavenport/image-share source code])
* [http://3ds.andysmith.co.uk/jFox.html jFox] (Short URL: http://bit.ly/iB7FqW)
* [http://3ds.andysmith.co.uk/jFox.html jFox] (Short URL: http://bit.ly/iB7FqW)
* [http://ditto3d.com/3ds Ditto3D] (Short URL: http://bit.ly/oVreWA)
* [http://ditto3d.com/3ds Ditto3D (Dead Link)] (Short URL: http://bit.ly/oVreWA)