Changes

Internet Browser (edit)

Revision as of 18:09, 18 November 2022

14,930 bytes added , 18:09, 18 November 2022

→‎Gamepad: Formatting and performance hint

Line 8: Line 8:

The 3DS Internet Browser is [http://en.wikipedia.org/wiki/Netfront Netfront] Browser NX v1.0 based on [http://en.wikipedia.org/wiki/WebKit WebKit] engine.

−

The browser ~~supports up to 64 bookmarks~~.

+

On O3DS the exheader name of this title is "SPIDER"; on N3DS, "SKATER".

+

The only difference between the ExeFS .code for each region of the Old3DS/New3DS browser, is byte values for the title uniqueID/region.

−

~~The exheader name of this title is "spider".~~

+

A [[#Dummy_web-browser|"dummy" browser]] (which replaces the actual browser) is being included with cartdrige games shipping with system updates starting with [[9.9.0-26|9.9.0-X]].

−

+

In addition, versions of the real browser since 9.9.0-26X attempt to [[#Forced_system-update|check-in with a Nintendo server]] to determine if the existing browser version is out of date.

−

~~The only difference between the ExeFS .code for each region of the Old3DS/New3DS browser, is byte values for the title uniqueID/region, otherwise the binaries are identical.~~

−

A [[#~~v9.9_dummy_web~~-browser|"dummy" browser]] (which replaces the actual browser) is ~~now~~ being included ~~beginning~~ with games shipping ~~the~~ [[9.9.0-26|9.9.0-X]] ~~system update~~. In addition, versions of the real browser since 9.9.0-26X ~~now~~ attempt to [[#Forced_system-update|check-in with a Nintendo server]] to determine if the existing browser version is out of date.

==[[New 3DS]] Internet Browser==

−

New3DS has a separate browser title, the exheader name is "SKATER".

+

New3DS has a separate browser title, with the exheader name "SKATER".

−

+

Unlike the Old3DS browser, the New3DS browser has videos+HTML5 support.

−

Unlike the Old3DS browser, ~~this~~ New3DS browser has videos+HTML5 support. This browser also has a filter enabled by default(ExeFS codebin is same for all regions, this filter only applies for JPN region). Disabling it requires paying money with a credit-card, for [[NIM_Services|purchasing]] web-browser [[Title_list/DLC|DLC]].

−

During startup the browser does various HTTPS comms. When visting an URL, the browser sends a plaintext HTTP POST to here: [http://ars.ifuser.jp:20080/ars2/rating]. The raw POST data begins with "ARS/2.0\r\n\x00", the rest appears to be encrypted. The server reply content also has this ARS header + encrypted data. This appears to use a fixed xorpad, likely from a fixed encryption CTR/IV. The server content responses for allowed sites, and blocked sites, are fixed. When the server returns that the site is blocked, the browser goes to this page: [http://ars.ifuser.jp/filter/44.html](the Referrer header value is set to the same URL it's actually requesting).

+

This browser also has a filter enabled by default in the JPN version.

+

Disabling it requires paying money with a credit-card, for [[NIM_Services|purchasing]] web-browser [[Title_list/DLC|DLC]].

+

During startup the browser does various HTTPS comms. When visting an URL, the browser sends a plaintext HTTP POST here: [http://ars.ifuser.jp:20080/ars2/rating]. The raw POST data begins with "ARS/2.0\r\n\x00", the rest appears to be encrypted. The server reply content also has this ARS header + encrypted data. This appears to use a fixed xorpad, likely from a fixed encryption CTR/IV. The server content responses for allowed sites, and blocked sites, are fixed. When the server returns that the site is blocked, the browser goes to this page: [http://ars.ifuser.jp/filter/44.html](the Referrer header value is set to the same URL it's actually requesting).

The WebKit source was updated since the Old3DS browser.

+

The New3DS browser uses the following services: [[MVD_Services|mvd:STD]] and [[IR_Services|ir:rst]](DLC-related services are used too but those aren't New3DS specific).

+

Video decoding is done with [[MVD_Services|mvd:STD]]. Audio decoding/playback is done with a browser-specific DSP binary. The Old3DS browser used CSND for audio playback, the New3DS browser doesn't have access to that at all since it uses DSP instead.

−

~~Unlike~~ the ~~Old3DS~~ browser, the ~~New3DS~~ browser ~~uses the following services: [~~[~~MVD_Services|mvd~~:~~STD]] and [[IR_Services|ir:rst]~~]~~(DLC-related services are used too but those aren't New3DS specific~~).

+

=== Video / libstagefright ===

−

+

The browser manual includes licenses for Android and PacketVideo. The browser uses libstagefright from Android. Just like WebKit, the browser appears to use a very old version of libstagefright with security/other changes back-ported(for example, the v10.7 browser libstagefright codebase seems to be older than [https://android.googlesource.com/platform/frameworks/av/+/ec77122351b4e78c1fe5b60a208f76baf8c67591%5E%21/media/libstagefright/MPEG4Extractor.cpp this]). This codebase is missing certain chunk-parsing code for 3GP.

−

~~Video decoding~~ is ~~done with [[MVD_Services|mvd:STD]]. Audio decoding/playback is done with a browser~~-~~specific DSP binary. The Old3DS browser used CSND~~ for ~~audio playback, the New3DS browser doesn't have access to that at all since it uses DSP instead~~.

−

~~The browser manual includes licenses~~ for ~~Android and PacketVideo. The~~ browser ~~uses libstagefright from Android~~.

+

HTTP for libstagefright is internally handled with [[HTTP_Services|HTTPC]], with a similar(?) set of RootCAs as for browser-version-check.

===User-Agent and Browser Versions===

Line 35: Line 35:

<region> can be one of the following: "JP", "US", or "EU".

+

Mobile User-Agent is always <code>Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25</code>.

{| class="wikitable" border="1"

Line 40: Line 42:

! Mobile NintendoBrowser version(displayed in browser settings)

! Normal UA

−

~~! Mobile UA~~

! CDN Title-version

! Network-only system-update version

Line 47: Line 48:

| 1.0.9934

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.8 Mobile NintendoBrowser/1.0.9934.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v10

| [[9.0.0-20]]

Line 54: Line 54:

| 1.1.9996

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.10 Mobile NintendoBrowser/1.1.9996.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v1027

| [[9.3.0-21]]

Line 61: Line 60:

| 1.2.10085

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.13 Mobile NintendoBrowser/1.2.10085.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v2051

| [[9.6.0-24]]

| See below.

|-

−

~~| None~~

| None

Line 74: Line 71:

|-

| 1.3.10126

−

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.US

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.15 Mobile NintendoBrowser/1.3.10126.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v3077

| [[9.9.0-26]]

Line 81: Line 77:

|-

| 1.4.10138

−

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.US

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.17 Mobile NintendoBrowser/1.4.10138.<region>

−

~~| Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25~~

| v4096

| [[10.2.0-28]]

+

| See below.

+

|-

+

| 1.5.10143

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.5.10143.<region>

+

| v5121

+

| [[10.4.0-29]]

+

| See below.

+

|-

+

| 1.6.10147

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.6.10147.<region>

+

| v6144

+

| [[10.6.0-31]]

+

| See below.

+

|-

+

| None

+

| None

+

| v7168

+

| v10.7 CUP

+

| v10.7 CUP dummy web-browser, see below.

+

|-

+

| 1.7.10150

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.19 Mobile NintendoBrowser/1.7.10150.<region>

+

| v7184

+

| [[10.7.0-32]]

+

| See below.

+

|-

+

| 1.8.10156

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.20 Mobile NintendoBrowser/1.8.10156.<region>

+

| v8192

+

| [[11.1.0-34]]

+

| See below.

+

|-

+

| None

+

| None

+

| v9217

+

| v11.4 CUP

+

| v11.4 CUP dummy web-browser, see below.

+

|-

+

| 1.9.10160

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.20 Mobile NintendoBrowser/1.9.10160.<region>

+

| v9232

+

| [[11.4.0-37]]

+

| See below.

+

|-

+

| 1.10.10166

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.22 Mobile NintendoBrowser/1.10.10166.<region>

+

| v10272

+

| [[11.9.0-42]]

+

| See below.

+

|-

+

| 1.11.10172

+

| Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.0.5.23 Mobile NintendoBrowser/1.11.10172.<region>

+

| v11264

+

| [[11.14.0-46]]

| See below.

|}

Note that the latest Old3DS browser WebKit version at the time the initial New3DS browser was released, was the following: 532.8.

+

The first version of the KOR New3DS browser was v9.6(which was when the New3DS KOR titles were originally added). Each version of the KOR browser has the same NintendoBrowser version as the other regions. The KOR browser has been only updated when the browser for the other regions were updated, hence the title-versions are the same as well. The KOR browser ExeFS .code is different from the other regions(more than just region-related IDs etc).

==== OSS 9.0 and 9.3 diff ====

Line 152: Line 203:

The libstagefright build in the main SKATER codebin was updated to a version which fixed libstagefright vuln(s): the vuln used in [[browserhax|browserhax_fright]] at the time of sysupdate release was fixed. The *only* code changed in the main codebin, was code related to libstagefright.

−

The only RomFS changes is file-updating, all of the following files were updated:

+

The only RomFS changes is file-updating, all of the following files were updated(see the forced-sysupdate section regarding what changed in the message files):

−

/browser/rootca.pem ~~differ~~

+

/browser/rootca.pem

−

/build/buildinfo.dat ~~differ~~

+

/build/buildinfo.dat

−

/.crr/static.crr ~~differ~~

+

/.crr/static.crr

−

/message/CN_Simp_Chinese/skater.msbt ~~differ~~

+

/message/CN_Simp_Chinese/skater.msbt

−

/message/EU_Dutch/skater.msbt ~~differ~~

+

/message/EU_Dutch/skater.msbt

−

/message/EU_English/skater.msbt ~~differ~~

+

/message/EU_English/skater.msbt

−

/message/EU_French/skater.msbt ~~differ~~

+

/message/EU_French/skater.msbt

−

/message/EU_German/skater.msbt ~~differ~~

+

/message/EU_German/skater.msbt

−

/message/EU_Italian/skater.msbt ~~differ~~

+

/message/EU_Italian/skater.msbt

−

/message/EU_Portuguese/skater.msbt ~~differ~~

+

/message/EU_Portuguese/skater.msbt

−

/message/EU_Russian/skater.msbt ~~differ~~

+

/message/EU_Russian/skater.msbt

−

/message/EU_Spanish/skater.msbt ~~differ~~

+

/message/EU_Spanish/skater.msbt

−

/message/JP_Japanese/skater.msbt ~~differ~~

+

/message/JP_Japanese/skater.msbt

−

/message/KR_Hangeul/skater.msbt ~~differ~~

+

/message/KR_Hangeul/skater.msbt

−

/message/TW_English/skater.msbt ~~differ~~

+

/message/TW_English/skater.msbt

−

/message/TW_Trad_Chinese/skater.msbt ~~differ~~

+

/message/TW_Trad_Chinese/skater.msbt

−

/message/US_English/skater.msbt ~~differ~~

+

/message/US_English/skater.msbt

−

/message/US_French/skater.msbt ~~differ~~

+

/message/US_French/skater.msbt

−

/message/US_Portuguese/skater.msbt ~~differ~~

+

/message/US_Portuguese/skater.msbt

−

/message/US_Spanish/skater.msbt ~~differ~~

+

/message/US_Spanish/skater.msbt

−

/oss.cro.lex ~~differ~~

+

/oss.cro.lex

−

/static.crs ~~differ~~

+

/static.crs

−

/webkit.cro.lex ~~differ~~

+

/webkit.cro.lex

OSS diff:

Line 250: Line 301:

return;

thumb->dragFrom(event->absoluteLocation());

+

==== v10.4 ====

+

The ExeFS codebin was updated, the only change was that the following code was updated in the actual NupCheck HTTPS request function:

+

* Previous version: sprintf(out, "https://cbvc.cdn.nintendo.net/SNAKE/2/%s", region);

+

* Current version: sprintf(out, "https://cbvc.cdn.nintendo.net/SNAKE/%d/%s", 3, region);

+

libpng was updated from version 1.5.21 to 1.5.24.

+

The following RomFS files were updated(see the forced-sysupdate section regarding what changed in the message files):

+

/browser/rootca.pem

+

/build/buildinfo.dat

+

/cairo.cro.lex

+

/.crr/static.crr

+

/message/CN_Simp_Chinese/skater.msbt

+

/message/EU_Dutch/skater.msbt

+

/message/EU_English/skater.msbt

+

/message/EU_French/skater.msbt

+

/message/EU_German/skater.msbt

+

/message/EU_Italian/skater.msbt

+

/message/EU_Portuguese/skater.msbt

+

/message/EU_Russian/skater.msbt

+

/message/EU_Spanish/skater.msbt

+

/message/JP_Japanese/skater.msbt

+

/message/KR_Hangeul/skater.msbt

+

/message/TW_English/skater.msbt

+

/message/TW_Trad_Chinese/skater.msbt

+

/message/US_English/skater.msbt

+

/message/US_French/skater.msbt

+

/message/US_Portuguese/skater.msbt

+

/message/US_Spanish/skater.msbt

+

/oss.cro.lex differ

+

/peer.cro.lex differ

+

/static.crs differ

+

/webkit.cro.lex differ

+

==== v10.6 ====

+

The ExeFS codebin was updated.

+

[[browserhax|browserhax_fright_tx3g]] was fixed. The code handling tx3g now matches the latest libstagefright git.

+

Hence the below RomFS listing, no OSS was updated at all(besides libstagefright mentioned above).

+

The following RomFS files were updated:

+

/build/buildinfo.dat

+

/static.crs

+

==== v10.7 ====

+

Basically the same changes as Old3DS v10.7, except with the usual buildinfo.dat update in RomFS. The below date is 6 days after the browser-version-check [[3DS_Userland_Flaws|bypass]] was publicly disclosed.

+

cat v7184/00000025_romfs/build/buildinfo.dat

+

10150

+

applet

+

2016-03-02 18:25

+

==== v11.1 ====

+

The ExeFS codebin was updated. The following files in RomFS were updated:

+

/build/buildinfo.dat

+

/.crr/static.crr

+

/oss.cro.lex

+

/static.crs

+

/webkit.cro.lex

+

cat v8192/00000026_romfs/build/buildinfo.dat

+

10156

+

applet

+

2016-08-26 19:47

+

Minus the 4 functions that changed due to compiler optimization, only 1 function was actually updated. This is LT_1a4004, previous version at LT_1a4004: libstagefright status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth)

+

Additional code was added which doesn't seem to be from upstream git, right [https://android.googlesource.com/platform/frameworks/av/+/32d6e5f0ebe9e00f80401e5f4fd6e285a474590d/media/libstagefright/MPEG4Extractor.cpp#880 before] the cprt code block: "if((*offset + chunk_size) - data_offset < 0)fail"

+

This fixed skater31hax + any other mp4 haxx which requires using a negative 64bit chunk_size value.

+

The filepath base used in the assert strings were changed from "d:\Jenkins\workspace\MPSkaterBuild\MVPlayer\Skater\Base\Android\frameworks\base\media\libstagefright\" to "d:\jenkins\workspace\MPSkaterBuild-Git\Base\Android\frameworks\base\media\libstagefright\".

+

==== v11.4 ====

+

The only changes in RomFS was for "/build/buildinfo.dat" and "/static.crs", hence no OSS in CRO(s) were updated.

+

The main codebin was updated. Exactly two functions were updated, these are not related to code exec vulns.

+

cat v9232/00000027_romfs/build/buildinfo.dat

+

10160

+

applet

+

2017-03-08 19:44

=== New3DS Browser Specifications ===

[http://www.nintendo.co.jp/3ds/new/features/modal_net.html]

−

English version~~(Google translate)~~:

+

English version:

* "Browser engine: NetFront® Browser NX v3.0"

−

* "User agent: Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.*.*.* Mobile NintendoBrowser/1.0.****.JP

+

* "User agent: Mozilla/5.0 (New Nintendo 3DS like iPhone) AppleWebKit/536.30 (KHTML and like Gecko) NX/3.0.*.*.* Mobile NintendoBrowser/1.0.**** JP

−

** The *** is ~~described version information~~.

+

* ** Version information is stated.

−

** When ~~you use~~ the ~~"mobile~~ version ~~of the request"~~ function, ~~which is different~~ from ~~those described~~ above string."

+

* *** When using the “Mobile version request” function, it differs from the above-mentioned character string"

* "Supported protocols: HTTP1.0/HTTP1.1/SSL3.0/TLS1.0/TLS1.1/TLS1.2"

−

* "Web standard: HTML4.01 / HTML5 / XHTML1.1 / Fullscreen / Gamepad / SVG / WebSocket / Video Subtitle / WOFF / Web Messaging / Server-Sent / Web Storage ~~of part~~ / XMLHttpRequest / ~~canvas~~ / Video / ~~DOM1~~-3 / ECMAScript / CSS1 / CSS2.1 / CSS3 ~~part of~~"

+

* "Web standard: HTML4.01 / HTML5 / XHTML1.1 / Fullscreen API / Gamepad API / SVG / WebSocket / Video Subtitle / WOFF / Web Messaging / Server-Sent / Web Storage (partial) / XMLHttpRequest / Canvas element / Video / DOM Levels 1-3 / ECMAScript / CSS1 / CSS2.1 / CSS3 (partial)"

−

* "Image format: bmp / gif / ico / jpeg / png / svg (There are, however, ~~it is not possible to~~ display ~~some image~~.)"

+

* "Image format: bmp / gif / ico / jpeg / png / svg (There are, however, possibilities that some images won't display.)"

−

* "Image preview: mpo / jpeg (There are, however, ~~it is not possible to~~ display ~~some image~~.)"

+

* "Image preview: mpo / jpeg (There are, however, possibilities that some images won't display.)"

−

* "Video format: MP4, M3U8 + TS (HTTPLiveStreaming) (~~However~~, ~~there are~~ some ~~you can~~ not ~~play the video~~.)"

+

* "Video format: MP4, M3U8 + TS (HTTPLiveStreaming) (There are, however, some videos that may not be played.)"

−

* "Video codec: H.264 - MPEG-4 AVC Video (max 854x480 level 3.2, 3D compatible) (~~However~~, ~~there are~~ some ~~you~~ can not ~~play the video~~.)"

+

* "Video codec: H.264 - MPEG-4 AVC Video (max 854x480 at level 3.2, 3D compatible) (There are, however, some videos that can not be played.)"

−

* "Audio codec: AAC - ISO / IEC 14496-3 MPEG-4AAC, MP3 ~~ ~~ (~~However~~, ~~there are~~ some ~~you~~ can not ~~play the video~~.)"

+

* "Audio codec: AAC - ISO / IEC 14496-3 MPEG-4AAC, MP3 (There are, however, some videos that can not be played.)"

−

* "Of 3D ~~video at the time of upload format~~: .mkv (~~However, in~~ order to ~~play the video~~, ~~you~~ must ~~format is~~ converted in the ~~upload to~~ the site. In ~~addition~~, even if ~~it is~~ converted ~~you might not be able to play~~.)"

+

* "Format for uploading 3D videos: .mkv (In order to be played, videos must be converted to the appropriate format within the site you are uploading to. In some cases, the video will not play even if converted.)"

−

* "~~It does not correspond to the plug~~-ins such as ~~plug-in~~ Adobe Flash."

+

* "Plug-ins: Plug-ins such as Adobe Flash are not supported"

−

* "~~Use the~~ Active Rating System of filtering ~~function~~: Digital Arts, Inc. ~~provides~~. ~~At the time of access~~ to ~~Web~~ content~~, and implementing the decision of whether access is permitted~~ based on ~~the~~ category information~~. Feature that can limit~~ access to ~~Web~~ content that may be inappropriate ~~for viewing by the determination result~~."

+

* "Active Rating System filtering: provided by Digital Arts, Inc.. Access to web content can be limited based on its category information, restricting access to web content that may result inappropriate."

−

* "~~I will request the display of~~ the mobile version ~~page of the web page you are viewing request function the mobile version.~~ (However, if the web page does not ~~correspond to the~~ mobile version ~~of the page does not~~ change the ~~display~~.)"

+

* "Websites can be requested to provide the mobile version (However, if the web page does not have a mobile version, it won't change the way it's displayed.)"

MJPEG + .avi is also supported.

+

==== Gamepad ====

+

The browser's now-outdated gamepad API provides information about the states of the circle pad, C-stick, and every button aside from the Home and Power buttons. The gamepad, which has an ID of <code>New Nintendo 3DS Controller</code>, is contained within the array returned by the <code>navigator.webkitGetGamepads</code> function.

+

Both of the gamepad's arrays, which contain the states of various inputs, seem to be reconstructed each time they are accessed via their gamepad object. It is not known if the values within the arrays can update upon each access of the array, but the values can update frequently enough to obtain accurate readings of the system's controls.

+

===== Axes =====

+

The gamepad's <code>axes</code> array contains four floating-point numbers in the following order:

+

{|class="wikitable" width="20%"

+

! Index !! Axis

+

|-

+

| 0 || Circle pad X

+

|-

+

| 1 || Circle pad Y

+

|-

+

| 2 || C-stick X

+

|-

+

| 3 || C-stick Y

+

|}

+

Each coordinate ranges from -1.0 (left/up) to 1.0 (right/down). Neutral position is indicated by 0.0. Drift and/or inaccurate calibration may make these exact values unattainable.

+

===== Buttons =====

+

The gamepad's <code>buttons</code> array contains numbers for the following numbers:

+

{|class="wikitable" width="20%"

+

! Index !! Button

+

|-

+

| 0 || B

+

|-

+

| 1 || A

+

|-

+

| 2 || Y

+

|-

+

| 3 || X

+

|-

+

| 4 || L

+

|-

+

| 5 || R

+

|-

+

| 6 || ZL

+

|-

+

| 7 || ZR

+

|-

+

| 8 || Select

+

|-

+

| 9 || Start

+

|-

+

| 10 || Unknown

+

|-

+

| 11 || Unknown

+

|-

+

| 12 || Up

+

|-

+

| 13 || Down

+

|-

+

| 14 || Left

+

|-

+

| 15 || Right

+

|}

+

Each number is 0 while its associated button is not pressed, and 1 while the button is pressed.

+

The two unknown button numbers may have been intended for the Home and Power buttons, but they are always 0, even if the web browser is used while the Home and/or Power buttons are pressed.

+

==== Notes ====

+

* Viewport information can be specified with the <meta> element.

+

* The html "color" <input> type is not supported.

+

* 3D images appear as their right-eye image within webpages.

+

* Webpages are locked to the bottom screen when zooming is disabled, the webpage's initial scale is 1, and the entire webpage can fit within the bottom screen's dimensions (320x212).

+

* Interactable elements that are positioned partially outside of the bottom screen can temporarily be moved further inside the bottom screen by tapping them with the touchscreen.

+

* Favicons can be changed using Javascript, but they become unchangeable once the document's readystatechange event finishes firing with a ready state of "complete".

+

* Focusing on text-editable elements via Javascript will always open the keyboard.

== Old3DS browser ==

+

=== Old3DS Browser Specifications ===

+

* "Browser engine: NetFront® Browser"

+

* "User agent: Mozilla/5.0 (Nintendo 3DS; region; ; en) Version/1.7498.US"

+

* "Supported protocols: HTTP1.0/HTTP1.1/SSLv3/TLS1.0"

+

* "Web standard: HTML 4.01/XHTML 1.1/CSS 1/CSS 2.1/CSS 3 (partial functionality)/DOM Levels 1-3/ECMAScript/XMLHttpRequest/Canvas Element (partial functionality)"

+

* "Image format: MPO / GIF / JPEG / PNG / BMP / ICO (some images cannot be displayed)"

+

* "Plug-ins: Plug-ins such as Adobe Flash are not supported"

+

Old3DS browser doesn't support events "focusin" and "focusout"

=== User-Agent and Browser Versions ===

Line 302: Line 520:

| [[4.0.0-7]]

| ExeFS .code was updated, both of the CROs(webkit/OSS) were updated too. The manual CFA was updated as well.

+

|-

+

| 1.7538

+

| v0

+

| [[4.2.0-9]]

+

| First version of the KOR browser. The CROs are different from the USA/EUR/JPN [[4.0.0-7]] browser.

|-

| 1.7552

Line 345: Line 568:

| v7168

| [[10.2.0-28]]

+

| See below.

+

|-

+

| 1.7622

+

| v8192

+

| [[10.6.0-31]]

+

| See below.

+

|-

+

| None

+

| v9216

+

| v10.7 CUP

+

| v10.7 CUP dummy web-browser, see below.

+

|-

+

| 1.7625

+

| v9232

+

| [[10.7.0-32]]

+

| See below.

+

|-

+

| 1.7630

+

| v10240

+

| [[11.1.0-34]]

+

| See below.

+

|-

+

| 1.7636

+

| v11297

+

| [[11.9.0-42]]

+

| See below.

+

|-

+

| 1.7639

+

| v12288

+

| [[11.14.0-46]]

| See below.

|}

+

=== Heap ===

+

The USA/EUR/JPN + KOR browser allocates the 0x08000000 heap with size 0x01A97000. The size used by the CHN and TWN browser is 0x01997000, exactly 0x100000-bytes smaller.

=== Old3DS v9.9 ===

Line 423: Line 679:

=== Old3DS v10.2 ===

−

The slider vuln from [https://github.com/yellows8/3ds_webkithax here] was fixed in the Old3DS browser ~~it seems~~.

+

The slider vuln from [https://github.com/yellows8/3ds_webkithax here] was fixed in the Old3DS browser.

The main codebin .text only increased by 0x10-bytes.

Line 469: Line 725:

bool RenderSlider::inDragMode() const

+

=== Old3DS v10.6 ===

+

[[browserhax|spider28hax]] was fixed. The "2^32 characters long string" vuln described [[3DS_Userland_Flaws|here]] was ''finally'' fixed.

+

''A lot'' of WebKit issues/vulns were fixed, see [https://gist.github.com/yellows8/b1e10caa1d8bb8a46316 here] for the changes.

+

libpng was updated from version 1.4.12 to 1.4.19. zlib was updated from 1.2.7 to 1.2.8.

+

The .text size increased by 0x478-bytes.

+

The only changes in RomFS was that the following files were updated:

+

/cro/oss.cro

+

/cro/static.crs

+

/cro/webkit.cro

+

/.crr/static.crr

+

/manual/Manual.bcma

+

=== Old3DS v10.7 ===

+

''Nothing'' changed except some words for version-values in .text being updated(RomFS wasn't changed), code for browser-version-check was [[#v10.7_2|updated]].

+

=== Old3DS v11.1 ===

+

Nothing changed in the ExeFS codebin besides the usual version values. The following files in RomFS were updated:

+

/cro/oss.cro

+

/cro/webkit.cro

+

/.crr/static.crr

== Forced system-update ==

−

The Old3DS/New3DS Internet Browser updated with [[9.9.0-26]] ~~now includes~~ the following message ~~string~~:

+

The Old3DS/New3DS Internet Browser updated with [[9.9.0-26]] added the following message strings:

In order to use the Internet

browser, a system update

Line 478: Line 759:

select System Update from Other

Settings in System Settings.

+

The Internet browser cannot be

+

used at this time.

+

Please check your network

+

environment or try again later.

+

For whatever reason, the above ''message strings'' were removed with New3DS-browser v10.2, then re-added with v10.4. This does not apply to the Old3DS browser. Whenever v10.2 New3DS browser tries to use these message-strings for displaying a browser-update-related message, it will crash due to an assert failing since the message-strings are missing. Hence, if/when the v10.2 update-check page is ever updated where the browser tries to display a message for it, or when accessing that page fails, the browser will automatically crash.

This wasn't enforced(web-browser displaying the above message when the installed browser isn't the latest version) until October 26, 2015.

Line 493: Line 781:

* "KOR"

−

Starting with the browser from [[10.2.0-28]], the "1" in the above URLs were changed to "2".

+

Starting with the browser from [[10.2.0-28]], the "1" in the above URLs were changed to "2". With the New3DS browser from [[10.4.0-29]], it's now "3".

As of October 26, 2015, the "1" URLs return the browser-version for v9.9(decimal number as a string without any "."), while the "2" URLs returns 0.

Line 509: Line 797:

There is a cache for this in savedata. The request is only done when at least 24-hours have passed since the last time the request was done(see the below savedata section).

−

~~The URL is requested using [[HTTP_Services|HTTPC]].~~

It is still possible to guard against this update by blocking the previous URLs using a proxy.

It is not possible to remove the update message by entering the [[Recovery Mode]].

−

== v9.~~9 dummy~~ web-browser ==

+

=== Page request ===

−

The ~~gamecard~~ v9.9 sysupdate ~~included with some games contains~~ a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and [[RO_Services|RO]] isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".

+

For this request, all root-CAs bundled with the browser are trusted, in addition to two of the SSL module builtin Nintendo root-CAs.

+

The browser(with New3DS at least) does the following with [[HTTP_Services|HTTPC]] for requesting the above page:

+

* Initializes the HTTP context and uses [[HTTPC:InitializeConnectionSession]] + [[HTTPC:SetProxyDefault]].

+

* Uses [[HTTP_Services|HTTPC]] command 0x250080 twice with cmd[1]=contexthandle: first time cmd[2]=0x3, second time cmd[2]=0x6.

+

* Then [[HTTPC:AddTrustedRootCA]] is used 48 times to setup 48 trusted root CAs. This appears to be every cert in the browser "romfs:/browser/rootca.pem" file converted to DER, in the same order from there(in other words, every single root CA the browser trusts by default for normal web-browsing).

+

* Then [[HTTPC:BeginRequest]] is used.

+

* Then [[HTTPC:ReceiveDataTimeout]] is used, the recv-size seems to be fixed to 0x20.

+

* Then [[HTTPC:GetResponseStatusCodeTimeout]] is used.

+

* Then [[HTTPC:GetDownloadSizeState]] is used.

+

* Then the HTTP context is closed.

+

Raw request data(New3DS USA v10.2 browser):

+

000000: 47 45 54 20 2f 53 4e 41 4b 45 2f 32 2f 55 53 41 GET /SNAKE/2/USA

+

000010: 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a HTTP/1.1..Host:

+

000020: 20 63 62 76 63 2e 63 64 6e 2e 6e 69 6e 74 65 6e cbvc.cdn.ninten

+

000030: 64 6f 2e 6e 65 74 0d 0a 0d 0a do.net....

+

=== v10.7 ===

+

The only actual code change with Old3DS/New3DS browser v10.7 was that the code which calculates the diff_timestamp was moved to immediately after the block which initializes <state_timestamp> when <state_timestamp> is all-zero. This fixed the browser-version-check [[3DS_Userland_Flaws|bypass]].

+

== Dummy web-browser ==

+

Gamecards v9.9 and above include, with their sysupdate, a dummy Old3DS/New3DS web-browser. The *only* thing this title does is display the same message listed in the above forced-update section. The message files in RomFS *only* contain that message string above. There are no "http" strings in the main codebin, and [[RO_Services|RO]] isn't used either(no CRO data in RomFS at all). Both browsers are internally called "dummySpider".

+

Hence, if you update your system below v9.8 with any v9.9 or above gamecard, the system web-browser will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here).

−

~~Hence, if you update your system from pre-v9~~.~~9 using a gamecard with v9~~.9, the ~~system~~ web-browser ~~will be rendered *completely* useless until you install a system-update from CDN(no network requests involved here)~~.

+

Gamecards v10.7 and v11.4(New3DS only) have updated the dummy web-browser, where the only difference is the title version.

== Savedata ==

Line 529: Line 839:

The timestamp format used here is the number of milliseconds since January 1, 2000(local-time).

−

When using the "~~Initiaize~~ savedata" option in the browser, that deletes this savedata file/image then exits the browser. This file is then re-created when the browser gets started again.

+

When using the "Initialize savedata" option in the browser, that deletes this savedata file/image then exits the browser. This file is then re-created when the browser gets started again.

{| class="wikitable" border="1"

Line 554: Line 864:

|}

−

==~~Web Standards~~==

+

==APT Parameters==

−

*HTML 4.01

+

The URL to load can optionally be loaded from char[] string [[APT:SendParameter|paramblk+0]]. This is used when scanning URL QR-codes in Home Menu / etc.

−

*HTML 5 (120/400 score on [~~http~~:~~//www.html5test.com HTML5Test.com~~])

−

*XHTML 1.1

−

*CSS 1

−

*CSS 2.1

−

*CSS 3 (some functionality is ~~unavailable)~~

−

*DOM Levels 1-3

−

*ECMAScript (partial support for ECMA-262 5th Edition)

−

*XMLHttpRequest Level 2

−

*Canvas Element (some functionality is unavailable)

−

~~==Protocols==~~

−

*HTTP 1.0

−

*HTTP 1.1

−

*SSLv3

−

*TLS 1.0

−

==~~Image Formats~~==

+

==Errors==

−

*[[File_Formats|MPO]]

+

"Failed to load part of this page": This can be caused by failing to load "/favicon.ico". For example, this can be caused by loading a plain HTTP page, with plain-http favicon redirecting to HTTPS. If cert-verify then fails with favicon in this case, this error would then trigger.

−

*GIF

−

*JPEG

−

*PNG

−

*BMP

−

*ICO (some files cannot be ~~displayed)~~

−

~~==Plug~~-~~Ins==~~

−

~~Plug~~-~~ins (such as Adobe Flash) are not supported~~.

==Other details==

Line 591: Line 877:

* HTML5Test.com say that Drag and drop is supported but it's not (code on WebKit is ready, but it's not implemented on interface of browser)

+

* Webpages are rendered with the RGB565 color format.

+

** Most RGB colors on the web are specified in RGB8 format, but the 2D canvas <code>setFillColor</code> and <code>setStrokeColor</code> functions accept RGB565 colors when provided with parameters for red, green, blue, and alpha, respectively.

==Tips==

Line 634: Line 922:

The events cannot have their default action cancelled. Other buttons do not trigger key events.

+

The Old3DS browser dispatches a keypress event once per key press for each of the buttons above, but the New3DS browser dispatches the event continuously until the button is released.

+

A keyboard event's <code>keyIdentifier</code> property usually should not be used to identify which button was pressed, as the A button's keypress event is dispatched with a key identifier of "" (an empty string) rather than "Enter" in the New3DS browser.

+

The New3DS browser's keyboard dispatches keydown and keyup events when a key is pressed, but it is not possible to determine which key was pressed based on the event itself. Every keyboard keydown event has a key code of 229 and a key identifier of "U+00E5", and every keyup event has a key code of 0 and a key identifier of "U+0000".

+

Key events are suppressed while the touchscreen is touched.

==== Touch/Mouse Events ====

−

~~onmousedown~~, ~~onmouseup~~ & ~~onclick~~ are all triggered by the browser. However, the ~~onmousedown~~ event doesn't trigger until you lift the stylus or you've held it on the screen for ~~~2 seconds—which~~ is ~~when~~ text selection mode is ~~activated—making it pretty much~~ the ~~same as~~ ~~onmouseup~~. The events ~~cannot~~ have their default ~~action~~ cancelled.

+

The mousedown, mouseup, and click events are all triggered by the browser. However, the mousedown event doesn't trigger until you lift the stylus or you've held it on the screen long enough to trigger text selection mode. Text selection mode requires pressing the touchscreen for approximately 1.05 seconds in the Old3DS browser, or pressing the touchscreen for approximately 0.41 seconds in the New3DS browser. Also, the mousedown event is only dispatched while text selection mode is active. Mouse events cannot have their default actions cancelled.

+

Touch events are not supported in the Old3DS browser, and the touchcancel event does not seem to be used by either browser. Touches cannot start within the bottom browser bar, but they can move to be within it. The rotation angle, contact radii, and pressure of each touch are always zero, as the 3DS touchscreen is not capable of detecting these values. Only one touch can be detected at a time due to the touchscreen's hardware limitations as well. Unlike mouse events, touch events can have their default actions cancelled. Doing so will prevent the touchscreen from being used to scroll through the webpage, highlight text, zoom out, and interact with the bottom browser bar.

−

The ~~onmousemove and common touch/gesture events are not supported~~.

+

==== System Font Characters ====

+

The [[System_Font#Unicode_Private_Use_characters|system font]]'s private-use characters can be viewed within the web browser.

== Screen Resolution ==

−

The up screen resolution is 400×240. However, the viewable area in the browser is only ~~400×220~~.

+

The up screen resolution is 400×240. However, the viewable area in the browser is only 400×215.

−

The touch screen resolution is 320×240. However, the viewable area in the browser is ~~only~~ 320×212.

+

The touch screen resolution is 320×240. However, the viewable area in the browser is 320×212 or 320×240, depending on if the bottom browser bar is visible. The New3DS browser's bottom bar can hidden by scrolling and/or attempting to zoom in/out with the C-stick, unless scrolling and zooming have both been disabled.

−

You can have a page span both screens. However, the browser will behave as if the bottom screen is the only active screen and the top screen is scrolled off. This is important when computing CSS coordinates. Items positioned from "bottom" will be positioned based on ~~220px and~~ not the ~~full 432px~~ of both screens.

+

You can have a page span both screens. However, the browser will behave as if the bottom screen is the only active screen and the top screen is scrolled off. This is important when computing CSS coordinates. Items positioned from the "bottom" will be positioned based on the height of the bottom screen, not the cumulative height of both screens.

== Using Both Screens ==

Line 655: Line 954:

<html>

<head>

−

+

<style>

−

body{margin:0px;}

+

body { margin: 0px; }

−

#topscreen{width:400px;height:~~220px~~;overflow:hidden;}

+

#topscreen { width: 400px; height: 215px; overflow: hidden; background-color: red; }

−

#bottomscreen{width:320px;height:212px;overflow:hidden;margin:0 ~~auto~~;}

+

#bottomscreen { width: 320px; height: 212px; overflow: hidden; background-color: blue; margin: 0 40px 28px; }

</style>

</head>

Line 670: Line 969:

This scheme allows the page to be easily manipulated through JavaScript. In order to have the window snap to the correct position, use the following JavaScript code:

−

window.setInterval(function () {

+

window.setInterval(function() {

−

window.scrollTo(40, ~~220~~);

+

window.scrollTo(40, 215);

−

}, 50);

+

}, 0);

−

This automatically resets the position if the user accidentally scrolls the page.

+

This automatically resets the position if the user accidentally scrolls the page. Zooming should probably also be disabled by adding <code>user-scalable=no</code> to the <meta> viewport element, though this will only have an effect in the New3DS browser.

==Example Sites==

−

* [http://~~geekshadow~~.com/~~gaming~~/~~dev~~/~~weaponscolors~~/~~3DS~~/ ~~Weapons and Colors~~] (~~Short URL: http~~://~~bit~~.ly/~~3DSwc~~)

+

* [http://www.nintendo.com/3ds/internetbrowser/bookmarks Nintendo 3DS Bookmarks]: This is the first bookmark pre-installed in the browser.

+

* [https://imgsharetool.herokuapp.com ImageShare]: Image uploader for the 3DS ([https://github.com/corbindavenport/image-share source code])

* [http://3ds.andysmith.co.uk/jFox.html jFox] (Short URL: http://bit.ly/iB7FqW)

−

* [http://ditto3d.com/3ds Ditto3D] (Short URL: http://bit.ly/oVreWA)

+

* [http://ditto3d.com/3ds Ditto3D (Dead Link)] (Short URL: http://bit.ly/oVreWA)

−

* [http://www.nintendo.com/3ds/internetbrowser/bookmarks Nintendo 3DS Bookmarks] - This is the first bookmark pre-installed in the browser.

Tonyzamboney

26

edits

Changes

Internet Browser (edit)

Revision as of 18:09, 18 November 2022

Navigation menu

Search