115
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − + + + + + Line 20:
Line 24: − + + − + − * This version was built with the latest CTRSDK, so NATIVE_FIRM [[9.6.0-25|9.6.0-X]] is now required.+ + + + + + + + + + + + + + − + − + − + Line 40:
Line 58: + + + +
→3rd Party Libs
The YouTube application available from the eShop is a web-browser. Like the [[Internet_Browser|main]] browser this uses WebKit. All data is downloaded with plaintext HTTP.
The YouTube application available from the eShop is a web-browser. Like the [[Internet Browser|main]] browser this uses WebKit. All data is downloaded with plaintext HTTP (3DS application).
The OSS for the 3DS / Wii U YouTube application is available at the following:
* [https://github.com/youtube/h5vcc_hh]
* [https://github.com/youtube/h5vcc]
==User-Agent and Browser Versions==
==User-Agent and Browser Versions==
| First app update. This build uses the [[7.0.0-13|v7.0]] [[NCCH]] encryption for the main CXI, this was the first retail title to use this.
| First app update. This build uses the [[7.0.0-13|v7.0]] [[NCCH]] encryption for the main CXI, this was the first retail title to use this.
|-
|-
| ?
| 1.7498
| v2096 and v2080
| v2096 and v2080
| October 15, 2015
| October 15, 2015
| This update fixed the vuln used for tubehax.
| This update fixed the vuln used for tubehax.
* This version was built with the latest CTRSDK, so NATIVE_FIRM [[9.6.0-24|9.6.0-X]] is now required.
* Plaintext HTTP is still used.
* Plaintext HTTP is still used.
* The RomFS is empty, and accessinfo is still 0x0. It's unknown what happened to the CROs(see below). Strings related to RO are still in the codebin, but during application startup ldr:ro isn't used at all.
* The RomFS is empty, and accessinfo is still 0x0. Strings related to RO are still in the codebin, but during application startup ldr:ro isn't used at all. The CROs are now built with the main codebin(included with the main .text etc), hence the much larger sections listed below.
* The codebin sections are much larger:
** "Code text size: 0x003A9CF0" -> "Code text size: 0x00A81470"
** "Code ro size: 0x000B9360" -> "Code ro size: 0x0014C848"
** "Code data size: 0x00203F08" -> "Code data size: 0x00207788"
** "Code bss size: 0x00095748" -> "Code bss size: 0x00094F48"
* The USA codebin contains the following user-agent strings: "Mozilla/5.0 (Nintendo 3DS; U; Factory Media Production; en) Version/1.7498.US" and "Mozilla/5.0 (Nintendo 3DS New3DS; U; Factory Media Production; en) Version/1.7499.US".
'''None''' of the public Old3DS/New3DS [[browserhax]] which were public at the time this YouTube app was updated, affect the YouTube app at all (no crashes).
* The "range" html <input> no longer displays: the page background-color is displayed where the slider would have been. Hence, unless there's a way to get this to actually display, [[browserhax|sliderhax]] isn't usable with this YouTube app version.
See [https://github.com/youtube/h5vcc_hh/commit/f464b0a60c6bc99001d4fe3b1915d31dc22b5d69 here] for the WebKit changes. The only actual code changes (in this commit) besides an optimization changeset being integrated, is changes for fixing the vuln used by tubehax.
Originally the YouTube app used the DNS server from the system configuration. Now it's hard-coded to use Google's DNS server at IP address 8.8.8.8 via DNS-resolver socket code in the app itself (it's unknown whether this resolver code existed in the app before this version).
|}
|}
Updates for this application are forced, since the app itself checks for a newer version of the title(this is done before any actual HTTP requests by the actual application are done). This is done with [[Friend_Services]]: the application tries to authenticate itself with FRDU. When the installed version is outdated, it gets an error-code in the output buffer for [[FRDU:GetGameAuthenticationData]](this error-code then gets passed to the error-display applet).
Updates for this application are forced, since the app itself checks for a newer version of the title (this is done before any actual HTTP requests by the actual application are done). This is done with [[Friend Services]]: the application tries to authenticate itself with FRDU. When the installed version is outdated, it gets an error-code in the output buffer for [[FRDU:GetGameAuthenticationData]] (this error-code then gets passed to the error-display applet). This is exactly what official games do when initializing online multiplayer too.
The friend HTTP requests which are involved with the above use HTTPS, so blocking it (probably) isn't an option(the usual POST request(s) to https://nasc.nintendowifi.net/ac).
The friend HTTP requests which are involved with the above use HTTPS, so blocking it isn't an option (the usual POST request(s) to https://nasc.nintendowifi.net/ac): blocking it via DNS only results in a different error-code.
==RomFS==
==RomFS==
The RomFS only contains [[CRO0|CROs]]("/cro/") and the [[CRR0|CRR]]("/.crr/static.crr"), the following is the "/cro/" contents:
The RomFS only contains [[CRO0|CROs]] ("/cro/") and the [[CRR0|CRR]] ("/.crr/static.crr"), the following is the "/cro/" contents:
* JavaScriptCore_CTR.cro
* JavaScriptCore_CTR.cro
* WebCore_CTR.cro
* WebCore_CTR.cro
* WebKit_CTR.cro
* WebKit_CTR.cro
* static.crs
* static.crs
==3rd Party Libs==
The youtube application seems to use libcurl, libjpeg, OpenSSL(ver 1.0.0e) and libavcodec.
==Webkit==
==Webkit==
Looks like the YouTube application uses a newer version of Webkit than the Internet Browser applet. It has the ability to construct Blobs, of course the HTML5 video element, and possibly the Audio element (Visible, but untested). It also supports the localStorage API. Here a list of exposed apis: [http://pastie.org/private/cmtppzyqmopzi9umhg8za].
Looks like the YouTube application uses a newer version of Webkit than the Internet Browser applet. It has the ability to construct Blobs, of course the HTML5 video element, and possibly the Audio element (Visible, but untested). It also supports the localStorage API. Here a list of exposed apis: [http://pastie.org/private/cmtppzyqmopzi9umhg8za].