478
edits
Changes
Added note that the servers currently don't force you to update NZone.
== Versions ==
== Versions ==
Version 3.0 of the DSi Nintendo Zone client was released with the February 9, 2010 update. Version 3.0 of the Japanese client was released on January 8, 2010. It is unknown what has changed since the initial version, v2.0. The server checks the client user-agent, and if the version contained in the user-agent is old, the server replies with an error. The user-agent used by NZone v3.0 is "NintendoZoneViewer/1.1". Since the server refuses to let the client continue since the client is old, the client displays a message "This viewer must be updated in order to use the Nintendo Zone service. Update now?". Like DSi Shop, Nintendo forces you to run a system update when the client was updated.
Version 3.0 of the DSi Nintendo Zone client was released with the February 9, 2010 update. Version 3.0 of the Japanese client was released on January 8, 2010. It is unknown what has changed since the initial version, v2.0. The server can check the client user-agent, and if the version contained in the user-agent is old, the server replies with an error. The user-agent used by NZone v3.0 is "NintendoZoneViewer/1.1". Since the server can refuse to let the client continue since the client is old, the client may display a message "This viewer must be updated in order to use the Nintendo Zone service. Update now?". Like DSi Shop, Nintendo can force you to run a system update when the client was updated. Currently the servers don't force you to update.
== Exploits ==
== Exploits ==
DS Station's web browser uses NetFront 3.3.
DS Station's web browser uses NetFront 3.3.
Nintendo Zone v3.0 has the URL buffer overflow bug. The NetFront version user agent was removed from the NZone bin, so it's unknown what NetFront version NZone uses. Linux/hostapd compatible box and a NIC supported by hostapd is required.
Nintendo Zone v3.0 has the URL buffer overflow bug from NetFront 3.3 and DS Station. The NetFront version user agent was removed from the NZone bin, so it's unknown what NetFront version NZone uses. Linux/hostapd compatible box and a NIC supported by hostapd is required.
A DS Station exploit has been written by [[User:Yellows8|Yellows8]]. The exploit is only available on Google Code wmb-asm SVN. SVN web interface is available [http://code.google.com/p/wmb-asm/source/browse/#svn/trunk/nzoneurlstacksmash here], SVN URL available [http://wmb-asm.googlecode.com/svn/trunk/nzoneurlstacksmash here.] To use the exploit at home, you also need a HTTPS forwarder/proxy, like httpsforwarder available in SVN. This exploit can't be tested with Nintendo Zone. This exploit can only be used with html that is transferred over http. All html on the NZone server was moved to HTTPS. The html for the index main and sub screens is transferred over https. However, the html for the main screen for the pages after the index,(main server for DS Station only) is transferred with http. The sub screen html is transferred with https, with the main server.
A DS Station exploit has been written by [[User:Yellows8|Yellows8]]. The exploit is only available on Google Code wmb-asm SVN. SVN web interface is available [http://code.google.com/p/wmb-asm/source/browse/#svn/trunk/nzoneurlstacksmash here], SVN URL available [http://wmb-asm.googlecode.com/svn/trunk/nzoneurlstacksmash here.] To use the exploit at home, you also need a HTTPS forwarder/proxy, like httpsforwarder available in SVN. This exploit can't be tested with Nintendo Zone. This exploit can only be used with html that is transferred over http. All html on the NZone server was moved to HTTPS. The html for the index main and sub screens is transferred over https. However, the html for the main screen for the pages after the index,(main server for DS Station only) is transferred with http. The sub screen html is transferred with https, with the main server.