478
edits
Changes
→Exploits
It is currently unknown if Nintendo Zone uses a newer NetFront version with this bug fixed. A Nintendo Zone exploit couldn't be easily used by everyone, as Linux and a compatible hostapd wireless NIC is required. An SSID, and the WEP key generated from the SSID, from a real Nintendo Zone/DS Station AP is required.
It is currently unknown if Nintendo Zone uses a newer NetFront version with this bug fixed. A Nintendo Zone exploit couldn't be easily used by everyone, as Linux and a compatible hostapd wireless NIC is required. An SSID, and the WEP key generated from the SSID, from a real Nintendo Zone/DS Station AP is required.
At real Nintendo Zone APs, a laptop running Linux with a wireless NIC supporting monitor mode would be needed.
At real Nintendo Zone APs, a laptop running Linux with a wireless NIC supporting monitor mode would be needed.
This exploit would be meant more for reverse engineers. A DS Station exploit has been written by Yellows8. This DS Station exploit can't be adapted to Nintendo Zone until an Nintendo Zone AP capture and Nintendo Zone binary are obtained. A volunteer to capture Nintendo Zone AP traffic and the WMB binary was found a long while ago, but it is unknown when he'll capture. Perhaps sometime this month(March), but it's unknown. This exploit can only be used with html that is transferred over http. The html for the index main and sub screens is transferred over https. However, the html for the main screen for the pages after the index,(main server and third-party companies websites) is transferred with http. The sub screen html is transferred with https, with the main server. Sub screen html with third-party companies is transferred with http. Strangely, the back link from the menu after the index page for the main server, the main screen html URL uses http, rather than https.
This exploit would be meant more for reverse engineers.
A DS Station exploit has been written by Yellows8. This DS Station exploit can't be adapted to Nintendo Zone until an Nintendo Zone AP capture and Nintendo Zone binary are obtained. A volunteer to capture Nintendo Zone AP traffic and the WMB binary was found a long while ago, but it is unknown when he'll capture. Perhaps sometime this month(March), but it's unknown. This exploit can only be used with html that is transferred over http. The html for the index main and sub screens is transferred over https. However, the html for the main screen for the pages after the index,(main server and third-party companies websites) is transferred with http. The sub screen html is transferred with https, with the main server. Sub screen html with third-party companies is transferred with http. Strangely, the back link from the menu after the index page for the main server, the main screen html URL uses http, rather than https.
Currently the exploit only changes the sub screen display to a tiled hex dump display.(It's supposed to anyway, gfx isn't working right.)
Currently the exploit only changes the sub screen display to a tiled hex dump display.(It's supposed to anyway, gfx isn't working right.)
A means of bootstrapping homebrew is being worked on. Bootstrapping an .nds embedded in the exploit has been done somewhat successfully, but Arm7 booting seems to be broken, and gfx reset is broken.
A means of bootstrapping homebrew is being worked on. Bootstrapping a .nds embedded in the exploit has been done somewhat successfully, but Arm7 booting seems to be broken. NetFront limits the size of html files that can be downloaded. The max size of a LZSS compressed .nds embedded in the exploit is roughly 200KB.
== Technical information ==
== Technical information ==
More technical information is available [http://code.google.com/p/wmb-asm/wiki/NintendoSpot here.]
More technical information is available [http://code.google.com/p/wmb-asm/wiki/NintendoSpot here.]