https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&feed=atom&action=history
N3DS漏洞 - Revision history
2024-03-29T08:42:17Z
Revision history for this page on the wiki
MediaWiki 1.35.8
https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&diff=5997&oldid=prev
T at 13:18, 26 May 2013
2013-05-26T13:18:51Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:18, 26 May 2013</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l8" >Line 8:</td>
<td colspan="2" class="diff-lineno">Line 8:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Pushmo(3DSWare软件) QR码:关卡名称很可能限制在16个字符长。名字过长不能造成游戏崩溃。唯一可能由溢出而触发的崩溃,是应用程序尝试从位于NULL的缓冲区加载一个指针。</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Pushmo(3DSWare软件) QR码:关卡名称很可能限制在16个字符长。名字过长不能造成游戏崩溃。唯一可能由溢出而触发的崩溃,是应用程序尝试从位于NULL的缓冲区加载一个指针。</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Pyramids(3DSWare软件) QR码:没有字符串,LZ10的压缩算法也不能用于运行程序。仅在超出外部极限值的情况下崩溃(类似于背景数据),同样不能用于运行程序。</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Pyramids(3DSWare软件) QR码:没有字符串,LZ10的压缩算法也不能用于运行程序。仅在超出外部极限值的情况下崩溃(类似于背景数据),同样不能用于运行程序。</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">3DS网络浏览器。在输入2</del>^<del class="diffchange diffchange-inline">32长度字符串后崩溃,目前仍不了解漏洞表现。目前不清楚是否是人为因素造成的(Webkit浏览器内核的代码可能造成假崩溃)但是无论如何这个漏洞是不能用于运行程序的。</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">3DS网络浏览器:在输入2</ins>^<ins class="diffchange diffchange-inline">32长度字符串后崩溃,漏洞定位到了 </ins>[http://git.chromium.org/gitweb/?p=external/Webkit.git;a=commitdiff;h=ec471f16fbd1f879cb631f9b022fd16acd75f4d4 这里], concat-large-strings-crash2.html 触发崩溃,这和2^32触发崩溃一样。 多数时候这个漏洞造成内存分页权限错误,因为webkit厂商复制字符串数据到只读内存的缓冲区。区别只在前者企图复制原字符串长(比如一个text字符为“x”,4个就是“xxxx”),而后者尝试复杂超过12MB的数据。在一些少见的情况里,崩溃的是复制字符串的线程,但是这没用,因为它是一个少见的情况。</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">漏洞定位到了 </del>[http://git.chromium.org/gitweb/?p=external/Webkit.git;a=commitdiff;h=ec471f16fbd1f879cb631f9b022fd16acd75f4d4 这里], concat-large-strings-crash2.html 触发崩溃,这和2^32触发崩溃一样。 多数时候这个漏洞造成内存分页权限错误,因为webkit厂商复制字符串数据到只读内存的缓冲区。区别只在前者企图复制原字符串长(比如一个text字符为“x”,4个就是“xxxx”),而后者尝试复杂超过12MB的数据。在一些少见的情况里,崩溃的是复制字符串的线程,但是这没用,因为它是一个少见的情况。</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==正在进行的努力==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==正在进行的努力==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l20" >Line 20:</td>
<td colspan="2" class="diff-lineno">Line 18:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>3DS使用的ARM处理器XN功能的唯一一个应用程序,头部有必要的权限可以设置为可执行的内存。这意味着一个可用的缓冲区溢出漏洞,虽然是有用的, it would not go the entire way towards allowing code to be run in an easy/practical fashion (ie an actual homebrew launcher) - for that, an exploit in the system is required. A buffer overflow exploit does, however, provide enough wriggle room through the use of return-oriented programming to potentially trigger a system exploit.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>3DS使用的ARM处理器XN功能的唯一一个应用程序,头部有必要的权限可以设置为可执行的内存。这意味着一个可用的缓冲区溢出漏洞,虽然是有用的, it would not go the entire way towards allowing code to be run in an easy/practical fashion (ie an actual homebrew launcher) - for that, an exploit in the system is required. A buffer overflow exploit does, however, provide enough wriggle room through the use of return-oriented programming to potentially trigger a system exploit.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>游戏机的console-unique [[Nand/private/movable.sed|movable.sed]] <del class="diffchange diffchange-inline">dumpe后,SD </del>卡 [[extdata]] 和 SD [[游戏存档]] 可以用于攻击。</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>游戏机的console-unique [[Nand/private/movable.sed|movable.sed]] <ins class="diffchange diffchange-inline">dump后,SD </ins>卡 [[extdata]] 和 SD [[游戏存档]] 可以用于攻击。</div></td></tr>
<!-- diff cache key 3dbrew:diff::1.12:old-5996:rev-5997 -->
</table>
T
https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&diff=5996&oldid=prev
T at 13:16, 26 May 2013
2013-05-26T13:16:44Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:16, 26 May 2013</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">漏洞是在N3DS上用来运行非官方代码(homebrew)的一种方式。这个页面记录已经发现的3DS模式下的漏洞。</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">漏洞可以用于在N3DS上用来运行非官方代码(homebrew 自制程序)。本页面记录已经发现的3DS模式下的漏洞,译自[[3DS_exploits]]。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==N3DS漏洞列表==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==N3DS漏洞列表==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">目前在3DS模式下无可行漏洞。</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==失败的尝试==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==失败的尝试==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>这里是之前发现的漏洞以及它们的具体信息。</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>这里是之前发现的漏洞以及它们的具体信息。</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Pushmo(3DSWare软件) <del class="diffchange diffchange-inline">QR码:关卡名称很可能限制在16个字符长。名字过长后游戏并不崩溃,仅在超出外部极限值的情况下崩溃,并不能用于运行程序。</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Pushmo(3DSWare软件) <ins class="diffchange diffchange-inline">QR码:关卡名称很可能限制在16个字符长。名字过长不能造成游戏崩溃。唯一可能由溢出而触发的崩溃,是应用程序尝试从位于NULL的缓冲区加载一个指针。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Pyramids(3DSWare软件) QR码:没有字符串,LZ10的压缩算法也不能用于运行程序。仅在超出外部极限值的情况下崩溃(类似于背景数据),同样不能用于运行程序。</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Pyramids(3DSWare软件) QR码:没有字符串,LZ10的压缩算法也不能用于运行程序。仅在超出外部极限值的情况下崩溃(类似于背景数据),同样不能用于运行程序。</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* 3DS网络浏览器。在输入2^32长度字符串后崩溃,目前仍不了解漏洞表现。目前不清楚是否是人为因素造成的(Webkit浏览器内核的代码可能造成假崩溃)但是无论如何这个漏洞是不能用于运行程序的。</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* 3DS网络浏览器。在输入2^32长度字符串后崩溃,目前仍不了解漏洞表现。目前不清楚是否是人为因素造成的(Webkit浏览器内核的代码可能造成假崩溃)但是无论如何这个漏洞是不能用于运行程序的。</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">漏洞定位到了 [http://git.chromium.org/gitweb/?p=external/Webkit.git;a=commitdiff;h=ec471f16fbd1f879cb631f9b022fd16acd75f4d4 这里], concat-large-strings-crash2.html 触发崩溃,这和2^32触发崩溃一样。 多数时候这个漏洞造成内存分页权限错误,因为webkit厂商复制字符串数据到只读内存的缓冲区。区别只在前者企图复制原字符串长(比如一个text字符为“x”,4个就是“xxxx”),而后者尝试复杂超过12MB的数据。在一些少见的情况里,崩溃的是复制字符串的线程,但是这没用,因为它是一个少见的情况。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==正在进行的努力==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==正在进行的努力==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l17" >Line 17:</td>
<td colspan="2" class="diff-lineno">Line 18:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==技巧和信息==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==技巧和信息==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">N3DS内部的信息是比较稀缺的。这里是3DS编程的一些有用信息,除了3DS提供的基本信息之外,也可以利用泄露的信息和逆向工程进行积累。</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">3DS使用的ARM处理器XN功能的唯一一个应用程序,头部有必要的权限可以设置为可执行的内存。这意味着一个可用的缓冲区溢出漏洞,虽然是有用的, it would not go the entire way towards allowing code to be run in an easy/practical fashion (ie an actual homebrew launcher) - for that, an exploit in the system is required. A buffer overflow exploit does, however, provide enough wriggle room through the use of return-oriented programming to potentially trigger a system exploit.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">这就是说,就算我们找到了一个漏洞,利用它运行自制程序也是很难的。现在正在进行的工作,主要是要找出3DS的奇怪之处,同时寻找可以利用的漏洞。可以参看本文的</del>[[<del class="diffchange diffchange-inline">#正在进行的努力</del>|<del class="diffchange diffchange-inline">正在进行的努力</del>]] <del class="diffchange diffchange-inline">章节来寻找例子和更多的信息。</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">游戏机的console-unique </ins>[[<ins class="diffchange diffchange-inline">Nand/private/movable.sed</ins>|<ins class="diffchange diffchange-inline">movable.sed</ins>]] <ins class="diffchange diffchange-inline">dumpe后,SD 卡 [[extdata]] 和 SD [[游戏存档]] 可以用于攻击。</ins></div></td></tr>
<!-- diff cache key 3dbrew:diff::1.12:old-2656:rev-5996 -->
</table>
T
https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&diff=2656&oldid=prev
黄金の轰龙: /* 正在进行的努力 */
2012-03-12T15:00:14Z
<p><span dir="auto"><span class="autocomment">正在进行的努力</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 15:00, 12 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l14" >Line 14:</td>
<td colspan="2" class="diff-lineno">Line 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>目前有很多人在尝试寻找漏洞并对3DS内部的文件进行文档整理。以下是一些可能会让自制程序成功运行的一些尝试:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>目前有很多人在尝试寻找漏洞并对3DS内部的文件进行文档整理。以下是一些可能会让自制程序成功运行的一些尝试:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Neimod已经研究了很长时间如何dump出RAM的数据,他拆解了N3DS的原配RAM芯片,然后把它重新焊在一块PCB板上,焊回3DS进行dump测试。最近的照片表示进程很顺利,可以成功启动3DS了。Neimod的成果相关图片可以在这里查看[http://www.flickr.com/photos/neimod/ his Flickr stream|他的Flickr账户].</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Neimod已经研究了很长时间如何dump出RAM的数据,他拆解了N3DS的原配RAM芯片,然后把它重新焊在一块PCB板上,焊回3DS进行dump测试。最近的照片表示进程很顺利,可以成功启动3DS了。Neimod的成果相关图片可以在这里查看[http://www.flickr.com/photos/neimod/his Flickr stream|他的Flickr账户].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==技巧和信息==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==技巧和信息==</div></td></tr>
<!-- diff cache key 3dbrew:diff::1.12:old-2655:rev-2656 -->
</table>
黄金の轰龙
https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&diff=2655&oldid=prev
黄金の轰龙 at 14:59, 12 March 2012
2012-03-12T14:59:33Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:59, 12 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l14" >Line 14:</td>
<td colspan="2" class="diff-lineno">Line 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>目前有很多人在尝试寻找漏洞并对3DS内部的文件进行文档整理。以下是一些可能会让自制程序成功运行的一些尝试:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>目前有很多人在尝试寻找漏洞并对3DS内部的文件进行文档整理。以下是一些可能会让自制程序成功运行的一些尝试:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Neimod已经研究了很长时间如何dump出RAM的数据,他拆解了N3DS的原配RAM芯片,然后把它重新焊在一块PCB板上,焊回3DS进行dump测试。最近的照片表示进程很顺利,可以成功启动3DS了。Neimod的成果相关图片可以在这里查看[http://www.flickr.com/photos/neimod/他的Flickr账户].</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Neimod已经研究了很长时间如何dump出RAM的数据,他拆解了N3DS的原配RAM芯片,然后把它重新焊在一块PCB板上,焊回3DS进行dump测试。最近的照片表示进程很顺利,可以成功启动3DS了。Neimod的成果相关图片可以在这里查看[http://www.flickr.com/photos/neimod/ <ins class="diffchange diffchange-inline">his Flickr stream|</ins>他的Flickr账户].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==技巧和信息==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==技巧和信息==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>N3DS内部的信息是比较稀缺的。这里是3DS编程的一些有用信息,除了3DS提供的基本信息之外,也可以利用泄露的信息和逆向工程进行积累。</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>N3DS内部的信息是比较稀缺的。这里是3DS编程的一些有用信息,除了3DS提供的基本信息之外,也可以利用泄露的信息和逆向工程进行积累。</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>这就是说,就算我们找到了一个漏洞,利用它运行自制程序也是很难的。现在正在进行的工作,主要是要找出3DS的奇怪之处,同时寻找可以利用的漏洞。可以参看本文的[[#正在进行的努力 | 正在进行的努力]] 章节来寻找例子和更多的信息。</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>这就是说,就算我们找到了一个漏洞,利用它运行自制程序也是很难的。现在正在进行的工作,主要是要找出3DS的奇怪之处,同时寻找可以利用的漏洞。可以参看本文的[[#正在进行的努力|正在进行的努力]] 章节来寻找例子和更多的信息。</div></td></tr>
</table>
黄金の轰龙
https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&diff=2654&oldid=prev
黄金の轰龙: Translate the original article into Chinese.
2012-03-12T14:57:36Z
<p>Translate the original article into Chinese.</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:57, 12 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of known 3DS-mode exploits.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">漏洞是在N3DS上用来运行非官方代码(homebrew)的一种方式。这个页面记录已经发现的3DS模式下的漏洞。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==<del class="diffchange diffchange-inline">List of 3DS exploits</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==<ins class="diffchange diffchange-inline">N3DS漏洞列表</ins>==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">There are currently no known 3DS-mode exploits.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">目前在3DS模式下无可行漏洞。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==<del class="diffchange diffchange-inline">Failed attempts</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==<ins class="diffchange diffchange-inline">失败的尝试</ins>==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Here are listed all attempts at exploiting 3DS software that have failed so far.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">这里是之前发现的漏洞以及它们的具体信息。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. Only possible crashes are from out-of-bounds values and are not exploitable.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Pushmo(3DSWare软件) QR码:关卡名称很可能限制在16个字符长。名字过长后游戏并不崩溃,仅在超出外部极限值的情况下崩溃,并不能用于运行程序。</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">Pyramids (3DSWare</del>)<del class="diffchange diffchange-inline">, QR codes: no strings. The LZ10 compression can't be exploited either. Only crashes are from out-of-bounds values (like background ID) and are not exploitable.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Pyramids(3DSWare软件</ins>) <ins class="diffchange diffchange-inline">QR码:没有字符串,LZ10的压缩算法也不能用于运行程序。仅在超出外部极限值的情况下崩溃(类似于背景数据),同样不能用于运行程序。</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">3DS browser, 2</del>^<del class="diffchange diffchange-inline">32 characters long string: The behavior of this crash is not well understood. The crash may or may not be done on purpose (Webkit contains code that triggers 'crashes' on purpose). Anyway any attempt at exploiting this has failed so far.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">3DS网络浏览器。在输入2</ins>^<ins class="diffchange diffchange-inline">32长度字符串后崩溃,目前仍不了解漏洞表现。目前不清楚是否是人为因素造成的(Webkit浏览器内核的代码可能造成假崩溃)但是无论如何这个漏洞是不能用于运行程序的。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==<del class="diffchange diffchange-inline">Current efforts</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==<ins class="diffchange diffchange-inline">正在进行的努力</ins>==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">There are people working on finding exploits and documenting the 3DS. Here's a list of some current efforts being made to make homebrew on the 3DS possible:</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">目前有很多人在尝试寻找漏洞并对3DS内部的文件进行文档整理。以下是一些可能会让自制程序成功运行的一些尝试:</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">Neimod has been working on a RAM dumping setup for a little while now. He's desoldered the 3DS's RAM chip and hooked it and the RAM pinouts on the 3DS's PCB up to a custom RAM dumping setup. Recent photos show that the setup is working quite well, with the 3DS successfully booting up. Pictures of neimod's work can be found on </del>[http://www.flickr.com/photos/neimod/ <del class="diffchange diffchange-inline">his Flickr stream</del>].</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Neimod已经研究了很长时间如何dump出RAM的数据,他拆解了N3DS的原配RAM芯片,然后把它重新焊在一块PCB板上,焊回3DS进行dump测试。最近的照片表示进程很顺利,可以成功启动3DS了。Neimod的成果相关图片可以在这里查看</ins>[http://www.flickr.com/photos/neimod/<ins class="diffchange diffchange-inline">他的Flickr账户</ins>].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==<del class="diffchange diffchange-inline">Tips and info</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==<ins class="diffchange diffchange-inline">技巧和信息</ins>==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Information on the 3DS's internals is scarce. There is little information on programming the 3DS available, other than basic information found by taking the 3DS apart, leaks and reverse engineering.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">N3DS内部的信息是比较稀缺的。这里是3DS编程的一些有用信息,除了3DS提供的基本信息之外,也可以利用泄露的信息和逆向工程进行积累。</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">What this means is if any exploits are found, it would be very difficult to do anything useful with them. Work is currently being done to find out how the 3DS ticks and to aid in finding exploits. See the </del>[[#<del class="diffchange diffchange-inline">Current efforts </del>| <del class="diffchange diffchange-inline">current efforts</del>]] <del class="diffchange diffchange-inline">section of this page for examples and more information.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">这就是说,就算我们找到了一个漏洞,利用它运行自制程序也是很难的。现在正在进行的工作,主要是要找出3DS的奇怪之处,同时寻找可以利用的漏洞。可以参看本文的</ins>[[#<ins class="diffchange diffchange-inline">正在进行的努力 </ins>| <ins class="diffchange diffchange-inline">正在进行的努力</ins>]] <ins class="diffchange diffchange-inline">章节来寻找例子和更多的信息。</ins></div></td></tr>
<!-- diff cache key 3dbrew:diff::1.12:old-2649:rev-2654 -->
</table>
黄金の轰龙
https://www.3dbrew.org/w/index.php?title=N3DS%E6%BC%8F%E6%B4%9E&diff=2649&oldid=prev
黄金の轰龙: Created page with "Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of known 3DS-mode exploits. ==List of 3DS exploits== There are currently no know..."
2012-03-12T13:03:02Z
<p>Created page with "Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of known 3DS-mode exploits. ==List of 3DS exploits== There are currently no know..."</p>
<p><b>New page</b></p><div>Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of known 3DS-mode exploits.<br />
<br />
==List of 3DS exploits==<br />
There are currently no known 3DS-mode exploits.<br />
<br />
==Failed attempts==<br />
Here are listed all attempts at exploiting 3DS software that have failed so far.<br />
<br />
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. Only possible crashes are from out-of-bounds values and are not exploitable.<br />
* Pyramids (3DSWare), QR codes: no strings. The LZ10 compression can't be exploited either. Only crashes are from out-of-bounds values (like background ID) and are not exploitable.<br />
* 3DS browser, 2^32 characters long string: The behavior of this crash is not well understood. The crash may or may not be done on purpose (Webkit contains code that triggers 'crashes' on purpose). Anyway any attempt at exploiting this has failed so far.<br />
<br />
==Current efforts==<br />
There are people working on finding exploits and documenting the 3DS. Here's a list of some current efforts being made to make homebrew on the 3DS possible:<br />
<br />
* Neimod has been working on a RAM dumping setup for a little while now. He's desoldered the 3DS's RAM chip and hooked it and the RAM pinouts on the 3DS's PCB up to a custom RAM dumping setup. Recent photos show that the setup is working quite well, with the 3DS successfully booting up. Pictures of neimod's work can be found on [http://www.flickr.com/photos/neimod/ his Flickr stream].<br />
<br />
==Tips and info==<br />
Information on the 3DS's internals is scarce. There is little information on programming the 3DS available, other than basic information found by taking the 3DS apart, leaks and reverse engineering.<br />
<br />
What this means is if any exploits are found, it would be very difficult to do anything useful with them. Work is currently being done to find out how the 3DS ticks and to aid in finding exploits. See the [[#Current efforts | current efforts]] section of this page for examples and more information.</div>
黄金の轰龙