9 matches found
Nintendo: [3DS][StreetPass] Heap Overflow in Swapnote parser leads to userland StreetPass RCE
Affected Systems - System: Nintendo 3DS - Version: = 11.13 - Region: ALL Description When parsing TLRF chunks in message files the application calls memcpy using user provided sizes to copy controlled data over a fixed-size buffer. Thus one can overflow heap chunks which is enough to get code...
Nintendo: [3DS][SSL][SDK] Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player
Affected Systems - Platform: New Nintendo 3DS - Region: ALL - System version: 11.13 latest at the time of writing Description The Mobiclip SDK used for parsing moflex videos does not check the number of audio channels in an audio stream. This leads to a miscalculation of free space remaining in a...
Nintendo: [3DS][SSL] Use of uninitialized class member leads to RCE in eShop movie player
Affected Systems - Platform : New Nintendo 3DS - Region: ALL - System version: 11.13 latest at the time of writing Description The eShop video player does not initialize pointers to some decoder objects when creating a video player object. With a specific audio codec this induces the use of...
Nintendo: [3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks
Affected Systems - Platform: New Nintendo 3DS - Region: ALL - System version: = 11.13 Description The SSL system module does not properly validate the x509 certificates when establishing an SSL/TLS connection. Actually, the SSL system module does not check the signatures when validating a...
Nintendo Confirms Breach of 160,000 Accounts
Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were loggin...
Nintendo: [3DS][StreetPass] Buffer Overflow in Super Mario Maker level decompression
-- Information - Platform: New Nintendo 3DS - Region: EU all regions are affected - System version: less or equal to 11.10 latest Description Since the bootroms have been dumped, it is now possible for an attacker to decrypt streetpass communications. Super Mario Maker is vulnerable to a buffer...
Nintendo 3DS DNS Client Resolver Predictable TXID
Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from...
Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID
I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...
Nintendo 3DS also got Hacked Within 24 Hours after Release !
The new Nintendo 3DS didn't last 24 hours in Japan before hackers jailbroke the device to support Revolution For DS R4 flash cards that play old Nintendo games. Although R4 cards were built for Nintendo DS, the hackers show how they can use the storage cards to run homebrew and older Nintendo gam...