Difference between revisions of "Ninjhax"
(updated version numbers and changelog) |
|||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | '''Ninjhax''' (sometimes misspelled Ninjahax) is a user mode exploit found by [[User:smealum|smealum]] for the Nintendo 3DS game ''Cubic Ninja''. The exploit was initially released November 20, 2014<ref>https://twitter.com/smealum/status/535552052097585152</ref>, supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update<ref>https://twitter.com/smealum/status/542118829422149632</ref>. Several months later, on July 18, 2015, smealum released ninjhax version 2.0<ref>https://twitter.com/smealum/status/622293897117483009</ref>. This new version added support for system menu versions above 9.2, up to version | + | '''Ninjhax''' (sometimes misspelled Ninjahax) is a user mode exploit found by [[User:smealum|smealum]] for the Nintendo 3DS game ''Cubic Ninja''. The exploit was initially released November 20, 2014<ref>https://twitter.com/smealum/status/535552052097585152</ref>, supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update<ref>https://twitter.com/smealum/status/542118829422149632</ref>. Several months later, on July 18, 2015, smealum released ninjhax version 2.0<ref>https://twitter.com/smealum/status/622293897117483009</ref>. This new version added support for system menu versions above 9.2, up to version 10.7. The old version 1 can still be used on lower system menu versions. |
− | Ninjhax makes use of a flaw in the level editor of ''Cubic Ninja''. The | + | Ninjhax makes use of a flaw in the level editor of ''Cubic Ninja''. The level storage format contains sections of variable length that are loaded to fixed-length buffers without length checks<ref>[http://smealum.net/?p=517 ninjhax: the writeup - smealum.net]</ref>. This is used to create a [[wikipedia:Stack buffer overflow|stack buffer overflow]], which leads to [[wikipedia:Return-oriented programming|ROP]] capabilities. The exploited level can easily be loaded through the QR code sharing feature of the game. |
== Changelog == | == Changelog == | ||
Line 16: | Line 16: | ||
=== v2.0 (July 18, 2015) === | === v2.0 (July 18, 2015) === | ||
* Add support for system menu version 9.3 - 9.9 | * Add support for system menu version 9.3 - 9.9 | ||
+ | * Added support for out-of-region gamecards and custom themes | ||
+ | |||
+ | === v2.1 (August 27, 2015) === | ||
+ | * Added [[tubehax]] and [[ironhax]] compatibility. | ||
+ | * Stability improvements. | ||
+ | |||
+ | === v2.5b (October 25, 2015) === | ||
+ | * Add support for system menu version 10.0 - 10.5 | ||
+ | * Added eShop firmware spoofing, rom hacking, in-game screenshots, CPU overclocking, sleep mode and power button support, sound support | ||
+ | |||
+ | === v2.6g (February 24, 2016) === | ||
+ | * Added support for system menu version 10.6 - 10.7 | ||
+ | * Added ability to return to home menu without reboot | ||
+ | * Stability improvements | ||
== Credits == | == Credits == | ||
− | * [[User:smealum| | + | * [[User:smealum|smealum]] — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging |
− | * yellows8 — 3DS research, ctrulib improvements, auditing, help with pretty much everything | + | * [[User:yellows8|yellows8]] — 3DS research, ctrulib improvements, auditing, help with pretty much everything |
− | * plutoo — 3DS research, ctrulib improvements, auditing, help with pretty much everything | + | * [[User:plutoo|plutoo]] — 3DS research, ctrulib improvements, auditing, help with pretty much everything |
− | * fincs — 3DSX format/code, ctrulib improvements, devkitARM integration, testing | + | * [[User:fincs|fincs]] — 3DSX format/code, ctrulib improvements, devkitARM integration, testing |
− | * mtheall — ctrulib improvements, hbmenu code, testing, .gitignore files | + | * [[User:mtheall|mtheall]] — ctrulib improvements, hbmenu code, testing, .gitignore files |
− | * GEMISIS — hbmenu code, testing | + | * [[User:GEMISIS|GEMISIS]] — hbmenu code, testing |
* [[User:Fluto|Fluto]], [[User:Arkhandar|Arkhandar]] — hbmenu design | * [[User:Fluto|Fluto]], [[User:Arkhandar|Arkhandar]] — hbmenu design | ||
* [[User:Normmatt|Normmatt]], ichfly — general help, testing | * [[User:Normmatt|Normmatt]], ichfly — general help, testing | ||
− | * case — javascript master | + | * [[User:case|case]] — javascript master |
− | * lobo — webpage template | + | * [[User:lobo|lobo]] — webpage template |
== Links == | == Links == |
Latest revision as of 21:06, 20 March 2016
Ninjhax (sometimes misspelled Ninjahax) is a user mode exploit found by smealum for the Nintendo 3DS game Cubic Ninja. The exploit was initially released November 20, 2014[1], supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update[2]. Several months later, on July 18, 2015, smealum released ninjhax version 2.0[3]. This new version added support for system menu versions above 9.2, up to version 10.7. The old version 1 can still be used on lower system menu versions.
Ninjhax makes use of a flaw in the level editor of Cubic Ninja. The level storage format contains sections of variable length that are loaded to fixed-length buffers without length checks[4]. This is used to create a stack buffer overflow, which leads to ROP capabilities. The exploited level can easily be loaded through the QR code sharing feature of the game.
Contents
Changelog
v1.0 (November 20, 2014)
Initial release
v1.1 (December 25, 2014)
- Improved 3dsx loader
- new HB service commands
v1.1b (December 26, 2014)
- Stability improvements
v2.0 (July 18, 2015)
- Add support for system menu version 9.3 - 9.9
- Added support for out-of-region gamecards and custom themes
v2.1 (August 27, 2015)
v2.5b (October 25, 2015)
- Add support for system menu version 10.0 - 10.5
- Added eShop firmware spoofing, rom hacking, in-game screenshots, CPU overclocking, sleep mode and power button support, sound support
v2.6g (February 24, 2016)
- Added support for system menu version 10.6 - 10.7
- Added ability to return to home menu without reboot
- Stability improvements
Credits
- smealum — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging
- yellows8 — 3DS research, ctrulib improvements, auditing, help with pretty much everything
- plutoo — 3DS research, ctrulib improvements, auditing, help with pretty much everything
- fincs — 3DSX format/code, ctrulib improvements, devkitARM integration, testing
- mtheall — ctrulib improvements, hbmenu code, testing, .gitignore files
- GEMISIS — hbmenu code, testing
- Fluto, Arkhandar — hbmenu design
- Normmatt, ichfly — general help, testing
- case — javascript master
- lobo — webpage template