From WikiTemp, the GBAtemp wiki
(updated version numbers and changelog)
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''Ninjhax''' (sometimes misspelled Ninjahax) is a user mode exploit found by [[User:smealum|smealum]] for the Nintendo 3DS game ''Cubic Ninja''. The exploit was initially released November 20, 2014<ref>https://twitter.com/smealum/status/535552052097585152</ref>, supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update<ref>https://twitter.com/smealum/status/542118829422149632</ref>. Several months later, on July 18, 2015, smealum released ninjhax version 2.0<ref>https://twitter.com/smealum/status/622293897117483009</ref>. This new version added support for system menu versions above 9.2, up to version 9.9. The old version 1 can still be used on lower system menu versions.
+
'''Ninjhax''' (sometimes misspelled Ninjahax) is a user mode exploit found by [[User:smealum|smealum]] for the Nintendo 3DS game ''Cubic Ninja''. The exploit was initially released November 20, 2014<ref>https://twitter.com/smealum/status/535552052097585152</ref>, supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update<ref>https://twitter.com/smealum/status/542118829422149632</ref>. Several months later, on July 18, 2015, smealum released ninjhax version 2.0<ref>https://twitter.com/smealum/status/622293897117483009</ref>. This new version added support for system menu versions above 9.2, up to version 10.7. The old version 1 can still be used on lower system menu versions.
  
Ninjhax makes use of a flaw in the level editor of ''Cubic Ninja''. The levels can be of variable length, but are stored in fixed-length buffers without length checks<ref>[http://smealum.net/?p=517 ninjhax: the writeup - smealum.net]</ref>. This is used to create a [[wikipedia:Stack buffer overflow|stack buffer overflow]], which leads to [[wikipedia:Return-oriented programming|ROP]] capabilities. The exploited level can easily be loaded through the QR code sharing feature of the game.
+
Ninjhax makes use of a flaw in the level editor of ''Cubic Ninja''. The level storage format contains sections of variable length that are loaded to fixed-length buffers without length checks<ref>[http://smealum.net/?p=517 ninjhax: the writeup - smealum.net]</ref>. This is used to create a [[wikipedia:Stack buffer overflow|stack buffer overflow]], which leads to [[wikipedia:Return-oriented programming|ROP]] capabilities. The exploited level can easily be loaded through the QR code sharing feature of the game.
  
 
== Changelog ==
 
== Changelog ==
Line 16: Line 16:
 
=== v2.0 (July 18, 2015) ===
 
=== v2.0 (July 18, 2015) ===
 
* Add support for system menu version 9.3 - 9.9
 
* Add support for system menu version 9.3 - 9.9
 +
* Added support for out-of-region gamecards and custom themes
 +
 +
=== v2.1 (August 27, 2015) ===
 +
* Added [[tubehax]] and [[ironhax]] compatibility.
 +
* Stability improvements.
 +
 +
=== v2.5b (October 25, 2015) ===
 +
* Add support for system menu version 10.0 - 10.5
 +
* Added eShop firmware spoofing, rom hacking, in-game screenshots, CPU overclocking, sleep mode and power button support, sound support
 +
 +
=== v2.6g (February 24, 2016) ===
 +
* Added support for system menu version 10.6 - 10.7
 +
* Added ability to return to home menu without reboot
 +
* Stability improvements
  
 
== Credits ==
 
== Credits ==
* [[User:smealum|smea]] — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging
+
* [[User:smealum|smealum]] — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging
* yellows8 — 3DS research, ctrulib improvements, auditing, help with pretty much everything
+
* [[User:yellows8|yellows8]] — 3DS research, ctrulib improvements, auditing, help with pretty much everything
* plutoo — 3DS research, ctrulib improvements, auditing, help with pretty much everything
+
* [[User:plutoo|plutoo]] — 3DS research, ctrulib improvements, auditing, help with pretty much everything
* fincs — 3DSX format/code, ctrulib improvements, devkitARM integration, testing
+
* [[User:fincs|fincs]] — 3DSX format/code, ctrulib improvements, devkitARM integration, testing
* mtheall — ctrulib improvements, hbmenu code, testing, .gitignore files
+
* [[User:mtheall|mtheall]] — ctrulib improvements, hbmenu code, testing, .gitignore files
* GEMISIS — hbmenu code, testing
+
* [[User:GEMISIS|GEMISIS]] — hbmenu code, testing
 
* [[User:Fluto|Fluto]], [[User:Arkhandar|Arkhandar]] — hbmenu design
 
* [[User:Fluto|Fluto]], [[User:Arkhandar|Arkhandar]] — hbmenu design
 
* [[User:Normmatt|Normmatt]], ichfly — general help, testing
 
* [[User:Normmatt|Normmatt]], ichfly — general help, testing
* case — javascript master
+
* [[User:case|case]] — javascript master
* lobo — webpage template
+
* [[User:lobo|lobo]] — webpage template
  
 
== Links ==
 
== Links ==

Latest revision as of 21:06, 20 March 2016

Ninjhax (sometimes misspelled Ninjahax) is a user mode exploit found by smealum for the Nintendo 3DS game Cubic Ninja. The exploit was initially released November 20, 2014[1], supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update[2]. Several months later, on July 18, 2015, smealum released ninjhax version 2.0[3]. This new version added support for system menu versions above 9.2, up to version 10.7. The old version 1 can still be used on lower system menu versions.

Ninjhax makes use of a flaw in the level editor of Cubic Ninja. The level storage format contains sections of variable length that are loaded to fixed-length buffers without length checks[4]. This is used to create a stack buffer overflow, which leads to ROP capabilities. The exploited level can easily be loaded through the QR code sharing feature of the game.

Changelog

v1.0 (November 20, 2014)

Initial release

v1.1 (December 25, 2014)

  • Improved 3dsx loader
  • new HB service commands

v1.1b (December 26, 2014)

  • Stability improvements

v2.0 (July 18, 2015)

  • Add support for system menu version 9.3 - 9.9
  • Added support for out-of-region gamecards and custom themes

v2.1 (August 27, 2015)

v2.5b (October 25, 2015)

  • Add support for system menu version 10.0 - 10.5
  • Added eShop firmware spoofing, rom hacking, in-game screenshots, CPU overclocking, sleep mode and power button support, sound support

v2.6g (February 24, 2016)

  • Added support for system menu version 10.6 - 10.7
  • Added ability to return to home menu without reboot
  • Stability improvements

Credits

  • smealum — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging
  • yellows8 — 3DS research, ctrulib improvements, auditing, help with pretty much everything
  • plutoo — 3DS research, ctrulib improvements, auditing, help with pretty much everything
  • fincs — 3DSX format/code, ctrulib improvements, devkitARM integration, testing
  • mtheall — ctrulib improvements, hbmenu code, testing, .gitignore files
  • GEMISIS — hbmenu code, testing
  • Fluto, Arkhandar — hbmenu design
  • Normmatt, ichfly — general help, testing
  • case — javascript master
  • lobo — webpage template

Links

References

  1. ^ https://twitter.com/smealum/status/535552052097585152
  2. ^ https://twitter.com/smealum/status/542118829422149632
  3. ^ https://twitter.com/smealum/status/622293897117483009
  4. ^ ninjhax: the writeup - smealum.net