Ninjhax
Ninjhax (sometimes misspelled Ninjahax) is a user mode exploit found by smealum for the Nintendo 3DS game Cubic Ninja. The exploit was initially released November 20, 2014[1], supporting 3DS system menu versions 4.0 - 9.2. One of the system flaws used by ninjhax was subsequently blocked by the 9.3 update[2]. Several months later, on July 18, 2015, smealum released ninjhax version 2.0[3]. This new version added support for system menu versions above 9.2, up to version 9.9. The old version 1 can still be used on lower system menu versions.
Ninjhax makes use of a flaw in the level editor of Cubic Ninja. The levels can be of variable length, but are stored in fixed-length buffers without length checks[4]. This is used to create a stack buffer overflow, which leads to ROP capabilities. The exploited level can easily be loaded through the QR code sharing feature of the game.
Contents
Changelog
v1.0 (November 20, 2014)
Initial release
v1.1 (December 25, 2014)
- Improved 3dsx loader
- new HB service commands
v1.1b (December 26, 2014)
- Stability improvements
v2.0 (July 18, 2015)
- Add support for system menu version 9.3 - 9.9
Credits
- smea — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging
- yellows8 — 3DS research, ctrulib improvements, auditing, help with pretty much everything
- plutoo — 3DS research, ctrulib improvements, auditing, help with pretty much everything
- fincs — 3DSX format/code, ctrulib improvements, devkitARM integration, testing
- mtheall — ctrulib improvements, hbmenu code, testing, .gitignore files
- GEMISIS — hbmenu code, testing
- Fluto, Arkhandar — hbmenu design
- Normmatt, ichfly — general help, testing
- case — javascript master
- lobo — webpage template