LoginLogin
Nintendo shutting down 3DS + Wii U online services, see our post

Could a SmileBASIC program ever be malicious?

Root / General / [.]

๐Ÿ”’
HTV04Created:
I doubt it. You can't even save/delete files without permission. The worst you could do is crash the 3DS. If the exploits hadn't been fixed, you might be able to do something bad, but not easily. As far as I know, you can't run any homebrew software without having certain files on your SD card.

It isn't really up to SmileBoom to verify the safety of programs distributed. They only take down content that infringes copyright to avoid legal trouble, and /maybe/ explicit content based on Nintendo policies. Like 12 said, the worst that code that stays within SmileBASIC can do is perform file operations, and that requires user permission for exactly that reason. It's not impossible that an exploit exists that allows a program to break out of the sandbox, but BGSCREEN/DHLPTX was the last thing like that and it got patched long ago. Even there, it might be stuck within SmileBASIC's RAM. At the very least, there's no reason to worry about malicious code. If someone does find another exploit, it's sure to be used for something stupid like homebrew first. There's not too much to gain from attacking a 3DS.

Ok, that's good to hear. Are you sure there's no way a SmileBASIC program can be malicious though? I've heard that there's a command that can crash SB (which I won't state, but it's kind of easy to find), but can it or another command(s) do something else? And I thought SmileBoom took down programs that crashed SB, but I guess not.

I get the feeling this isn't going to go anywhere unless you tell us what "something else" you're afraid of.

What I meant was, could a command that could crash my 3DS or a command that can be used improperly alter the main 3DS software?

One thing I could imagine as possible is a program which opens files for you to edit, and it shows you the document how you chose to edit it while in the program but saves it differently.

One thing I could imagine as possible is a program which opens files for you to edit, and it shows you the document how you chose to edit it while in the program but saves it differently.
I could see something like that (which is why I mostly use the default editor, with an exception being SmileIDE as itโ€™s really useful), but that's all in SmileBASIC. I was wondering whether something could be exploited to go into the main 3DS software. EDIT: Ignore this post and all others by me on this thread, I donโ€™t feel the same way (being very paranoid) anymore.

One thing I could imagine as possible is a program which opens files for you to edit, and it shows you the document how you chose to edit it while in the program but saves it differently.
I could see something like that (which is why I only use the default editor), but that's all in SmileBASIC. I was wondering whether something could be exploited to go into the main 3DS software.
What is the command?
CONTROLLER(0) or something that will be 0, like DS or SHUTDOWN. SHUTDOWN looks cool, so I use that.

-snip- What is the command?
if you're wondering about a command to crash, it's CONTROLLER 0 but according to this context:
One thing I could imagine as possible is a program which opens files for you to edit, and it shows you the document how you chose to edit it while in the program but saves it differently.
I could see something like that (which is why I only use the default editor), but that's all in SmileBASIC. I was wondering whether something could be exploited to go into the main 3DS software.
What is the command?
i have no idea what you mean.

There are no known exploitable bugs, like we said previously. If there were, I don't think they would be limited to sneaking around in malicious programs. It's not like a "real" environment where malware can use system services to grab your information or grow a botnet. It's a 3DS, and you can't consistently break out of SmileBASIC anyway. All programs come with a risk that it will do something you didn't intend. It's a real concern, sure, but 1) you can easily read the source for any SmileBASIC program, provided it isn't decrypted on-the-fly from some accessory file or something and 2) That you are using this site means you are running scripts we serve to you, perhaps unquestioningly. It's hard to imagine being concerned about SB in this context more than anything else you might be running on your computer. It's not impossible that a bug exists. But more likely are the crashes, and the worst that can happen there is you lose unsaved work. If it were an issue, people would be discussing it, I think. >I only use the default editor this is acceptable with the code editor because no good alternatives exist yet but otherwise I think you're just unnecessarily limiting yourself. At least learn which developers in the community you can trust.

I think itโ€™s kinda funny how people question if malware from sb could destroy your 3DS but in reality is a 3DS worth destroying? Thereโ€™s no top-secret files that contain all your personal information in it or really any banking related things it could get into.

"could?" yes, absolutely. "would?" extremely unlikely. If a dev had an exploit for SB, it would either be sold to Nintendo's bounty program or released to the public for rep points. A malicious userland sploit really wouldn't help a dev in any way. It's not like there's credit card #'s to steal or anything. Those are stored server-side.

Exploits in SB aren't even that useful for homebrew, since there isn't a cartridge version. Nintendo would just take it off the eShop until there's a fix (or just forever).