nba::yoh’s blog | Write an awesome description for your new site here. You can edit this line in _config.yml. It will appear in your document head meta (for Google search results) and in your feed.xml site description.

Light

Dark

Offensive on the Source Engine Network Protocol - Part 1: InfoLeak

Jun 30, 2025 About 23 mins

This post starts a series of a few dedicated to my work on exploiting the Source Engine 1 – back in 2022-2023. At the time, CS2 was not out yet, hence, the primary target was still CS:GO. In the course of these posts, I’ll talk about the few bugs that I found and how I exploited them to get remote code execution – particularly targeting CS:GO.... Read More

#csgo #infoleak #exploit #network #protocol #game #source-engine
Exploiting the 3DS browsers - Part 2: validityhax

Jan 12, 2019 About 10 mins

Intro Here it is, the first vulnerability I exploited which affects SPIDER (O3DS). In this post I will go through the process of identifying the vulnerability and getting a rop-chain execution. I might post later about how to get real code execution, but since it’s all about abusing GPU’s DMA and it’s used by all userland exploits I’m sure you... Read More

#3ds #exploit #browser #webkit #spider
Exploiting the 3DS browsers - Part 1: Finding flaws

Dec 25, 2018 About 3 mins

Intro This post starts a series of a few ones dedicated to web browsers exploitation on the (New) Nintendo 3DS system. Browsers were - a few years ago - quite popular entrypoints for gaining code execution and launch the homebrew launcher. Back then yellows8 regularly updated his browserhax to support new browser versions and/or gain in stabil... Read More

#3ds #browser #exploit #webkit