The 3DS used to be hacked using a QR code that was scanned using the game cubic ninja (it used QR codes as a medium for sharing levels). The interpreter had a basic memory safety bug, so you could trigger a ROP chain using a malformed QR code to get ACE. This was of course voluntary by the user (and cubic ninja was hard to get because it was not a commercial success) but that qualifies, I guess.
Then they found out the 3ds browser uses a WebKit version from 2003 and nowadays you just go to a website lol
The 3DS used to be hacked using a QR code that was scanned using the game cubic ninja (it used QR codes as a medium for sharing levels). The interpreter had a basic memory safety bug, so you could trigger a ROP chain using a malformed QR code to get ACE. This was of course voluntary by the user (and cubic ninja was hard to get because it was not a commercial success) but that qualifies, I guess.
Then they found out the 3ds browser uses a WebKit version from 2003 and nowadays you just go to a website lol