Hi fellow Tempers, here is a (hopefully one in a series) guide to understanding the 3DS architecture and the scene.
They are "popular science" as the details are not always fully explained for the sake of clarity, however these lessons try to never state outright wrong facts, and can hopefully be understood in less than a day each
These are NOT tutorials; I'll sprinkle them of practical facts, but their purpose is to make you understand (which will hopefully make you more informed of what's happening when you do something or even enable you to figure out the cause of a problem), but will not guide you to a specific goal. That's the job of other tutorials and the questions topic!

---

Homebrew: Userland vs ARM11 vs ARM9​

Your 3DS, while working as a 3DS (as opposed to being in DS, DSi, or GBA mode) has two usable processors (each having different privileges with regards to hardware, and thus not interchangeable):

• ARM9, single core, only runs a part of the operating system, can be said to perform security duties.
• ARM11, multicore, runs the rest of the operating system (including all the user interface) and regular applications.

Applications may be:

• standalone (so-called titles: a piece of software in a physical cartridge; a cartridge emulated from a .3ds, .3dz, or .cci file; or a title installed directly from Nintendo server or a .cia package.) These have their own TitleID.
• injected. (this includes health&safety injections, all .3dsx apps, Hans/LayeredFS/etc romhacks.) To be used, these MUST replace, more or less permanently, a standalone app; and not just any standalone app, as the permissions (services, save files, ...) are inherited from the exact one it replaces.

With these definitions made, let me limit this discussion for now to .3dsx software, which the previous definition shows as inherently less capable than .cia versions:



It also appears clear that, to run the Homebrew Launcher ("boot.3dsx"), we must somehow replace an existing title.

This is a pretty complicated multi-stage process, but it all starts with an exploit in some title, for instance Cubic Ninja in the case of Ninjhax(2), the official web browser in browserhax, etc;
an exploit results in the execution of a payload, which may well exploit other vulnerabilities in a chain to gain more access (in fact, .3dsx loading on all 9.0+ systems needs taking over both Home and the Download Play* app).

* Its executable is relatively large, therefore allowing comparably sized .3dsx executables, and has a decent selection of available services for general purpose homebrew.
Some homebrews can choose (or even let you pick) a different standalone base app; this is required for more exotic privileges (DS card save access in TWLSaveTool) or, for Hans or save managers, just picking the appropriate game to work with

The end result is that we can now run .3dsx apps with the system happily believing we're still running Download Play or another app, with the privileges of said software.




What if we want to do more, like replacing the operating system or just installing applications?

Well, there are three commonly agreed on types of homebrew:

• Userland. I've just described these, and how they're limited to the permissions of some single standalone app.
  • Examples include:
  • Homebrew original games (including ports)
  • Calculators, etc
  • Emulators without dynarec (keep reading for more details)
  • Save managers (JKSV, svdt, save_manager) and HANS (note that there are further restrictions on compatibility, especially if you don't use a specific Homebrew Launcher).
• ARM11. Technically, as you can see from the initial definitions, all userland homebrews are ARM11. But the term is used to mean software that exploits the arm11 system software to gain further privileges.
  • Self-modifying code. This includes all Emulators with dynarec (a technology that improves performance, by converting the game's code on the fly). Note that many emulators can automatically check their privilege and behave appropriately as ARM11 or Userland homebrew.
  • Title managers. This includes the installation of "legit cias", which in turn (on 10.7 and under) is enough to downgrade.
• ARM9. These applications run completely independently of the operating system (which in fact is stopped as they load). These come in .3dsx format (actually an userland-based exploiter, with a builtin or external payload made of the actual software) and also in .bin or .dat formats, more suitable for directly booting such apps before the operating system.
  • Custom firmwares. These programs are reloading the operating system on their own, usually after patching some things; but they're otherwise no different than other arm9 software.
  • The "9" series of utilities by D0k3, and most homebrews having "9" in the name
  • SafeA9LHInstaller (this having further requirements than just ARM9 access, at least on Old3DS)
  • Complete operating system replacements like 3DSLinux!

Practically speaking, you may notice two points:

• I have ranked these in order of privilege needed. Indeed, at least when working with .3dsx files, running ARM9 software requires Userland access to run a (usually not very reliable) ARM11-based loader that actually does the taking-over of ARM9. Brahma is still the most common of such loaders, and is built directly into the .3dsx file so you don't have to worry about this. The combined fasthax+safehax instead can be seen as a .3dsx forwarder to a .bin homebrew.
• ARM9 apps run without the operating system. This is both a benefit (nothing to tell it what it can and can't do) and a disadvantage (the app must do everything on its own; this is for instance why there's no way to recover a bricked system by installing clean system cias if it can't boot).

So, finally, let me show the version compatibility, updated 2017-1-10:

• Userland: 4.x to 11.2; visit 3DBrew for up to date, authoritative info.
• ARM11: Up to 11.2, unless you're already running a CFW which may have, among its features, a patch to re-enable this. (Look around its documentation for mentions of "SVC backdoor" or "SVC patch")
• ARM9: Up to 11.2, unless you've already installed Arm9LoaderHax which enables you to run ARM9 homebrew in .bin (but not .3dsx) format.

And, a note on the future but very hyped sighax: Yes, it will allow ARM9 access on any version, past present or future, or even no version at all (if you have a bricked console). But it will require direct NAND access to be installed, which means already having ARM9 or alternatively doing a hardmod.

---

...It's over! Did you (understand or) like this? Got any questions or corrections?

 

[PabloMK7]

Nice! Hopefully this will help understanding what arm11/arm9 means for new people in the scene.

 

[ih8ih8sn0w]

Nice! Hopefully this will help understanding what arm11/arm9 means for new people in the scene.

Fixed the typo
Great read though OP!

 

[Wolfvak]

Great article. Maybe you could dwelve a bit into how the kernel (FIRM) works alongside the userland (titles)? (which would in turn explain how plaintext FIRM attacks work)
Also, as you already know, ARM11 kernel privileges can potentially give you access to all services, which in turn lead to self modifying code and title managers (am service). Maybe it could be better to sacrifice a bit of noob-friendlyness in exchange for more info, since this gives us a lot of access over the console (and as such is incredibly important).

All in all, great thread. Good to see people making this kind of stuff to inform others.

 

[MRJPGames]

Some of the least offensive manspaining I've seen lately.

 

[Ryccardo]

Updated for 33c3

While I didn't see much confusion among the "3 types of homebrew" by newcomers (surely because I don't visit the 3DS sections much nowadays, or maybe because (hopefully) most people who could installed A9LH and switched to cia homebrews now that literally everyone can) but still a nice piece to read, I hope!