​

​

(complete video of the talk - uploaded Oct. 22, 2018)

UPDATE (10-23-18): This hack was patched on 11.8 and was never publicly implemented
Please use Frogminer -> Free B9S cfw, works on 11.8, covers all major regions
(disclosure: Frogminer is my hack, but it serves the same purpose smeahax originally promised, so it's relevant here)​

​

It looks like our old 3DS scene pal @smealum has returned to the limelight! Famous for his groundbreaking Ninjhax, Ironhax, and Tubehax userland exploits, and the udsploit kernel11 hax, Smea is back and better than ever with a total of four new exploits set to be revealed this Saturday at Defcon 26 in Las Vegas! So if you never got on the CFW bandwagon (full control of your 3DS with all the implied benefits), you'd better come and tune in with us this Saturday at 11:00 am PT sharp!​

Slides and Additional Videos

MHAX userland
ROHAX2 priv. escalation
ZHAX kernel11
TWLHAX arm9

(please wait for the guide to be updated for instructions)
^ skeletonwaiting.gif

code for my full 3DS exploit chain is available on GitHub https://t.co/7tp679fBEO https://t.co/d98VJ0kfX3 https://t.co/BuFKA3CcSv https://t.co/yypeZTMDpN

— smea (@smealum) August 11, 2018

​

 

[Volti]

11.8 is not supportet, Right? ^^

 

[zoogie]

11.8 is not supportet, Right? ^^

That is correct.

Old3ds is not supported either, unless you have a userland exploit already.

 

[NoNAND]

That is correct.

Old3ds is not supported either, unless you have a userland exploit already.

Wow
So glad i hacked my old 3ds last year

 

[MaverickWellington]

can someone give me a rundown on or a link to his presentation?

 

[zoogie]

can someone give me a rundown on or a link to his presentation?

There won't be a video for a good while (6 months I heard).
Check out "slides and videos" in the OP and the hax repos.
That's all we have right now.

People are still working on getting the exploits ready for public consumption.

 

[Myria]

I have a feeling that Nintendo's fix for TWL_FIRM is very...incomplete, and that exploiting it is still simple. I know of a few attack vectors to try. However, it would still require an ARM11 exploit, now that one has been burned.

 

[thisisallowed]

I have a feeling that Nintendo's fix for TWL_FIRM is very...incomplete, and that exploiting it is still simple. I know of a few attack vectors to try. However, it would still require an ARM11 exploit, now that one has been burned.

Also; what about agb firm?

 

[Deleted User]

Also; what about agb firm?

It only has access to ARM7 which is not even powered on when not playing GBA VCs.

 

[zoogie]

It only has access to ARM7 which is not even powered on when not playing GBA VCs.

You're confusing agb_firm with the GBA bios.
agb_firm is a 3ds mode title with various arm9 and arm11 executables included.
It's responsible for setting up the 3ds hardware for GBA BC mode and then switching to it.

 

[jimmyj]

I have a feeling that Nintendo's fix for TWL_FIRM is very...incomplete, and that exploiting it is still simple. I know of a few attack vectors to try. However, it would still require an ARM11 exploit, now that one has been burned.

You could install cfw,inject 11.8 twl firm, and leave agb firm and native firm to 11.4 so you can uninstall cfw and use the existing arm11 exploit to start looking for vulns in the 11.8 twl firm.(this is only for finding vulns,this would be useless for any normal user)

 

[R13]

Anybody got a rough estimate for how long until actual instructions on how to do it are uploaded? Wondering if I should wait or just do seedminer method. (Sorry if this has already been asked)

 

[Akira]

Anybody got a rough estimate for how long until instructions are uploaded? Wondering if I should wait or just do seedminer method. (Sorry if this has already been asked)

If you have the capability to cash out $2 then just do the seedminer method.

 

[R13]

I mean, if it was going to come out within the next day or 2, I'd be willing to wait. It was more of "will take a day or a month?."

 

[Scooty789]

Hey zoogie, I'm sorry for this stupid question, but do you have an estimated release date for the exploit's instructions on 3ds.hacks.guide?
Thanks in advance.
Edit: I just saw that somebody asked this question before me.... I'm sorry for repeating questions.

 

[PICTOCHAT]

I can't play any of the videos or the slide... For me opening the PDF only shows a gray vertically-oriented oval, and the videos show some sort of crack going through a square in the frame the video is supposed to be, and the time in the bottom left corner showing "0:00"... Any help would be appreciated.

 

[Brawl345]

I can't play any of the videos or the slide... For me opening the PDF only shows a gray vertically-oriented oval, and the videos show some sort of crack going through a square in the frame the video is supposed to be, and the time in the bottom left corner showing "0:00"... Any help would be appreciated.

Try downloading it instead of opening it in the browser. Works for me.

 

[SirNapkin1334]

Can you provide a link to the full talk? Ideally on YouTube so I can watch it on my phone (won’t have computer access for 2 more days)

 

[Seismof]

That is correct.

Old3ds is not supported either, unless you have a userland exploit already.

So, does that mean that everyone who's on 11.7 and have an old 3ds or 2ds won't be able to get cfw without updating?

 

[ihaveahax]

Can you provide a link to the full talk? Ideally on YouTube so I can watch it on my phone (won’t have computer access for 2 more days)

Probably won't happen for 6 months if nobody else recorded it

 

[R13]

Maybe this is a dumb question but if the videos on how to do it (From smea's talk) arn't going to be released for a long time, surely it is going to be quite a while before any guide for normal users will prop up? I don't think anyone is going to do the guide from memory of the talk. Unless other people already know how to do it.