kartdlphax - A Mario Kart 7 semi-primary exploit
​

kartdlphax is a semiprimary exploit for the download play mode of Mario Kart 7. It can be used to run an userland payload in an unmodified 3DS by having it connect through download play to another 3DS with Custom Firmware running the exploit.

​

Installation
The exploit uses a 3GX Plugin in the host system. Therefore, in order to use this exploit you need to install the 3GX Loader Luma3DS fork.

In the host console, place the .3gx file from the Releases page in the following directories depending on your game region:

• EUR: luma/plugins/0004000000030700
• JAP: luma/plugins/0004000000030600
• USA: luma/plugins/0004000000030800

By default, the plugin will use the built-in otherapp payload (universal-otherap). You can place your own otherapp at /kartdlphax_otherapp.bin, but keep in mind that the hax 2.0 otherapp doesn't work currently.

Usage

1. On the host 3ds, make sure the plugin loader is enabled from the Rosalina menu (L+Down+Select), then launch the Mario Kart 7 game matching the region of the client 3ds(es). (You will see a confirmation message in the top screen once the game launches).
   
   
2. On the client 3ds(es), launch the download play application.
   
   
3. On the host 3ds, select Local Multiplayer then Create Group. After that, let the client 3ds(es) join the group.
   
   
4. Once the multiplayer menu loads on the host 3ds, select Grand Prix then 50cc then any driver combination and finally the Mushroom Cup. After a while the exploit will trigger on the client 3ds(es).

Keep in mind that while you can send the exploit to 8 consoles at the same time, the success rate seems to decrease for each console added.

Source & Download

Credits

• 3ds ropkit (by yellows8).
• universal-otherapp (Copyright (c) 2020 TuxSH).
• CTRPF (by Nanquitas).
• nitpic3d's developer luigoalma for his huge help.
• Kartic for his huge help and all the people from his development discord server.

 

[Tac 21]

The connection has to be pretty good for data to transfer properly the first time. Also, just wondering, which regions are your consoles?

oh hey I just picked up a JPN 3DS....will it work with that? probably not eh

 

[livid_hen]

oh hey I just picked up a JPN 3DS....will it work with that? probably not eh

I don't think the Japanese region has been tested yet, but for now we assume its European only. So, you could try, but I'm thinking it probably won't.

 

[assassinz]

Shouldn't this still work if host and client systems are all the same region as the Mario Kart 7 game? If it's a region check issue, is the plugin the problem if all consoles and game file are the same region? Do client and host consoles need to be on the latest firmware for this to work?

Wait, I just checked the code and it looks like the download play application isn't region free afterall.
This exploit right now only works on EUR consoles.

This will be very difficult to fix, as CFW doesn't patch region checks in download play, so I can't run tests in order to implement other regions.

 

[PabloMK7]

Shouldn't this still work if host and client systems are all the same region as the Mario Kart 7 game? If it's a region check issue, is the plugin the problem if all consoles and game file are the same region? Do client and host consoles need to be on the latest firmware for this to work?

The firmware version has no effect on the exploit itself afaik, also the universal otherapp payload should work on any version too.

The problem with the region is the download play applications are a bit different, so the addresses need to be adjusted.

 

[assassinz]

kartdlphax v1.1 - American and Japanese games compatibility added.

https://github.com/mariohackandglitch/kartdlphax

 

[raxadian]

kartdlphax v1.1 - American and Japanese games compatibility added.

https://github.com/mariohackandglitch/kartdlphax

Wohoo!

This is great, I will wait for comments to see if it works ao I can hack my other 3/2DS with this.

 

[assassinz]

Wohoo!

This is great, I will wait for comments to see if it works ao I can hack my other 3/2DS with this.

It's preliminary, so it's not 100% ready. They don't mention you have to put other files on the target system's SD card, like 3ds folder, gm9, etc. for CFW to be running. As it is now, it doesn't install Luma and everything you need for full CFW install from the host 3DS.

I tried this using 2 Japanese 3DS. After the files from the host system were done installing, the client system wouldn't start up because boot.bin for luma was missing and gm9, etc. After I installed the missing/required files, I completed the install and now have CFW up and running on the client system.

 

[raxadian]

It's preliminary, so it's not 100% ready. They don't mention you have to put other files on the target system's SD card, like 3ds folder, gm9, etc. for CFW to be running. As it is now, it doesn't install Luma and everything you need for full CFW install from the host 3DS.

I tried this using 2 Japanese 3DS. After the files from the host system were done installing, the client system wouldn't start up because boot.bin for luma was missing and gm9, etc. After I installed the missing/required files, I completed the install and now have CFW up and running on the client system. Using the Seedminer method is still quicker for now.

I have a New 2DS I don't wanna break... But as I said, I will wait.

 

[PabloMK7]

If the demand is high enough I can write some sort of guide similar to the one in 3ds.hacks.guide.

This can be very useful for batch installing CFW to other consoles.

 

[assassinz]

If the demand is high enough I can write some sort of guide similar to the one in 3ds.hacks.guide.

This can be very useful for batch installing CFW to other consoles.

You should just write the guide. Once it's available then I think more people will start using this new method to help friends and family put CFW on their 3DS.

 

[MultiKoopa]

It's preliminary, so it's not 100% ready. They don't mention you have to put other files on the target system's SD card, like 3ds folder, gm9, etc. for CFW to be running. As it is now, it doesn't install Luma and everything you need for full CFW install from the host 3DS.

I tried this using 2 Japanese 3DS. After the files from the host system were done installing, the client system wouldn't start up because boot.bin for luma was missing and gm9, etc. After I installed the missing/required files, I completed the install and now have CFW up and running on the client system.

Wait so somebody could theoretically do this, not tell the other people about this, and then the other people would think their 3DS's are broken?

.....that's kinda awful

 

[assassinz]

Wait so somebody could theoretically do this, not tell the other people about this, and then the other people would think their 3DS's are broken?

.....that's kinda awful

It's possible. But how often would someone be in a situation like that where they have some effed up friends or relatives with a 3DS who want to do some devious MK7 local-multiplayer?

 

[MultiKoopa]

I dunno it's just

I dunno

 

[blackwolf25]

Are you going to make this work with the new update 11.16?

 

[PabloMK7]

Are you going to make this work with the new update 11.16?

The 11.16 update fixed universal-otherapp, which this exploit relies on. If the author of universal-otherapp fixes it then this will work again.

In any case, I'm trying to make this compatible with launching the homebrew launcher, which may be helpful for unsafe_mode as it doesn't require seed miner, however I'm having issues and I'm not sure if it is even possible.

 

[blackwolf25]

The 11.16 update fixed universal-otherapp, which this exploit relies on. If the author of universal-otherapp fixes it then this will work again.

In any case, I'm trying to make this compatible with launching the homebrew launcher, which may be helpful for unsafe_mode as it doesn't require seed miner, however I'm having issues and I'm not sure if it is even possible.

Ok thanks I hope they fix it tho or that you can make it work with homebrew launcher

 

[abruzzimarco]

Fixed for 11.16
kartdlphax v1.2 + 3DS ROP xPloit Injector

 

[FanNintendo]

Strange Im still at 11.9.0 on new 3DS never update and kept canceling updating new firmware but i keep update the CTGP-7 Im happy with the way with myn3DS

 

[blackwolf25]

What do I do it says install menuhax67 or unsafe mode

 

[PabloMK7]

What do I do it says install menuhax67 or unsafe mode

Install unsafe_mode, then follow this guide, but skip the following parts:
Steps 1-4 and 11-13 of section I.
All of section II.

https://3ds.hacks.guide/installing-boot9strap-(usm)