Hacking [RELEASE] Regionthree: Region Free loader for 3DS/2DS/xl from 9.0~9.4, Sky3DS Users, regionfree!!

DSoryu

GBA/NDS Maniac
OP
Member
Joined
May 5, 2010
Messages
2,346
Trophies
2
Location
In my house
XP
4,693
Country
Mexico
https://github.com/smealum/regionthree/

As the tittle says, this has become a reality.

¿What does this mean?

-Now, we can play any legit cart game regardless the region of both the console or the cart, it will load without any objection.

-Sky3DS and QQ3DS Users are finally able to load any region ROM now.

Sky3DS proof (thanks to DjoeN:

DSC04755.jpg
DSC04762.jpg
DSC04752.jpg

Japanese Smash Bros Cart on an EUR 3DS console proof:



How to use

  • Download Launcher.dat from the repo (or compile it yourself) : https://github.com/smealum/regionthree/raw/master/Launcher.dat
  • Copy Launcher.dat to the root of your SD card
  • Insert the game you want to run into your 3DS and power it up
  • Open the "Download Play" application
  • Hit the home menu button, but do not exit the Download Play application (keep it running in the background)
  • Open the Web Browser applet
  • Go to Gateway's exploit page (not linking directly to it here because not a fan of their whole piracy thing they've got going)
  • Wait a few seconds; screen should turn black and after a bit your game should boot up !
FAQ

  • Does this work on the latest firmware version ? Yes, 9.4 is supported.
  • Does this work using a Sky3DS or QQ3DS Flashcards? Yes, they will load, but the process is a very random game, because foreign region games for your 3DS will not show their banner; this means that you will need to change the game with the button totally blind, but it will load of course.
  • Does this let me run homebrew and/or roms ? No, it just lets you run legit physical games from other regions.
  • Do I need to connect to the internet every time I want to use this ? Yes, or you can use an Android app that hosts the exploit (php server), there are some here in the temp, such as Go! Android!
  • Do I need a flashcart/game/hardware for this ? No.
  • Will this work on my New 3DS ? No, at the moment this only works on 3DS, 3DS XL and 2DS models.
  • Will it ever work on the New 3DS ? Maybe. I don't plan on working on it, like, ever, but the code is out there now so...
  • Will this break or brick my 3DS ? No. There's virtually 0 chance of that happening, all this runs is run of the mill usermode code, nothing dangerous. Nothing unusual is written to your NAND, nothing permanent is done. With that in mind, use at your own risk, I won't take responsibility if something weird does happen.
  • Do you take donations ? No, I do not.
  • How does it work ? See below.
Technical stuff

Basically we use GW's entrypoint to get ROP (not code execution, either userland or kernel) under spider (that's what the browser applet is called). From there, we use the GPU DMA vuln to take over the download play application (this is done by overwriting the GSP interrupt handler funcptr table). The download play application has access to the ns:s service (spider does not), and we use that service to launch our out-of-region game.
For more detail on the webkit/spider exploit, visit http://yifan.lu/2015/01/10/reversing-gateway-ultra-first-stage-part-1/
For more detail on the GPU DMA exploit, visit http://smealum.net/?p=517
To build the ROP, use Kingcom's armips assembler https://github.com/Kingcom/armips



Credits

  • All ROP and code written on this repo written by smealum.
  • ns:s region free booting trick found by yellows8.
  • Neatly packaged spider exploit by Gateway.
  • Bond697, sm, yifanlu for working on the GW payload so I wouldn't have to.
  • Myria for helping with testing.
https://twitter.com/smealum/
smealum.net
 

driverdis

I am Justice
Member
Joined
Sep 21, 2011
Messages
2,867
Trophies
2
Age
31
Location
1.048596β
XP
2,838
Country
United States
could this be used to boot into older DS Flashcards that 4.5+ no longer support?

this should not work as the console should reboot into DS Mode if it happens to not crash instead (which I think it will do).
If it even makes it to DS Mode, It will run into the same problems as starting the card directly.

If I manage to find my AK2i, I will try it just because.
 
  • Like
Reactions: TUWieZ

flarn2006

Well-Known Member
Member
Joined
Apr 6, 2014
Messages
394
Trophies
0
Age
30
XP
523
Country
United States
I downgraded and no brick! Thanks!

EDIT: Oops, wrong thread.....this can not to my knowledge be used to downgrade your 3DS :wink:
 

gokuguy

Well-Known Member
Member
Joined
Dec 5, 2008
Messages
424
Trophies
1
Age
30
XP
1,054
Country
United States
Has anyone tried this on a Sky3DS card yet? I don't have a 3DS flash cart mainly because I updated to 9.4. If it were to work with whatever game is set at the time on Sky3DS, then that could end up being my choice eventually.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Sicklyboy @ Sicklyboy: *teleports behind you* "Nothing personnel, kiddo" +1