If you can use the browser, I suggest that you use the new browserhax (up to 11.0.0-33!) in the meantime.

Try out Ubuntu 15.04: http://old-releases.ubuntu.com/releases/15.04/

This requires a New 3DS. The demo version doesn't work and is patched. If you have 1.1.3 or newer delete/disable the update data.
officially called smashbroshax sometimes smashax
Here is a new tool I call smashbroshax-helper. It is a graphical interface for the exploit which simplifies most of the process of broadcasting the packet. It requires almost no setup outside of creating a bootable Linux USB/DVD.

Important notes:

• This does not work on Fedora or Red Hat-based distributions because aircrack-ng needs to be compiled on it (and I can't figure out how to install the needed things).
  
• Don't use a virtual machine!
• This probably will never work on Old 3DS.

Download smashbroshax-helper beta

It is recommended that you use a live Ubuntu 15.04 image. Versions 15.10+ have issues. http://old-releases.ubuntu.com/releases/15.04/

1. Create a bootable USB/DVD with a Linux distribution (there are various guides online).
2. If possible, get a second USB/SD card/storage device, download and save the above .zip to it.
   • Don't extract the contents of it to the USB device, as it might cause problems. Just save the .zip file to it.
   • If you can't do this, you'll have to connect to the Internet while in Linux to download it.
   • If using a bootable USB, make sure you can use two ports at a time. Don't take out the Linux USB while it is being used!
3. Restart your computer and run the bootable USB/DVD you created.
4. Extract the contents of the .zip to the Desktop.
5. Open the smashbroshax-helper folder and double click "smashbroshax.sh".
6. Follow the on-screen prompts.
7. If everything goes well, you should now have homebrew!

Video demonstration, from boot to shutdown:

from https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/page-9#post-5842512

---

If you would like the full tutorial, involving terminal usage and compiling:

Spoiler: Everything

To reverse the changes to your wireless interface and remove issues connecting to networks after, rebooting your system or changing it to "Managed" instead of "monitor" should fix it. How to do that is in the second to last section.

---

@Cydget made a script that condenses most of this into a script. I have not tried it myself yet but it seems to work for others.

Spoiler

So, I made a little script for this. If anybody wants it, then unzip this file and read the readme. And yes, I like to pipe things. http://www.mediafire.com/download/oulnubnzkk9g3i0/smashhaxEZ.zip

---

Requirements

• Any Linux distribution should do (this has only been tested with Debian-based distributions). Windows and OS X users should wait or find a method for now, sorry!
  • Please do not use Linux in a virtual machine, it likely won't give direct access to your wireless card. Dual boot or use a live USB/disk.
  • The recommended distro to use is Ubuntu 15.04 (link to Ubuntu MATE 15.04).
• A Wi-Fi-capable wireless card.
• Super Smash Bros. for Nintendo 3DS Full or Demo.
• New 3DS. This does not work on Old 3DS.
• Patience. The hax is sort-of unreliable so your game will most likely crash a few times.
• Recommended: Another device to access the internet (phone, tablet, computer, console).

Preparing

• Install these packages using your package manager. For example, "apt-get" for Debian-based distributions (including Ubuntu).

  openssl libssl-dev libnl-genl-3-200 libnl-genl-3-dev libnl-3-200 libnl-3-dev pkg-config

• Find your wireless card's interface by opening a terminal and using the command "ip link". It would be something like wlan0 or wlp3s0.

  ian@ian-VPCEG34FX:~/Desktop/aircrack-ng-1.2-rc2/src$ ip link
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
      link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
  3: wlan0: <NO-CARRIER,BROADCAST,ALLMULTI,PROMISC,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc mq state DORMANT mode DORMANT group default qlen 1000
      link/ieee802.11/radiotap xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff

• You probably already have it, but get the homebrew starter kit and place it on your SD card.
• Download the smashhax .pcap files from the releases section of the smashbroshax repository.
• Determine the .pcap file to use. This should be straightforward using the file names.

  The built beacon-hax pcaps are located under "pcap_out/". In the filenames, "vXYZ" means game-version "vX.Y.Z". Full-game filenames for USA include "gameusa", while the other regions filenames include "gameother".

• Get the "Otherapp payload" from the Homebrew Launcher site and save it to "smashpayload.bin" at the root of your SD card.
  
• Download and extract aircrack-ng's latest release source.
• Save aireplay-ng.patch from the smashbroshax repository in the folder "aircrack-ng-1.2-rc2".

Compiling aircrack-ng/aireplay-ng

• Open a terminal and go to the "aircrack-ng-1.2-rc2" folder.
• Use the command "patch src/aireplay-ng.c < aireplay-ng.patch". If you get the following then it has succeeded.

  patching file src/aireplay-ng.c
  Hunk #1 succeeded at 560 (offset 1 line).
  Hunk #2 succeeded at 573 (offset 1 line).

• Run "make" and wait. The program should be compiled with the patch now. If you get the following as the last line then it has succeeded.

  make[1]: Leaving directory '/path/to/aircrack-ng-1.2-rc2/src'

The moment of truth

• Run these 3 terminal commands in order, using the wireless interface (from "ip link") you found earlier.
  
  sudo ifconfig wireless_interface down
  sudo iwconfig wireless_interface mode monitor
  sudo ifconfig wireless_interface up
  sudo iwconfig wireless_interface channel 6​
  (the last line was suggested by @difool. and might make the payload trigger faster)
• Enter the "src" folder in your terminal.
• Run the following command to start broadcasting the packet: "sudo ./aireplay-ng --interactive -r /path/to/smashbros_version_beaconhax.pcap -h 59:ee:3f:2a:37:e0 -x 10 wireless_interface"
  Use the .pcap file and wireless interface you found out earlier.
• On the 3DS system, start the game, then choose Smash and Group. Wait for the magic to happen.

Encountering errors? Something confusing?

• Does running aireplay-ng end with "End of file"? You might be running your installed version of aircrack-ng. Don't forget the ./ for "sudo ./aireplay-ng ..."!
• Please tell me the distribution you are using and the error you've encountered. This will help me fix your issue faster.
• If you don't get something, don't hesitate to point it out! I want to help anyone I can.
• Did you spot an inaccuracy or mistake I made? It would be great if you can tell me that too.
• This was before the Otherapp payload selector was added to the HBL site. This is kept here for legacy reasons or something.
  Spoiler

  • Determine what file you need to get from the Homebrew Launcher Payload section:
    
    Spoiler: Homebrew Launcher Payload

    With the release builds, the hax loads the payload from SD "/smashpayload.bin". This should contain the hb-launcher(https://smealum.github.io/3ds/) otherapp payload. Until there's a proper otherapp payload selector on the hb-launcher site, the payload can be downloaded from the following URL(see also https://github.com/smealum/sploit_installer):
    

    • "https://smealum.github.io/ninjhax2/Pvl9iD2Im5/otherapp/{PAYLOADNAME}.bin" Where {PAYLOADNAME} is: "FIRMVER_REGION_MENUVER_MSETVER".

    FIRMVER values(without quotes):
    

    • "POST5" = non-New3DS
    • "N3DS" = New3DS

    REGION values(without quotes):
    

    • "U" = USA
    • "E" = EUR
    • "J" = JPN

    MENUVER values(without quotes):
    

    • "11272": Non-JPN, system-version v9.0.
    • "12288": System-version v9.2.
    • "13330": System-version v9.3.
    • "14336": System-version v9.4.
    • "15360": System-version v9.5.
    • "16404": System-version v9.6.
    • "17415": System-version v9.7.
    • "20480_usa": USA, system-versions v9.9-v10.0.
    • "19456": Non-USA, system-versions v9.8-v10.0.

    MSETVER values(without quotes):
    

    • "8203": System-versions below v9.6.
    • "9221": System-versions starting with v9.6.

    For example, the payload URL for New3DS USA 9.9.0-X - 10.0.0-X is:https://smealum.github.io/ninjhax2/Pvl9iD2Im5/otherapp/N3DS_U_20480_usa_9221.bin
    The end result is a file named "smashpayload.bin" at the root of your SD card.

You are allowed to reproduce/reprint this tutorial, as long as a link back to this page (https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/) is included.

 

[Guriam]

Is it possible to perform the Smashhax exploit on Virtual Box?

No

 

[futurama]

Oh that's good news! I really didn't think that it existed, good job finding it.

Downgrading using smashhax is difficult however. I tried to do it for hours and gave up (ended up buying Ocarina of Time). Just keep trying, maybe you'll eventually get past the hax init... message.

Apparently another thing you can do is try to downgrade to 10.5 first, then downgrade from 10.5 to 9.2 using menuhax. But that didn't work for me either.

Best of luck.

ok, i tried, same freeze. over and over again. i saw several vids, always works on them, but not on my 10.7 system. i formated my system 5 times, sd card 15 times, tried everything but i can't use sysupdater to downgrade. always stuck on "init..." after pressing Y button.
sadly i can't efford 50 + euro for zelda jp :-/
i don't understand why this isn't working

 

[Rasa]

ok, i tried, same freeze. over and over again. i saw several vids, always works on them, but not on my 10.7 system. i formated my system 5 times, sd card 15 times, tried everything but i can't use sysupdater to downgrade. always stuck on "init..." after pressing Y button.
sadly i can't efford 50 + euro for zelda jp :-/
i don't understand why this isn't working

Can you please tell me where or how did you get that pcap? I need a pcap for my european 1.0.1 cartridge and when I try the file you linked it takes me back to the home menu and I think the reason is the file being for eshop version and not the cartridge version.

 

[pancakes077]

ok, i tried, same freeze. over and over again. i saw several vids, always works on them, but not on my 10.7 system. i formated my system 5 times, sd card 15 times, tried everything but i can't use sysupdater to downgrade. always stuck on "init..." after pressing Y button.
sadly i can't efford 50 + euro for zelda jp :-/
i don't understand why this isn't working

It never worked for me either. Did you try downgrading to 10.5? Read this guy's post, apparently he was successful.

https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/page-12#post-6191844

 

[Frr1]

It never worked for me either. Did you try downgrading to 10.5? Read this guy's post, apparently he was successful.

I tried downgrading to 10.5 from 10.6 and i get failed to get CIA file in sysupdater using smashax tried multiple times how can i fix it ?

 

[pancakes077]

I tried downgrading to 10.5 from 10.6 and i get failed to get CIA file in sysupdater using smashax tried multiple times how can i fix it ?

You need the 10.5 cia files in the "updates" folder at the root of your sd card.

 

[Frr1]

You need the 10.5 cia files in the "updates" folder at the root of your sd card.

I downloaded the 10.5 update extracted it and put the updates folder on the root of the SD card and it still says failed to get CIA files

 

[futurama]

I downloaded the 10.5 update extracted it and put the updates folder on the root of the SD card and it still says failed to get CIA files

same here. just reformated my sdcard and tried downgrade with those 10.5 files.
safesysupdater: init... = freeze
sysupdater: failed to get cia info
it is not working!

 

[Deleted User]

Exactly the same problem for me. Got a japanese New 3DS with 10.7.0-32J Firmware, using a digital Smash Bros. on 1.0.1 and Smashhax getting into the Homebrew Launcher. Not a single attempt of downgrading with PlaiSysUpdater, different versions of sysUpdater and other trouble shooting works. I'm trying to downgrade to 10.3.0-28J first.

 

[futurama]

Exactly the same problem for me. Got a japanese New 3DS with 10.7.0-32J Firmware, using a digital Smash Bros. on 1.0.1 and Smashhax getting into the Homebrew Launcher. Not a single attempt of downgrading with PlaiSysUpdater, different versions of sysUpdater and other trouble shooting works. I'm trying to downgrade to 10.3.0-28J first.

please tell me if you are successful or not. it is very annoying :-/

 

[Deleted User]

I tried something weird, but didn't work nonetheless. I got an european Ocarina of Time 3D cartridge and installed the oot3dhax on the 3rd saveslot, using the japanese 10.7.0-32J payload. So I started the homebrew launcher with smashhax, started the game with region free, then the 3rd saveslot for the exploit. Game freezes and I get the ropbin, but just black screens after that. So it's not possible to start one exloit within another? Or is the japanese payload not tested or not working on a european cartridge?

 

[Ysle29]

So there's no way of running this on a cartridge with 1.1.0?

 

[Bretto]

Well, I've tried this, I reach the Homebrew Launcher but I can't downgrade to 9.2, with sysUpdater I get a black screen and with the other choices it gets stuck at HAX INIT...

I've seen some of you who tried downgrading to 10.5 first, any idea or tutorial on how to do that, since there are no hashes for some updates found on internet I don't really trust it...
Edit: Some info

It's a New 3ds with 10.6.0.31. I reach HBL and can launch other homebrews like ftpony, but there is no way I can perform the downgrade.

 

[Deleted User]

maybe we have to wait for hax 3.0, or share a japanese copy of OoT3D

EDIT:
What is the difference with downgrading to 10.5/10.3 instead of 9.2?
If SysUpdater does not even try to start the downgrade and freezes, I can't downgrade to 10.5/10.3 as well. Do I miss something?

 

[BloodRose]

maybe we have to wait for hax 3.0, or share a japanese copy of OoT3D

EDIT:
What is the difference with downgrading to 10.5/10.3 instead of 9.2?
If SysUpdater does not even try to start the downgrade and freezes, I can't downgrade to 10.5/10.3 as well. Do I miss something?

<10.6 supports other exploits that don't need a game to run and are easier and more stable than smashax.

 

[Ysle29]

So there's no way of running this on a cartridge with 1.1.0?

Nobody knows this?

 

[Deleted User]

Why wouldn't it? There is a smashbros_gameusav110_beaconhax.pcap or smashbros_gameotherv110_beaconhax.pcap available in smashhax-helper, so it works with 1.1.0

 

[Ysle29]

Yes there is one available, but the problem is that it crashes the system. The 110 pcap doesn't work.

 

[Deleted User]

Try the 1.1.2 pcap, I read somewhere that it also worked for some people.
(I assume you aleady downloaded the otherapp payload for your firmware and put it onto the root of the sdcard with the filename smashpayload.bin?
You also have to unzip the homebrew starter archive onto your sd card, containing the 3ds folder with homebrew apps and the boot.3dsx on the root of the card.)

 

[Ysle29]

Yes I have the payload and the starter files, however I can't update my game to 1.1.2 since the cartridge came with 1.1.0. At least I don't know how to update it to a specific version like 1.1.2.