Hacking Yellows8 just realesed Smashhax

[DingusPingus]

This is haxx for Super Smash Bros for 3DS, via local-WLAN beacon haxx. The haxx triggers while the application is scanning for local multiplayer sessions, when the beacon is being broadcasted. In certain cases the application may somewhat hang or crash prior to any actual ROP being run: this hax is not completely reliable, one reason is because the heap layout not always being in the intended state. Another reason(which actually seems to be the main cause usually) is that the ROP may fail to recv another beacon quickly enough, which results in jumping to using a stack which is all-zeros(there's no good way to do error checking/looping for that, partly because of lack of space). Also note that in some cases it may take a while for the hax to trigger.

Supported application builds:

• demo: USA+EUR supported and tested. There's no difference between the regular demo and the "Special Demo" with this hax. This was the only version of Smash-3ds supported by this hax initially, until after the USA version of the game was released.
• v1.0.0. USA: supported+tested. "gameother": supported+tested.
• v1.0.2. USA: supported, not tested.
• v1.0.4. USA: supported+tested. "gameother": supported, not tested.
• v1.0.5. USA: "supported". The target heap address for overwriting the target object varies, hence this hax doesn't actually work right with this version. This version is not fully supported due to this.
• v1.1.0. USA: supported+tested. "gameother": supported+tested.

https://github.com/yellows8/3ds_smashbroshax

 

[codychaosx]

So im kinda dumb and gna ask the noob question right away. does this have kernel access or what have you then (like the ability to launch a cfw) or would this be userland homebrew type stuff only?

 

[DingusPingus]

I don't know, there might be an entrypoint he found but didn't realese with Smashhax and expects others to find it

 

[WaffleWafer]

again thouh for demo users, can we only use this hack 30 times?

 

[Jiro2]

Could this be usable with the existing kernel access entry points on systems that are at 9.2 and less?

 

[endoverend]

again thouh for demo users, can we only use this hack 30 times?

Well you could use some kind of extdata tool to edit the remaining plays on the demo to 999 or something like that.

 

[TheRivo]

Can I use the complete version of SSB to run this hax?

 

[endoverend]

Can I use the complete version of SSMB to run this hax?

Yes.

 

[TheRivo]

Thank you

Yes.

 

[WaffleWafer]

Well you could use some kind of extdata tool to edit the remaining plays on the demo to 999 or something like that.

Is this even possible? i've edited my play coins, but not sure if that kind of tool exists. If it does, I'd binge play SSB4 Demo for days.

 

[zoogie]

It seems like 4/5 questions on this thread could be answered by reading the damn github readme on the first post lol.

btw - this is not easy to do for novices. At least not yet.

 

[q9p]

I'm a little bit confused on setting this up properly. Anyone willing to help?

 

[Zidapi]

So im kinda dumb and gna ask the noob question right away. does this have kernel access or what have you then (like the ability to launch a cfw) or would this be userland homebrew type stuff only?

I don't know, there might be an entrypoint he found but didn't realese with Smashhax and expects others to find it

It's highly unlikely this will lead lead to kernel exploit in its current state.

Like Smea, yellows8 is strongly anti piracy, and like Smea he'd have only released this if he was sure it couldn't lead to a kernel exploit.

But like Smea, he may have underestimated the devs in this community, so as Ninjhax was it may very well be used to get kernel access.

But who knows, if you'd asked me yesterday, I'd have said yellows8 would never release an exploit, not ever. Hell, he sat on oothax for three whole years, he only published the source because Gateway used it. So this is a huge surprise to me.

I'm still adamant that he wouldn't release anything he thought could lead to a kernel exploit. So why would he release smashhax? My guess is that it could be used with legit carts to make something like Project M for Smash 3DS.

 

[shinyquagsire23]

So im kinda dumb and gna ask the noob question right away. does this have kernel access or what have you then (like the ability to launch a cfw) or would this be userland homebrew type stuff only?

Nope, just another entrypoints. And extra entrypoints don't lead to kernel exploits, it was purely coincidence the last time it happened with ninjhax 1.

 

[Cavioe]

Nope, just another entrypoints. And extra entrypoints don't lead to kernel exploits, it was purely coincidence the last time it happened with ninjhax 1.

This should be a sticky to hopefully stop the asking for new kernel exploits. It seems anytime a new entry is made many pages are filled with that same question making the threads a mess to go through.

 

[bakurage]

Sorry if i'm noob but, this hack is for what ? And can i use ssb demo ? Thank's ^^

 

[N0n@me]

Sorry if i'm noob but, this hack is for what ? And can i use ssb demo ? Thank's ^^

It lets you use ssb4 lan multiplayer to boot into the homebrew launcher. Though it is not a simple thing to use as im having trouble setting it up. yes you can use the demo but you still have the demo play limits.

 

[DjoeN]

Seems the EU demo can be used, what about the EU full version, it's not mentioned?

 

[N0n@me]

Seems the EU demo can be used, what about the EU full version, it's not mentioned?

I think it works as it has a gameother folder next to the usa folder. which includes most of the same files that the usa one has.

 

[DjoeN]

I think it works as it has a games other folder next to the usa folder.

Yupz, seems like gameother means EUR and JPN
Thanks

 

[bakurage]

Okay, thank's !

But, like oothax and ironhax ? Or this hack have more possibility/kernel exploit ?

 

[N0n@me]

Okay, thank's !

But, like oothax and ironhax ? Or this hack have more possibility/kernel exploit ?

It is another entry point exploit. Though Yellows8 is not really known to release things.

 

[zoogie]

Okay, thank's !

But, like oothax and ironhax ? Or this hack have more possibility/kernel exploit ?

This is userland, exactly like those you mention.
It's only special in that it's much much more difficult for the user to implement.

I haven't heard of a single user who's successfully attempted it yet.