Yellows8 just released this an hour ago.
https://github.com/yellows8/ctr-httpwn
https://github.com/yellows8/ctr-httpwn
This is an userland-only exploit for the 3DS HTTP-sysmodule. The configuration downloaded from the server then allows you to bypass required-sysupdate errors. This applies to the following: NetUpdateSOAP, friends-server(nasc), and NNID. In other words, this allows you to access everything(as of March 22, 2016) that's known to throw sysupdate-required errors on outdated system-versions(the only known exception is browser-version-check since this can't target web-browser httpc currently).
This also results in sysupdates being blocked from downloading normally(the system handles it the same way as if no sysupdate is available).
This can additionally be used for other things as well via the user_config optionally loaded from SD.
Once run successfully, ctr-httpwn will persist under the sysmodule until the sysmodule is terminated(shutdown/reboot/firm-boot).
The inital exploitation method was theorized in late 2015. The initial exploit was implemented on February 12-13, 2016.
The server config is downloaded with HTTPS from the yls8.mtheall.com site, likewise with the new_url for NetUpdateSOAP.
Last edited by Blundermann,