If you can use the browser, I suggest that you use the new browserhax (up to 11.0.0-33!) in the meantime.

Try out Ubuntu 15.04: http://old-releases.ubuntu.com/releases/15.04/

This requires a New 3DS. The demo version doesn't work and is patched. If you have 1.1.3 or newer delete/disable the update data.
officially called smashbroshax sometimes smashax
Here is a new tool I call smashbroshax-helper. It is a graphical interface for the exploit which simplifies most of the process of broadcasting the packet. It requires almost no setup outside of creating a bootable Linux USB/DVD.

Important notes:

• This does not work on Fedora or Red Hat-based distributions because aircrack-ng needs to be compiled on it (and I can't figure out how to install the needed things).
  
• Don't use a virtual machine!
• This probably will never work on Old 3DS.

Download smashbroshax-helper beta

It is recommended that you use a live Ubuntu 15.04 image. Versions 15.10+ have issues. http://old-releases.ubuntu.com/releases/15.04/

1. Create a bootable USB/DVD with a Linux distribution (there are various guides online).
2. If possible, get a second USB/SD card/storage device, download and save the above .zip to it.
   • Don't extract the contents of it to the USB device, as it might cause problems. Just save the .zip file to it.
   • If you can't do this, you'll have to connect to the Internet while in Linux to download it.
   • If using a bootable USB, make sure you can use two ports at a time. Don't take out the Linux USB while it is being used!
3. Restart your computer and run the bootable USB/DVD you created.
4. Extract the contents of the .zip to the Desktop.
5. Open the smashbroshax-helper folder and double click "smashbroshax.sh".
6. Follow the on-screen prompts.
7. If everything goes well, you should now have homebrew!

Video demonstration, from boot to shutdown:

from https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/page-9#post-5842512

---

If you would like the full tutorial, involving terminal usage and compiling:

Spoiler: Everything

To reverse the changes to your wireless interface and remove issues connecting to networks after, rebooting your system or changing it to "Managed" instead of "monitor" should fix it. How to do that is in the second to last section.

---

@Cydget made a script that condenses most of this into a script. I have not tried it myself yet but it seems to work for others.

Spoiler

So, I made a little script for this. If anybody wants it, then unzip this file and read the readme. And yes, I like to pipe things. http://www.mediafire.com/download/oulnubnzkk9g3i0/smashhaxEZ.zip

---

Requirements

• Any Linux distribution should do (this has only been tested with Debian-based distributions). Windows and OS X users should wait or find a method for now, sorry!
  • Please do not use Linux in a virtual machine, it likely won't give direct access to your wireless card. Dual boot or use a live USB/disk.
  • The recommended distro to use is Ubuntu 15.04 (link to Ubuntu MATE 15.04).
• A Wi-Fi-capable wireless card.
• Super Smash Bros. for Nintendo 3DS Full or Demo.
• New 3DS. This does not work on Old 3DS.
• Patience. The hax is sort-of unreliable so your game will most likely crash a few times.
• Recommended: Another device to access the internet (phone, tablet, computer, console).

Preparing

• Install these packages using your package manager. For example, "apt-get" for Debian-based distributions (including Ubuntu).

  openssl libssl-dev libnl-genl-3-200 libnl-genl-3-dev libnl-3-200 libnl-3-dev pkg-config

• Find your wireless card's interface by opening a terminal and using the command "ip link". It would be something like wlan0 or wlp3s0.

  ian@ian-VPCEG34FX:~/Desktop/aircrack-ng-1.2-rc2/src$ ip link
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
      link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
  3: wlan0: <NO-CARRIER,BROADCAST,ALLMULTI,PROMISC,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc mq state DORMANT mode DORMANT group default qlen 1000
      link/ieee802.11/radiotap xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff

• You probably already have it, but get the homebrew starter kit and place it on your SD card.
• Download the smashhax .pcap files from the releases section of the smashbroshax repository.
• Determine the .pcap file to use. This should be straightforward using the file names.

  The built beacon-hax pcaps are located under "pcap_out/". In the filenames, "vXYZ" means game-version "vX.Y.Z". Full-game filenames for USA include "gameusa", while the other regions filenames include "gameother".

• Get the "Otherapp payload" from the Homebrew Launcher site and save it to "smashpayload.bin" at the root of your SD card.
  
• Download and extract aircrack-ng's latest release source.
• Save aireplay-ng.patch from the smashbroshax repository in the folder "aircrack-ng-1.2-rc2".

Compiling aircrack-ng/aireplay-ng

• Open a terminal and go to the "aircrack-ng-1.2-rc2" folder.
• Use the command "patch src/aireplay-ng.c < aireplay-ng.patch". If you get the following then it has succeeded.

  patching file src/aireplay-ng.c
  Hunk #1 succeeded at 560 (offset 1 line).
  Hunk #2 succeeded at 573 (offset 1 line).

• Run "make" and wait. The program should be compiled with the patch now. If you get the following as the last line then it has succeeded.

  make[1]: Leaving directory '/path/to/aircrack-ng-1.2-rc2/src'

The moment of truth

• Run these 3 terminal commands in order, using the wireless interface (from "ip link") you found earlier.
  
  sudo ifconfig wireless_interface down
  sudo iwconfig wireless_interface mode monitor
  sudo ifconfig wireless_interface up
  sudo iwconfig wireless_interface channel 6​
  (the last line was suggested by @difool. and might make the payload trigger faster)
• Enter the "src" folder in your terminal.
• Run the following command to start broadcasting the packet: "sudo ./aireplay-ng --interactive -r /path/to/smashbros_version_beaconhax.pcap -h 59:ee:3f:2a:37:e0 -x 10 wireless_interface"
  Use the .pcap file and wireless interface you found out earlier.
• On the 3DS system, start the game, then choose Smash and Group. Wait for the magic to happen.

Encountering errors? Something confusing?

• Does running aireplay-ng end with "End of file"? You might be running your installed version of aircrack-ng. Don't forget the ./ for "sudo ./aireplay-ng ..."!
• Please tell me the distribution you are using and the error you've encountered. This will help me fix your issue faster.
• If you don't get something, don't hesitate to point it out! I want to help anyone I can.
• Did you spot an inaccuracy or mistake I made? It would be great if you can tell me that too.
• This was before the Otherapp payload selector was added to the HBL site. This is kept here for legacy reasons or something.
  Spoiler

  • Determine what file you need to get from the Homebrew Launcher Payload section:
    
    Spoiler: Homebrew Launcher Payload

    With the release builds, the hax loads the payload from SD "/smashpayload.bin". This should contain the hb-launcher(https://smealum.github.io/3ds/) otherapp payload. Until there's a proper otherapp payload selector on the hb-launcher site, the payload can be downloaded from the following URL(see also https://github.com/smealum/sploit_installer):
    

    • "https://smealum.github.io/ninjhax2/Pvl9iD2Im5/otherapp/{PAYLOADNAME}.bin" Where {PAYLOADNAME} is: "FIRMVER_REGION_MENUVER_MSETVER".

    FIRMVER values(without quotes):
    

    • "POST5" = non-New3DS
    • "N3DS" = New3DS

    REGION values(without quotes):
    

    • "U" = USA
    • "E" = EUR
    • "J" = JPN

    MENUVER values(without quotes):
    

    • "11272": Non-JPN, system-version v9.0.
    • "12288": System-version v9.2.
    • "13330": System-version v9.3.
    • "14336": System-version v9.4.
    • "15360": System-version v9.5.
    • "16404": System-version v9.6.
    • "17415": System-version v9.7.
    • "20480_usa": USA, system-versions v9.9-v10.0.
    • "19456": Non-USA, system-versions v9.8-v10.0.

    MSETVER values(without quotes):
    

    • "8203": System-versions below v9.6.
    • "9221": System-versions starting with v9.6.

    For example, the payload URL for New3DS USA 9.9.0-X - 10.0.0-X is:https://smealum.github.io/ninjhax2/Pvl9iD2Im5/otherapp/N3DS_U_20480_usa_9221.bin
    The end result is a file named "smashpayload.bin" at the root of your SD card.

You are allowed to reproduce/reprint this tutorial, as long as a link back to this page (https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/) is included.

 

[ViewtifulV]

It looks like the Smash cartridge I bought is 1.0.1, so am I just out of luck? Is there any way to "update" to a version less than 1.1.3?

 

[Cydget]

It looks like the Smash cartridge I bought is 1.0.1, so am I just out of luck? Is there any way to "update" to a version less than 1.1.3?

not unless you have a firmware less then or equal to 9.2

 

[Aboshi]

I contacted yellows on github, he said that he used the updates when making the pcaps.
So what it looks like to me is that the updates have a different offset than the physical cartridges.
I really didn't feel like going through the motions and porting it for physical cartridge so I returned smash bros and just went with OOT3D and the r4i save game dongle. Makes life so much easier and only $40ish for both the game and dongle.
As for shashbroshax I guess you can buy a copy on the e-shop and as long as its not downloading to the latest version you should be good to go with this hax.

 

[Rhodderz]

I have the cartridge (EU) version at 1.1.0 and my N3DS is currently 10.6.0.31E, When i attempt to launch the exploit, after around 4 seconds it goes back to the home screen saying something happened and when you press ok it crashes and reboots. In short what am i doing wrong? i have tried both otherapp and ropbin (yes named them smashpayload.bin) but to know avail. Also tried a different SD card. Any ideas?

 

[Krystal_Lavander]

Everytime i go to smash->group the game crash and my n3ds have to reboot. I've tried about 10h to get it work but it still doesn't want to launch the hack. Did I do something wrong?

 

[Rhodderz]

Tried on another laptop and 2 different wireless cards and still same result. So goign to point it down to the exploit on the 3ds. |The fact that it crashes is a start, just doesnt seem to be loading the file on the SD card (no screen mess, just straight to home)

 

[godlover9000]

do you mean 1.0.1?

people are requesting it as well; https://github.com/yellows8/3ds_smashbroshax/issues/8

anyway I suggest using the new browserhax in the mean time.

while he has not come out with 1.0.1 he has instructions on compiling the pcap on his github page and it appears that someone on this thread has compiled a 1.0.1 for the US version of the game: https://gbatemp.net/threads/anyone-tried-compiling-smashbroshax-for-1-0-1.417443/#post-6157151 . I have tried it and now I am able to get it to crash back to the home menu but It does not appear to be loading the smashpayload.bin file or starting boot.3dsx

 

[Rhodderz]

while he has not come out with 1.0.1 he has instructions on compiling the pcap on his github page and it appears that someone on this thread has compiled a 1.0.1 for the US version of the game: https://gbatemp.net/threads/anyone-tried-compiling-smashbroshax-for-1-0-1.417443/#post-6157151 . I have tried it and now I am able to get it to crash back to the home menu but It does not appear to be loading the smashpayload.bin file or starting boot.3dsx

On my version (1.1.0) i can get the game to crash to home using ANY of the broadcast packets.

 

[Rhodderz]

So doing this with my own compile i still wasnt able to get the exploit to load. Got OOT coming with a Powersave so will use that and then see if i can debug this and see what is happening. I dobt it is patched as i have seen confirmed reports of others being successfull. That shall be tonight though.

 

[malaken]

Already then. So i got the unbuntu working got it to send packs and all but i have 2 questions. 1. My wireless interface says wlp4s0 instead of wlan0 And a enp1s0 and lo is this a problem? 2. My game crashes everytime try to send packs and makes my system restart on 10.7. Did i do something wrong here or is it just a keep going till it works type thing?


* ok found out its because my games version is 1.0.5 and it has troubles with that. Anything i can do like continue trying or should i just give up? Its an actual retail game card at 1.0.5. Is there a method for this?

 

[sausbaus]

Trying to use a 1.0.1 JP pcap file for this and have been having issues. Running aireplay-ng normally gives me the "End of File" message right away, and following your full tutorial gives me the same result. Running your script with one of the other pcap files at least starts broadcasting packetst without the "End of File" message, but of course those wont work for 1.0.1. I thought maybe renaming my pcap file to one of the pre-existing ones and dropping in the resoruces folder might work, but that just causes smash to crash to the home menu. Got any ideas?

Here's the pcap file for reference.
https://mega.nz/#!LhwhSYRa!FeLXrnvBXgDw6BR7MBNytQ_DN3H-gbMmkYDxQo1d5Fw

EDIT: Well I've remedied the "End of File" issue. Smashbroshax still crashes to the homemenu after triggering however. Is this more likely an issue with the payload or the pcap file?

 

[arfaxad]

So I made the video. I know its bad quality, but its my first one.

Can't watch the video it says this video is private.. I tried method when when I run smashhax.sh I get prompted to run the file and when I do nothing happens

--------------------- MERGED ---------------------------

So I made the video. I know its bad quality, but its my first one.

Can't watch the video it says private video, please I need to know what to do because smashhax doesn't open it prompts me Tu run the program but when I do nothing happens.. Help this is my only entry point to home brew, I'm using Ubuntu mate like I haveamac told us and I followed procedure but got stuck at 73 packages, I'm booting Linux from USB and I have a new 3ds XL with firmware 10.7 and my original game cartridge of smashbros(us) is version 1.0.1(I deleted the updates from version 1.1.5) I got the pcap for 1.0.1 but so far I get stuck at the 73.. I even tried the German or Dutch video tutorial of smashhax and got the same result , stuck at 73, help me

 

[Lemmiwinkles]

I have the cartridge (EU) version at 1.1.0 and my N3DS is currently 10.6.0.31E, When i attempt to launch the exploit, after around 4 seconds it goes back to the home screen saying something happened and when you press ok it crashes and reboots. In short what am i doing wrong? i have tried both otherapp and ropbin (yes named them smashpayload.bin) but to know avail. Also tried a different SD card. Any ideas?

Signed up to say I'm having the exact same issue as you. My cartridge is 1.1.0 (US) with N3DS 10.7.0.32U. Same thing with it going back to the homescreen then rebooting. Is there an issue with the pcap file for 1.1.0??

 

[Aboshi]

I have already posted on this, Yellows8 already stated he only made the pacaps/payload with eshop version. So if you have a physical copy on one of the working version it will not work for you unless you find/change the offset or make a pcap/payload for the physical cart. if you somehow were able to install one of the working updates he created the pcap/payload for you would be fine and this would work, but that us 100% pointless because you would still need a way in the first place to install the game update (browserhax if you are 10.5 or lower).

I ran into this issue with v 1.1.0 U and I really didn't feel like finding the correct offset and making the pcap/payload so I got rid of smash bros. I kind of want to get another copy and look into it again though as I have more time.

So again If you have a physical copy this will not work! You will need to create a pcap/payload with the corrected offset for the physical cart.

 

[Lemmiwinkles]

Ah ok, well that helps somewhat! I like a challenge so I'll look into it. Thanks for your help!

 

[Lemmiwinkles]

Well... that was easier than expected. Okay, so in the end my original SD card (with all my saved etc) had the 1.1.2 update (my cartridge is 1.1.0) so I ran the Smashhax with that instead (selecting 1.1.2 instead) and it worked instantly. So if you have a 1.1.0 cartridge, you need to have the 1.1.2 update and run that pcap file instead.

 

[Lemmiwinkles]

Triple posting, but this helps anyone Googling or looking up this thread. After two days I was finally about to downgrade to 9.2 using Smashhax. My method was to downgrade to 10.5 first then use Menuhax from there to downgrade to 9.2. For some reason my 1.1.0 Smash Bros cartridge (with 1.1.2 update) would not allow a downgrade to start, apparently due to Smash Bros requiring a higher firmware than 9.2 to start. Downgrading to 10.5 (using files from a certain Chaos website) and sysupdater (safesysupdater checks for 9.2 MD5's and throws errors) allowed me to rely on menuhax which then allowed me to downgrade to 9.2 flawlessly!

edit: ended up with a frankenfirmware and couldn't instal emuNAND9 but got lucky in that the browser/settings and menuhax was still able to work. Re-did the downgrade in sysupdater (instead of safesysupdater) without having to upgrade or recover. Now got emuNAND9 installed.

 

[Krystal_Lavander]

Well... that was easier than expected. Okay, so in the end my original SD card (with all my saved etc) had the 1.1.2 update (my cartridge is 1.1.0) so I ran the Smashhax with that instead (selecting 1.1.2 instead) and it worked instantly. So if you have a 1.1.0 cartridge, you need to have the 1.1.2 update and run that pcap file instead.

Is there no way to run the hax in 1.1.0 ?

 

[Lemmiwinkles]

Is there no way to run the hax in 1.1.0 ?

If it's a 1.1.0 cartridge then no. The pcap files were compiled using the 1.1.0 eshop update which appear to differ from a stock 1.1.0 cartridge. I got lucky in that I hadn't updated to 1.1.3 and my SD card had the 1.1.2 update which worked.

 

[Guriam]

How can I know which version of Smash I have?