1. Pokem

    OP Pokem GBAtemp Maniac
    Member

    Joined:
    Jul 22, 2016
    Messages:
    1,058
    Country:
    United States
    Entire history: HUGE thank to Zoogie for writing this.

    Can someone tell me the full 5 years timeline of the hacking scene?

    All I know is that Smea created Homebrew
    What else?

    When were CIA files discovered?
    What was the first game dumped as a CIA?
    What was it like before A9LH?
    What was it like when Plailect's guide didn't exist?
    What other major things happened besides stuff like discovery of A9LH?
    How was Homebrew created for the 3DS? Like how was it discovered?
    How was the hacking scene from a year or two ago compared to today?

    You know, stuff like that.

    Also, for those of you who have been here long enough, do you like how the hacking scene today more or the one in the past?

    Those are just some basic questions. If you have more to tell, then please do so.
     
    Last edited by Pokem, Jan 6, 2020
    dude1709 and pelago like this.
  2. Pokem

    OP Pokem GBAtemp Maniac
    Member

    Joined:
    Jul 22, 2016
    Messages:
    1,058
    Country:
    United States
    This is probably in the wrong subforum x.x
     
  3. RemixDeluxe

    RemixDeluxe GBAtemp Psycho!
    Member

    Joined:
    Nov 23, 2010
    Messages:
    4,583
    Country:
    United States
    You give far too much credit to Smea. Arm9loader was a collaborative effort among all the 3DS homebrew devs
     
    uyjulian, The Koopa Kingdom and Pokem like this.
  4. Pokem

    OP Pokem GBAtemp Maniac
    Member

    Joined:
    Jul 22, 2016
    Messages:
    1,058
    Country:
    United States
    ooo, I was kinda skeptical about that too. I took that part out.
     
  5. Selver

    Selver 13,5,1,14,9,14,7,12,5,19,19
    Member

    Joined:
    Dec 22, 2015
    Messages:
    219
    Country:
    Check out the following post for some history on A9LH, including links for lots more information:
    https://gbatemp.net/threads/arm9loader-technical-details-and-discussion.408537/
     
    Pokem likes this.
  6. McWhiters9511

    McWhiters9511 GBAtemp Maniac
    Member

    Joined:
    Mar 28, 2016
    Messages:
    1,376
    Country:
    United States
    i faintly remember it before a9lh. gateway and rx tools were the shit lol XP
    and pasta
     
    Last edited by McWhiters9511, Sep 29, 2016
  7. SMVB64

    SMVB64 Now your playing with power! Super power!
    Member

    Joined:
    Feb 13, 2013
    Messages:
    209
    Country:
    Canada
    Lets go even further back in time to GovanifY leaked CFW and then Palantine CFW.
    The scene came along way.
     
    astronautlevel likes this.
  8. Important Posts: 3DS Scene History
    zoogie

    zoogie playing around in the dsiware
    Developer

    Joined:
    Nov 30, 2014
    Messages:
    8,014
    Country:
    Micronesia, Federated States of
    A Pretty Brief History of the 3ds Hacking/Homebrew Scene


    • March
      The 3ds launches in the west and the famous 3dbrew.org wiki site launches in tandem, which would be the main info hub for 3ds RE for the length of the 3ds's lifespan. Most DS mode flashcarts were quickly fixed to run in DS mode on the 3ds. These carts would periodically be patched until firm 7.0, after which, Nintendo gave up worrying about them.

      June
      First 3ds roms dumped

      September
      Crown3ds teases a promising video of a flashcard that would have been the first warez enabling solution for 3ds. What we actually got was an Engrish website forever promising: "We are in progressing ... 72%". A meme was born, and a dream died.

    • Unknown Month
      It is believed Neimod's hardware RAM dumping and subsequent internal research (#3dsdev/3dbrew.org, yellows8 and friends) lead to the first userland (OOT) and a9 exploits. Teasers like IRC chat logs and the following popped up.
      https://gbatemp.net/threads/3ds-hack-we-hacked-it.339271/

      November
      3ds SOC decapping fundraiser started by 3dsdev insider gshock/jl12 to find out the system's secrets and supposedly get it hacked faster. GBAtemp community raises $2300 before gshock disappears with the money, presumably to a resort in Fiji with Gateway execs.

    • August
      Gateway released. The 3ds is officially hacked and piracy begins. They continue to be basically the entire "homebrew" scene for the next year and a half. There was, however, some basic arm9 homebrew possible via mset exploit + p3ds (rsaVerifySHA256 a9 sploit), but it was limited to just bare-metal stuff like ram dumpers, Tetris, Pong and the like. It was less impressive than even DS homebrew (and publicly, nobody knew how to properly harness the arm9's power like nowadays).

    • January
      brickgate/brickway - Infamous scandal where Gateway releases a firm that intentionally bricks user 3ds's that run their software on Gateway clones like R4 gold Deluxe and Orange3DS. Even some legit users get caught up in Gateway's spiderweb of bricks. Gateway did offer to fix those units.

      March
      Citra - first commit. the gold standard of 3ds emulators for the PC is born. Wouldn't really hit its stride until 2016, a testament to how complex a system the 3ds is.

      November

      - Then the Palantine cfw (internally made by yellows8 and others) leak happened, bringing the first free, closed source cfw to the masses. Limitations: 4.5, emunand not updatable, low boot rate, a bitch to install, etc. But it did run cias, and it forced Gateway to add cia support to its flashcard in a panic about a week later.

      - Sky3ds flashcart released. plays clean cart roms on any firmware, but no homebrew, cias, mods, etc. Initial model limited to just 10 non-replaceable games with the manufacturer suggesting 'buy another' if you want more. Pirates consider this theft and whine incessantly. Sky3ds eases its restriction and releases a 'blue button' card without the game limit.

      -Ninjhax userland (1st sane hb environment) and ctrulib make their triumphant, morally-centered debut shortly after "Palantine" cfw.
      Ntr cfw released. A plug-in based a11 kernal cfw that adds many cool features like RAM poking and 3ds -> PC video streaming (added 2016).

    • January
      Gateway cracks 9.2 and updates its flashcard to the OMEGA series. Genius yifanlu posts detailed blog REing the GW memchunkhax/firmlaunchhax combo and teams like SALT, roxas75, and patois quickly implement it.

      February
      Rxtools released. 1st legit emunand/multi-tool implementation. Anti-piracy.

      May
      Pasta cfw released after sig patches leaked on pastebin (hence the name). Combined with patois open source memchunkhax/firmlaunchhax (brahma) this resulted in the 1st open source cfw. No emunand.

      Rxtools patched with above sig patches by ahp_person (appletinivi). Roxas does not approve, throws fit.

      June

      Roxas gives in, released rxtools source, adds sig patches officially. Quits scene.
      Rxtools goes on to be the "it" cfw for the next several months, despite being kinda sloppily coded and a risk to inexperienced users with its dangerous arm9 power-user features built-in.

      July
      Ninjhax2x released. App takeover, rom hacks, and other nice things too numerous to detail.

      August
      Tubehax - primary userland exploit that takes advantage of the 3ds's otherwise useless Youtube app. An excellent primary entrypoint. Unfortunately patched a couple months later on all firmwares.
      Ironhax - first secondary userland exploit - one that requires a primary (like tubehax) to install.
      Reinand - first full featured New3ds cfw.

      September

      Menuhax - secondary home menu exploit that allows boot time userland execution. Fantastic when paired with cfw launchers save for the annoyingly unreliable *hax bootrates on 9.2. A favorite among homebrew peasants, and the sworn enemy of the late Margen67.
      Browserhax - primary browser exploits for old/new 3ds that would be updated on and off over the coming months.

      December

      Sky3ds+ released. Bypasses cart-based AP in recent games and adds filesystem-based game loading among other features.

      32c3 hacker conference - snshax, arm9loaderhax, memchunkhax2, ntrcardhax revealed. Userland exploits menuhax, and ironfall were updated too.

    • January
      10.x downgrading to 9.2 released. FBI dev Steveice10 implements. Biggest PM group in the history of GBAtemp forged in secret ;p Downgrading patched with 10.4.

      February
      Arm9loaderhax emerges, lumbering and crushing everything in its path. Menuhax peasants begin their suffering.
      Aureinand/luma3ds - fork of reinand that took the cfw's features to a new level. The authors, aurora wright and tuxsh, had a public falling out with the original author, reisukaku, and subsequently cut all ties with him by first renaming the project from aureinand to luma3ds, then removing the fork status altogether. It is currently the most popular cfw today (6/2019).

      March

      Aliaspider releases memchunkhax2.1, allowing downgrades to 9.2 to resume. Calls it svchax for reasons only known to him. This new k11 sploit would last through 10.7.

      May
      @TheCruel Releases what would probably become the most notorious (and popular) piracy app for the 3ds, Freeshop. It let you conveniently download eShop games directly to your 3ds from Nintendo's CDN without paying for them. All that was needed for any specific game was its "titlekey" to decrypt them. This required just one person to buy the game and upload the key.
      Naturally, Nintendo wasn't amused by this and actually DMCA'd Freeshop's repo from Github. It was promptly rehosted on a competing git service.

      July
      Someone finally reveals the dsiware firm downgrade method after hinting about it for months. This allows the 9.2 downgrading to resume yet again on firms 11.0 - 11.2 (given a second fully hacked system). Nintendo privately thinks it's pretty cool, ignores it. Fieldrunners sales skyrocket.

      September
      Arm9loaderhax becomes even more unstoppable due to ctrnand transfer (shortens install time on both new/old 3ds) and otpless (instant new3ds install). Otpless was later scuttled (from 3ds.guide) due to a low chance of random bricking.

      December
      33c3. Yes, more c3 hax megatons. First off, Soundhax, a free userland primary for a system app so almost all 3ds's are vulnerable (the best userland hack ever to date). Fasthax, another k11 sploit, is revealed. Both of these are by scene newcomer nedwill, and are immediately released. Scene veteran derrek then reveals sighax, a bootrom vuln that allows one to sign arbitrary firmware code. He also reveals vague details on how he dumped the 3ds arm9/arm11 bootroms. No actual code releases from derrek though.

    • January
      New arm9 sploit safehax is released by appleTinivi after an anon posted the method on 3dbrew.org. So now, full control is possible up to firm 11.2. People usually use this to ctrnand downgrade to 2.1, get the otp, then restore original nand and install a9lh.

      February
      11.3 is released and Fasthax/safehax are fixed. Firm downgrading with dsiware or hardmod is also fixed.
      Gatway promises support for 11.3 and new exciting stuff for their loyal customers. Go to 9/2017 to see how that turned out.

      April
      @TheCruel, dev of notorious piracy app Freeshop, becomes notorious in his personal life after he is charged and convicted of child pron, and is sentenced to 20 years hard time!
      He also gets banned from gbatemp, horrors! :P

      11.4 is released fixing a previously unknown k11 vuln, udsploit. Smealum releases that exploit for those still on 11.3. Soon after, AppleTinivi updates safehax for 11.3 due to an oversight in Nintendo's previous safehax fix. A9lh masterrace resumes for a little longer.

      May
      33.5c3. An unofficial sequel to the blockbuster 33c3 sees sighax implemented. This version is called boot9strap, since it adds the feature of being able to dump the bootroms in software. Ntrboot, a method to hack any 3ds at boot-time with a modified DS flashcard (made possible mostly with sighax/boot9strap), is theorized and confirmed privately. Since firms can now be forged with nothing more than nand access, the dsiware transfer and hardmod methods of installing cfw resume on latest firmware using the known-plaintext attack.

      June
      The New2dsXL is released in Australia and it is discovered to have the same vulnerable bootroms as 3ds's manufactured 7 years ago, making people concerned for the 1000000th time if Nintendo knows what it's doing.

      August
      Ntrboot is finally released starting with support for just the ak2i and r4ids.cn flashcards but quickly growing to many others. A new generation of Nintendo homebrewers discovers the utter joy of trying to figure out what DS flashcard clone they actually have and if it's actually good for anything.

      September
      Gateway team reveals what they have been working on for the last several months: ditching their old flashcard and making a new one, of course. It's called Stargate and is supposed to be a hybrid of ntrboot card, ds card, and sky3ds. It's expensive ($80), and already has been delayed several times. Soon.
      It received tepid support, and was abandoned after a few months due to people seeking out cheaper ntrboot card options.

    • January
      Someone reveals a method to brute-force the 3ds's movable.sed with only the Local Friend Code Seed, which is obtainable in userland and below. This allows people to inject hacked dsiware and install B9S with only one 3ds. Seedminer is the name of the implementation of this vulnerability, and only requires the purchase of a $2 dsiware game if they don't already have a compatible one. This vuln is extremely versatile as it allows one to attack all encrypted contents on the sd card.

      July

      Nintendo releases firmware 11.8 which prepares the 3ds for new server side authentication for CDN downloads. What this means in English is that piracy apps like Freeshop (and its siblings) can no longer download pirated games directly from the eShop. @TheCruel's agony in prison increases.

      August

      3ds scene legend Smealum reveals his long teased arm9 exploit chain at defcon. Unfortunately, it was already patched in firmware 11.8 since he had disclosed it to the hackerone bounty previously. Additionally, he posted incomplete repos of the chain on Github. Nobody to date has been able to get any of them to work.
      Smea rightfully gets a free pass on this one because he's been so awesome in the past. He deserves a little bread for all he's done for the scene.

      September
      A new version of Seedminer called Frogminer is released (we'll just call this family of exploits " *miner "). This utilizes an old version of the Japanese Flipnote Studio instead of Sudoku and it's injected to DS download play instead of another dsiware game. This allows this *miner sploit to be a completely free method to cfw your console!

      December

      11.9 releases and an unreleased browser exploit for both old/new 3ds is patched. This happened because -- you guessed it -- another hackerone bounty submission. This time it's userland sploit dev extraordinaire, MrNbaYoh.

    • July
      Bannerbomb3 released. This is a *miner userland primary for System Settings. It was released mainly for QOL improvements to the *miner cfw chains (they're no longer dependent on free eShop titles being available and unpatched).

      December
      MrNbaYoh demonstrates a new cfw chain at his 36c3 conference talk. He developed a primary that can remotely takeover a 3ds in userland using streetpass tags. This sets up further exploits (developed by Tuxsh) that take over arm11 kernel (lazypixie) and arm9 (safehax 2.x). This chain was patched on firmware 11.12, released two months before the conference. They were submitted to the h1 bounty at some earlier date.


    I probably missed some things, but that's a pretty good start. Let me know if there are any important omissions.
     
    Last edited by zoogie, Jan 5, 2020
  9. yifan_lu

    yifan_lu @yifanlu
    Member

    Joined:
    Apr 28, 2007
    Messages:
    663
    Country:
    United States
    You forgot about the best cfw, Cosmos3DS :D (don't mind me just shit posting)
     
  10. TheCyberQuake

    TheCyberQuake Certified Geek
    Member

    Joined:
    Dec 2, 2014
    Messages:
    5,011
    Country:
    United States
    It's weird to look back and realize that only a year or so ago is when the scene really took off.
     
  11. Pokem

    OP Pokem GBAtemp Maniac
    Member

    Joined:
    Jul 22, 2016
    Messages:
    1,058
    Country:
    United States
    wow, that was very interesting and fun to read.

    — Posts automatically merged - Please don't double post! —

    ikr, so much has happened in a year.
     
  12. hyprskllz

    hyprskllz GBAtemp Advanced Fan
    Member

    Joined:
    Apr 19, 2016
    Messages:
    559
    Country:
    Indonesia
    This is what i'm looking for. A good read for the curious soul.
    Thanks for posting this zoogie. :bow:
     
  13. Davidosky99

    Davidosky99 Eevee :3
    Banned

    Joined:
    Jun 7, 2015
    Messages:
    2,581
    Country:
    Why isn't this featured.
    And where's STRUYA? :creep:
     
    zoogie likes this.
  14. Elveman

    Elveman B9S Shitpost Race Smogonite
    Member

    Joined:
    Feb 1, 2015
    Messages:
    453
    Country:
    Russia
    There should be also PBT-CFW (After Palantine), Cakes somewhere (in between rxTools and reiNand), the history of Decrypt9 and EmuNAND9 (the last one is important - it allowed users to format their SDs without Gatebrick software), FBI (famous 2.0 ground-up rewrite), hbl-loader, and rxTools trying to get to A9LH and dying out in process. Aside from that, pretty cool and has an explanation of the key points.
     
    Last edited by Elveman, Sep 29, 2016
    pelago likes this.
  15. zoogie

    zoogie playing around in the dsiware
    Developer

    Joined:
    Nov 30, 2014
    Messages:
    8,014
    Country:
    Micronesia, Federated States of
    I've updated my history post starting 9/2016 to now.
    I know you kids are still reading it. I still get random like notifications for it here and there :P
     
    Pokem, uyjulian and RY0M43CH1Z3N like this.
  16. Technicmaster0

    Technicmaster0 GBAtemp Psycho!
    Member

    Joined:
    Oct 22, 2011
    Messages:
    4,182
    Country:
    Gambia, The
    A few things:
    -Nothing about the disappearing of Neimod?
    -GW Bricks happened in 12/2013, not 1/2014
    -You forgot 3ds link in your list of GW clones that bricked
    -1/2014 came the first multi rom card, the mt-card (back then gw only supported one rom per SD)
     
  17. Pokem

    OP Pokem GBAtemp Maniac
    Member

    Joined:
    Jul 22, 2016
    Messages:
    1,058
    Country:
    United States
    Wow. Looking back at this thread was a blast to read.
    Very interesting to see the new developments while I was inactive.
    I'll post what Zoogie said in the OP and maybe update the thread once in a while
     
  18. zacchi4k

    zacchi4k GBAtemp Maniac
    Member

    Joined:
    Feb 6, 2015
    Messages:
    1,378
    Country:
    Italy
    OoT was discovered before MSET? I always thought that the latter was the first exploit discovered ever. Also how is it only barebones if iirc it was the first one GW used?

    — Posts automatically merged - Please don't double post! —

    Also "exploit that takes advantage of the 3ds's otherwise useless youtube app" :rofl2::rofl2::rofl2:
    Gosh I remenber when that app first came out it was pure shit since the only thing it was good at was continuously crashing with no goddamn reason
     
    Last edited by zacchi4k, Aug 24, 2018
    Pokem likes this.
  19. Lilith Valentine

    Lilith Valentine GBATemp's Concubus™ The Moody Enby
    Member

    Joined:
    Sep 13, 2009
    Messages:
    22,648
    Country:
    Antarctica
    Some random Rei-Six history for anyone who might be interested
    Dec 14, 2016, I messaged @CrimsonMaple about RenNAND (first incarnation of Rei-Six) and we started working together to revive ReiNAND.
     
    Pokem and CrimsonMaple like this.
  20. Pokem

    OP Pokem GBAtemp Maniac
    Member

    Joined:
    Jul 22, 2016
    Messages:
    1,058
    Country:
    United States
    I’ll try to add on the bits and pieces of history you guys post to the big history timeline Zoogie made in the OP so whoever decides to look at this thread doesn’t have to scroll around this entire thread. (Although there’s not much here xD)
    If you do decide to leave something, please include a date. If no exact date, then please give a month/year.
    Example: 8/2017:
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - hacking, history, scene