Entire history: HUGE thank to Zoogie for writing this.
Can someone tell me the full 5 years timeline of the hacking scene?
All I know is that Smea created Homebrew
What else?
When were CIA files discovered?
What was the first game dumped as a CIA?
What was it like before A9LH?
What was it like when Plailect's guide didn't exist?
What other major things happened besides stuff like discovery of A9LH?
How was Homebrew created for the 3DS? Like how was it discovered?
How was the hacking scene from a year or two ago compared to today?
You know, stuff like that.
Also, for those of you who have been here long enough, do you like how the hacking scene today more or the one in the past?
Those are just some basic questions. If you have more to tell, then please do so.
A Pretty Brief History of the 3ds Hacking/Homebrew Scene
201120122013201420152016201720182019
March
The 3ds launches in the west and the famous 3dbrew.org wiki site launches in tandem, which would be the main info hub for 3ds RE for the length of the 3ds's lifespan. Most DS mode flashcarts were quickly fixed to run in DS mode on the 3ds. These carts would periodically be patched until firm 7.0, after which, Nintendo gave up worrying about them.
June
First 3ds roms dumped
September
Crown3ds teases a promising video of a flashcard that would have been the first warez enabling solution for 3ds. What we actually got was an Engrish website forever promising: "We are in progressing ... 72%". A meme was born, and a dream died.
Unknown Month
It is believed Neimod's hardware RAM dumping and subsequent internal research (#3dsdev/3dbrew.org, yellows8 and friends) lead to the first userland (OOT) and a9 exploits. Teasers like IRC chat logs and the following popped up.
https://gbatemp.net/threads/3ds-hack-we-hacked-it.339271/
November
3ds SOC decapping fundraiser started by 3dsdev insider gshock/jl12 to find out the system's secrets and supposedly get it hacked faster. GBAtemp community raises $2300 before gshock disappears with the money, presumably to a resort in Fiji with Gateway execs.
August
Gateway released. The 3ds is officially hacked and piracy begins. They continue to be basically the entire "homebrew" scene for the next year and a half. There was, however, some basic arm9 homebrew possible via mset exploit + p3ds (rsaVerifySHA256 a9 sploit), but it was limited to just bare-metal stuff like ram dumpers, Tetris, Pong and the like. It was less impressive than even DS homebrew (and publicly, nobody knew how to properly harness the arm9's power like nowadays).
January
brickgate/brickway - Infamous scandal where Gateway releases a firm that intentionally bricks user 3ds's that run their software on Gateway clones like R4 gold Deluxe and Orange3DS. Even some legit users get caught up in Gateway's spiderweb of bricks. Gateway did offer to fix those units.
March
Citra - first commit. the gold standard of 3ds emulators for the PC is born. Wouldn't really hit its stride until 2016, a testament to how complex a system the 3ds is.
November
- Then the Palantine cfw (internally made by yellows8 and others) leak happened, bringing the first free, closed source cfw to the masses. Limitations: 4.5, emunand not updatable, low boot rate, a bitch to install, etc. But it did run cias, and it forced Gateway to add cia support to its flashcard in a panic about a week later.
- Sky3ds flashcart released. plays clean cart roms on any firmware, but no homebrew, cias, mods, etc. Initial model limited to just 10 non-replaceable games with the manufacturer suggesting 'buy another' if you want more. Pirates consider this theft and whine incessantly. Sky3ds eases its restriction and releases a 'blue button' card without the game limit.
-Ninjhax userland (1st sane hb environment) and ctrulib make their triumphant, morally-centered debut shortly after "Palantine" cfw.
Ntr cfw released. A plug-in based a11 kernal cfw that adds many cool features like RAM poking and 3ds -> PC video streaming (added 2016).
January
Gateway cracks 9.2 and updates its flashcard to the OMEGA series. Genius yifanlu posts detailed blog REing the GW memchunkhax/firmlaunchhax combo and teams like SALT, roxas75, and patois quickly implement it.
February
Rxtools released. 1st legit emunand/multi-tool implementation. Anti-piracy.
May
Pasta cfw released after sig patches leaked on pastebin (hence the name). Combined with patois open source memchunkhax/firmlaunchhax (brahma) this resulted in the 1st open source cfw. No emunand.
Rxtools patched with above sig patches by ahp_person (appletinivi). Roxas does not approve, throws fit.
June
Roxas gives in, released rxtools source, adds sig patches officially. Quits scene.
Rxtools goes on to be the "it" cfw for the next several months, despite being kinda sloppily coded and a risk to inexperienced users with its dangerous arm9 power-user features built-in.
July
Ninjhax2x released. App takeover, rom hacks, and other nice things too numerous to detail.
August
Tubehax - primary userland exploit that takes advantage of the 3ds's otherwise useless Youtube app. An excellent primary entrypoint. Unfortunately patched a couple months later on all firmwares.
Ironhax - first secondary userland exploit - one that requires a primary (like tubehax) to install.
Reinand - first full featured New3ds cfw.
September
Menuhax - secondary home menu exploit that allows boot time userland execution. Fantastic when paired with cfw launchers save for the annoyingly unreliable *hax bootrates on 9.2. A favorite among homebrew peasants, and the sworn enemy of the late Margen67.
Browserhax - primary browser exploits for old/new 3ds that would be updated on and off over the coming months.
December
Sky3ds+ released. Bypasses cart-based AP in recent games and adds filesystem-based game loading among other features.
32c3 hacker conference - snshax, arm9loaderhax, memchunkhax2, ntrcardhax revealed. Userland exploits menuhax, and ironfall were updated too.
January
10.x downgrading to 9.2 released. FBI dev Steveice10 implements. Biggest PM group in the history of GBAtemp forged in secret ;p Downgrading patched with 10.4.
February
Arm9loaderhax emerges, lumbering and crushing everything in its path. Menuhax peasants begin their suffering.
Aureinand/luma3ds - fork of reinand that took the cfw's features to a new level. The authors, aurora wright and tuxsh, had a public falling out with the original author, reisukaku, and subsequently cut all ties with him by first renaming the project from aureinand to luma3ds, then removing the fork status altogether. It is currently the most popular cfw today (6/2019).
March
Aliaspider releases memchunkhax2.1, allowing downgrades to 9.2 to resume. Calls it svchax for reasons only known to him. This new k11 sploit would last through 10.7.
May
@TheCruel Releases what would probably become the most notorious (and popular) piracy app for the 3ds, Freeshop. It let you conveniently download eShop games directly to your 3ds from Nintendo's CDN without paying for them. All that was needed for any specific game was its "titlekey" to decrypt them. This required just one person to buy the game and upload the key.
Naturally, Nintendo wasn't amused by this and actually DMCA'd Freeshop's repo from Github. It was promptly rehosted on a competing git service.
July
Someone finally reveals the dsiware firm downgrade method after hinting about it for months. This allows the 9.2 downgrading to resume yet again on firms 11.0 - 11.2 (given a second fully hacked system). Nintendo privately thinks it's pretty cool, ignores it. Fieldrunners sales skyrocket.
September
Arm9loaderhax becomes even more unstoppable due to ctrnand transfer (shortens install time on both new/old 3ds) and otpless (instant new3ds install). Otpless was later scuttled (from 3ds.guide) due to a low chance of random bricking.
December
33c3. Yes, more c3 hax megatons. First off, Soundhax, a free userland primary for a system app so almost all 3ds's are vulnerable (the best userland hack ever to date). Fasthax, another k11 sploit, is revealed. Both of these are by scene newcomer nedwill, and are immediately released. Scene veteran derrek then reveals sighax, a bootrom vuln that allows one to sign arbitrary firmware code. He also reveals vague details on how he dumped the 3ds arm9/arm11 bootroms. No actual code releases from derrek though.
January
New arm9 sploit safehax is released by appleTinivi after an anon posted the method on 3dbrew.org. So now, full control is possible up to firm 11.2. People usually use this to ctrnand downgrade to 2.1, get the otp, then restore original nand and install a9lh.
February
11.3 is released and Fasthax/safehax are fixed. Firm downgrading with dsiware or hardmod is also fixed.
Gatway promises support for 11.3 and new exciting stuff for their loyal customers. Go to 9/2017 to see how that turned out.
April
@TheCruel, dev of notorious piracy app Freeshop, becomes notorious in his personal life after he is charged and convicted of child pron, and is sentenced to 20 years hard time!
He also gets banned from gbatemp, horrors!
11.4 is released fixing a previously unknown k11 vuln, udsploit. Smealum releases that exploit for those still on 11.3. Soon after, AppleTinivi updates safehax for 11.3 due to an oversight in Nintendo's previous safehax fix. A9lh masterrace resumes for a little longer.
May
33.5c3. An unofficial sequel to the blockbuster 33c3 sees sighax implemented. This version is called boot9strap, since it adds the feature of being able to dump the bootroms in software. Ntrboot, a method to hack any 3ds at boot-time with a modified DS flashcard (made possible mostly with sighax/boot9strap), is theorized and confirmed privately. Since firms can now be forged with nothing more than nand access, the dsiware transfer and hardmod methods of installing cfw resume on latest firmware using the known-plaintext attack.
June
The New2dsXL is released in Australia and it is discovered to have the same vulnerable bootroms as 3ds's manufactured 7 years ago, making people concerned for the 1000000th time if Nintendo knows what it's doing.
August
Ntrboot is finally released starting with support for just the ak2i and r4ids.cn flashcards but quickly growing to many others. A new generation of Nintendo homebrewers discovers the utter joy of trying to figure out what DS flashcard clone they actually have and if it's actually good for anything.
September
Gateway team reveals what they have been working on for the last several months: ditching their old flashcard and making a new one, of course. It's called Stargate and is supposed to be a hybrid of ntrboot card, ds card, and sky3ds. It's expensive ($80), and already has been delayed several times. Soon.
It received tepid support, and was abandoned after a few months due to people seeking out cheaper ntrboot card options.
January
Someone reveals a method to brute-force the 3ds's movable.sed with only the Local Friend Code Seed, which is obtainable in userland and below. This allows people to inject hacked dsiware and install B9S with only one 3ds. Seedminer is the name of the implementation of this vulnerability, and only requires the purchase of a $2 dsiware game if they don't already have a compatible one. This vuln is extremely versatile as it allows one to attack all encrypted contents on the sd card.
July
Nintendo releases firmware 11.8 which prepares the 3ds for new server side authentication for CDN downloads. What this means in English is that piracy apps like Freeshop (and its siblings) can no longer download pirated games directly from the eShop. @TheCruel's agony in prison increases.
August
3ds scene legend Smealum reveals his long teased arm9 exploit chain at defcon. Unfortunately, it was already patched in firmware 11.8 since he had disclosed it to the hackerone bounty previously. Additionally, he posted incomplete repos of the chain on Github. Nobody to date has been able to get any of them to work.
Smea rightfully gets a free pass on this one because he's been so awesome in the past. He deserves a little bread for all he's done for the scene.
September
A new version of Seedminer called Frogminer is released (we'll just call this family of exploits " *miner "). This utilizes an old version of the Japanese Flipnote Studio instead of Sudoku and it's injected to DS download play instead of another dsiware game. This allows this *miner sploit to be a completely free method to cfw your console!
December
11.9 releases and an unreleased browser exploit for both old/new 3ds is patched. This happened because -- you guessed it -- another hackerone bounty submission. This time it's userland sploit dev extraordinaire, MrNbaYoh.
July
Bannerbomb3 released. This is a *miner userland primary for System Settings. It was released mainly for QOL improvements to the *miner cfw chains (they're no longer dependent on free eShop titles being available and unpatched).
December
MrNbaYoh demonstrates a new cfw chain at his 36c3 conference talk. He developed a primary that can remotely takeover a 3ds in userland using streetpass tags. This sets up further exploits (developed by Tuxsh) that take over arm11 kernel (lazypixie) and arm9 (safehax 2.x). This chain was patched on firmware 11.12, released two months before the conference. They were submitted to the h1 bounty at some earlier date.
Can someone tell me the full 5 years timeline of the hacking scene?
All I know is that Smea created Homebrew
What else?
When were CIA files discovered?
What was the first game dumped as a CIA?
What was it like before A9LH?
What was it like when Plailect's guide didn't exist?
What other major things happened besides stuff like discovery of A9LH?
How was Homebrew created for the 3DS? Like how was it discovered?
How was the hacking scene from a year or two ago compared to today?
You know, stuff like that.
Also, for those of you who have been here long enough, do you like how the hacking scene today more or the one in the past?
Those are just some basic questions. If you have more to tell, then please do so.
Last edited by Pokem,
