​

​

(complete video of the talk - uploaded Oct. 22, 2018)

UPDATE (10-23-18): This hack was patched on 11.8 and was never publicly implemented
Please use Frogminer -> Free B9S cfw, works on 11.8, covers all major regions
(disclosure: Frogminer is my hack, but it serves the same purpose smeahax originally promised, so it's relevant here)​

​

It looks like our old 3DS scene pal @smealum has returned to the limelight! Famous for his groundbreaking Ninjhax, Ironhax, and Tubehax userland exploits, and the udsploit kernel11 hax, Smea is back and better than ever with a total of four new exploits set to be revealed this Saturday at Defcon 26 in Las Vegas! So if you never got on the CFW bandwagon (full control of your 3DS with all the implied benefits), you'd better come and tune in with us this Saturday at 11:00 am PT sharp!​

Slides and Additional Videos

MHAX userland
ROHAX2 priv. escalation
ZHAX kernel11
TWLHAX arm9

(please wait for the guide to be updated for instructions)
^ skeletonwaiting.gif

code for my full 3DS exploit chain is available on GitHub https://t.co/7tp679fBEO https://t.co/d98VJ0kfX3 https://t.co/BuFKA3CcSv https://t.co/yypeZTMDpN

— smea (@smealum) August 11, 2018

​

 

[illest]

Try downloading it instead of opening it in the browser. Works for me.

How did you download it?

 

[ihaveahax]

Maybe this is a dumb question but if the videos on how to do it (From smea's talk) arn't going to be released for a long time, surely it is going to be quite a while before any guide for normal users will prop up? I don't think anyone is going to do the guide from memory of the talk. Unless other people already know how to do it.

The slides and repositories with the exploits are public.

https://media.defcon.org/DEF CON 26/DEF CON 26 presentations/smea/

https://github.com/smealum/mhax
https://github.com/smealum/rohax2
https://github.com/smealum/zhax
https://github.com/smealum/twlhax

 

[Brawl345]

How did you download it?

....right click and save as? or open the file in the browser and hit save

 

[jellybeangreen2]

Just ordered myself a N3DS and it’s coming Thursday or before. Do I need a card to do NTRBoot or can this method be used, of course for below 11.8? - how does this actually work please

 

[Blue]

Just ordered myself a N3DS and it’s coming Thursday or before. Do I need a card to do NTRBoot or can this method be used, of course for below 11.8? - how does this actually work please

There's no end user instructions on how to use this yet, but yes it will work on below 11.8. And you won't need ntrboot. If the N3DS is brand new it may come on 11.3 or under in which case you won't need to wait for this method.

 

[OrGoN3]

Interesting. Attacking via PC link. Very nice.

 

[bennyman123abc]

Interesting. Attacking via PC link. Very nice.

Yes. Problem is, it's a pain in the ass to get working. Still trying to get MHax to work on 11.7 without it crashing. Are these 11.8 exploits only?

 

[lone_wolf323]

Yes. Problem is, it's a pain in the ass to get working. Still trying to get MHax to work on 11.7 without it crashing. Are these 11.8 exploits only?

i think they are 11.7 only and may of been patched on 11.8 already

 

[bennyman123abc]

i think they are 11.7 only and may of been patched on 11.8 already

I can't get it to work on 11.7, however. Perhaps already having CFW affects this...

 

[OrGoN3]

I can't get it to work on 11.7, however. Perhaps already having CFW affects this...

No idea if already having CFW affects it. And yes, these are specifically 11.7 and below. Most likely patched out in 11.8 as previously mentioned. I mean, are you sure you are doing it correctly?

 

[SRKTiberious]

Hmm.... so, if I'm reading the slides and understanding them correctly, it sounds like there's a couple new exploits to get to full ARM11 control, where we then build/load a 'malicious' DS ROM (say, a DS homebrew B9S installer) and load it from there to take over ARM9.

Am I in the ballpark on the simple explanation here?

 

[:-infern:]

These are patched cause smea sold them to Big N for $$$$. You got to get that extra lambo money even if your a senior Microsoft software security engineer at 24 lololol. $$$

 

[SpaCygnus]

Can anyone, please, explaine how to do it exactly. Not a complete guide but just a little explanation.

 

[R13]

If you want a guide then look at the PDF. No one has a guide on how to do it excatly, otherwise we would all be doing it and not waiting.

 

[bennyman123abc]

No idea if already having CFW affects it. And yes, these are specifically 11.7 and below. Most likely patched out in 11.8 as previously mentioned. I mean, are you sure you are doing it correctly?

I doubt I'm doing it correctly lmao

These are patched cause smea sold them to Big N for $$$$. You got to get that extra lambo money even if your a senior Microsoft software security engineer at 24 lololol. $$$

I doubt he did it for the money, but probably more for the ethics of it.

 

[R13]

I doubt he did it for the money, but probably more for the ethics of it.

He might of done it for the ethics/fun for it, But the money dosen't hurt.

 

[TeilzeitTaco]

I dont get the ethics point. All of his exploits are open source, so nintendo would still be able to take action even if he doesnt report it

 

[R13]

To be fair, I think he makes them open source after he has reported them to Big N

 

[naddel81]

To be fair, I think he makes them open source after he has reported them to Big N

I am quite certain that you cannot release infos you "sold" to Nintendo by contract.

Gesendet von meinem Redmi Note 4 mit Tapatalk

 

[zoogie]

I am quite certain that you cannot release infos you "sold" to Nintendo by contract.

Gesendet von meinem Redmi Note 4 mit Tapatalk

https://hackerone.com/nintendo/policy_versions?change=3567903
Read the colored text (the changes) a ways down.

(to everyone) Update on the release situation: thing's aren't going so hot.
The repos are in an incomplete state and release binaries won't be ready for an extended period.