Well, it's time to blast this discussion wide open. GBAtemp's resident 3DS developer, smealum, has been quite busy the past couple of months developing his 3DS exploit called SSSPwn. We've seen the hundreds of discussion threads that have come up in the past, and we've seen where they all have ended up. It's time to put an end to all of this, and it's time to give you guys a taste of 3DS homebrew and what to expect out of it, straight from GBAtemp.net itself. No more speculation, no more dancing around. There is a lot more information to follow, so hit the "Continue reading" button for the rest of it!
The first post has been updated as of today, November 20th! The game to run the exploit has been revealed,and the mechanism has been revealed! Please see the end of the post for more information!
Now, I must apologize in advance. I have not been entirely honest with you guys, and I should mention that I have been working alongside smealum with this exploit since August, gaining more information as to what this exploit is all about. I am mentioning this topic because the release date of SSSpwn is truly at hand, and it's awesome to think of the potential that this exploit will bring.
This exploit is actually very simple to launch. This exploit is similar to the exploit that made Wii hacking popular - the modified boot.elf file that is placed on the root of an SD card, and launched by opening the Wii mail/message center. For those of you that don't remember, the screen glitches out, and the exploit will launch, asking to install the homebrew channel. The concept here is very similar and launched in a similar manner - why break what currently works? There's no reason to.
Activation of the Exploit
Activating the exploit is very easy. It requires a Nintendo 3DS. It could be a regular 3DS, or it could be the New Nintendo 3DS. It's very versatile. Activating the exploit begins by going to a particular link. I will not be distributing that link, but it will be available soon - I promise. Going to that link, you will be asked to input the firmware version of your Nintendo 3DS. Following that, you're going to be getting a set of directions that will instruct you on how to proceed with installing the exploit. Doing so, however, requires a Nintendo 3DS title, specifically Cubic Ninja. You will need to be connected to the internet for the installation to go smoothly. Once the exploit is installed, you will have the Homebrew Channel, not so unlike that of the Nintendo Wii, on your system. From here, you can power down the system, or remove the SD card while in the Homebrew Channel to install homebrew, which takes the form of .3DSX files. These homebrew are placed in a created directory on the 3DS SD card's root, and placed in a folder with that homebrew's name. The file is renamed boot.3dsx, and once you reinsert the SD card, the Homebrew Channel will acknowledge the presence of the application and you will be able to run homebrew!
Yep, you got that right, I got the opportunity to test some 3DS homebrew. First of all, I will note that the homebrew is in 3D. And it's actually pretty solid, so I'll have to hand it to smealum for that. Please note, though, that homebrew in its current stage is in a "work in progress" phase, so there's still things that need to be worked on.
The title I spent time working with is 3DSCraft. Yep, it's Minecraft, on the Nintendo 3DS, on the go. And dear God my camera is horrible - Minecraft 3DS looked a lot better than that mess. With a Nintendo 3DS, the operations are limited, to be developed for future, but it does its purpose - it shows people that homebrew runs. And what better way to prove this than with a picture? (Minor side note - the New Nintendo 3DS has more operations available due to the extra buttons the console has).
According to smealum, a lot of the homebrew being worked on still has stuff to fix, but the potential is out there - there's so much that could be had in terms of 3DS homebrew with this out in the wild.
So Now What? Why Should I Care?
There's still things to perfect with this exploit. It's not flawless by any means, but it's a huge first step to recognize the homebrew that is capable of running on the Nintendo 3DS. It's a very versatile exploit that can be installed on virtually any Nintendo 3DS console out there, regardless of firmware. For those that follow the homebrew scene, this is a great opportunity, once released, to start doing things with it. Think emulators. Custom games. Applications. And that is what myself and smealum hope to see as a result of this - a developing homebrew scene that helps the 3DS soar like back in the days of the Nintendo DS. Please note, however, that 3DS backups are not possible to execute on this exploit.
I mention that 3DS backups will not be compatible with smealum's exploit so long as it belongs to smealum. The way this exploit was explained to me was that the developers of Cubic Ninja were trying to essentially prevent a backdoor to exploit their code, but in the process of working on that backdoor they opened up a bigger vulnerability, which made this exploit all the more possible. There is a ton more information on smealum's dev blog that goes into the exploit details. In return for the backdoor, unauthorized code is allowed to run in arm11 but it won't be enough to break the system completely down to let people do what they want, ie piracy.
Looking at the current 4.5 version exploit for flash chips, you have two different exploits, an MSET DS User Profile exploit, providing Arm11 usermode capabilities, and a firmware vulnerability that allows arm9 code execution. The higher firmwares patched the later portion, but the exploit here swaps the firmware exploit with the ability to run arbitrary code, which in turn runs code but can't go much further than that. So this means that while smealum owns the exploit, he is absolutely not going to dabble in modifying it so that piracy can run rampant, but once the exploit goes live, there is no way to predict the course of events that will follow.
So When Can We Expect This to Come Out?
A lot of this community has waited anxiously for more information as to the release of this exploit. Well, I can give you a date as to when to expect it - and it's soon. The date that the 3DS exploit will become publicly available is November 22nd, so mark those calendars. All information will be made public at that date. There will more than likely be a follow up post to this that contains that information, but in the meantime, stay hopeful and get excited, because things are going to get good from here on out. In the meantime, though, I would like to ask that, if you want to discuss the exploit, to do so here, instead of writing hundreds of threads within the Nintendo 3DS Hacking and Homebrew forum.
Frequently Asked Questions - FAQ
So basically what is the deal with this exploit?
Think of it as a chance to run custom applications and programs on the Nintendo 3DS in the form of unauthorized code - homebrew. Emulators. Custom applications. Messaging. The possibilities are endless. This exploit is unique because it can run on virtually any 3DS console, and uses the game Cubic Ninja to modify the save file and install the Homebrew channel.
Do I need to keep my Cubic Ninja Copy? Will this exploit be permanent? Can I sell the game once I install?
You are advised to keep your copy of the title because the exploit is tied to the save of your game. It's removable by deleting the save file of Cubic Ninja. You will need the cartridge of Cubic Ninja each time you want to access the Homebrew Channel
Can I play ROMs? Will it be possible in future?
No! Smealum does not condone piracy, therefore this exploit will not play ROMs. In future though, that's a more theoretical question because it's a question of if/when. I don't know.
It's possible to remove according to smealum, but has not been worked on yet.
What does this exploit do?
This exploit allows for the running of unauthorized code in the arm11 format to allow for the future playing of custom applications. In other words, homebrew.
What versions of Cubic Ninja work?
Physical copies will work perfectly fine. For the eShop copies, this exploit only works in Japan, but the Japanese eShop pulled the title from the shop, so you're out of luck.
How much is the game?
Anywhere from $7 USD - $300 USD. It settled to an average of forty.
If I don't want to get the game, can I run this from a flash chip?
In theory, yes, although it hasn't been tested by smealum or myself.
What firmware versions run this exploit?
I'm running a 9.2 console at the moment, perfectly fine. It supports from 4.x-9.x.
Will Nintendo patch this in future?
They definitely can and will, but I don't know when. They can't change the retail version, but the later firmware versions like 9.x will most likely be patched for future.
What happens if I have a Gateway 3DS? Will this offer any significant advantages?
The honest answer here is that this exploit is still very much new, so at present there is not a large QUANTITY of things that can be done. If you wanted to play ROMs, it won't be possible yet, but who knows in future. If you want ROMs, stick to a Gateway or derivative.
Will another game be able to run this in future?
I hate crystal ball questions. It's an if/when situation that has no real answer. Possible but unlikely.
None at the moment.
Ryu, it's not quite November 22 yet. Can you give me the exploit?
Nope, sorry about that, just wait a few more days!
UPDATE #1: What's the Game?
Plans are accelerated today, and it's your lucky day! The Nintendo 3DS game in question to look for is none other than... drumroll please...
Now, I have to admit some of you guys were quite astute and got the game after a bit of thinking, and for all of you who sent me PMs, I assure you I read each and every one of them. They were quite fun to read, so thanks for giving me a good laugh, and to those that guessed correctly, congratulations! There's not exactly a prize to offer but here is a virtual cookie, I guess.
Well, anyway, as usual, GBAtemp.net will not condone sharing of the ROM for this title. And also, please again note that the exploit is not capable of launching 3DS ROMs! According to smealum himself, the exploited title will work with both the eShop and Retail version, but the eShop version is only good for the Japanese copy - which, as of late Tuesday 11/18 has been pulled from the eShop. The actual explanation and details of the exploit and how to activate it will be revealed in a few days, so get excited!
UPDATE 2 – I Have the Game, Now What?
Congratulations! You’ve been lucky enough to get your hands on the Cubic Ninja title! Well, now that you have it, you have to follow the following instructions.
- Go to this link, and enter the version of your Nintendo 3DS. The first box contains the letters O and N – O represents the Old Nintendo 3DS, and N is the New Nintendo 3DS. You can enter your console firmware version here, and select your region of usage, U, E, or J. If your console is too high up on the firmware indicators, just choose the highest version that the indicators allow. It will still work.
- There will be a QR code that will pop up.
- Place Cubic Ninja into your 3DS console, and boot it up.
- You do not need to have progress on your save file. Press the A Button on the title screen – Create – QR Code.
- Here is the tricky part. You will need to have Wifi enabled to do this, but the tricky part is to line up your camera to the QR code. You should be filling up the entire QR code in the camera box. If all goes well, you’ll see your screen glitch out and it will ask you to install the 3DS exploit. It definitely takes a bit of practice. Try different lightings if having trouble, or save the image to desktop and open it up in an image editor, and zoom in if you must.
- Once you install it, congratulations, you will have access to the Homebrew Channel.
- To add homebrew, you are allowed to remove your SD Card from within the menu, and you need to create a folder called “3DS” in the root of your SD card. For each homebrew game that you add, you need to create a special folder in the “3DS” folder, and title it the name of the homebrew application. For instance, to install 3DSCraft, you need to create a “3DSCraft” folder in the “3DS” folder, and rename the 3DSCraft file to boot.3dsx. Place the new boot.3dsx file into the 3DScraft folder, and reinsert the SD card. The Homebrew Channel will recognize it, and all should be well from here. However, if it fails, just reboot your system by holding the power key, and go back to step 5.
- Or, you can just pick up the starter kit below and just extract it to the root of the SD Card.
- Once it installs just go back to the QR code menu and it will start HB Channel automatically!
Homebrew Starter kit
Homebrew Menu Executable (Place at Root)
And that should be the rest of the information needed about this exploit! Be sure to thank smealum for all of his hard efforts, and enjoy!
To see the process in action:
Credit goes to the following:
ninjhax was put together by a very passionate team of reverse engineers/hackers/enthusiasts, including:
- smea — 3DS research, core exploit code for all versions, ctrulib improvements, hbmenu code, testing/debugging
- yellows8 — 3DS research, ctrulib improvements, auditing, help with pretty much everything
- plutoo — 3DS research, ctrulib improvements, auditing, help with pretty much everything
- fincs — 3DSX format/code, ctrulib improvements, devkitARM integration, testing
- mtheall — ctrulib improvements, hbmenu code, testing
- GEMISIS — hbmenu code, testing
- Fluto, Arkhandar — hbmenu design
- Normmatt, ichfly — general help, testing
- lobo — webpage template