kartdlphax - A Mario Kart 7 semi-primary exploit

kartdlphax - A Mario Kart 7 semi-primary exploit
kartdlphax is a semiprimary exploit for the download play mode of Mario Kart 7. It can be used to run an userland payload in an unmodified 3DS by having it connect through download play to another 3DS with Custom Firmware running the exploit.


Installation
The exploit uses a 3GX Plugin in the host system. Therefore, in order to use this exploit you need to install the 3GX Loader Luma3DS fork.

In the host console, place the .3gx file from the Releases page in the following directories depending on your game region:

  • EUR: luma/plugins/0004000000030700
  • JAP: luma/plugins/0004000000030600
  • USA: luma/plugins/0004000000030800
By default, the plugin will use the built-in otherapp payload (universal-otherap). You can place your own otherapp at /kartdlphax_otherapp.bin, but keep in mind that the hax 2.0 otherapp doesn't work currently.

Usage
  1. On the host 3ds, make sure the plugin loader is enabled from the Rosalina menu (L+Down+Select), then launch the Mario Kart 7 game matching the region of the client 3ds(es). (You will see a confirmation message in the top screen once the game launches).

  2. On the client 3ds(es), launch the download play application.

  3. On the host 3ds, select Local Multiplayer then Create Group. After that, let the client 3ds(es) join the group.

  4. Once the multiplayer menu loads on the host 3ds, select Grand Prix then 50cc then any driver combination and finally the Mushroom Cup. After a while the exploit will trigger on the client 3ds(es).
Keep in mind that while you can send the exploit to 8 consoles at the same time, the success rate seems to decrease for each console added.

Source & Download

Credits
 
Last edited by PabloMK7,

livid_hen

Well-Known Member
Newcomer
Joined
Jan 8, 2020
Messages
88
Trophies
0
Age
22
XP
302
Country
United States
This just runs the b9s installer, correct? Do we still have to put luma (or some boot.firm) on the sdcard manually?
 

Hambrew

might actually not end up getting a Steam Deck
Member
Joined
Oct 9, 2018
Messages
588
Trophies
0
Location
Yoyle City
XP
1,272
Country
United States
kartdlphax - A Mario Kart 7 semi-primary exploit
kartdlphax is a semiprimary exploit for the download play mode of Mario Kart 7. It can be used to run an userland payload in an unmodified 3DS by having it connect through download play to another 3DS with Custom Firmware running the exploit.


Installation
The exploit uses a 3GX Plugin in the host system. Therefore, in order to use this exploit you need to install the 3GX Loader Luma3DS fork.

In the host console, place the .3gx file from the Releases page in the following directories depending on your game region:

  • EUR: luma/plugins/0004000000030700
  • JAP: luma/plugins/0004000000030600
  • USA: luma/plugins/0004000000030800
(TWN, CHN and KOR regions untested).

By default, the plugin will use the built-in otherapp payload (universal-otherap). You can place your own otherapp at /kartdlphax_otherapp.bin, but keep in mind that the hax 2.0 otherapp doesn't work currently.

Usage
  1. On the host 3ds, make sure the plugin loader is enabled from the Rosalina menu (L+Down+Select), then launch the Mario Kart 7 game matching the region of the client 3ds(es). (You will see a confirmation message in the top screen once the game launches).

  2. On the client 3ds(es), launch the download play application.

  3. On the host 3ds, select Local Multiplayer then Create Group. After that, let the client 3ds(es) join the group.

  4. Once the multiplayer menu loads on the host 3ds, select Grand Prix then 50cc then any driver combination and finally the Mushroom Cup. After a while the exploit will trigger on the client 3ds(es).
Keep in mind that while you can send the exploit to 8 consoles at the same time, the success rate seems to decrease for each console added.

Source & Download

Credits
Hmm... I tried this on my broken-shoulder-buttons New 2DS XL as well as my older brother's New 3DS XL, and both times, it didn't work, just saying to restart the system. Am I supposed to put something on either system's microSD card, or am I missing something?
 

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,475
Trophies
1
Age
22
Location
Yoshi's Island
XP
3,617
Country
Spain
Hmm... I tried this on my broken-shoulder-buttons New 2DS XL as well as my older brother's New 3DS XL, and both times, it didn't work, just saying to restart the system. Am I supposed to put something on either system's microSD card, or am I missing something?
You need SafeB9SInstaller.bin in the SD card of the target system. Try it a few times as it may fail the first tries. If it still doesn't work please describe the screen colors/behaviour to figure out what's going on.
 

livid_hen

Well-Known Member
Newcomer
Joined
Jan 8, 2020
Messages
88
Trophies
0
Age
22
XP
302
Country
United States
I am trying to go from O3ds XL to N3ds XL, and It keeps saying "An error has occurred, forcing the software to close. The system will now restart." on the target 3ds, getting no color flashes. Safeb9sinstaller is on the root of the sdcard. Mk7 on the source is installed as an app, because I couldn't open a room using the cart. It just hung there.
 
Last edited by livid_hen,

Joom

 ❤❤❤
Member
Joined
Jan 8, 2016
Messages
5,996
Trophies
1
XP
5,792
Country
United States
You know how many people have wondered if something like this was possible for so long? This is what I love about the 3DS scene. It's always like "hold my beer for a couple of years, and I shall return so long as you hold my beer". It really validates all of those that ask these questions, too.
 
Last edited by Joom,

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,475
Trophies
1
Age
22
Location
Yoshi's Island
XP
3,617
Country
Spain
I am trying to go from O3ds XL to N3ds XL, and It keeps saying "An error has occurred, forcing the software to close. The system will now restart." on the target 3ds, getting no color flashes. Safeb9sinstaller is on the root of the sdcard. Mk7 on the source is installed as an app, because I couldn't open a room using the cart. It just hung there.
The connection has to be pretty good for data to transfer properly the first time. Also, just wondering, which regions are your consoles?
 

livid_hen

Well-Known Member
Newcomer
Joined
Jan 8, 2020
Messages
88
Trophies
0
Age
22
XP
302
Country
United States
The connection has to be pretty good for data to transfer properly the first time. Also, just wondering, which regions are your consoles?
There both US, and they are sitting right next to each other (less than an inch apart). I'll try reformatting the sdcard and try again a few times.
 
Last edited by livid_hen,

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,475
Trophies
1
Age
22
Location
Yoshi's Island
XP
3,617
Country
Spain
Hmmm, you're right, formatting hasn't changed anything. I also can't figure out what would be messing with the connection...
Wait, I just checked the code and it looks like the download play application isn't region free afterall. :unsure:
This exploit right now only works on EUR consoles.

This will be very difficult to fix, as CFW doesn't patch region checks in download play, so I can't run tests in order to implement other regions.
 
Last edited by PabloMK7,

raxadian

Well-Known Member
Member
Joined
Nov 10, 2018
Messages
3,191
Trophies
1
Age
38
XP
2,953
Country
Argentina
Wait, I just checked the code and it looks like the download play application isn't region free afterall. :unsure:
This exploit right now only works on EUR consoles.

This will be very difficult to fix, as CFW doesn't patch region checks in download play, so I can't run tests in order to implement other regions.

But it should work if you reset a console to the Euro region; right? And what has to be Euro region, both consoles or just the hacked one?
 

livid_hen

Well-Known Member
Newcomer
Joined
Jan 8, 2020
Messages
88
Trophies
0
Age
22
XP
302
Country
United States
This will be very difficult to fix, as CFW doesn't patch region checks in download play, so I can't run tests in order to implement other regions.

I know It's not exactly the same as being there and testing it yourself but i wouldn't be against being a guinea pig :rofl:! I wish I had the know-how to help.

Did you try a normal download play game to see if it works?

Yep, works just fine!

But it should work if you reset a console to the Euro region; right? And what has to be Euro region, both consoles or just the hacked one?

Both have to be the same region for download play to let you connect / see the open game.

But it should work if you reset a console to the Euro region; right? And what has to be Euro region, both consoles or just the hacked one?
Both would have to be European to be able to connect in the first place, but from my little understanding of this I think it's going awry on the target console.
 
Last edited by livid_hen,
General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Just pop that kid out when you want not when they want!