If you can use the browser, I suggest that you use the new browserhax (up to 11.0.0-33!) in the meantime.

Try out Ubuntu 15.04: http://old-releases.ubuntu.com/releases/15.04/

This requires a New 3DS. The demo version doesn't work and is patched. If you have 1.1.3 or newer delete/disable the update data.
officially called smashbroshax sometimes smashax
Here is a new tool I call smashbroshax-helper. It is a graphical interface for the exploit which simplifies most of the process of broadcasting the packet. It requires almost no setup outside of creating a bootable Linux USB/DVD.

Important notes:

• This does not work on Fedora or Red Hat-based distributions because aircrack-ng needs to be compiled on it (and I can't figure out how to install the needed things).
  
• Don't use a virtual machine!
• This probably will never work on Old 3DS.

Download smashbroshax-helper beta

It is recommended that you use a live Ubuntu 15.04 image. Versions 15.10+ have issues. http://old-releases.ubuntu.com/releases/15.04/

1. Create a bootable USB/DVD with a Linux distribution (there are various guides online).
2. If possible, get a second USB/SD card/storage device, download and save the above .zip to it.
   • Don't extract the contents of it to the USB device, as it might cause problems. Just save the .zip file to it.
   • If you can't do this, you'll have to connect to the Internet while in Linux to download it.
   • If using a bootable USB, make sure you can use two ports at a time. Don't take out the Linux USB while it is being used!
3. Restart your computer and run the bootable USB/DVD you created.
4. Extract the contents of the .zip to the Desktop.
5. Open the smashbroshax-helper folder and double click "smashbroshax.sh".
6. Follow the on-screen prompts.
7. If everything goes well, you should now have homebrew!

Video demonstration, from boot to shutdown:

from https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/page-9#post-5842512

---

If you would like the full tutorial, involving terminal usage and compiling:

Spoiler: Everything

To reverse the changes to your wireless interface and remove issues connecting to networks after, rebooting your system or changing it to "Managed" instead of "monitor" should fix it. How to do that is in the second to last section.

---

@Cydget made a script that condenses most of this into a script. I have not tried it myself yet but it seems to work for others.

Spoiler

So, I made a little script for this. If anybody wants it, then unzip this file and read the readme. And yes, I like to pipe things. http://www.mediafire.com/download/oulnubnzkk9g3i0/smashhaxEZ.zip

---

Requirements

• Any Linux distribution should do (this has only been tested with Debian-based distributions). Windows and OS X users should wait or find a method for now, sorry!
  • Please do not use Linux in a virtual machine, it likely won't give direct access to your wireless card. Dual boot or use a live USB/disk.
  • The recommended distro to use is Ubuntu 15.04 (link to Ubuntu MATE 15.04).
• A Wi-Fi-capable wireless card.
• Super Smash Bros. for Nintendo 3DS Full or Demo.
• New 3DS. This does not work on Old 3DS.
• Patience. The hax is sort-of unreliable so your game will most likely crash a few times.
• Recommended: Another device to access the internet (phone, tablet, computer, console).

Preparing

• Install these packages using your package manager. For example, "apt-get" for Debian-based distributions (including Ubuntu).

  openssl libssl-dev libnl-genl-3-200 libnl-genl-3-dev libnl-3-200 libnl-3-dev pkg-config

• Find your wireless card's interface by opening a terminal and using the command "ip link". It would be something like wlan0 or wlp3s0.

  ian@ian-VPCEG34FX:~/Desktop/aircrack-ng-1.2-rc2/src$ ip link
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
      link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
  3: wlan0: <NO-CARRIER,BROADCAST,ALLMULTI,PROMISC,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc mq state DORMANT mode DORMANT group default qlen 1000
      link/ieee802.11/radiotap xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff

• You probably already have it, but get the homebrew starter kit and place it on your SD card.
• Download the smashhax .pcap files from the releases section of the smashbroshax repository.
• Determine the .pcap file to use. This should be straightforward using the file names.

  The built beacon-hax pcaps are located under "pcap_out/". In the filenames, "vXYZ" means game-version "vX.Y.Z". Full-game filenames for USA include "gameusa", while the other regions filenames include "gameother".

• Get the "Otherapp payload" from the Homebrew Launcher site and save it to "smashpayload.bin" at the root of your SD card.
  
• Download and extract aircrack-ng's latest release source.
• Save aireplay-ng.patch from the smashbroshax repository in the folder "aircrack-ng-1.2-rc2".

Compiling aircrack-ng/aireplay-ng

• Open a terminal and go to the "aircrack-ng-1.2-rc2" folder.
• Use the command "patch src/aireplay-ng.c < aireplay-ng.patch". If you get the following then it has succeeded.

  patching file src/aireplay-ng.c
  Hunk #1 succeeded at 560 (offset 1 line).
  Hunk #2 succeeded at 573 (offset 1 line).

• Run "make" and wait. The program should be compiled with the patch now. If you get the following as the last line then it has succeeded.

  make[1]: Leaving directory '/path/to/aircrack-ng-1.2-rc2/src'

The moment of truth

• Run these 3 terminal commands in order, using the wireless interface (from "ip link") you found earlier.
  
  sudo ifconfig wireless_interface down
  sudo iwconfig wireless_interface mode monitor
  sudo ifconfig wireless_interface up
  sudo iwconfig wireless_interface channel 6​
  (the last line was suggested by @difool. and might make the payload trigger faster)
• Enter the "src" folder in your terminal.
• Run the following command to start broadcasting the packet: "sudo ./aireplay-ng --interactive -r /path/to/smashbros_version_beaconhax.pcap -h 59:ee:3f:2a:37:e0 -x 10 wireless_interface"
  Use the .pcap file and wireless interface you found out earlier.
• On the 3DS system, start the game, then choose Smash and Group. Wait for the magic to happen.

Encountering errors? Something confusing?

• Does running aireplay-ng end with "End of file"? You might be running your installed version of aircrack-ng. Don't forget the ./ for "sudo ./aireplay-ng ..."!
• Please tell me the distribution you are using and the error you've encountered. This will help me fix your issue faster.
• If you don't get something, don't hesitate to point it out! I want to help anyone I can.
• Did you spot an inaccuracy or mistake I made? It would be great if you can tell me that too.
• This was before the Otherapp payload selector was added to the HBL site. This is kept here for legacy reasons or something.
  Spoiler

  • Determine what file you need to get from the Homebrew Launcher Payload section:
    
    Spoiler: Homebrew Launcher Payload

    With the release builds, the hax loads the payload from SD "/smashpayload.bin". This should contain the hb-launcher(https://smealum.github.io/3ds/) otherapp payload. Until there's a proper otherapp payload selector on the hb-launcher site, the payload can be downloaded from the following URL(see also https://github.com/smealum/sploit_installer):
    

    • "https://smealum.github.io/ninjhax2/Pvl9iD2Im5/otherapp/{PAYLOADNAME}.bin" Where {PAYLOADNAME} is: "FIRMVER_REGION_MENUVER_MSETVER".

    FIRMVER values(without quotes):
    

    • "POST5" = non-New3DS
    • "N3DS" = New3DS

    REGION values(without quotes):
    

    • "U" = USA
    • "E" = EUR
    • "J" = JPN

    MENUVER values(without quotes):
    

    • "11272": Non-JPN, system-version v9.0.
    • "12288": System-version v9.2.
    • "13330": System-version v9.3.
    • "14336": System-version v9.4.
    • "15360": System-version v9.5.
    • "16404": System-version v9.6.
    • "17415": System-version v9.7.
    • "20480_usa": USA, system-versions v9.9-v10.0.
    • "19456": Non-USA, system-versions v9.8-v10.0.

    MSETVER values(without quotes):
    

    • "8203": System-versions below v9.6.
    • "9221": System-versions starting with v9.6.

    For example, the payload URL for New3DS USA 9.9.0-X - 10.0.0-X is:https://smealum.github.io/ninjhax2/Pvl9iD2Im5/otherapp/N3DS_U_20480_usa_9221.bin
    The end result is a file named "smashpayload.bin" at the root of your SD card.

You are allowed to reproduce/reprint this tutorial, as long as a link back to this page (https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/) is included.

 

[ils123]

i skipped the warnings and tried, not sure about the save data it is a Gamefly title but from what i was reading all save data would be on th console not the cart.

edit: keep getting stuck on the red screen : ( even with the official working 1.0.1

My understanding is that the updates go on the sd card, but saved data actually lives on the cart. So it's possible we both have the same problem - that our 1.0.1 cart has >1.0.1 saved data, which is interfering with the payload delivery. I've tried about 20 times with a variety of pcaps (1.0.0 renamed to 1.0.1, ditto 1.0.2, official 1.0.1) and nothing has worked, sadly

I'm going to play around a bit more tonight, then if that doesn't work I'm going to see if I can find a friend with a hacked 3DS who can totally wipe all saved data from the cart (via the method described in that thread I linked earlier).

Anyway, let us know if you have any luck! I'll report back if I make any progress.

 

[ils123]

Well, I got a little further. I found a working 1.0.1 pcap, and I can now very consistently get to the "the homemenu ropbin is ready" message. Unfortunately that's where my luck ends. It either quickly freezes on some random color (grey or green usually), or it advances to red and then freezes. I know this hack is very much of the "crashing is expected, keep trying" variety, so I'll keep at it.

If anyone has any idea what I might be doing wrong, though, please let me know! I feel like I'm very close...

 

[Felix954]

Got it to work. https://github.com/yellows8/3ds_smashbroshax/issues/8#issuecomment-234552197

for anyone else who used smash hax and plailect guide, do i follow the guide after getting aces to homenrew launcher or try to install a secondary entry into home-brew so it an be done more easily?

 

[ils123]

Got it to work. https://github.com/yellows8/3ds_smashbroshax/issues/8#issuecomment-234552197

for anyone else who used smash hax and plailect guide, do i follow the guide after getting aces to homenrew launcher or try to install a secondary entry into home-brew so it an be done more easily?

Hey, great news - what did you do differently to get it working? Reading the comments on git, did you just have to copy that boot.3dsx at the root of your sd card? Where does that file come from?

 

[Felix954]

yes, that and a starter pack in a .zip file. it has to be downloaded at the same site where you get the custom payload for the 3DS http://smealum.github.io/3ds/ unfortunantly i'm stuck in the next step of the guide. a lot of people seem to quit and try the OOT hax at that point.
Im thinking of renting that game too and using the homebrew launcher to get the HAX onto that cartridge and downgrade it from there instead of smash bros.

 

[Ian Kalshuk]

has anyone found a fix to aireplay hanging after sending out the 93rd packet? I'm pretty sure it's not my wireless card (Intel Wireless-AC 3160 running on the iwlwifi driver) because the aircrack site says it's supported.

 

[ils123]

yes, that and a starter pack in a .zip file. it has to be downloaded at the same site where you get the custom payload for the 3DS http://smealum.github.io/3ds/ unfortunantly i'm stuck in the next step of the guide. a lot of people seem to quit and try the OOT hax at that point.
Im thinking of renting that game too and using the homebrew launcher to get the HAX onto that cartridge and downgrade it from there instead of smash bros.

Oh, I see what you mean about Step 2. I can get homebrew launcher running now, but menuhax won't install. In checking the readme, it looks like menuhax (or shufflehax which is a component of menuhax?) was patched in 10.6: https://github.com/yellows8/3ds_homemenuhax#vuln-fix-sysupdates

So if I'm on 10.7, what are my options? Is there an updated homebrew launcher with something that works in 10.7? Basically, how do I get from here to a 9.2 firmware downgrade?

 

[Felix954]

has anyone found a fix to aireplay hanging after sending out the 93rd packet? I'm pretty sure it's not my wireless card (Intel Wireless-AC 3160 running on the iwlwifi driver) because the aircrack site says it's supported.

Probably PC or Os related I've sent over 98,000 packets while trying to downgrade.

--------------------- MERGED ---------------------------

Oh, I see what you mean about Step 2. I can get homebrew launcher running now, but menuhax won't install. In checking the readme, it looks like menuhax (or shufflehax which is a component of menuhax?) was patched in 10.6: https://github.com/yellows8/3ds_homemenuhax#vuln-fix-sysupdates

So if I'm on 10.7, what are my options? Is there an updated homebrew launcher with something that works in 10.7? Basically, how do I get from here to a 9.2 firmware downgrade?

You are not trying to install menuhax yet. You are trying to downgrade from 10.7 with the files on step 2 of the guide. After that you can install menuhax.

 

[flow349]

Have anyone a pcap for 1.0.7 EUR?
I cant find it [emoji45]

 

[ils123]

You are not trying to install menuhax yet. You are trying to downgrade from 10.7 with the files on step 2 of the guide. After that you can install menuhax.

Sorry, yeah, I realized that after I posted. I've tried about 60 times over the last two hours to get past "HAX INIT..." but it simply doesn't work. I probably found the same threads you did where people using smashbroshax are stuck at this point.

Anyway, I think I give up, this isn't worth the headache. If you manage to find a solution let us know for posterity

 

[Bolegda]

I thought i did everything right but this keeps popping up when i double click smashbroshax.sh

# IF YOU ARE READING THIS
# YOU PROBABLY DID SOMETHING WRONG
#
# https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/page-9#post-5842512

# ----------------------------------------------

# this probably could be done entirely in bash
# but I couldn't figure out how to do everything
# so I just went with what I was most comfortable with

cd resources
gksudo ./lua53-$(getconf LONG_BIT) run.lua

 

[Ieattheworld]

hey can someone help me? I have done everything, I even got the server packs sharing part and the payload on my sd card but my game just crashes...I have a new 3ds xl version 11.0.0.33u and the smashbros is version 1.1.0 can someone tell me what to do so it doesnt crash anymore?

 

[Felix954]

hey can someone help me? I have done everything, I even got the server packs sharing part and the payload on my sd card but my game just crashes...I have a new 3ds xl version 11.0.0.33u and the smashbros is version 1.1.0 can someone tell me what to do so it doesnt crash anymore?

Do you have the starter pack on the root of your card? With boot.3dsx on the root?

 

[Ieattheworld]

I have these files:3ds, DCIM, Nintendo 3DS, boot.3dsx, and smashpayload.bin

 

[Ieattheworld]

so I did everything, downloaded the payload, 3ds files, the starter kit etc etc hombrew... but my new 3ds xl wont work, it just freezes then goes to home menu saying the software has to be close and the system will restart. any advice???

 

[ils123]

I thought i did everything right but this keeps popping up when i double click smashbroshax.sh

# IF YOU ARE READING THIS
# YOU PROBABLY DID SOMETHING WRONG
#
# https://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/page-9#post-5842512

# ----------------------------------------------

# this probably could be done entirely in bash
# but I couldn't figure out how to do everything
# so I just went with what I was most comfortable with

cd resources
gksudo ./lua53-$(getconf LONG_BIT) run.lua

You are using vanilla Ubuntu, not Ubuntu MATE like the instructions say. Read the last page.

so I did everything, downloaded the payload, 3ds files, the starter kit etc etc hombrew... but my new 3ds xl wont work, it just freezes then goes to home menu saying the software has to be close and the system will restart. any advice???

It sounds like you're using the wrong pcap or payload.

 

[Excelsiior]

@ihaveamac I had to recompile aireplay-ng for more recent linux distro, also fixed a bug that made your script not work on my machine (switching to "Managed" mode instead of "monitor", the former does not work with my usb wifi sticks).

I decided to write my own helper script:

• uses bash + yad instead of lua + zenity
  
• much less informative than yours
• filters out non-wireless network devices
• yad supplied (32 + 64 bit)
• aireplay-ng rebuild against new SSL (for support of recent linux distros)
• aireplay-ng supplied (32 + 64 bit)
• dynamic pcap detection
  • just put your own pcaps into the pcap directory and the script will see them allow you to chosoe them the next time you start it

https://github.com/Nanolx/smashbroshaxer

Have Fun.

 

[Bleeep]

Hi I'm having trouble troubleshooting my problem, and was hoping someone here might help? This error when terminal first launches:

ioctl(SIOCSIWMODE) failed: Operation not supported

ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
Sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either

------------------------
Press any key to continue...

My system is a Macbook Pro laptop - four or five years old. Can give more specs if needed.

 

[Excelsiior]

@ihaveamac I had to recompile aireplay-ng for more recent linux distro, also fixed a bug that made your script not work on my machine (switching to "Managed" mode instead of "monitor", the former does not work with my usb wifi sticks).

I decided to write my own helper script:

• uses bash + yad instead of lua + zenity
  
• much less informative than yours
• filters out non-wireless network devices
• yad supplied (32 + 64 bit)
• aireplay-ng rebuild against new SSL (for support of recent linux distros)
• aireplay-ng supplied (32 + 64 bit)
• dynamic pcap detection
  • just put your own pcaps into the pcap directory and the script will see them allow you to chosoe them the next time you start it

https://github.com/Nanolx/smashbroshaxer

Have Fun.

Updated to version 3.0. See readme.md for changes.

Hi I'm having trouble troubleshooting my problem, and was hoping someone here might help? This error when terminal first launches:

ioctl(SIOCSIWMODE) failed: Operation not supported

ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
Sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either

------------------------
Press any key to continue...

My system is a Macbook Pro laptop - four or five years old. Can give more specs if needed.

You may try my script instead.

@ihaveamac I found the issue in your script. You're first setting "mode managed" before doing stuff and "mode monitor" afterwards. It should actually be the other way round, thus it doesn't work.

 

[Bleeep]

Updated to version 3.0. See readme.md for changes.



You may try my script instead.
.

Thanks, When I try your script, it crashes when I try to run !hax my smash.