Homebrew Exploits

From 3dbrew
Jump to: navigation, search

Payload[edit]

Works on latest fw Name Description Supported firmwares
Only new3ds(XL) *hax payload Booted by all of the below non-sysmodule exploits. From 9.0.0-7 up to and including 11.3.0-36, 11.4.0-37 only new3ds(XL).

For the rest of this page, "Supported firmwares" refers to the exploit itself, not whether *hax payload supports it.

Standalone Homebrew Launcher Exploits[edit]

The following homebrew exploits can be executed on a previously un-exploited system. Please see the above Payload section regarding what "Supported firmwares" indicates exactly.

Works on latest fw Name Supported firmwares Requirements Author Install
No Ninjhax 1.1b From 4.0.0-7 up to and including 9.2.0-20. A cartridge or eShop version (JPN-only) of "Cubic Ninja". smea Install
Yes Ninjhax 2.x From 9.0.0-7 up to and including 11.3.0-36, 11.4.0-37 only new3ds(XL). A cartridge or eShop version (JPN-only, not available anymore for purchase) of "Cubic Ninja". smea Install
Yes freakyhax From 9.0.0-7 up to and including 11.3.0-36, 11.4.0-37 only new3ds(XL). A cartridge or eShop version (USA/EUR/JAP, not available anymore for purchase) of "Freakyform Deluxe". plutoo Install
No smilehax From 9.0.0-7 up to and including 11.0.0-33 SmileBASIC (JPN all versions up to 3.32 excluded, USA 3.31 only) plutoo Install
No BASICSploit From 9.0.0-7 up to and including 11.0.0-33 SmileBASIC (USA all versions) MrNbaYoh Install
Yes smashbroshax (beaconhax) (New 3DS only) From 9.0.0-X up to and including 11.3.0-36, 11.4.0-37 only new3ds(XL). Super Smash Bros 3DS (full-game) and a way to broadcast raw wifi beacons. The demo (prior to the updated November 2015 version) isn't usable with the *hax payloads. Game-version v1.1.3 fixed the vuln used with this, see the repo for a workaround for that. Yellows8 Install
No browserhax From 9.0.0-2 to 11.0.0-33

Note that the browser-version-check bypass is only usable prior to 10.7.0-32.

A USA, EUR, JPN, or KOR system. Yellows8 Install
No genhax (New 3DS only) From 9.9.0-X up to and including 11.2.0-X. A gamecard or eShop-install of Monster Hunter X (JPN only), and the DLC encryption key (see installer instructions). Note: the secondary exploit still works, see bellow svanheulen Install
No soundhax From 9.0.0-13 up to and including 11.3.0-36. A USA, EUR, JPN or KOR system. nedwill Install
Yes doodlebomb From 9.0.0-X(?) up to and including 11.4.0-X. An eShop-install of Swapdoodle (version 1.1.1 or lower). As of 2017-4-26, version 1.1.2 was released, blocking outdated app version from sending or receiving messages. MrNbaYoh Install

Note that ninjhax 1.x is still not obsolete. Even though ninjhax 2.x can be run on 9.3+, this was made possible (amongst other things) by sacrificing the memory remapping exploit used in ninjhax 1.x (rohax). Therefore, things like JIT engines for emulators can only be supported on ninjhax 1.x. Furthermore, ninjhax 2.x does not run on system versions below 9.0.0-X, while ninjhax 1.x does.

Secondary Exploits[edit]

Installation of these exploits requires a previously exploited system to install. After installation, they can be used on their own. Please see the above Payload section regarding what "Supported firmwares" indicates exactly.

Works on latest fw Name Supported firmwares Requirements Author Install
No ironhax From 9.5.0-X up to and including 10.3.0-X, for X up to and including 28. A copy of "Ironfall: Invasion" downloaded from eShop before August 11th, 2015. Note the updated version that was released on October 13th, 2015 is not supported. smea Install
Yes steelhax From 9.0.0-X up to and including 11.3.0-X, for X up to and including 36. A copy of Steel Diver: Sub Wars Vegaroxas Install
Yes oot3dhax From 9.0.0-X up to and including 11.3.0-X, for X up to and including 36. A gamecard or eShop-install of Legend of Zelda: Ocarina of Time 3D. Besides using the installer app, writing raw saveimages with a save dongle for example is another option. Before compression was introduced in the 2016-7-18 release, the size of the *hax payload meant the exploit can't coexist with regular saves on a physical version of the game. Yellows8 / smea et al. See here.
No menuhax JPN/USA/EUR: From 9.0.0-X up to and including 11.2.0-X.

KOR: From 9.6.0-X up to and including 11.2.0-X.

JPN/USA/EUR: Having created theme extdata through opening the official theme selector at least once. Yellows8 Download
Yes supermysterychunkhax From 9.9.0-X (USA/JPN) / 10.2.0-X (EUR) up to and including 11.1.0-X, for X up to and including 34. A gamecard or eShop-install of Pokémon Super Mystery Dungeon. Shiny Quagsire / SALT team Install.
No (v*)hax From 9.0.0-X up to and including 11.0.0-X, for X up to and including 33.

Note that 9.0.0-X is only required for the Homebrew Launcher - the game itself only requires 2.1.0-X for primitive userland code execution.

A copy of VVVVVV downloaded after March 2012 (v1). v1.1 patches out the overflow vulnerability used by (v*)hax. Shiny Quagsire / SALT team Install.
Yes humblehax From 9.0.0-X (USA/EUR) up to and including 11.2.0-X, for X up to and including 35. An eShop-install of Citizens of Earth (either v1 or v2), featured in the Humble "Friends of Nintendo" Bundle. Dazzozo / SALT team Install.
No basehaxx From 9.0.0-X up to and including 11.1.0-X, for X up to and including 34. A gamecard or eShop-install of Pokémon Omega Ruby / Alpha Sapphire. MrNbaYoh install
Yes stickerhax From 9.0.0-X up to and including 11.3.0-X. A gamecard or eShop-install of Paper Mario: Sticker Star. Yellows8 Here
Yes genhax (New 3DS only) From 9.9.0-X(JPN) or 10.3.0-X(EUR/USA) up to and including 11.3.0-X. A gamecard or eShop-install of Monster Hunter Generations or Monster Hunter X (without the game updates installed), and an internet connection during installation. svanheulen Install
Yes painthax From 9.0.0-X up to and including 11.3.0-X. An eShop-install of PixelPaint. MrNbaYoh install
No ctpkpwn_tfh From 9.9.0-X up to and including 11.3.0-X. A gamecard or eShop-install of "The Legend of Zelda: Tri Force Heroes", and an Internet connection during installation. Unless you have "CFW", ctr-httpwn >=v1.2 with the included bosshaxx on a compatible system-version is also required. If installing via ctr-httpwn, you can't do so on >=v11.4. Note that the exploit itself was not fixed. Yellows8 Install
No doodlebomb From 9.0.0-X(?) up to and including 11.4.0-X. An eShop-install of Swapdoodle. MrNbaYoh Install

Exploits without Homebrew Launcher (Not recommended)[edit]

Warning: The following exploits can run code, but are missing a 3DSX launcher. They cannot launch any homebrew in the 3DSX format.

Works on latest fw Name Supported firmwares Requirements Author Install
No browserhax (Without the loader in the 3ds_browserhax_common repo) (Old3DS) From 5.0.0-2 to 11.0.0-33 (Pre-v5.0 is supported for some versions if you manually modify the source)

(New3DS) From 9.0.0-20 to 11.0.0-33

Note that the browser-version-check bypass is only usable prior to 10.7.0-32.

An USA, EUR, or JPN system. Yellows8 Install
No Ninjhax (with specialized payloads) Up to 9.2.0-20? smea + independent developers N/A

Previous Exploits[edit]

Warning: These exploits do not work. They are exploits which no longer function at all, regardless of software or firmware revision.

Works on latest fw Name Supported firmwares Requirements Author Install
No Tubehax None. Was: From 9.0.0-X up to and including 10.1.0-X, for X up to and including 27. The YouTube application and an Internet connection. As of October 15, 2015, this is no longer usable due to an update being released which fixes the vuln used by tubehax + app update being forced (see here). smea Install

Other Homebrew Loaders[edit]

The hblauncher_loader title can be used when running under modded-FIRM which allows running unsigned titles, to boot the *hax payloads.

Sysmodule Exploits[edit]

This section is for system-module exploits, which can be run from the *hax payloads.

Works on latest fw Name Supported firmwares Requirements Author
No, still usable pre-v11.4. ctr-httpwn From 9.6.0-X up to and including 11.3.0-X. This includes bosshaxx. None Yellows8

WebKit vuln testing[edit]

See here.