Revision as of 12:19, 22 August 2014

Welcome to the wonderful world of 3DS Homebrew!

To run homebrew on 3DS you need a method to run custom code. There is currently only one public exploit (the MSET exploit) available which allows running unsigned code on 3DS system. A 3DS running on System version 4.1.x to 4.5.x is required for this exploit, but Smealum is working on a new vulnerability found on 3DS System version 5.0.x to 8.2.x.

The different exploits

The MSET exploit

It works on 3DS System version 4.1.x to 4.5.x

This exploit is also used by Flashcarts manufacturers to get Kernel access.

This is currently the only method to run homebrew.

To exploit this vulnerability, you need a working DS Mode flashcart for your 3DS and run a NDS Homebrew to alter the DS Profile setting. When launching the DS profile from the 3DS settings, it will launch the custom code written in the profile and allow homebrew launching.

Go tho the MSET exploit page to read information on the hack itself.

Unknown name exploit

Unreleased.

Smealum uses this exploit for his Homebrew launcher. It works on 3DS System version 5.0.x to 8.2.x.

The homebrew type

There are different types of homebrew.

The ".bin" format

This one is the first released format for homebrew binary file. It's usually inserted in a Launcher.dat file to be launched using the MSET exploit.
It can be run using homebrew explorers, but none have been released.
If you get homebrew in this format, you will need a python script to insert it into a Launcher.dat file.

---Add here links to python?---

The "Launcher.dat format"

Boot method: The homebrew is launched directly from the MSET exploit.
Filename: The homebrew filename is always "Launcher.dat" so you can't have multiple homebrew at the same time on your console.
Requirement: You need a DS flashcart to exploit the MSET vulnerability and run the Launcher.dat homebrew.
Access level: The homebrew has full Kernel level access and has access to ARM9 and ARM11 but the console's services in ARM11 are all disabled (no access to 3D sliders, sound, etc. unless you code it back yourself).

The ".3ds format":

Boot method: The homebrew is launched from a front end launcher (itself launched using a DS flashcart and the MSET exploit. It's a Homebrew Type1).
Filename: The homebrew filename can be what you want and ends with .3ds extension.
Requirement: There is currently only one front end, which is based on the work done by Smealum to create a homebrew environment, and requires a Gateway 3DS flashcart Firmware 2.2 OMEGA or newer.
Access level: The homebrew has only User level access and has access to ARM11 only. As a result, the homebrew cannot modify or access the system in any way using the current implementation of ARM11 homebrew, but the ARM11 services are available.

Launching Homebrew

The Launcher.dat format

This exploit works by using a ROP Chain to get access to Kernel level and run the homebrew. The Launcher.dat file contains two sections: The end of the ROP chain initiated by the MSET exploit, and the homebrew binary.

Gateway 3DS, which was the first to publicly release this exploit, encrypted their ROP chain to prevent flashcart clones. If you install the Gateway ROP chain, you will have to encrypt your Launcher.dat homebrew using their encryption key. If you install an open source ROP chain, you can run unencrypted homebrew but you will not be able to run Gateway 3DS until you reinstall their own ROP chain.

There are tools to quickly encrypt or decrypt Launcher.dat file to work with corresponding ROP chain.

The different ROP Chain installers

Official Gateway ROP chain installer. (No link will be share here. the installer is provided with the Gateway firmware)
ROP Chain installer, by Fierce Waffle. Open source, it's a little unstable and can brick the DS Mode of the console. It requires a full 3DS format to fix it. You will lose all your data installed on 3DS if you format it.
Alternate ROP Installer, by Drenn, based on Fierce Waffle ROP Chain. More stable than the previous one, but it fully replace your profile information. You can use ROP Installer Modifier to edit the informations to be written in the profile before installing it.
ROP MultiLoader, by SnailFace. Lets you choose easily the ROP you want to install.

Installing a ROP Chain

The ROP chain installation requires a DS Mode Flashcart to run the installer.nds program.

Choose a ROP chain installer from the list above.
Extract the NDS file if needed and place it on your MicroSD Card, then insert it in your compatible NDS Mode Flashcart.
Insert the NDS Mode flashcart in your 3DS console and launch the installer.

Note: If you launch the DS Mode again (DS Game or DS mode Flashcart) after installing the ROP Chain, the profile will be reset and the exploit deleted. You will need to install it again to launch 3DS homebrew.

Launching the Homebrew

Encrypt or Decrypt the Launcher.dat file based on the ROP chain you installed. (Gateway ROP chain requires encryption)
Place the Launcher.dat file on the root of your SD Card.
Boot the 3DS and go to Settings > Other > Profile > DS Profile.
The homebrew will launch.

The .3ds format

The .3ds format requires a front end to be launched first. There are actually two front end you can use.

Gateway 3DS Flashcart

This Front end require the Gateway 3DS Flashcart and the Omega 2.2+ firmware only. It's launched using the Launcher.dat exploit and thus works only on 3DS System version 4.0 to 4.5.

Install the Gateway 3DS ROP Chain.
Place the Gateway 2.2 Omega Launcher.dat file on the root of your SD Card.
Place your homebrew on your MicroSD Card formated as FAT32 or ExFAT, using the filename you want and .3ds extension.
Launch Gateway from the DS Profile and update your card's firmware if required.
Press Select button to list all homebrew on your MicroSD card and press A to mount it.
Launch it like a game.

The 3DS Homebrew Launcher

The 3DS Homebrew Launcher lets the user run unsigned homebrew compiled in .3ds format. It's developed by ... and exploit a vulnerability in 3DS System version 5.x to 8.x found by Smealum to run homebrew in user mode with ARM11.

You don't need a Flashcart to use it.

Launching method will be added when the Launcher is released.

Developing homebrew for 3DS

The "Official" homebrew development thread can be found on the forum from this link:

Homebrew Development

The current homebrew can be found here:

@@ Line 4: / Line 4: @@
 To run homebrew on 3DS you need a method to run custom code. There is currently only one public exploit (the MSET exploit) available which allows running unsigned code on 3DS system.
 A 3DS running on System version 4.1.x to 4.5.x is required for this exploit, but [[Smealum]] is working on a new vulnerability found on 3DS System version 5.0.x to 8.2.x.
 =The different exploits=
 ==The MSET exploit==
@@ Line 13: / Line 14: @@
 This is currently the only method to run homebrew.
-''Go tho the [[MSET exploit]] page to read information on the hack itself.''
+To exploit this vulnerability, you need a working DS Mode flashcart for your 3DS and run a NDS Homebrew to alter the DS Profile setting. When launching the DS profile from the 3DS settings, it will launch the custom code written in the profile and allow homebrew launching.
+''Go tho the [[MSET exploit]] page to read information on the hack itself.''
 ==Unknown name exploit==
 Unreleased.
@@ Line 20: / Line 25: @@
 Smealum uses this exploit for his Homebrew launcher.
 It works on 3DS System version 5.0.x to 8.2.x.
 =The homebrew type=
@@ Line 31: / Line 37: @@
 ---Add here links to python?---
 '''The "Launcher.dat format"'''
 * Boot method: The homebrew is launched directly from the MSET exploit.
@@ Line 45: / Line 51: @@
 * Requirement: There is currently only one front end, which is based on the work done by Smealum to create a homebrew environment, and requires a [[Gateway 3DS]] flashcart Firmware 2.2 OMEGA or newer.
 * Access level: The homebrew has only User level access and has access to ARM11 only. As a result, the homebrew cannot modify or access the system in any way using the current implementation of ARM11 homebrew, but the ARM11 services are available.
 =Launching Homebrew=
 ==The Launcher.dat format==
@@ Line 53: / Line 58: @@
 The Launcher.dat file contains two sections: The end of the ROP chain initiated by the MSET exploit, and the homebrew binary.
-Gateway 3DS, which are the first to use this ROP chain exploit, encrypted their ROP chain to prevent flashcart clones. If you install the Gateway ROP chain, you will have to encrypt the Launcher.dat homebrew using their encryption key.
+Gateway 3DS, which was the first to publicly release this exploit, encrypted their ROP chain to prevent flashcart clones. If you install the Gateway ROP chain, you will have to encrypt your Launcher.dat homebrew using their encryption key.
-If you install the open source ROP chain, you can run unencrypted homebrew but you will not be able to run Gateway 3DS untill you reinstall their own ROP chain.
+If you install an open source ROP chain, you can run unencrypted homebrew but you will not be able to run Gateway 3DS until you reinstall their own ROP chain.
-There are [[Applications for 3DS]] to quickly encrypt or decrypt Launcher.dat file.
+There are [[List of applications for 3DS|tools]] to quickly encrypt or decrypt Launcher.dat file to work with corresponding ROP chain.
+=== The different ROP Chain installers===
+* Official Gateway ROP chain installer. (No link will be share here. the installer is provided with the Gateway firmware)
+* [http://www.mediafire.com/download/6j9v70csj4g75it/ROPLoader.nds ROP Chain installer], by [[Fierce Waffle]]. [http://www.fiercewaffle.com/softwareArticle.php?id=10 Open source], it's a little unstable and can brick the DS Mode of the console. It requires a full 3DS format to fix it. You will lose all your data installed on 3DS if you format it.
+* [http://gbatemp.net/threads/alternate-rop-installer.361185/ Alternate ROP Installer], by [[Drenn]], based on Fierce Waffle ROP Chain. More stable than the previous one, but it fully replace your profile information. You can use [[List of applications for 3DS|ROP Installer Modifier]] to edit the informations to be written in the profile before installing it.
+* [http://filetrip.net/3ds-downloads/homebrew/download-rop-multi-loader-1-1-f32900.html ROP MultiLoader], by [[SnailFace]]. Lets you choose easily the ROP you want to install.
+===Installing a ROP Chain===
+The ROP chain installation requires a DS Mode Flashcart to run the installer.nds program.
+# Choose a ROP chain installer from the list above.
+# Extract the NDS file if needed and place it on your MicroSD Card, then insert it in your compatible NDS Mode Flashcart.
+# Insert the NDS Mode flashcart in your 3DS console and launch the installer.
-# Install the ROP chain exploit using your preferred DS Flashcart.
+Note: If you launch the DS Mode again (DS Game or DS mode Flashcart) after installing the ROP Chain, the profile will be reset and the exploit deleted. You will need to install it again to launch 3DS homebrew.
-# Encrypt or Decrypt the Launcher.dat file depending on the ROP you installed.
+===Launching the Homebrew===
+# Encrypt or Decrypt the Launcher.dat file based on the ROP chain you installed. (Gateway ROP chain requires encryption)
 # Place the Launcher.dat file on the root of your SD Card.
-# Boot the 3DS and go to Settings > Other > Profile > DS Profile
+# Boot the 3DS and go to Settings > Other > Profile > DS Profile.
 # The homebrew will launch.
 ==The .3ds format==
-The .3ds format requires a front end to be launched.
+The .3ds format requires a front end to be launched first.
+There are actually two front end you can use.
+===Gateway 3DS Flashcart===
-===Gateway 3DS Front end===
+This Front end require the Gateway 3DS Flashcart and the Omega 2.2+ firmware only.
-Works on Gateway 3DS Flashcart Omega 2.2+ only.
+It's launched using the Launcher.dat exploit and thus works only on 3DS System version 4.0 to 4.5.
 #Install the Gateway 3DS ROP Chain.
@@ Line 79: / Line 104: @@
 #Press Select button to list all homebrew on your MicroSD card and press A to mount it.
 #Launch it like a game.
+===The 3DS Homebrew Launcher===
+The 3DS Homebrew Launcher lets the user run unsigned homebrew compiled in .3ds format.
+It's developed by ... and exploit a vulnerability in 3DS System version 5.x to 8.x found by Smealum to run homebrew in user mode with ARM11.
-===3DS Homebrew Launcher===
-The 3DS Homebrew Launcher lets the user run unsigned homebrew compiled in .3ds format.
 You don't need a Flashcart to use it.
+Launching method will be added when the Launcher is released.
 =Developing homebrew for 3DS=

Difference between revisions of "3DS Homebrew"