Revision as of 17:49, 21 August 2014

Welcome to the wonderful world of 3DS Homebrew!

To run homebrew on 3DS you need a method to run custom code. There is currently only one public exploit (the MSET exploit) available which allows running unsigned code on 3DS system. A 3DS running on System version 4.1.x to 4.5.x is required for this exploit, but Smealum is working on a new vulnerability found on 3DS System version 5.0.x to 8.2.x.

The different exploits

The MSET exploit

It works on 3DS System version 4.1.x to 4.5.x

This exploit is also used by Flashcarts manufacturers to get Kernel access.

This is currently the only method to run homebrew.

Go tho the MSET exploit page to read information on the hack itself.

Unknown name exploit

Unreleased.

Smealum uses this exploit for his Homebrew launcher. It works on 3DS System version 5.0.x to 8.2.x.

The homebrew type

There are different types of homebrew.

The ".bin" format

This one is the first released format for homebrew binary file. It's usually inserted in a Launcher.dat file to be launched using the MSET exploit.
It can be run using homebrew explorers, but none have been released.
If you get homebrew in this format, you will need a python script to insert it into a Launcher.dat file.

---Add here links to python?---

The "Launcher.dat format"

Boot method: The homebrew is launched directly from the MSET exploit.
Filename: The homebrew filename is always "Launcher.dat" so you can't have multiple homebrew at the same time on your console.
Requirement: You need a DS flashcart to exploit the MSET vulnerability and run the Launcher.dat homebrew.
Access level: The homebrew has full Kernel level access and has access to ARM9 and ARM11 but the console's services in ARM11 are all disabled (no access to 3D sliders, sound, etc. unless you code it back yourself).

The ".3ds format":

Boot method: The homebrew is launched from a front end launcher (itself launched using a DS flashcart and the MSET exploit. It's a Homebrew Type1).
Filename: The homebrew filename can be what you want and ends with .3ds extension.
Requirement: There is currently only one front end, which is based on the work done by Smealum to create a homebrew environment, and requires a Gateway 3DS flashcart Firmware 2.2 OMEGA or newer.
Access level: The homebrew has only User level access and has access to ARM11 only. As a result, the homebrew cannot modify or access the system in any way using the current implementation of ARM11 homebrew, but the ARM11 services are available.

Launching Homebrew

The Launcher.dat format

This exploit works by using a ROP Chain to get access to Kernel level and run the homebrew. The Launcher.dat file contains two sections: The end of the ROP chain initiated by the MSET exploit, and the homebrew binary.

Gateway 3DS, which are the first to use this ROP chain exploit, encrypted their ROP chain to prevent flashcart clones. If you install the Gateway ROP chain, you will have to encrypt the Launcher.dat homebrew using their encryption key. If you install the open source ROP chain, you can run unencrypted homebrew but you will not be able to run Gateway 3DS untill you reinstall their own ROP chain.

There are Applications for 3DS to quickly encrypt or decrypt Launcher.dat file.

Install the ROP chain exploit using your preferred DS Flashcart.
Encrypt or Decrypt the Launcher.dat file depending on the ROP you installed.
Place the Launcher.dat file on the root of your SD Card.
Boot the 3DS and go to Settings > Other > Profile > DS Profile
The homebrew will launch.

The .3ds format

The .3ds format requires a front end to be launched.

Gateway 3DS Front end

Works on Gateway 3DS Flashcart Omega 2.2+ only.

Install the Gateway 3DS ROP Chain.
Place the Gateway 2.2 Omega Launcher.dat file on the root of your SD Card.
Place your homebrew on your MicroSD Card formated as FAT32 or ExFAT, using the filename you want and .3ds extension.
Launch Gateway from the DS Profile and update your card's firmware if required.
Press Select button to list all homebrew on your MicroSD card and press A to mount it.
Launch it like a game.

3DS Homebrew Launcher

The 3DS Homebrew Launcher lets the user run unsigned homebrew compiled in .3ds format. You don't need a Flashcart to use it.

Developing homebrew for 3DS

The "Official" homebrew development thread can be found on the forum from this link:

Homebrew Development

The current homebrew can be found here:

@@ Line 1: / Line 1: @@
 Welcome to the wonderful world of 3DS Homebrew!
-There are currently two different types of homebrew for the 3DS, and both require a 3DS running firmware 4.1.X to 4.5.X. There are ARM9-mode and ARM11-mode homebrew. They are named aptly for their running points within the 3DS hardware. ARM9 homebrew can be run simply by installing the [http://gbatemp.net/threads/alternate-rop-installer.361185/ public ROPLoader] and then placing the homebrew's launcher (launcher.dat) on the console's SD card root and running it from the NDS Settings exploit. ARM11 homebrew, with the exception of a few that run on a broken ARM11 mode which has no 3DS service access, on the other hand, is currently only available on the [[Gateway_3DS|Gateway]]-Team's launcher. This means that, currently, you need a 3DS flashcard from team [[Gateway_3DS|Gateway]] in order to try out most ARM11 homebrew publicly and you must use their most recent firmware (at the time of writing) known as Gateway Omega 2.2. ARM11 homebrew is also limited to usermode-level commands, unlike ARM9 homebrew which is in full kernel mode. As a result, you cannot modify the system in any way using the current implementation of ARM11 homebrew.
+To run homebrew on 3DS you need a method to run custom code. There is currently only one public exploit (the MSET exploit) available which allows running unsigned code on 3DS system.
+A 3DS running on System version 4.1.x to 4.5.x is required for this exploit, but [[Smealum]] is working on a new vulnerability found on 3DS System version 5.0.x to 8.2.x.
+=The different exploits=
+==The MSET exploit==
+It works on 3DS System version  4.1.x to 4.5.x
+This exploit is also used by Flashcarts manufacturers to get Kernel access.
+This is currently the only method to run homebrew.
+''Go tho the [[MSET exploit]] page to read information on the hack itself.''
+==Unknown name exploit==
+Unreleased.
+Smealum uses this exploit for his Homebrew launcher.
+It works on 3DS System version 5.0.x to 8.2.x.
+=The homebrew type=
+There are different types of homebrew.
+'''The ".bin" format'''
+* This one is the first released format for homebrew binary file. It's usually inserted in a Launcher.dat file to be launched using the MSET exploit.
+* It can be run using homebrew explorers, but none have been released.
+* If you get homebrew in this format, you will need a python script to insert it into a Launcher.dat file.
+---Add here links to python?---
+'''The "Launcher.dat format"'''
+* Boot method: The homebrew is launched directly from the MSET exploit.
+* Filename: The homebrew filename is always "Launcher.dat" so you can't have multiple homebrew at the same time on your console.
+* Requirement: You need a DS flashcart to exploit the MSET vulnerability and run the Launcher.dat homebrew.
+* Access level: The homebrew has full Kernel level access and has access to ARM9 and ARM11 but the console's services in ARM11 are all disabled (no access to 3D sliders, sound, etc. unless you code it back yourself).
+'''The ".3ds format"''':
+* Boot method: The homebrew is launched from a front end launcher (itself launched using a DS flashcart and the MSET exploit. It's a Homebrew Type1).
+* Filename: The homebrew filename can be what you want and ends with .3ds extension.
+* Requirement: There is currently only one front end, which is based on the work done by Smealum to create a homebrew environment, and requires a [[Gateway 3DS]] flashcart Firmware 2.2 OMEGA or newer.
+* Access level: The homebrew has only User level access and has access to ARM11 only. As a result, the homebrew cannot modify or access the system in any way using the current implementation of ARM11 homebrew, but the ARM11 services are available.
+=Launching Homebrew=
+==The Launcher.dat format==
+This exploit works by using a ROP Chain to get access to Kernel level and run the homebrew.
+The Launcher.dat file contains two sections: The end of the ROP chain initiated by the MSET exploit, and the homebrew binary.
+Gateway 3DS, which are the first to use this ROP chain exploit, encrypted their ROP chain to prevent flashcart clones. If you install the Gateway ROP chain, you will have to encrypt the Launcher.dat homebrew using their encryption key.
+If you install the open source ROP chain, you can run unencrypted homebrew but you will not be able to run Gateway 3DS untill you reinstall their own ROP chain.
+There are [[Applications for 3DS]] to quickly encrypt or decrypt Launcher.dat file.
+# Install the ROP chain exploit using your preferred DS Flashcart.
+# Encrypt or Decrypt the Launcher.dat file depending on the ROP you installed.
+# Place the Launcher.dat file on the root of your SD Card.
+# Boot the 3DS and go to Settings > Other > Profile > DS Profile
+# The homebrew will launch.
+==The .3ds format==
+The .3ds format requires a front end to be launched.
+===Gateway 3DS Front end===
+Works on Gateway 3DS Flashcart Omega 2.2+ only.
+#Install the Gateway 3DS ROP Chain.
+#Place the Gateway 2.2 Omega Launcher.dat file on the root of your SD Card.
+#Place your homebrew on your MicroSD Card formated as FAT32 or ExFAT, using the filename you want and .3ds extension.
+#Launch Gateway from the DS Profile and update your card's firmware if required.
+#Press Select button to list all homebrew on your MicroSD card and press A to mount it.
+#Launch it like a game.
+===3DS Homebrew Launcher===
+The 3DS Homebrew Launcher lets the user run unsigned homebrew compiled in .3ds format.
+You don't need a Flashcart to use it.
+=Developing homebrew for 3DS=
 The "Official" homebrew development thread can be found on the forum from this link:

Difference between revisions of "3DS Homebrew"