m (basically added previous rev back, fixed reef not being at top and reworded top section) |
m (reword missed) |
||
| Line 116: | Line 116: | ||
=== January === | === January === | ||
A new arm9 exploit, safehax, is revealed by appleTinivi after an anonymous user posted the method on 3dbrew. This means that full control is possible up to firm 11.2, people usually use this to CTRNand downgrade to 2.1, get the otp.bin, and then restore original NAND and install a9lh. ( | A new arm9 exploit, safehax, is revealed by appleTinivi after an anonymous user posted the method on 3dbrew. This means that full control is possible up to firm 11.2, "people usually use this to CTRNand downgrade to 2.1, get the otp.bin, and then restore original NAND and install a9lh. " (quotes used as there isn't a better way to word this) | ||
=== February === | === February === | ||
Revision as of 19:05, 12 March 2025
Heavy adaption of zoogie's "A Pretty Brief History of the 3ds Hacking/Homebrew Scene" from the "3DS hacking scene history" section on GBAtemp.
2011
March
March marks an important date, the release of the Nintendo 3DS in the west, and the creation of 3dbrew.
June
First 3DS roms dumped
September
Crown3DS teases a promising video of a flashcard, but instead we got an Engrish website promising the community that they are progressing.
December
Release of tools that convert video to stereographic 3D video that is compatible with the app Nintendo 3DS Camera.
2012
Unknown Month
Believed that Neimod's hardware RAM dumps and internal research lead to the first userland and a9 exploits.[1]
March
The first (?) homebrew written in .cxi format, being "Hello World" written by Xcution (auther of CiTRUS, a tool that allows BaNneR and ICoN files to be made using .xbsf format)
2013
August
August of 2013 is a pretty important year of the 3DS community, as it is when Gateway-3DS released, being the entirety of homebrew in the early years. At this time, there was basic arm9 homebrew possible via an MSET exploit combined with p3ds, [1] which are python tools for the 3DS.
December
Users in the community figure out how to reverse engineered the Gateway-3DS payload to create their own NAND emulation (or redirecting). Specifically users Smealum and Yellows8 create a private payload called RedNAND.
2014
January
brickgate/brickway - A scandal where Gateway releases a FIRM that intentionally bricks 3DS's that run their software on Gateway clones such as R4 and Orange3DS.
March
The first commit of Citra [2] is released.
November
The leak of Palantine [3](cfw made by Yellows8 and other) occurred, bringing a closed source custom firmware to the public (with limitations such as the EmuNAND not being update-able, a low-boot rate, not fun to install, etc. What it did do was run cias, which caused Gateway to add this feature as well.)
The release of Sky3DS (could play clean cart roms, but no homebrew yet.)
The release of the userland exploit ninjhax [4].
2015
January
Gateway cracks 9.2 and updates their flashcards to OMEGA. User yifanlu posts a blog about reverse engineering memchunkhax/firmlaunchhax combo used by Gateway, and teams such SALT, roxas75, and patois implement quickly.
February
The release of roxas75's rxTools.
May
The release of Pasta CFW (namesake coming from the leak of sigpatches of pastebin). It combined the works of patois' Brahma (open source memchunkhax/firmlaunchhax) to make the first open source custom firmware (no emunand).
Rxtools is patched out with signatures made by ahp_person (appletinivi), and Roxas does not like this
June
Roxas eventually gives in, releasing the rxTools source and adding the sig patches in officially, then quits the scene.
(Maybe add on)
July
The release of Ninjhax2x.
August
The release of Tubehax, a primary userland exploit that took advantage of the 3DS YouTube app, unfortunately being patched a couple months later on all firmware.
The release of Ironhax, the first secondary userland exploit (this means that it requires a primary, like Tubehax, to install).
The release of Reinand, the first full featured New3DS custom firmware.
September
The release of Menuhax, a secondary home menu exploit which allows home menu userland execution.
The release of Browserhax, which are primary exploits that used the browser for the N3DS and O3DS that would be updated every so often in the coming months.
December
Sky3ds+ released. bypassing cart-based AP in recent games and adds a filesystem-based game loading feature among others.
The CCC hosts 32c3 in Hamburg, Germany, where snshax, arm9loaderhax, memchunkhax2, and ntrcardhax are revealed. The userland exploits Menuhax and Ironhax are updated as well.
2016
January
The release of 10.x downgrading to 9.2.
Downgrading patched with 10.4.
February
The reign of arm9loaderhax.
The release of Aureinand/Luma3DS, a fork of ReiNAND which took it's features to a new level. (The authors of Aureinand/Luma3DS, had a disagreement with the original author, Reisukaku, which lead to ties being cut, by first renaming Aureinand to Luma3DS, and then removing the fork status altogether.
March
The release of memchunkhax2.1 by Aliaspider, allowed downgrades to 9.2 to resume, and would last through 10.7.
May
R11
July
A user reveals the DSiWare firm downgrade method after it being hinted for months, this allowed downgrading to 9.2 to continue on firms 11.0 - 11.2.
September
Arm9loaderhax dominates the scene even more due to CTRNand Transfer (shortening the install time of both new and old 3DS) and OTPless (instant N3DS install), though OTPless was later removed (from 3ds.guide) due to random bricking.
December
Another big CCC, specifically 33c3. The announcement of Soundhax, which is a free (as opposed to ninjhax, which required Cubic Ninja, a paid game) userland primary for a system app (NIntendo 3DS Sound). This made it so almost all 3DS's were vulnerable. 33c3 also announced Fasthax, which is another k11 (arm11 kernel) exploit, also made by nedwill (creator of Soundhax). Also, at this event, scene veteran derrekr revealed sighax, which is a bootrom vulnerability that allows one to sign arbitrary firmware code, he also reveals vague detail about how he dumped the 3DS ARM9/ARM11 bootroms, though no detail about the code.[2]
Nintendo launches a bug bounty program for the 3DS, the bounties being $100 - $20,000 per exploit, this would have an affect of exploit developers moving away from public releases.
2017
January
A new arm9 exploit, safehax, is revealed by appleTinivi after an anonymous user posted the method on 3dbrew. This means that full control is possible up to firm 11.2, "people usually use this to CTRNand downgrade to 2.1, get the otp.bin, and then restore original NAND and install a9lh. " (quotes used as there isn't a better way to word this)
February
The release of firm 11.3 fixed safehax and Fasthax are fixed, this also fixes firm downgrading with DSiWare and hardmodding, if you tried, it would break the home menu.
April
11.4 is released, which fixes a previously unknown k11 (ARM11 kernel) vulnerability called udsploit, Smealum releases this exploit for those who are still on 11.3. Soon after this, AppleTinivi (creator of safehax and patcher of rxTools) updates safehax for 11.3 due to an oversight in Nintendo's previous safehax fix.
May
Another big CCC again, just kidding it's 33.5c3 (unofficial sequel). It revealed boot9strap, a firmware loader that implements a FIRM sighax signature, and is able to dump the bootroms in software (?). Ntrboot is also theorized and privately confirmed.
Since firms can now be forged with nothing more than NAND access, "the DSiWare trasnfer and hardmod methods of installing custom firmware resume on the latest firmware using the plaintext attack. " (quotes are added as it is very similar to zoogie's post)
June
The N2DSXL is released in Australia and it's discovered that it happens to have the same vulnerable bootroms as the 3DS did, 7 years ago.
August
Ntrboot is released, starting with support for just ak2i and R4 flashcards, but quickly grew to others.
September
The Gateway team reveals what they have been working on, a new flashcard called Stargate, a supposed hybrid of a ntrboot card, ds card, and Sky3DS. It was abandoned after a few months due to people seeking out cheaper options for ntrboot cards.
2018
January
A user reveals a method that brute-forces the movable.sed using only the Local Friend Code Seed (obtainable in userland). This method, called Seedminer, allowed users to inject hacked DSiWare and install boot9strap with only one 3DS.
July
Nintendo releases firm 11.8.
August
The 3DS hacking scene legend, Smealum, reveals an exploit he had long been teasing at defcon. It was an arm9 exploit chain, unfortunately already being patched in firm 11.8 because he disclosed it to the HackerOne bounty before this. In addition to this, he posted the incomplete repos on Github, but nobody to date (zoogie last edited this on October 22nd, 2023) has been able to get them to work.
September
A new version of Seedminer, called Frogminer is released, utilizing an old version of the Japanese Flipnote Studio, instead of using Sudoku and it was injected to DS Download Play instead of a DSiWare game. This allowed this specific miner exploit to be completely free.
December
Firm 11.9 was released, patching an unreleased browser exploit for both the O3DS and N3DS. All of this was caused by another HackerOne bounty submission, this time being submitted from userland exploit developer MrNbaYoh.
2019
July
The release of bannerbomb3, a userland primary for System Settings, being part of the miner series.
December
Userland exploit developer MrNbaYoh demonstrates a new custom firmware chain at his 36c3 talk. He developed a primary that could remotely takeover a 3DS in userland via StreetPass tags. This would set up further exploits developed by Tuxsh, Lazypixie which would take over the ARM11 kernel, and Safehax 2.x for ARM9. This chain was patched on firm 11.12, which was released two months before this conference, as they were submitted to the HackerOne bounty sometime earlier.
2020
April
A new exploit for the SAFE_MODE released, called unSAFE_MODE, which springs a new version of Safehax for the latest firmware 11.13.
July
Nintendo's HackerOne bounty program is ended on July 15th. [5]
August
The user zoogie releases a new browserhax for both the New and O3DS.
September
Nintendo shuts down 3DS retail production.
October
Release of Menuhax67, continuing a Yellows8 tradition, but this time zoogie makes it. Menuhax67 is a secondary exploit for the home menu. (great meme)
November
Nintendo releases firmware update 11.14.0.46, fixing a few last minute submissions of exploits from the HackerOne bounty. This also fixes zoogie's new browserhax, released in August, which makes the userland entry point to back to Seedminer.
December
After a month of cool of, required when submitting HackerOne bugs, MrNbaYoh and TuxSH disclose exploits such SSLoth, a vulnerability that allows an attacker to bypass an SSL encryption for the 3DS Network Communications, which sets up another exploit submitted to HackerOne called safecerthax. (can still be executed on 11.4 in safe mode, although being fixed on native firm and N3DS) This allowed for a full chain to boot9strap on the O3DS. During this time TuxSH updated his universal-otherapp to include a new full chain, (added smpwn, spipwn, khax and agbhax) that work on native firm. All of this with a new N3DS browser exploit called new-browserhax-XL from zoogie, made the N3DS have a full chain as well.
2021
January
Nintendo kills off Unity3DS and many debugging/dev hardware items.
April
Old-browserhax-XL is released
PabloMK7 (creator of CTGP-7) releases a semi-primary exploit for Mario Kart 7 called kartdlphax.
July
Nintendo releases firmware 11.15, patching two of zoogie's browserhax at the same time, bringing back Seedminer.
Nintendo also finishes off SSLoth by blocking it in SAFE_MODE.
2022
August
Nintendo releases 11.16, breaking TuxSH's universal-otherapp combo, because smpwn was fixed in this update.
Nintendo also lays foundation for the eShop closure, updating MINT/ESHOP to handle shutting down eShop payments, two weeks later they would update the NVER on this title due to a typo in the web data module.
December
PabloMK7 reveals ENLBufferPwn, an exploit for Mario Kart 7. Specifically an online RCE exploit which was already patched on Mario Kart 7 version 1.2. PabloMK7 disclosed this exploit as it could've led to mass bricking on consoles and online cheating.
2023
March
Another browser exploit is released for the N3DS, being Super Skaterhax.
Nintendo closes the eShop on the 27th, impacting free exploits and DSiware exploits.
May
Nintendo releases firmware version 11.17, patching bannerbomb3. This left the O3DS with no free exploit softmod for the first time in a while.
July
TuxSH and luigoalma release nimdsphax, which is a userland to arm9 exploit chain.
Zoogie releases Kartminer7, which is a Seedminer launched exploit that targets the extdata of Mario Kart 7, working on the eShop and cartridge versions of the game.
October
Zoogie releases MSET9, which is a straight to arm9 exploit. This restores free homebrew for the O3DS, it also seems to work consistently and across many different regions and firmware.
December
Zoogie (?) calls it quits and is looking forward to future challenges whilst appreciating the time "he had helping people unlock their 3DSs!" -zoogie