another site used https://wololo.net/2016/12/28/33c3-3ds-bootrom-cracked-sign-firmwares/, make this better later
(Note that this is still being worked on, and this is basically a heavy adaption of zoogie's "A Pretty Brief History of the 3ds Hacking/Homebrew Scene" from the "3DS hacking scene history" section on GBAtemp)
2011
March
March marks an important date, the release of the Nintendo 3DS in the west, and the creation of 3dbrew.
June
Not sure about info (come back to later)
September
Crown3DS teases a promising video of a flashcard, but instead we got an Engrish website promising the community that they are progressing.
December
Release of tools that convert video to stereographic 3D video that is compatible with the 3DS photo app (maybe paraphrase and look into this more)
2012
Unknown Month
Believed that Neimod's hardware RAM dumps and internal research lead to the first userland and a9 exploits.[1]
March
The first (?) homebrew written in .cxi format, being "Hello World" written by Xcution (auther of CiTRUS,
2013
August
August of 2013 is a pretty important year of the 3DS community, as it is when Gateway-3DS released, being the entirety of homebrew in the early years. At this time, there was basic arm9 homebrew possible via an MSET exploit combined with p3ds, [1] which are python tools for the 3DS.
December
Users in the community figure out how to reverse engineered the Gateway-3DS payload to create their own NAND emulation (or redirecting). Specifically users Smealum and Yellows8 create a private payload called RedNAND.
2014
January
brickgate/brickway - A scandal where Gateway releases a FIRM that intentionally bricks 3DS's that run their software on Gateway clones such as R4 and Orange3DS.
March
The first commit of Citra [2] is released.
November
The leak of Palantine [3](cfw made by Yellows8 and other) occurred, bringing a closed source custom firmware to the public (with limitations such as the EmuNAND not being update-able, a low-boot rate, not fun to install, etc. What it did do was run cias, which caused Gateway to add this feature as well.)
The release of Sky3DS (could play clean cart roms, but no homebrew yet.)
The release of the userland exploit ninjhax [4].
2015
January
Gateway cracks 9.2 and updates their flashcards to OMEGA. User yifanlu posts a blog about reverse engineering memchunkhax/firmlaunchhax combo used by Gateway, and teams such SALT, roxas75, and patois implement quickly.
February
The release of roxas75's rxTools.
May
The release of Pasta CFW (namesake coming from the leak of sigpatches of pastebin). It combined the works of patois' Brahma (open source memchunkhax/firmlaunchhax) to make the first open source custom firmware (no emunand).
Rxtools is patched out with signatures made by ahp_person (appletinivi), and Roxas does not like this
June
Roxas eventually gives in, releasing the rxTools source and adding the sig patches in officially, then quits the scene.
(Maybe add on)
July
The release of Ninjhax2x.
August
The release of Tubehax, a primary userland exploit that took advantage of the 3DS YouTube app, unfortunately being patched a couple months later on all firmware.
The release of Ironhax, the first secondary userland exploit (this means that it requires a primary, like Tubehax, to install).
The release of Reinand, the first full featured New3DS custom firmware.
September
The release of Menuhax, a secondary home menu exploit which allows boot time userland execution (maybe change up wording, very very close to original).
The release of Browserhax, which are primary exploits that used the browser for the N3DS and O3DS that would be updated every so often in the coming months.
December
Sky3ds+ released. bypassing cart-based AP in recent games and adds a filesystem-based game loading feature among others.
The CCC hosts 32c3 in Hamburg, Germany, where snshax, arm9loaderhax, memchunkhax2, and ntrcardhax are revealed. The userland exploits Menuhax and Ironhax (not sure whether to put Ironfall or hax as it is typed out as Ironfall on gbatemp page used for most, if not all of this) are updated as well.
2016
January
The release of 10.x downgrading to 9.2.
Downgrading patched with 10.4.
February
The reign of arm9loaderhax.
The release of Aureinand/Luma3DS, a fork of ReiNAND which took it's features to a new level. (The authors of Aureinand/Luma3DS, had a disagreement with the original author, Reisukaku, which lead to ties being cut, by first renaming Aureinand to Luma3DS, and then removing the fork status altogether.
March
The release of memchunkhax2.1 by Aliaspider, allowed downgrades to 9.2 to resume, and would last through 10.7.
May
(Not sure if it should be put here)
July
A user reveals the DSiWare firm downgrade method after it being hinted for months, this allowed downgrading to 9.2 to continue on firms 11.0 - 11.2.
September
Arm9loaderhax dominates the scene even more due to CTRNand Transfer (shortening the install time of both new and old 3DS) and OTPless ( instant N3DS install), though OTPless was later removed (from 3ds.guide) due to random bricking.
December
Another big CCC, specifically 33c3. The announcement of Soundhax, which is a free (as opposed to ninjhax, which required Cubic Ninja, a paid game) userland primary for a system app (NIntendo 3DS Sound). This made it so almost all 3DS's were vulnerable. 33c3 also announced Fasthax, which is another k11 (arm11 kernel) exploit, also made by nedwill (creator of Soundhax). Also, at this event, scene veteran derrekr revealed sighax, which is a bootrom vulnerability that allows one to sign arbitrary firmware code, he also reveals vague detail about how he dumped the 3DS ARM9/ARM11 bootroms, no code releases. (Maybe reword this as it is close to original)
Nintendo launches a bug bounty program for the 3DS, the bounties being $100 - $20,000 per exploit, this would have an affect of exploit developers moving away from public releases (probably reword this)
2017
January
A new arm9 exploit, safehax, is revealed by appleTinivi after an anonymous user posted the method on 3dbrew. This means that full control is possible up to firm 11.2, people usually use this to CTRNand downgrade to 2.1, get the otp.bin, and then restore original NAND and install a9lh. (try rewording)
February
The release of firm 11.3 fixed safehax and Fasthax are fixed, this also fixes firm downgrading with DSiWare and hardmodding, if you tried, it would break the home menu.
April
11.4 is released, which fixes a previously unknown k11 (ARM11 kernel) vulnerability called udsploit, Smealum releases this exploit for those who are still on 11.3. Soon after this, AppleTinivi (creator of safehax and patcher of rxTools?) updates safehax for 11.3 due to an oversight in Nintendo's previous safehax fix. (probably reword as this is basicaly exact words)
May
Another big CCC again, just kidding it's 33.5c3 (unofficial sequel). It revealed boot9strap, a firmware loader that implements a FIRM sighax signature, and is able to dump the bootroms in software (?). Ntrboot is also theorized and privately confirmed.
Since firms can now be forged with nothing more than NAND access (reword), the DSiWare trasnfer and hardmod methods of installing custom firmware resume on the latest firmware using the plaintext attack. (reword its basically copied)
June
The N2DSXL is released in Australia and it's discovered that it happens to have the same vulnerable bootroms as the 3DS did, 7 years ago.
August
Ntrboot is released, starting with support for just ak2i and R4 flashcards, but quickly grew to others. (maybe add line under)
September
The Gateway team reveals what they have been working on, a new flashcard called Stargate, a supposed hybrid of a ntrboot card, ds card, and Sky3DS. It was abandoned after a few months due to people seeking out cheaper options for ntrboot cards.
2018
January
A user reveals a method that brute-forces the movable.sed using only the Local Friend Code Seed (obtainable in userland). This method, called Seedminer, allowed users to inject hacked DSiWare and install boot9strap with only one 3DS. (maybe add more info)
July
Nintendo releases firm 11.8.
August
The 3DS hacking scene legend, Smealum, reveals an exploit he had long been teasing at defcon. It was an arm9 exploit chain, unfortunately already being patched in firm 11.8 because he disclosed it to the HackerOne bounty before this. In addition to this, he posted the incomplete repos on Github, but nobody to date (zoogie last edited this on October 22nd, 2023) has been able to get them to work.
September
A new version of Seedminer, called Frogminer is released, utilizing an old version of the Japanese Flipnote Studio, instead of using Sudoku and it was injected to DS Download Play instead of a DSiWare game. This allowed this specific miner exploit to be completely free.
December
Firm 11.9 was released, patching an unreleased browser exploit for both the O3DS and N3DS. All of this was caused by another HackerOne bounty submission, this time being submitted from userland exploit developer MrNbaYoh.
2019
July
The release of bannerbomb3, a userland primary for System Settings, being part of the miner series.