Payload #
| Works on latest fw | Name | Description | Supported firmwares |
|---|---|---|---|
| Yes | π *hax payload | Booted by all of the below non-sysmodule exploits. No longer needed as of π Luma 8.0 | From 9.0.0-7 up to 11.9.0-42. |
For the rest of this page, “Supported firmwares” refers to the exploit itself, not whether *hax payload supports it.
Standalone Homebrew Launcher Exploits #
The following homebrew exploits can be executed on a previously un-exploited system. Please see the above Payload section regarding what “Supported firmwares” indicates exactly.
| Works on latest fw | Name | Supported firmwares | Requirements | Author | Install |
|---|---|---|---|---|---|
| No | Ninjhax 1.1b | From 4.0.0-7 up to and including 9.2.0-20. | A cartridge or eShop version (JPN-only) of “Cubic Ninja”. | smea | π Install |
| Yes | Ninjhax 2.x | From 9.0.0-7 up to and including 11.9.X. | A cartridge or eShop version (JPN-only, not available anymore for purchase) of “Cubic Ninja”. | smea | π Install |
| Yes | π freakyhax | From 9.0.0-7 up to and including 11.9.X. | A cartridge or eShop version (USA/EUR/JPN, not available anymore for purchase) of “Freakyform Deluxe”. | plutoo | π Install |
| No | π smilehax | From 9.0.0-7 up to and including 11.0.0-33 | SmileBASIC (JPN all versions up to 3.32 excluded, USA 3.31 only) | plutoo | π Install |
| Yes | π smilehax IIe | From 9.0.0-7 up to and including 11.13.0-45 | SmileBASIC (JPN version 3.3.2 via app downgrade, USA/EUR 3.6.0, aka latest app version) | zoogie | π Install |
| No | π BASICSploit | From 9.0.0-7 up to and including 11.0.0-33 | SmileBASIC (USA all versions) | MrNbaYoh | π Install |
| Yes | smashbroshax (beaconhax) | (New 3DS only) From 9.0.0-X up to and including 11.9.0-37. | Super Smash Bros 3DS (full-game) and a way to broadcast raw wifi beacons. The demo (prior to the updated November 2015 π version) isn’t usable with the *hax payloads. Game-version v1.1.3 fixed the vuln used with this, see the repo for a workaround for that. | Yellows8 | π Install |
| No | browserhax | From 9.0.0-2 to 11.0.0-33 Note that the browser-version-check bypass is only usable prior to 10.7.0-32. | A USA, EUR, JPN, or KOR system. | Yellows8 | π Install |
| No | π genhax | (New 3DS only) From 9.9.0-X up to and including 11.2.0-X. | A gamecard or eShop-install of Monster Hunter X (JPN only), and the DLC encryption key (see installer instructions). Note: the secondary exploit still works, see bellow | svanheulen | π Install |
| No | π soundhax | From 9.0.0-13 up to and including 11.3.0-36. | A USA, EUR, JPN or KOR system. | nedwill | π Install |
| Yes | π doodlebomb | From 9.0.0-X(?) up to and including 11.6.0-X. | An eShop-install of Swapdoodle (version 1.1.1 or lower). As of 2017-4-26, version 1.1.2 was released, blocking outdated app version from sending or receiving messages. | MrNbaYoh | π Install |
| yes | π MSET9 | From ‘‘1.1.7=X (?) up to and including 11.9.0. | MSET 9 is a exploit installer that can be used on all platforms. It is basic and easy to use. | Zoogie | π Install |
| Yes | π RPwnG 2 | From 1.1.7-X(?) up to and including 11.9.0-X. | A digital copy of RPG Maker Player (free) ver. 1.1.4 on EUR, ver. 1.1.2 on USA. A 3DS on firmware 11.7. | MrNbaYoh | π Install |
| Only if installed before August 28, 2017 | π RPwnG | From 9.0.0-X(?) up to and including 11.9.0-X. | An digital copy of RPG Maker Player (free) ver. 1.1.4 on EUR, ver. 1.1.2 on USA/JPN is required. As of August 28, 2017 the code is instantly removed after publishing. | MrNbaYoh | π Install |
| No | π notehax | From 9.9.0-X up to and including 11.5.0-X. | A digital copy of Flipnote Studio 3D on ver 1.3.1 (JPN) and ver 1.0.0 for EUR/USA (not the latest) | MrNbaYoh | π Install |
| Only if you already purchased Blockfactory before it was removed from the eShop | π haxfactory | From 9.0.0-X(?) up to and including 11.9.0-X. | A digital copy of “Blockfactory” (USA/EUR) | Stary2001 | π Install |
Secondary Exploits #
Installation of these exploits requires a previously exploited system to install. After installation, they can be used on their own. Please see the above Payload section regarding what “Supported firmwares” indicates exactly.
| Works on latest fw | Name | Supported firmwares | Requirements | Author | Install |
|---|---|---|---|---|---|
| No | ironhax | From 9.5.0-X up to and including 10.3.0-X, for X up to and including 28. | A copy of “Ironfall: Invasion” downloaded from eShop before August 11th, 2015. Note the updated version that was released on October 13th, 2015 is not supported. | smea | π Install |
| Yes | π steelhax | From 9.0.0-X up to and including 11.9.0-X | A copy of Steel Diver: Sub Wars | Vegaroxas | π Install |
| Yes | π oot3dhax | From 9.0.0-X up to and including 11.9.0-X, for X up to and including 39. | A gamecard or eShop-install of Legend of Zelda: Ocarina of Time 3D. Besides using the installer app, writing raw saveimages with a save dongle for example is another option. Before compression was introduced in the 2016-7-18 release, the size of the *hax payload meant the exploit can’t co-exist with regular saves on a physical version of the game. | Yellows8 / smea et al. | See π here. |
| No | menuhax | JPN/USA/EUR: From 9.0.0-X up to and including 11.2.0-X. KOR: From 9.6.0-X up to and including 11.2.0-X. | JPN/USA/EUR: Having created theme extdata through opening the official theme selector at least once. | Yellows8 | π Download |
| Yes | π supermysterychunkhax | From 9.9.0-X (USA/JPN) / 10.2.0-X (EUR) up to 11.9.0-X. | A gamecard or eShop-install of PokΓ©mon Super Mystery Dungeon. | Shiny Quagsire / SALT team | π Install. |
| No | π (v*)hax | From 9.0.0-X up to and including 11.0.0-X, for X up to and including 33. Note that 9.0.0-X is only required for the Homebrew Launcher - the game itself only requires 2.1.0-X for primitive userland code execution. | A copy of VVVVVV downloaded after March 2012 (v1). v1.1 patches out the overflow vulnerability used by (v*)hax. | Shiny Quagsire / SALT team | π Install. |
| Yes | π humblehax | From 9.0.0-X (USA/EUR) up to and including 11.9.0-X. | An eShop-install of Citizens of Earth (either v1 or v2), featured in the Humble “Friends of Nintendo” Bundle. | Dazzozo / SALT team | π Install. |
| No | π basehaxx | From 9.0.0-X up to and including 11.1.0-X. | A gamecard or eShop-install of PokΓ©mon Omega Ruby / Alpha Sapphire v1 or v1.4 with the ability to have a secret base. | MrNbaYoh | π install |
| Yes | π stickerhax | From 9.0.0-X up to and including 11.6.0-X. | A gamecard or eShop-install of Paper Mario: Sticker Star. | Yellows8 | π Here |
| Yes | π genhax | (New 3DS only) From 9.9.0-X(JPN) or 10.3.0-X(EUR/USA) up to and including 11.3.0-X. | A gamecard or eShop-install of Monster Hunter Generations or Monster Hunter X (without the game updates installed), and an internet connection during installation. | svanheulen | π Install |
| Yes | π painthax | From 9.0.0-X up to and including 11.6.0-X. | An eShop-install of Pixel Paint. | MrNbaYoh | π install |
| No | π ctpkpwn_tfh | From 9.9.0-X up to and including 11.3.0-X. | A gamecard or eShop-install of “The Legend of Zelda: Tri Force Heroes”, and an Internet connection during installation. Unless you have “CFW”, ctr-httpwn >=v1.2 with the included bosshaxx on a compatible system-version is also required. If installing via ctr-httpwn, you can’t do so on >=v11.4. Note that the exploit itself was not fixed. | Yellows8 | π Install |
| No | π doodlebomb | From 9.0.0-X(?) up to and including 11.4.0-X. | An eShop-install of Swapdoodle. | MrNbaYoh | π Install |
| Only if installed before August 28, 2017 | π RPwnG3 | From 9.0.0-X(?) up to and including 11.12.0-X. | A Digital/Physical copy of “RPGMaker Fes Player/RPGMaker Fes” (USA/JPN 1.1.2 or lower ; EUR 1.1.4 or lower). | ChampionLeake | π Install |
| Yes | π nitpic3d | From 9.6.0-X(?) up to and including 11.13.0-X. | A digital or physical of Picross 3D: Round 2 | Luigoalma and Kartik | π Install |
| Yes | π kartdlphax | All system versions work. | A digital or physical of Mario Kart 7 for the same region as both consoles | PabloMK7 | π Install |
Exploits without Homebrew Launcher #
Warning: The following exploits can run code, but are missing a 3DSX launcher. They cannot launch any homebrew in the 3DSX format, but could still prove useful by chaining to exploits with higher privileges.
| Works on latest fw | Name | Supported firmwares | Requirements | Author | Install |
|---|---|---|---|---|---|
Yes | safecerthax (Safe Mode System Updater) | (Old3DS (2DS) (XL)) ALL (New3DS (New2DS) (XL)) NOT SUPPORTED | An O3DS or O2DS that can be booted into Recovery Mode (hold L+R+Up+A at startup) & an internet connection. | MrNbaYoh | Install |
Yes (partially) | bannerbomb3 (System Settings) | (USA / EUR / JPN) 11.5.0 to
11.16.0 (KOR / TWN) (11.4.0) 11.5.0 to latest An exploit that uses a buffer overflow in a TWL export banner's title strings to gain rop execution. | A USA, EUR, JPN, KOR, or TWN system with its movable.sed keyY extracted. | zoogie | Install |
No | browserhax (Without the loader in the 3ds_browserhax_common repo) | (Old3DS) From 5.0.0-2 to
11.0.0-33 (Pre-v5.0 is supported for some versions if
you manually modify the source) (New3DS) From 9.0.0-20 to 11.0.0-33 Note that the browser-version-check bypass is only usable prior to 10.7.0-32. | An USA, EUR, or JPN system. | Yellows8 | Install |
No | Ninjhax (with specialized payloads) | Up to 9.2.0-20? | smea + independent developers | N/A |
Previous Exploits #
Warning: These exploits do not work. They are exploits which no longer function at all, regardless of software or firmware revision.
| Works on latest fw | Name | Supported firmwares | Requirements | Author | Install |
|---|---|---|---|---|---|
| No | Tubehax | None. Was: From 9.0.0-X up to and including 10.1.0-X, for X up to and including 27. | The YouTube application and an Internet connection. As of October 15, 2015, this is no longer usable due to an update being released which fixes the vuln used by tubehax + app update being forced (see here). | smea | π Install |
Other Homebrew Loaders #
The π hblauncher_loader title can be used when running under modded-FIRM which allows running unsigned titles, to boot the *hax payloads.
π Luma3DS, apart from providing signature patches for the installation and use of custom titles, includes the “Rosalina” system module, which among its features allows cleanly loading 3dsx applications as a native process with full ARM11 system permissions, by replacing an installed title’s ExeFS and ExHeader during load time. It is currently the only option for running 3dsx applications on 11.4+ O3DSes; additionally, the *hax 2.x payload is incompatible with Rosalina and therefore so are homebrew applications requiring its target title system.
Sysmodule Exploits #
This section is for system-module exploits, which can be run from the *hax payloads.
| Works on latest fw | Name | Supported firmwares | Requirements | Author |
|---|---|---|---|---|
| No, still usable pre-v11.4. | π ctr-httpwn | From 9.6.0-X up to and including 11.3.0-X. This includes bosshaxx. | None | Yellows8 |
WebKit vuln testing #
See π here.