Nintendo 3DS scene developer Yellows8 has just released yet another userland exploit for the Nintendo 3DS & New3DS.
This time it is done via the Super Smash Bros. game (or demo version) for the Nintendo 3DS.
Yellows8 has successfully exploited the Super Smash Bros. game & its free demo version on the Nintendo 3DS.
Keep in mind that the demo version can only be started a limited amount of times, and you might be required to redownloaded it after all your starts have been used up. Ultimately, you’ll probably need the full game for the exploit.
The exploit lies in the local wireless function of the game, the one that allows you to play Smash in local multiplayer matches on your 3DS. This means that if your Nintendo 3DS is searching for local multiplayer games, you are able to exploit a vulnerability in the Smash Bros. game, which in the end will enable you to launch Homebrews on your device.
Keep in mind that this exploit is not as easy to use as the previous exploits. This exploit requires you to do a bit more than just copying a savedata file or changing your Wifi DNS server.
You have to broadcast the local Wifi signal yourself, preferable always on the very same channel & with the same MAC address, for your Nintendo 3DS to be able to find it.
Supported application builds:demo: USA+EUR supported and tested. There’s no difference between the regular demo and the “Special Demo” with this hax. This was the only version of Smash-3ds supported by this hax initially, until after the USA version of the game was released.
v1.0.0. USA: supported+tested. “gameother”: supported+tested.
v1.0.2. USA: supported, not tested.
v1.0.4. USA: supported+tested. “gameother”: supported, not tested.
v1.0.5. USA: “supported”. The target heap address for overwriting the target object varies, hence this hax doesn’t actually work right with this version. This version is not fully supported due to this.
v1.1.0. USA: supported+tested. “gameother”: supported+tested.Last version tested with this vuln was v1.1.0, vuln still isn’t fixed with that version.EUR and JPN full-game .code binaries addresses-wise are basically the same, for v1.0.4 at least. Hence, the filenames for these two regions include “gameother”.
Since this exploit is not that easy to use for technologically illiterate people, I am not going to write out fully detailed instructions how to use it, until an easier method, one suitable for technologically illiterate people, is available.
Yellows8 already explained the current method on his Github anyways.
Source via GitHub.
No comments :
Post a Comment