Breaking the 3DS: how the 3DS was hacked – Presentation by Smealum, Derrek, and Plutoo


We are constantly looking for guest bloggers at If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

31 Responses

  1. ombus says:

    now to wait for cfw !!! wiiiii xD

    • Dothackjhe says:

      Has there not been already a working CFW for 3DS? I know it has since I’m running my old 3DS with one.

      • ombus says:

        i mean on latest 10.3 firmware 😀

        • ChrisHighwind says:

          Not happening. It’s been ages since we’ve been able to have userland homebrew on firmwares past 9.2, and yet no Gateway or CFW developer has cared to use the newer exploits to find ways of accessing the kernel on any sysnand firmware past 9.2. It’s still better than the PS3, where after 3.55, people just stopped looking for any kind of exploit period outside of hardmods or that backup-editing trick that didn’t get much use because of the legal actions Sony took when 3.55 was hacked. Now everyone who can mod a Sony console has moved on to the PS4, leaving PS3 super-slim owners and Vita owners unable to access Rejuvenate in the dust. And it’s only a matter of time before PS4 owners who are too late to the party are neglected too.

  2. waitingforps4 says:

    We are waiting for sony playstation 4 jailbreak, are there any news about it wololo?

    • MaxXimus says:

      To install the ps4 jailbreak all you have to do is cut the power from the ps4 while it is updating.

    • Katie says:

      if there was news on it, then wololo would’ve posted an article about it.
      Now do you see any new article on the ps4 jailbreak? No, so of course there’s no news yet.-.-

      • waitingforps4 says:

        I saw an article 3 days ago, posted on 25 december I think. Also, wololo last night poted something about ps4 and linux. Wololo said 12/30. I don’t understand, does wololo mean 30 december, or what?!

    • JustAnotherOne says:

      there is one actually
      all you need is a giant metal sledgehammer
      take a few wack at your ps4 with it and you get break

  3. Anonymous says:

    This is pretty awesome. Good on them!

  4. umhumh says:

    Firstly congratulations are in order.

    Secondly, see what these guys did? take a good look at it… cause that’s exactly what f0f won’t do in 3 days.

  5. Xxaxx says:

    Just watched the presentation, really amazing work … I am so fascinated by all of this, I just wish I had the coder mind to be able to figure out these kinds of exploits.

  6. ColdSORE says:

    Ok so heres the great news considering what the guys are doing is a opening for devs to make a cfw thus they dont need to make a cfw thats up to the devs around the world to jump into the scene.

  7. KongCL82 says:

    Does this means we can run language patch on the latest firmware soon?

    • Credible Random Guy says:

      If you mean changing a games language, yes. That has been possible since Hax 2.0 came out. You need to run the game through Hans and choose which region you want to run it. If not there are patched romfs files you can download

  8. Franky says:

    This is amazing. I can’t wait to go home to watch it.

    Since devs essentially have kernel access and I assume an open SDK exists to make homebrew, does this mean someone can make a backup loader? Preferably like Devolution on the Wii with 1 time cart checks? It would be nice to take down someone like Gateway mainly due to them using these guys’s work for their cart.

  9. Zeke says:

    Very interesting stuff. Confirmation by those that know that Nintendo’s cryptography isn’t as good as Sony’s, basically, and a detailed explanation of the hows and whys. I’m not a coder/hacker myself but I understood the majority of it.

    • Crzo says:

      Smea was talking about the NFC fail, Nintendo rushed the 8.1 firmware and left an old version of the NFC crypto that was later replaced in later firmwares.

      This one was using a common key, then in firmwares 9.3+ they hardcoded this key to “hide” it safely.

      But basically they had already leaked it themselves in the 8.1 firmware.

      This has nothing to do with the wii u shared stuff.

  10. Vedu says:

    I think “Secrets hidden in hardware are great, unless you leak them” was referring to the keyY(?) used in the rushed firmware and the normal key used in 9.x, not the key sharing between the wiiu.

  11. gbro says:

    well that’s one hot smealum

  12. Ken Arromdee says:

    “An interesting anecdote from Smealum is that in practice, the ARM9 Kernel has an unintentional syscall backdoor. ”

    Well, it did until now.

    Is this something that CFW already uses? If yes, then why hasn’t Nintendo closed it already? If no, wouldn’t it be a bad idea to release information about it until the last moment possible, since Nintendo will close it as soon as they find out?

  13. motezazer says:

    “An interesting anecdote from Smealum is that in practice, the ARM9 Kernel has an unintentional syscall backdoor. ”
    Wololo, this is false.
    The backdoor IS intentional.

  1. January 6, 2016

    […] the release got delayed because another group of hackers (Smealum and plutoo of 3DS fame, and naehrwert who was heavily involved in the PS3 scene) published proof that they also had a Wii […]

  2. May 3, 2016

    […] Smealum credits plutoo, yellows8, naehrwert and derrek for their work on the Wii U. Plutoo and Derrek in particular, where working with Smealum on 3DS hacks that led to some important parallel discoveries about the Wii U. […]

  3. December 30, 2017

    […] And if you didn’t get enough, you might also want to check the 3DS presentation from 2 years ago. […]