Developer ShinyQuagsire released a new userland exploit for the 3DS, this time using a vulnerability in 3DS game VVVVVV. The game is apparently only available in digital version on the Nintendo eShop, which potentially limits how many users will be able to leverage the exploit (I would expect Nintendo to pull the game from their eShop if it has a known vulnerability*).
This is the second savegame exploit released by ShinyQuagsire in less than a week, after Supermysterychunkhax released earlier this week. Just like the Pokemon exploit, the (v*)hax will require you to have a “primary” entry point, that is another hack in order to actually install the exploited savegame on the console, such as browserhax, or the cubic ninja exploit,. You’ll need the help of a friend who already has a hacked 3DS, or this could be useful for people who already have a hacked console, as a “safety net” of sorts.
Once installed, the (v*)hax will let you run the *hax services for Homebrews.
Download and install (v*)hax
From the readme:
VVVVVV utilizes multiple savegame buffer overflows in order to run *hax. To install such a savegame, an existing homebrew entrypoint such as browser hax, Smash Bros or Cubic Ninja is required.
To launch *hax, first make sure you download and extract the latest homebrew starter kit to the SD card.
To install the exploit to VVVVVV use the installer found here, extract it to your SD card and run it using the Homebrew Launcher. In the installer you will be prompted to select the appropriate version for the system and then the selected exploit version will be downloaded and installed.
Note that installing (v*)hax will wipe any existing savegame data, and the original game will not be able to be used while (v*)hax is installed. As such it is suggested that a savegame backup be made before installing. For uninstallation, see below. To launch *hax once (v*)hax is installed, start the game and load the main save.
According to the readme, the exploit works on all firmwares 2.1.0 and higher, however *hax only supports 9.0.0-7 and higher. The exploit was also recently patched to include a self-update feature, just like supermysterychunkhax.
Once again, this release has been received with mixed criticism. On the one hand, since the exploit requires a “primary” exploit in order to be installed, it might look kind of moot, but people have pointed out that a game exploit can be more convenient to launch from the home menu than, say, browserhax. In that regard, the more exploits get released, the more options people have to run the hacks. In particular with this release, the game is fairly cheap, and, as some people mentioned, since it’s a digital one, it won’t take up your cartridge slot.
A full technical write-up of the exploit can be found here.