32c3: Nintendo 3DS System Firmware Hacked and Detailed

Published: December 27, 2015 10:51 PM /



Straight out of this year's CCC - otherwise known as (current number)c3 - a group of 3DS homebrew developers (named smealum, qlutoo, and derrekr6) have detailed various aspects of the 3DS system software, and ways to exploit the software up to the current firmware.

Starting around the 13 minute mark, this video showcases the groups work. Among the potential exploits listed, a variety of different possibilities where revealed... for a bit of context, let me explain quickly what each of these privileges means for end-users and developers.

ARM11 Userland: This allows for simple homebrew, with a little bit more leeway than programs made using the official SDK. This also allows for ROMhacks and screenshots in a variety of 3DS games.

ARM11 Kernel: This allows for updating or installing "system titles". This means that users and developers may be able to downgrade their system software!

ARM9: With ARM9 access, you have full control of the system. This includes concepts such as piracy to stuff such as installing Linux on your 3DS.

During today's talk, the group showcased a variety of ways for developers to gain control of all of the above; ranging from using a custom Nintendo DS (not 3DS!) cart to force ARM9 access, to overwriting various system files right before they are supposed to be executed by the firmware.

Although all of these exploits were detailed in depth, and the ways of gaining access to these respective privileges on the system are now public knowledge - none of the above mentioned exploits have been formally released as of yet. Instead, the panel ended with the group confirming that Homebrew is now available for more users on the current 3DS firmware, as several previously patched ARM11 Userland exploits have been modified to work with the current firmware. With that being said, it's only a matter of time until some of the exploits detailed are developed for users to take advantage of.

Slightly unrelated, but also of note; the group also confirmed that the Wii U and the 3DS share certain hardware encryption keys. This means that until a hardware revision at least a portion of each systems firmware is blown all the way out - since keys are determined by hardware, and then encrypted individually by each user's 3DS/Wii U.


Have a tip, or want to point out something we missed? e-mail us at [email protected] or join us on Discord!