Changes

Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of known 3DS-mode exploits.

Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of known 3DS-mode exploits.

==List of 3DS exploits==

==List of public 3DS exploits==

 

 

* See [[Ninjhax|here]] regarding Ninjhax.

* See [[Ninjhax|here]] regarding Ninjhax.

==Tips and info==

==Tips and info==

The 3DS uses the XN feature of the ARM processor, and only apps that have the necessary permissions in their headers can set memory to be executable. This means that although a usable buffer overflow exploit would still be useful, it would not go the entire way towards allowing code to be run in an easy or practical fashion (like an actual homebrew launcher). For that, an exploit in the system is required. A buffer overflow exploit does, however, provide enough wiggle room through the use of return-oriented programming to potentially trigger a system exploit.

The 3DS uses the XN feature of the ARM11 processor. There's no official way from applications to enable executable permission for memory containing arbitrary unsigned code(there's a [[SVC]] for this, but only [[RO_Services|RO-module]] has access to it). An usable userland exploit would still be useful: you could only do return-oriented-programming with it initially. From ROP one could then exploit system flaw(s), see below.

SD card [[extdata]] and SD savegames can be attacked, for consoles where the console-unique [[Nand/private/movable.sed|movable.sed]] was dumped.

SD card [[extdata]] and SD savegames can be attacked, for consoles where the console-unique [[Nand/private/movable.sed|movable.sed]] was dumped(accessing SD data is far easier by running code on the target 3DS however).

Note that the publicly-available <v5.0 total-control exploits are [[FIRM|Process9]] exploits, not "kernel exploits".

Note that the publicly-available <v5.0 total-control exploits are [[FIRM|Process9]] exploits, not "kernel exploits".