yellows8 / 3ds_smashbroshax Goto Github PK

Hello, how do I build the pcap to be able to use the hax on the demo? I barely manage using Ubuntu and I want to learn on how to do it. Thanks in advance and thank you for the hax,

Hi!

I'm on New 3DS and I have the hax working fine with release version. It triggers in like two seconds. But the 3DS crashes to the Home Menu when trying to launch hblauncher. The screen reads "menu ropbin is ready" just before the crash.

I think the problem might be that my n3ds is softbricked. I failed to sysUpdate it from 9.9 to 9.2 previously using browserhax, and now my system is a hybrid between both firmwares with no access to the browser (which is why I'm trying SmashHax). So I tried both otherapp payloads (for 9.2 and 9.9) and none of them work.

Question is, is that the real issue, or might this error be caused by something else?

I'm using a non-updated original version of Smash 3DS EUR and its 1.0.0 pcap. It asks for updates on boot but starts just fine when no need to save profile is selected.

Thank you for your help!

Could anyone help me out? I really need this as my only homebrew-entrypoint

i have this issue im using ubuntu mate on a usb bootlabe device, i have the correct payload for usa 10.7 i change it to smashpayload.bin, i have a 1.0.1 pcap , i compiled the patch to aircrack succesfully
im using wlan0 interface im using channel 6 everything works fine but when it starts to send packages it goes all the way to 73 then stops and it like it freezes or something becasue i cant enter anymore comands i have to forcefully close it, can some one help me, im using the physical game cartridge( my first game) and i have a new 3ds xl on fw 10.7 and im using a hp laptop. (touchsmart notebook) dont know whats wrong this is my only entry point help!!

I can only guess it's about to load Homebrew.

After days of trying to get this to work, I'm finally sending a beacon out from my laptop.

Now, however, when I go to Group and try and launch Homebrew, the game crashes and the New 3DS is restarted.

I've tried so many different pcaps, using the smashhax helper, but to no avail.

It's the european cartridge - no updates (and I cannot tell what version it is). I'm trying on a New 3DS, with firmware 11.0. The payload is from Smealum (otherapp), and I've tried 10.7 and 11.0 (because they're the same).

I cannot think of what else to do -.- this is my only entry point.

I've even looked GBA Temp and on here (github), and there is no evident solution. I'd like to know what to do step by step, since I can find nothing on the internet to help.

ok I already had my 3ds hacked with homemenu hax, for my old 3ds, Interestingly enough though is if I click the homemenu button the game freezes and I have to shut it down manually. that is not the main thing, the thing is my 3ds (old 3ds) acts as if it was trying to load homebrew (obviously unsuccessful and no colors) in the latest version. I believe there is a chance that a homebrew launcher for old 3ds is now possible, I don't know If you could implement this, I'll tell what I was doing before the froze. playing classic, homemenu button press game froze. Of course the multiplayer option cannot be used but classic potentially. latest update as of 2/6/2016

I have a N3DS and was forced to update to 10.3.0-28U, so does smashhax work on 10.3 or does it still have to be updated? Thank you! ( smash bros is on ver 1.1.2 eshop version)

Hello.
I have New 3DS (10.3.X) and SSB4 1.0.8(Cartridge).
I tried payload 1.0.4 and 1.1.0, but it didn't work.
Do you have any plan to support 1.0.8?
Or didn't my 3DS work?
Thank you.

Will the 1.1.0 card (not updated from 1.0.0 but sold as 1.1.0) ever be supported? If so, how long will it take?

Hey Yellows8,
The latest release have the pcap's for *hax2.5, but I was just wondering if the eurdemo pcap from that is _also_ updated for 2.5? This being because whenever I try to run smashbroshax now my smash does "crash" sorta... but always just gets stuck on static top screens (it's either this or a bunch of grey/white lines). I have triple checked the payload I use which most definitely is New3DS 10.2.0-28E downloaded just today, same goes for the boot.3dsx. The root of my SD card is as seen here (the extra files are because I just copy+pasted them from my o3DS)

To send the packets I have followed Cydget's video and all-in-one batch file from this GBATemp thread

At any rate, I wouldn't be surprised if it's just the demo being the issue, but i'd like to hear from you if you can tell me more.

Lastly a small list to recap on what I have/use:

• Ubuntu 15.10 as OS
• Linksys WUSB54GC as WiFi USB Dongle (build in card is incompatible)
• New3DSXL with firmware 10.2.0-28E
• Smash Infinite Use Demo - European region

I'm attempting smashhax on the game version usa 1.0.0 and a new 3ds on version 11.2.0.0-35U and I reach the black screen with text that says "The homemenu ropbin is ready". I've loaded starter.zip as well as the otherapp payload, but it still crashes.

Any ideas?

Hi, I'm trying to do this method with a 1.1.0 physical copy of smash. I'm running 10.7 FW.

Every time I've tried to launch the homebrew, the new 3ds just crashes and reboots. Could you take a look at a packet to see if it looks right? I've started over sometimes and I always get the same result.

My new 3ds is on version 10.7
And smash is on ver 1.0.1 from the eshop

The top screen will go garbled and the music will keep playing but homebrew launcher wont launch

I have the correct payload and am using the 1.0.1 pcap

Any advice?

Thanks

I've read the pcap files in this repo are for digital+updated cartridges only. I'm wondering if there's anything I can do to help add this version to the repo.

With the new 1.1.3 update in the estore, the only option for those on an unsupported version is to delete our update and downgrade to 1.0.1 (EU estore download version). However there is no pcap file for 1.0.1.

Is there any way that those of in this situation can continue to use smashhax?

I had it working a long while ago on v 1.1.2, but I can't ever get it to work on 1.0.4. I deleted the new update data, and when I boot it tries to force me to update. I can play the game without save data and it creates extra data. At this point everything is ready and when I go into group, the game crashes or just doesn't do anything. I have two SD cards and on my second one (32gb Samsung) the game crashes. When I go back in it has an error and resets the data. On the first one (4gb Toshiba that came with the 3DS) it doesn't do anything. I even tried resetting the Toshiba and it doesn't work. Nervous to reset the Samsung because I have game save data. Please help me, thank you.

...is there anything that i should have on my 3DS microSD?
and my 3ds is 11.2.0-35U but there isn't an otherapp payload for it, what do i do?

Hi, I'm using a N3ds running software version 11.0 U and 1.0.1 US pcap for smashhax. when i entered all the specified commands the packets sent fine (No stopping at 93 packets) but when i entered group chat I would either be greeted by gray lines or a mesh of different colors on screen, without successfully booting into the hbl. I'm currently running on Ubuntu 16.04 if that makes a difference. Maybe it's my wireless card? any help would be appreciated, Thanks!

The README lists versions of smash bros that this works with up to 1.0.5 and past 1.1.0, however there is no mention of any versions between 1.0.5 and 1.1.0. I'm mostly concerned with 1.0.8. Are the missing versions not mentioned because the don't work, or have they just not been tested?

Is this a problem? Literally all packets being broadcast are malformed when I was capturing via Wireshark.

Was able to save this pcap
The pcap release I've been using is usa112 with Sm4sh @ 1.1.2, but the haxx aren't even triggering in the "Group" menu

0000   00 00 0d 00 04 80 02 00 02 00 00 00 00 80 00 00  ................
0010   00 ff ff ff ff ff ff 59 ee 3f 2a 37 e0 59 ee 3f  .......Y.?*7.Y.?
0020   2a 37 e0 c0 50 80 01 20 03 00 00 00 00 64 00 31  *7..P.. .....d.1
0030   04 00 08 00 00 00 00 00 00 00 00 01 07 96 98 a4  ................
0040   b0 c8 e0 ec 03 01 06 05 04 00 01 01 00 07 06 4a  ...............J
0050   50 00 01 0d 14 2a 01 00 dd 07 00 1f 32 14 0a 00  P....*......2...
0060   00 dd ec 00 1f 32 15 00 0b 8b 10 00 90 80 00 b3  .....2..........
0070   20 6f 07 01 04 00 01 00 00 00 00 00 00 00 00 00   o..............
0080   00 00 de 9c 0b 27 bc cc 4f d7 e7 25 08 02 d7 9f  .....'..O..%....
0090   11 fa 19 c3 56 23 b8 ff ff 04 ff ff ff ff ff 04  ....V#..........
00a0   00 00 00 a6 20 00 00 ff ff ff ff 34 70 ce 00 40  .... ......4p..@
00b0   00 f8 1f ff ff ff ff 00 00 af d0 ff ff ff ff 00  ................
00c0   c0 b5 33 ff ff ff ff 34 e3 12 00 00 00 b5 33 ff  ..3....4......3.
00d0   ff ff ff ff ff ff ff ff ff ff ff 54 f8 62 00 74  ...........T.b.t
00e0   70 ce 00 78 ba 10 00 78 ba 10 00 00 00 00 00 00  p..x...x........
00f0   00 00 00 cc 3f 1b 00 00 c0 b5 33 b4 ca 35 00 d0  ....?.....3..5..
0100   19 5c 00 b4 2d 1c 00 00 a0 b5 33 00 06 00 00 00  .\..-.....3.....
0110   00 00 00 10 8b 0b 00 00 00 00 00 00 00 00 00 00  ................
0120   00 00 00 50 6a 36 00 34 e3 12 00 e4 a1 b5 33 30  ...Pj6.4......30
0130   e3 12 00 ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
0140   ff ff ff 1c e3 12 00 1c e3 12 00 1c e3 12 00 dd  ................
0150   8e 00 1f 32 18 ef 97 e3 47 78 cf 40 37 c1 c0 15  ...2....Gx.@7...
0160   8c 5a 47 d0 cb 69 6c 13 aa 65 6d 61 a5 39 15 ec  .ZG..il..ema.9..
0170   4c 86 66 b4 21 ce 7d 30 58 a4 f6 84 40 46 39 a9  L.f.!.}0X...@F9.
0180   44 23 e2 de ef 25 bd e9 de c8 fd 99 da 02 52 03  D#...%........R.
0190   91 9c 5e 9f 4b 30 c9 a4 c1 1f 63 47 4b 95 fb e1  ..^.K0....cGK...
01a0   c4 56 d2 5e a0 ef 74 c2 0f 42 32 ff c6 66 02 f2  .V.^..t..B2..f..
01b0   e9 f0 f4 63 be 85 ee ba 04 1f 73 5a eb da 81 45  ...c......sZ...E
01c0   33 d4 98 1e 44 a1 4f 1e 41 4e 63 20 27 a0 9f 45  3...D.O.ANc '..E
01d0   34 87 e0 13 24 56 98 0a 07 c1 cf 4f c0 e7 2f dd  4...$V.....O../.
01e0   fe 00 1f 32 80 34 e3 12 00 78 ba 10 00 b4 2d 1c  ...2.4...x....-.
01f0   00 00 00 b5 33 b0 a2 b5 33 00 04 00 00 00 00 00  ....3...3.......
0200   00 00 00 00 00 00 00 00 00 00 00 00 00 88 18 17  ................
0210   00 b4 2d 1c 00 00 00 b5 33 00 04 00 00 00 00 00  ..-.....3.......
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0230   00 b8 3f 16 00 b4 2d 1c 00 00 00 b5 33 00 00 00  ..?...-.....3...
0240   00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0250   00 00 00 00 00 40 9e b3 00 b4 2d 1c 00 dc 60 17  [email protected]...`.
0260   00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00  ................
0270   00 00 00 00 00 00 00 00 00 00 00 00 00 b4 2d 1c  ..............-.
0280   00 00 ca 9a 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........
0290   00 00 00 00 00 00 00 00 00 00 00 00 00 34 e3 12  .............4..
02a0   00 78 ba 10 00 a4 41 1a 00 00 00 11 00 01 10 8f  .x....A.........
02b0   e2 11 ff 2f e1 00 f0 78 f9 00 f0 60 f9 02 48 80  .../...x...`..H.
02c0   47 00 f0 10 f8 fe e7 00 00 ac 7a 36 00 ff ff ff  G.........z6....
02d0   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff dd  ................
02e0   fe 00 1f 32 81 00 f0 90 f8 23 00 00 ef 1e ff 2f  ...2.....#...../
02f0   e1 32 00 00 ef 1e ff 2f e1 70 0f 1d ee 80 00 80  .2...../.p......
0300   e2 1e ff 2f e1 3f b5 ff f7 f8 ef 04 1c 00 98 06  .../.?..........
0310   4d 25 60 20 21 61 60 00 68 ff f7 ea ef 00 28 00  M%` !a`.h.....(.
0320   d1 60 68 04 b0 30 bd 00 00 02 00 01 08 3f b5 ff  .`h..0.......?..
0330   f7 e4 ef 04 1c 00 98 01 99 02 9a 03 9b 12 4d 25  ..............M%
0340   60 00 25 65 60 a1 60 01 25 e5 60 25 61 04 25 65  `.%e`.`.%.`%a.%e
0350   61 a3 61 07 9d e5 61 00 25 25 62 0c 4d 65 62 6d  a.a...a.%%b.Mebm
0360   46 a5 62 02 25 9b 03 2b 43 e3 62 22 63 00 68 ff  F.b.%..+C.b"c.h.
0370   f7 c0 ef 00 28 05 d1 60 68 08 9a e1 68 00 28 00  ....(..`h...h.(.
0380   d1 11 60 04 b0 30 bd 00 00 04 02 03 08 02 48 00  ..`..0........H.
0390   00 3f b5 ff f7 b2 ef 04 1c 00 98 01 99 02 9a 03  .?..............
03a0   9b 0c 4d 25 60 61 60 00 21 a1 60 e3 60 0c 25 1b  ..M%`a`.!.`.`.%.
03b0   01 2b 43 23 61 62 61 00 68 ff f7 9a ef 00 28 07  .+C#aba.h.....(.
03c0   d1 60 68 07 9a a1 68 00 28 02 d1 00 2a 00 d0 11  .`h...h.(...*...
03d0   60 04 b0 30 bd c2 00 02 08 ff ff ff ff ff ff dd  `..0............
03e0   fe 00 1f 32 82 3f b5 ff f7 88 ef 04 1c 00 98 05  ...2.?..........
03f0   4d 25 60 00 68 ff f7 7c ef 00 28 00 d1 60 68 04  M%`.h..|..(..`h.
0400   b0 30 bd 00 00 00 00 08 08 00 b5 87 b0 35 4e 04  .0...........5N.
0410   a8 02 a9 35 4b 0b 60 35 4b 4b 60 07 22 00 23 34  ...5K.`5KK`.".#4
0420   4c a0 47 02 24 00 28 68 d1 00 24 04 a8 ff f7 6a  L.G.$.(h..$....j
0430   ff 00 28 67 d1 01 20 00 90 06 a8 01 90 5d a2 66  ..(g.. ......].f
0440   a3 9b 1a 04 a8 09 21 ff f7 71 ff 00 28 5a d1 00  ......!..q..(Z..
0450   20 00 90 06 a8 00 21 32 1c 26 4b ff f7 99 ff 05   .....!2.&K.....
0460   1c 06 a8 ff f7 bf ff 85 42 47 d1 45 e0 ff ff ff  ........BG.E....
0470   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
0480   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
0490   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
04a0   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
04b0   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
04c0   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
04d0   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff dd  ................
04e0   fe 00 1f 32 83 00 00 b5 33 66 73 3a 55 53 45 52  ...2....3fs:USER
04f0   00 b0 a7 14 00 00 c0 00 00 01 24 02 2c 2c d0 06  ..........$.,,..
0500   98 ff f7 f2 ee 04 98 ff f7 f0 ee 00 2c 24 d0 13  ............,$..
0510   4f 13 49 30 1c 13 4a 90 47 30 1c 13 49 09 68 3a  O.I0..J.G0..I.h:
0520   01 89 1a c9 19 0e 4a 00 f0 2d f8 10 48 00 21 10  ......J..-..H.!.
0530   4a 90 47 00 21 0a 1c 72 50 04 31 b9 42 fb db 0d  J.G.!..rP.1.B...
0540   49 f1 61 08 49 31 62 0d 21 b1 64 0b 49 b1 65 30  I.a.I1b.!.d.I.e0
0550   1c 69 46 3a 02 3a 43 90 47 fe e7 00 00 00 10 00  .iF:.:C.G.......
0560   00 00 c0 00 00 b8 3f 16 00 00 c0 b5 33 00 ca 9a  ......?.....3...
0570   3b a4 41 1a 00 dc 60 17 00 ec 22 c3 00 07 48 08  ;.A...`..."...H.
0580   49 01 22 12 05 30 b5 88 b0 08 23 03 93 00 23 00  I."..0....#...#.
0590   93 01 93 02 93 03 4d a8 47 08 b0 30 bd 00 00 00  ......M.G..0....
05a0   30 00 00 00 1f dc 60 17 00 01 48 85 46 70 47 00  0.....`...H.FpG.
05b0   00 00 00 00 10 2f 00 73 00 6d 00 61 00 73 00 68  ...../.s.m.a.s.h
05c0   00 70 00 61 00 79 00 6c 00 6f 00 61 00 64 00 2e  .p.a.y.l.o.a.d..
05d0   00 62 00 69 00 6e 00 00 00 ff ff ff ff ff ff 51  .b.i.n.........Q
05e0   35 d7 5e                                         5.^

Hello there! I have managed to set it all up, but I get the error at the very last step, then pressing Group. The wheel spins for a while, then freezes, then I get the error: "An error has occoured"...

I am 100% sure I have downloaded the correct otherapp payload for 10.6.0.31E, and that Smash is on 1.0 (It is the cartridge version, with no version number) and I get the error regardless. Do you have any ideas about why I have these issues?

Thanks in advance.

When using a cartridge with 1.1.0 loaded onto it , and using no other downloaded content/updates, I have found that using smashbroshax has been unsuccessful although it says that it is supported and tested.

v1.0.0. USA: supported+tested. "gameother": supported+tested.
v1.0.1. USA: supported+tested.
v1.0.2. USA: supported, not tested.
v1.0.4. USA: supported+tested. "gameother": supported, not tested.
v1.0.5. USA: "supported". The target heap address for overwriting the target object varies, hence this hax doesn't actually work right with this version. This version is not fully supported due to this.
v1.1.0. USA: supported+tested. "gameother": supported+tested.
v1.1.1. USA: supported+tested. "gameother": supported+tested.
v1.1.2. USA: supported+tested. "gameother": supported+tested.

I would like to get this to work as i am hoping to be able to use this to install basehax and eventually downgrade to 9.2.
Is there a possibility of this being fixed in the future?

Hi, whenever I try to use SmashBrosHax to homebrew my New3DS 10.7.0.32U. I have tried 50+ times and come to the same result. I predict that this is happening because of the offsets. You used an eShop version to make the pcap for the USA 1.1.0. Could you try making a cartridge version.

I was just wondering if I'm screwed or not, because my cart comes installed with 1.0.7, is there a pcap for this build or a way that I can update to 1.1.2 without going past it?

edit - If you don't mind me asking, is there a way that you can make a writeup of the process of creating the pcap files or are you planning to keep it private?

Sorry but I can't speak English well.
Korean 3DS doesn't have theme feature.
So Korean 3DS can't run your homemeunhax and any other hax.
Version of Korean Smashbros is 1.0.8.
I think smashbroshax can run on Korean 3DS.
Can you add Korean version of smashbroshax?

could someone please explain this part in plain(er) English please?

The above mentioned directory is at the following SD card location: "/Nintendo 3DS/{ID0}/{ID1}/title/0004000e/{TIDHigh}". Where TIDHigh for the update-title is one of the following:

USA: 000edf00
EUR: 000ee000
JPN: 000b8b00

I've gotten through all the compiling and all that stuff.... only the suddenly find that when choosing the pcap file - my smash is not supported! well... i am guessing i am on 1.1.4 based on the dates in which the updates came out, the fact that smash just wanted to updated (i declined ;) ) and when i bought it (and i believed i had been continuously updating the game until now)

My cartrige is on version 1.0.5 and non of the pcap files worked. You mentioned that it supports kinda the exploit, so i think it needs just some adjustments.

Wanted to know if there's a way to get this to work on 10.7 for version 1.1.4

So, I have compiled the pcaps with the command
make clean && make "PAYLOADURL=smealum.github.io/ninjhax2/JL1Xf2KFVm/otherapp/N3DS_U_21504_usa_9221.bin"
and it gives me no errors. But when I run the pcap with
sudo ./aireplay-ng --interactive -r "./pcap_out/smashbros_gameusav112_beaconhax.pcap" -h 59:ee:3f:2a:37:e0 -x 10 wlan1

It says

The interface MAC (00:21:27:D7:73:F4) doesn't match the specified MAC (-h).
ifconfig wlan1 hw ether 59:EE:3F:2A:37:E0
End of file.

I have tried compiling the normal pcap files with
make clean && make "PAYLOADPATH=/smashpayload.bin"
and it works fine.

Another thing to note is that when compiling with
make clean && make "PAYLOADURL=smealum.github.io/ninjhax2/JL1Xf2KFVm/otherapp/N3DS_U_21504_usa_9221.bin"
It says Host MAC address: 59:ee:3f:2a:37:e0 so Im not sure if the mac address needs to be changed when running aireplay

First, thanks for your job.

I'm using an EUR cartridge version 1.1.0 (witho no eShop patches applied).

I've followed your instructions but can't get the hax to work.

I also tried the smashbroshax-helper beta from http://gbatemp.net/threads/tutorial-using-smashhax-with-linux.397194/

I always get the same result: the game crashes back to home menu.

I've tried different SD cards, 3 different laptops and 2 different consoles (New 3DS and New 3DS XL).

Is it possible that the offsets for EUR cartridge version 1.1.0 are wrong?

After booting up from the save it crashes to the 3ds/2ds home screen after i get
"the homemenu ropbin is ready".

Just tried to get this working with all the settings (minus the payload) that worked on 11.1 and the game crashed, claiming that the system needed to restart.

I am totally aware I may just be doing this wrong but, is anyone else experiencing the same problem?

I'm on an Old 3ds with 10.3.0-28U firmware. I have the correct otherapp on the root of my sd card renamed to smashpayload.bin . When I go to group, the payload launches and gets to "menu ropbin is ready", then crashes to the home screen.

Is Smashhax even compatible with old 3ds? Or just new? Please help.

I've followed the tutorial, only I encounter an eraser when I try to launch the hack: The MAC interface (xx: xx: xx: xx: 38) does not match the specified MAC (-h).
Ifconfig wlp5s0 hw ether 59: EE: 3F: 2A: 37: E0

In topic.

So, for starters forgive me, I've only set up a wireless beacon a few other times to play around with aircrack so I'm unsure if this is a potential issue or not.

N3DS Firmware Version: 10.7.0-32U
SSB Version: 1.0.1

When I use aireplay to setup the beacon, and watching that traffic on channel 6 I don't see any attempts from the 3ds to associate itself with anything on channel 6. Instead, I'm showing the device broadcasting itself on channel 11. Of course it's only doing this when I begin to host a game, but the main problem I'm experiencing is the device (N3DS) is not finding my beacon for whatever reason and since the PCAP provided here is precompiled capture hard coded with channel 6, the only way I can think of to test it is to use a hex editor and flip the bits around. I figured I'd post here first before doing that to see if you had a better suggestion.

And before sounding completely ignorant, I may have missed it somewhere...is there any other hardware that is required to be able to exploit this (game card)? I'm currently using a blank SD card that the 3ds partitioned, that's it. The system is pretty interested in getting me updated, which I would assume it would if this exploit were possible. My plan is to downgrade the firmware to get homebrew running on it using EmuNand9, but that's a bit further down the line. Let me know if I'm missing something..

Thanks

is it possible to install it on n3ds 11.4? I don't have any other way of getting homebrew