Fast and free old 3ds browser exploit for latest firmware.
This is a new homebrew menu loading userland exploit for the old3ds browser, Spider.
An old3ds (or old2ds) on firmwares:
11.9.0-42 -> 11.13.0-45 for USA, EUROPE, JAPAN, KOREA, CHINA, TAIWAN (hbmenu and boot9strap)
11.10.0-43 -> 11.13.0-45 EUROPE (hbmenu and boot9strap)
11.4.0-37 -> 11.8.0-41 for USA, EUROPE, JAPAN (boot9strap only)
Note: If you updated from a cartridge to your current firmware, you will need to update to latest firmware as your browser would have been erased by the cart update. You will know this is the case if the browser shows an error popup with a black background. If in doubt about whether your system is supported, just try the qr link below. PROCEED TO HAXX means it's supported, otherwise it's not.
54.38.133.70
https://3ds.hacks.guide (coming soon)
This is a Use-After-Free based on the layout crash test here.
Problem: The 3ds freezes on a yellow screen.
Solution: Try again. Boot rate is about 75-80%. This has always been an issue with hax homebrew and not specific to this implementation. If this keeps occurring over and over, it's likely being caused by running browserhax while cfw (luma3ds + boot9strap) is already installed -- don't do this! Follow https://3ds.hacks.guide for proper instructions on how to launch .3dsx homebrew under cfw. Hard freezing with regular screens (ie no solid colored screen) can also indicate running under cfw.
Problem: The 3ds freezes on some other color screen or "An error has occured" prompt shows up.
Solution: Make sure you have all the correct files. Check your region is correct.
At minimum, make sure to have the below 3 files in the sd root as shown.
sdmc:/arm11code.bin
sdmc:/browserhax_hblauncher_ropbin_payload.bin
sdmc:/boot.3dsx
Q: Will you support new3ds, new2ds?
A: Always have :p https://github.com/zoogie/new-browserhax
Q: Can I install unSAFE_MODE with this to get cfw?
A: Absolutely, be my guest : ) You can boot slotTool.3dsx and install the hacked wifi slots, then run the unSAFE_MODE exploit. No explicit directions will be given for that here, but guides should pop up soon with directions.
Q: Where did this browser exploit come from originally?
A: There's no CVE of this exploit that I know of. It is based on that webkit layout test I mentioned above. The adding and removing of objects, then crashing made it seem like a use-after-free was the obvious culprit. I tested my theory with heap spraying dynamically sized fuzz objects, and I got a crash with PC control pretty quickly : )
Q: The 3ds_browserhax_common code you used works in php server code, why does your hax just use a github io page?
A: I used a local webserver to emit the unescape output of y8's hb loading code, then converted it to a u32int array for my implementation. I used this script for the conversion. I just really wanted to avoid having to set up a server or asking someone else for that favor.
Q: Will this exploit be fixed in a firmware update?
A: It was fixed on firmware 11.14 but MrNbaYoh's ssloth exploit revived it on 11.13 and below with a server check bypass.