Hey guys, I have some pretty bad news for a lot of people in the 3DS scene.

Last night, Smealum tweeted the following message:

In addition, according to a couple of users on Reddit, even using the Tubehax DNS isn't going to keep you safe as it appears that Nintendo has added another update server (which means that even people using OpenDNS to block their URLs aren't completely safe). According to Reddit user /u/shiny_banana "the server in question (cbvc.cdn.nintendo.net) isn't currently blocked by Smealum's DNS."

Users unfortunate enough to get caught by Nintendo when trying to use Browserhax will be greeted with the following screen (courtesy of /u/Fuyuri):

Spoiler

This news makes me extremely curious as many of us weren't aware that Nintendo was even able to do something like this on older firmwares. It's enough to make me wonder what else Nintendo is capable of doing that most of us assumed was impossible. Is this limited to certain firmwares or are people using 9.2 and below in trouble (Edit: It appears to only be happening on systems that are 9.9 and above)? Is it possible for Nintendo to go the route of the Wii U and stealthily update 3DS systems in the future? Could you be playing a game online and then suddenly have your system updated without a confirmation? Will they be able to block Ironfall and Cubic Ninja? There are so many questions and so few answers now.

I highly advise people at this point to simply disconnect their 3DSes from the internet until we learn more. Those who are blocking Nintendo's update servers may be able to stay safe if they block the following URL in addition to the others: cbvc.cdn.nintendo.net. That said, who knows if there are more servers that haven't been discovered yet.

Edit: Tubehax has been updated to block the new server so people who rely on it can continue to do so.

Check out this post by @daxtsu who has been following along with these developments and has kindly consolidated as much information as we know into one post.

 

[thealgorithm]

Even if you are on 10.1.0.28, you should be able to use Smash Bros and Cubic Ninja for the exploit.

 

[Deleted User]

Dammit, I only have OoT3Dhax left. I should've gotten Cubic Ninja game as soon as possible...

 

[Woody8275]

I have an old 3ds but haven't used it and didn't get the error message on it any way i can get browserhax to work
by using tubehax DNS

 

[Real_Redwolf]

Wow... I wasn't even aware they could do this. That's unfortunate because I did occasionally use the web browser on the 3DS sometimes. Would it be possible to spoof the web browser similar to how the eShop has been spoofed to work on firmwares below the newest one?

 

[Apo]

I have an old 3ds but haven't used it and didn't get the error message on it any way i can get browserhax to work
by using tubehax DNS

what is your firmware version? seems like if it's below 9.9 it is normal




anyone know how does ninjhax works? I mean, it runs on the cartridge right? so If i want to use hax that requires other cartridges this is not a good solution?

 

[AyanamiRei]

We can always restore a previous backup of our firmware (if needed)

If I input the two blocking DNS and then place on my SD card a backup of its content previously made (before the block issue), could I get back my web browser to work? (I would really like to have a portable web navigator again)

Would it be possible to spoof the web browser similar to how the eShop has been spoofed to work on firmwares below the newest one?

That was my first thought but those "top line" applications are not recognized/shown in HANS.
I asked about it in the Request thread but have yet to be answered.

 

[Ruby Gloom]

I depend on the browser for Gateway. So, if they are doing this, it better never affect 9.0.0-20E-U systems. I'm thinking of blocking Nintendo all together from my server. I only used it for updates, but in they are going to be little whiny asses, I'll block them and be on my 2ds playing off my Gateway. Sorry, Nintendo. This user will not be affected.

 

[The Real Jdbye]

Damn. Nintendo are really starting to figure out the right way to prevent homebrew, sneakily including stuff in new firmware updates that allows them to retroactively block entrypoints once everyone has updated. It's a good thing this doesn't affect users on 9.0-9.2, otherwise it would make installing themehax a pain in the ass for people without Cubic Ninja.
I just hacked my youngest brother's 3DS and being as it's U region my copy of OoT and CN were completely useless and the only usable entry point was the browser. Not to mention Ninjhax 2.x doesn't work on firmwares below 9.0 (the console was on 7.1 before I updated it with sysupdater), so OoT wouldn't have helped anyway.

 

[Quantumcat]

If Nintendo were smart, they would have instituted this little timebomb and not had it phone home. THEN, when someone found an exploit on a newer firmware using the browser, and most people have updated, THEN made all browsers phone home, and cut off exploits for everybody!

 

[Ruby Gloom]

If Nintendo were smart, they would have instituted this little timebomb and not had it phone home. THEN, when someone found an exploit on a newer firmware using the browser, and most people have updated, THEN made all browsers phone home, and cut off exploits for everybody!

Depends on if the console owner accepts the terms of use/conditions. If they decline, Nintendo doesn't have the right to perform any further updates on the systems.

 

[Ericzander]

Depends on if the console owner accepts the terms of use/conditions. If they decline, Nintendo doesn't have the right to perform any further updates on the systems.

I'm pretty sure that Nintendo has more rights than a lot of people give them credit for. For example, they're legally allowed to update Wii U systems while they're offline.

 

[Ruby Gloom]

I'm pretty sure that Nintendo has more rights than a lot of people give them credit for. For example, they're legally allowed to update Wii U systems while they're offline.

In USA, I cannot be sure. In Canada, they can only update the system if the owner of the console gives approval. They aren't allowed to do anything on the system if the owner says so. ( Decline the terms. )

 

[Alex3DSU]

 

[justinkb]

Nothing you can't fix with a proper router configuration. Could even host the hax on a tiny webserver on the router and only allow the 3ds to connect to the router's lan interface.

 

[Quantumcat]

I thought of something even better. Why wait for someone to find an exploit? Nintendo should plant a timebomb right now, then introduce a deliberate flaw in a future update, get an employee to act as a spy - being on these forums and calling themselves a dev, "discover" this flaw and release an exploit, and when everyone or most people have updated, KAPOW! Disable *everybody's* exploits in one fell swoop.

Edit: actually even better, do it in two stages. Have there be an exploit on, say, 9.5. Continue to release consoles on 9.5. Then later have there be an exploit on say 11.0. Everyone updates their consoles - KAPOW - meanwhile there is still an exploit on 9.5 - maybe 70% of the scene buys a new console and increases sales numbers while the rest are permanently out of the exploit scene as they don't want to buy a new console and just give up ...

 

[IxthusTiger]

I unfortunately have an O3DS XL with 10.1.27 so the browserhax patch has locked me out of homebrew since I had Ironfall 1.1 and have not updated the payload.

However, I have OOT3D and another O3DS XL with 9.9 and Ironhax 1.0 which is still functional. Is it possible to use the working hacked 3DS to install oot3Dhax, and then use the cartridge to update the hax on the 10.1.27 3DS, either by updating the Ironfall payload or installing themehax?

Here's what I tried myself: I used save_manager to write the save00 file to my cart, but I couldn't do it with payload.bin in the same folder. I tried using the most updated oothax installer made specifically for 10.1, but it gives me an FFFFFE error and can't download the payload. If any of this is possible, what are the proper steps? Thanks!

 

[Wisenheimer]

Depends on if the console owner accepts the terms of use/conditions. If they decline, Nintendo doesn't have the right to perform any further updates on the systems.

I'm fairly confident that is untrue, at least to the extent that I'm sure their lawyers wrote their TOS in such a way to allow it and I doubt that the US courts would rule otherwise. I suppose you could sue them for updating your system, but that seems like a longshot. Other companies like Microsoft have installed stealth updates that you do not explicitly agree to.

Nintendo, for the most part, is not forcing updates on people because why risk angering your legitimate customers (for instance, if the update ends up being buggy and people are forced to download it) to stick it to a handful of pirates and homebrew hackers.

 

[MrJason005]

MSET 4 LIFE!!!!!!!!!!!!!!!!!!!!!

 

[Tony_93]

I thought of something even better. Why wait for someone to find an exploit? Nintendo should plant a timebomb right now, then introduce a deliberate flaw in a future update, get an employee to act as a spy - being on these forums and calling themselves a dev, "discover" this flaw and release an exploit, and when everyone or most people have updated, KAPOW! Disable *everybody's* exploits in one fell swoop.

Edit: actually even better, do it in two stages. Have there be an exploit on, say, 9.5. Continue to release consoles on 9.5. Then later have there be an exploit on say 11.0. Everyone updates their consoles - KAPOW - meanwhile there is still an exploit on 9.5 - maybe 70% of the scene buys a new console and increases sales numbers while the rest are permanently out of the exploit scene as they don't want to buy a new console and just give up ...

You are letting your agimatiom go wild a little too much.

1)Acordding to Smea this code was included in the 9.9 update, people just didn't know about it so they can't block any web browser below 9.9

2)That would only backfire horribly on them, because of nands Backups, downgraded mset and Themehax users, even if they blocked the browser afterwards people could still use it.

3)Ther is a few people who toyed around with the DNS settings and made browserhax work in 10.1 already, aparently the web browser basically phones home and ask if everything is okay on the go so it can be bypassed with DNS sertings too.

Giving away kernel access to set up a trao is a really bad idea.

 

[supercarotte]

3)Ther is a few people who toyed around with the DNS settings and made browserhax work in 10.1 already, aparently the web browser basically phones home and ask if everything is okay on the go so it can be bypassed with DNS sertings too.

Is it possible to unblock your browser once it's blocked or you have to keep DNS set up as a preventive measure ?