Another homebrew vulnerability has been discovered on 3DS, this time related to the eShop title Citizens of Earth.
Christened "Humblehax" due to the game's inclusion in the recent Humble Friends of Nintendo Bundle, this exploit allows you to run unsigned code on your 3DS console but requires an existing entry point, such as browserhax or Cubic Ninja.
Once installed, you won't be able to play Citizens of Earth at all, as the exploit is triggered as the game boots up.
The discovery of this hack follows the removal of VVVVVV from the 3DS eShop after a vulnerability was found in that game as well. Time will tell if Citizens of Earth is also removed.
Thanks to RupeeClock for the tip.
[source citizens.salthax.org]
Comments 58
There seems to be ever such an increasing number of these secondary entrypoints lately, it leaves you wondering what title might be exploited next?
I think it'd be great if the developers of some kids game about Dora or Barney or something purposefully made it possible to access the homebrew channel through it so a bunch of fully grown men would be going into stores and buying Dora games. Then when asked why, they would say, "It's complicated." I would pay all the money in the world just to see that.
They're secondary entry points, meaning you need an exploit to modify the save data of the second game or else you can't actually do the hack. What's kind of funny about that, is that you already have a primary entrypoint, making the secondary one both redundant and kind of pointless.
These releases are, it seems, being released to goad Nintendo into taking down more software. The hackers are just trying to feel like they have some control over Ninty's actions.
cant help but reporting this, thus increasing its exposure as Nintendo is weighing up if things like Humble Bundle are worthwhile as not the best thing in the world.
@4sterr They could easily just say it was for their kid or younger sister.
"Yeah man she loves Dora."
@MitchVogel Do you know what this means?! (Hint: It starts with u and ends with e) 😅
Just bought the game real quick before they take it down off the eShop.
The Citizens Of Earth will be soon deported from the eShop.
Jokes aside, calling it "humblehax" is - and I hope NintendoLife will allow me to phrase it this way - a total dick move (article writer @Damo will decide whether my outrage is misplaced or not). Exploiting a game that was coincidentally used in a Humble Bundle isn't that bad per se, but specifically bragging about exploiting a part of a charity doesn't help homebrewers' and pirates' already poor image. And I'm usually
fine withamused by such exploits.I try not to modify my consoles during their active life, but the main reason I tend to do so is for region-free gaming. Hopefully an exploit to do this with the N3DS will still be available once the handheld's updates are at an end.
@4sterr Haha!
@dronesplitter
Step 1 - Buy Cubic Ninja
Step 2 - Install secondary exploit
Step 3 - Sell Cubic Ninja
Step 4 - Be happy that you don't have to waste $50 or so on Cubic Ninja.
@MyLegGuy If you don't permanently hack your 3DS with CN when you have it (downgrade), you goofed anyway.
Instead of getting backend access to a system, maybe they should go back to school and learn how to spell hack.
@BensonUii Tbqh I forgot the humble bundle was a thing
I hope they stop this... I'm already pretty sad VVVVVV was taken down, I really wanted that game. I don't want other games to get taken off before I get them 😕 glad I already had this game though.
The big problem is that the hackers get scot free while the developers get their game pulled down from the eshop and have to develop extra patches to be allowed to upload again.
The homebrew scene wouldn't get such bad reputation if they didn't use third parties software to do their stuff.
@dronesplitter The nice thing about secondary exploits is that once you have them installed, they will take you straight into the Homebrew Launcher. Primary exploits, from my experience, tend to be a bit unstable. Browserhax gave me about 50% success rate.
But you're right, once you update, you're out of luck.
I wish news sites would quit publishing these stories because it leads to games being removed from the eShop which hurts Nindies. Nintendo should be responsible, stop yanking games, and patch their firmware.
Aww, I chose the Wii U version...I chose it because the 3DS version was supposed to have so many gamebreaking bugs that i didnt want to take that risk.
Well, I certainly hope that this doesn't affect my copy of the game that I already bought because of the Humble Bundle, like by it being banned or whatever because of this exploit. Can't imagine that actually happening, but you never know...
Thankfully, like VVVVVV, I already own this game, so even if it gets pulled, I'm safe
Man, the 3DS version was the one I picked from the bundle (mainly because I had no room left on my Wii U).
@Igetin
I think wololo or another site had an article talking about just how awful Nintendo's security is and WHY it's so awful.
I think it was something about them using the ARM9 coprocessor that they're using for DS backwards compatibility as a security processor as well. At least that's part of the reason.
Oh the irony of the name
Ah, and just yesterday I gave Humble Bundle $10 and registered for the 3DS version of the game. I hope this doesn't taint anything between Humble Bundle and Nintendo.
@abe_hikura That would be a grave error. The game's code itself has nothing to do with the Humble Bundle. Nintendo could request Humble Bundle to remove it from the package, and I'm sure they would comply. There's no need to throw the baby out with the bathwater and kill a good business relationship opportunity.
I really don't like the hacking community.
Hopefully, Nintendo realizes how many people have gone through with using exploits simply to play region free. There still would've been exploits, but there'd be far less interest if they hadn't made the stupid decision to region lock their portable systems for the first time!
A missed opportunity for a Citizen Kane reference by not using the name CitizenHax? For shame.
I hope Nintendo doesn't go overboard in their reaction to this. The Bundle is almost over anyways, but asking for the game in question to be pulled is a suitable option. It's too bad for the developers, but a lot of people are trying to enable region-free and other good features, so it all comes back to bad decisions on Nintendo's part. Looks like the holes are really starting to be found in how the 3DS operates.
@Nintendood The DS was multi region and was exploited like blacks during the 70s.
@LemonSlice That was entirely through... certain hardware that had to be bought, though. Not to mention it was hardware specifically designed to run copied ROMs. One couldn't softmod the firmware for free, as is done with the 3DS. Softmodding on the 3DS is designed for multiple purposes, it's not an outright obvious pirating mechanism like the DS had. It takes more work to set up than just buying a card off the web and slapping ripped ROM's into it.
Also, redlining still occurs today fairly frequently. So that hasn't ended.
@BensonUii theres a flaw with your plan... the bundle only lets you pick 3ds or wii u.
I herd wii u was better than 3DS so I picked that...
I dont get why we couldn't have both with this game?
@Uberchu You could always buy it again, to make sure they get more money before Nintendo pulls it...
Honestly I'm surprised it took this long to find an exploit in Citizens of Earth. It's a fun charming game and all, but its programming is clearly pretty messy.
Normally I'm a VOCAL supporter of the Homebrew scene, but it being part of the Humble Bundle is a really bad, potentially dangerous coincidence. Nintendo doesn't need ANOTHER reason to get draconian with anything that's not themselves.
@Igetin It doesn't for me. Looking forward to seeing the system fully blown open along with the Wii U.
Nintendo have treated both systems pretty poorly over the last year so atleast homebrew gives us something to look forward to once NX rolls into town.
@AlexSora89 It is not up to Damo for that. Its up to any Admin/Moderator that reads it, or anyone who pressed the report button, then any Admin/Mod who reviews said report.
The article writers aren't the only ones who review the comment section.
Buuuut didn't VVVVV come back? This site likes to spell doom out for everyone but never mentions the recovery after problems arise. Also this game got a mediocre review on this website an yet that's never been rementioned, it's just been "omg yay humble bundle" pick a side already jfc
@Luna_110
...well it is always cat and mouse chase/play/run/whatever i guess.
At least sometimes we learn from other mistakes or i should say holes.
And free advise to all who look for holes.
RFID is bugged/easily exploitable/dangerous.
Amiibo is rfid... But another question: is there any chance to use them in 3ds case?
Our credit/debit cards have rfid paypass/paywave...
We should call them less money in wallet...
@Nintendood
Here's how I always wanted to put it. This, just this.
@Knuckles
Thank you for the heads-up, kind echidna!
@AlexSora89 No problem.
Thanks for letting us know about this, Nintendo Life. I'm gonna go hack the crap out of my 3DS now!
Dammit hackers stop exploiting games so we could buy em. I know you want to illegally play free games, go buy an Ouya, a PC, a PSP, or a smartphone and hack those, you get all the crappy emulators and roms/ISOs you ever want. Now leave the 3DS alone (or at least until Nintendo stop supporting it). Better yet, go buy that tiny computer chip named after a fruit dessert, I'm sure that'll cater more illegal games to your liking too.
What's the point of a hax that requires an already hacked entry point? Can it do things that the previous entry can't?
@jimi - Like @PlywoodStick explained, the DS was a very different situation. You'd be surprised how many people are negatively affected by making the 3DS region locked. Although I personally do import Japanese games, there's also games released exclusively in NA or Europe that the other region wants to be able to play. I wanted a physical version of Senran Kagura Burst, so I imported it. Not to mention certain less-populated places in the world that sell games and systems from more than one region.
Nintendo made the whole situation much worse by making the even more ridiculous decision to not sell the New 3DS in NA. Well, unless you were willing to wait and actually want the less-popular white model with a few childish-looking faceplates as part of a bundle that has no other options. I never had any interest in that bundle or an XL, for many reasons, so I imported a black JP New 3DS, which I wanted to be able to play NA and EU games on, too. I did what I had to do, but I only blame Nintendo for making it necessary in the first place.
@jimi What I was getting at about the New 3DS was that a lot of gamers in NA actually did resort to importing it. Maybe some of 'em even did it out of spite, because they didn't like what Nintendo did.
When I was using a msg board site for hacking, I saw lots of people that were inexperienced with homebrew, trying to make their EU or JP New 3DS region free so they could use it to play NA games.
@jimi Well, it's up to you to believe me or not. It doesn't matter either way, I know that I have stuck by a certain set of self imposed limits. I don't see it as a black or white issue. Purity isn't always all it's cracked up to be.
@LegendOfPokemon Oh boy, it looks like more stability might be on its way!
@jimi Spoof to the latest official firmware and poof, eShop and online functions are back. Just be careful and nothing is lost! NNID is safe.
The 3DS apparently isn't stable enough yet. We need more stability.
@jimi Reminds me of having to spoof a Japanese IP to play Phantasy Star Online 2, since it's JP only... If they catch any foreigners in the act, their account is a goner. Yet thousands of people outside of Japan have managed to avoid that, as long as they blend in.
Well, that's fine, everyone has to assess for themselves whether the risk and effort is worth it. I've had my 3DS for 5 years now, so the warranty is long gone. If it has a problem, I try to fix it myself. It's worked out well so far! I've replaced the R button switch, the circle pad, and the battery. It's fun to learn more about how these systems work!
@PlywoodStick sadly dont have the funds.
@jimi I'm pretty sure it was the last one. Yeah, I saw about 100,000 people posting that were in that situation. I think you missed the point, though. I wasn't saying that Nintendo should want to return to region free because of how many 3DS owners want it that way (although that wouldn't be such a crazy concept), but rather that they should because the region lock has encouraged so many people to resort to using homebrew, that the overall interest in people hacking their 3DS is constantly growing much faster than it would've if no one had a need for getting around the region lock.
It's clear from the amount and frequency of system updates for "increased stability" that Nintendo is not keen on the idea of people using exploits to hack their systems. So hopefully, they'll realize the part they played in contributing to its appeal and just how popular it's become, and avoid making the same mistake in the future...
@PlywoodStick I would like to know a good place to get new shoulder buttons for the original model, and I've already had to get a replacement for the circle pad (from Amazon JP), but I never actually used homebrew on that one. I've had it for so long, and since it cost me more than double the price of the JP New 3DS, I decided that I'd only experiment with using homebrew on the new one.
More stability means even more instability >.<
Soo, would Nintendo take it down if it was one of the Mario & Sonic olympic games?
I d not think the people at Humble Bundle want to be the source of a new name of a hack...
@Igetin It's pretty bad. If you're at all interested in some of the technical stuff, check out Yifan Lu's article titled "The 3DS Cryptosystem." It's really accessible even if you don't write assembly code for fun.
@Tobias95 Given that Ocarina of Time 3D has been the go-to entry point ever since the free methods were patched out, I wouldn't bet on it.
@jimi You do realize that Nintendo can't magically detect every user who did something unexpected with their 3DS right?
Tap here to load 58 comments
Leave A Comment
Hold on there, you need to login to post a comment...