Homebrew (video games)

Magnavox Odyssey

In 2009 the release of "Odball" ended the longest game drought on any console. The Magnavox Odyssey, the world's first home console, saw no new releases since 1973. It was produced by Robert Vinciguerra.

On July 11, 2011 an Odyssey game called "Dodgeball" was published by Chris Read (aka Atari2600Land).

On July 16, 2012 Vinciguerra published "Mentis Cohorts" for Magnavox Odyssey, which combines four games in one. The game has two modes that can be played like a board game or a puzzle game without and Odyssey, and it has a two player and a single player mode that can be played with the Odyssey, making it the first ever single player Odyssey game.

On July 19, 2012 Vinciguerra released "Red vs. Blue" through RevRob.com as a free homebrew for Odyssey fans to commemorate the 40th anniversary of the Odyssey, and home video games in general.

Fairchild Channel F

A handful of homebrew games have been programmed for the Channel F, the world's first programmable game console. The first known release is Sean Riddle's Lights Out that was released with instructions on how to modify the SABA#20 Chess game into a Multi-Cartridge. There is also a version of Tetris and in 2008 "Videocart 27: Pac-Man" became the first full production homebrew for the Channel F.

Atari 2600

The Atari 2600, released in 1977, is a popular platform for homebrew projects. Games created for the Atari can be executed using either an emulator or directly when copied onto a blank cartridge making use of either a PROM or EPROM chip. Unlike later systems, the console does not require a modchip.

Although there is one high-level compiler available, batari Basic, most development for the Atari 2600 is still done in 6502 assembly language. Homebrews written in assembly are typically considered programming challenges.

The Atari 2600 lacks video memory, and programs run simultaneously with the television screen, updating graphical registers a fraction of a second before the television draws each scan line. For each scan line, the system's Television Interface Adapter can only draw two custom, eight-bit graphical objects, a twenty-bit "playfield", and three solid pixels: two "missiles" and one "ball". Timing is critical in this environment. If a program takes too long to update the registers, the television will update the screen before the graphics are properly initialized, resulting in glitches or other video problems. In this respect, Atari 2600 programming could be considered a form of hard real-time computing.

Nintendo Entertainment System (NES)

Several compilers are available for the Nintendo Entertainment System, but like the Atari 2600, most development directly applies assembly language. One impediment to NES homebrew development is the relative difficulty involved with producing physical cartridges, although third party flash carts do exist, making homebrew possible on original NES hardware. Several varieties of custom integrated circuits are used within NES cartridges to expand system capabilities; most are difficult to replicate except by scavenging old cartridges. The hardware lockout mechanism of the NES further complicates construction of usable physical cartridges. However, the NES-101 removed the 10NES lockout chip so any game, whether homebrew, unlicensed, or another region of an official game, can be played. The 10NES chip can eventually be permanently disabled by performing a minor change to the hardware.

Sega Mega Drive/Genesis and Master System

Both the Sega Genesis/Mega Drive and Sega Master System benefit from limited homebrew development, as there is no physical lockout mechanism, thereby easing the operation of software on these platforms. Homebrew efforts for the Mega Drive/Genesis have grown, as there are now several full games scheduled for release in physical form, such as Rick Dangerous 1 & 2 and a port of Teenage Queen. Pier Solar and the Great Architects and Frog Feast for the Mega Drive/Genesis and Mighty Mighty Missile for the Sega Mega-CD are examples of homebrew games already released for Sega consoles.

A QBASIC-like high level compiler named basiegaxorz exists for the Sega Genesis.

Neo-Geo MVS, Neo-Geo AES, and Neo-Geo CD

The Neo-Geo Home Cart and Arcade Systems can be tough candidates for homebrew development. Neo-Geo AES and MVS cartridges have two separate boards: one for video, and one for sound. If programming a cartridge for the system were to occur, it would involve replacing the old rom chips with your newly programmed ones as the cartridges are in a sense, Arcade boards. NGDevTeam who have released "Fast Striker and "Gunlord found a workaround with this. What they did was print out their own board, and soldered their own rom chips into them; this however can cause the Universe Bios logo to look corrupted if a custom bios were to be programmed. Programming for the Neo-Geo CD, however is easier than programming for cartridges. The CDs themselves can actually contain both sound and video respectively. Depending on the Megabit count for a game you program, load times will vary. A CD game with low Megabit counts will load only one time; whereas a CD game with higher Megabit counts could load in between scenes, or rounds. There are now some full games scheduled for release in physical form, such as "Neo Xyx"

Super Nintendo Entertainment System (SNES)

After its discontinuation of games in 1998, and production in 1999, the fans of the Super Nintendo Entertainment System made homebrew ROM images, even without Nintendo's support for the console.

After the release of the SNES there was great interest in reverse engineering the system to allow for homebrew and backup play. Nintendo fitted the machine with various security measures such as the lock-out chip to prevent unauthorized code running on the machine.

Eventually the homebrew community figured out how games ran on the SNES hardware and were able to bypass its security mechanisms. Companies such as BUNG released hardware plugins such as the Game Doctor SF series. These allowed users to not only copy games but also to run homebrew developed games on the SNES hardware. Homebrew ROMs could be converted into the Game Doctor SF format and put onto a 3 1/2" floppy. Games as large as twelve megabits could be put on floppy disks formatted to 1.6 megabytes.

An alternative device was the Super Flash, by Tototek, which allowed for multiple games to be burned onto a flash memory chip of cartridge (allowing up to 48Mbits). This chip was the mask rom for the Super Flash development cartridge; it was easy to use and had a user interface on the computer end; simply plug in the Super Flash cartridge and upload the games one wanted. This allowed users to make a SNES game and play it in an actual cartridge rather than a floppy disk.

The legality of homebrew SNES game releases has not been tested in court, and it is debatable whether or not bypassing their security measures would fall afoul of modern reverse engineering laws. Presumably homebrew games can be produced legally for the SNES as long as no copyrighted material is included.

Previously in the 1990s, Nintendo sued Color Dreams for producing NES games without an official license. The outcome was an undisclosed settlement, but Color Dreams continued to produce unlicensed games. The strength of Color Dreams' position lies with that they worked around the 10NES lockout chip code rather than illegally duplicating it.

TurboGrafx-16/PC Engine

The TurboGrafx-16/PC Engine has a small but very dedicated homebrew scene. The first homebrew title released on CD was MindRec's Implode in 2002, a few years after the system's last official release (Dead Of The Brain I & II for the PC Engine in 1999). Two years later, MindRec released Meteor Blaster DX on CD-R. Official word was that it was unable to be pressed to CD proper due to the glass mastering software suddenly unable to handle the unorthodox style of CD layout that the system expects. Five years later, Aetherbyte Studios released Insanity, a Berzerk clone, on pressed CD, quelling the notion of unpressable CDs. Aetherbyte later went on to prototype and produce a new HuCard design called AbCARD that is 100% compatible with the console. Other homebrewers of note include Chris Covell (developer of Tongueman's Logic, released in 2007), Frozen Utopia (developer of Mysterious Song, released in 2012), and Cédric Bourse (aka Orion, developer of Ultimate Rally Club, released in 2011).

There is one dedicated C compiler for the console known as HuC. It has not been officially updated since 2005. The MagicKit assembler (pceas) is generally considered the de facto assembler for the console, and comes included with HuC. Additional libraries of note for HuC/MagicKit include Squirrel, a powerful MML-based sound engine developed by Aetherbyte Studios, and the SGX/ACD library, developed by Tomatheous, that gives the developer easy access to the SuperGrafx video hardware as well as the Arcade Card.

The cc65 C compiler is also noted to be compatible with the console, although there is no official development library support.

Atari Jaguar

The Atari Jaguar was the last console produced by the Tramiel owned version of Atari. The console has an active homebrew development scene strongly facilitated by the release of the publishing rights for the console by one time owners Hasbro. Prominent homebrews for the console have included Battlesphere and Frog Feast in addition to many other projects. In recent years the demo crew Reboot and members of the developer community Jagware have proven to be most active and released several full games. Coding for the console is predominantly done in assembly language and the Atari SDK has been made available. Since emulation of the console is still limited, coding is best conducted using a real Jaguar console with the official Jaguar 'Alpine' Devkit, a Skunkboard Flash Cart or a BJL uploader.

Another World, Black Out, Impulse X, Elansar, Kobayashi Maru, Degz and Rebooteroids can be considered now as some of the first professional homebrew games being released for the Jaguar.

PlayStation

Making games on the PlayStation is possible with any model of the system through the use of a modchip or the double 'Swap Trick'. Requirements consist of a PC (Personal Computer), SDK (Software Development Kit), and a 'Comms Link' device to upload and download files to and from the console.

Homebrew was originally promoted by Sony with the Net Yaroze, which had a large scene for quite some time. However, the official Net Yaroze site was shut down in mid-2009, and Sony stopped supporting the system as well as the users who still owned the console.

Sega Saturn

The Sega Saturn homebrew scene is small but active. As with the PlayStation, all models are capable of homebrew. Modchips for the Saturn Model 1 have been scarce for sometime now (as it seems that no one has produced any new modchips in years), so the only two options left are to either perform the easy swap trick or extensively modify a Saturn Model 2 modchip.

Running homebrew on the Model 2 is as easy as bridging two points on the modchip, soldering a wire from the modchip to the Saturn power supply, and inserting it where the CD-rom ribbon cable inserts. The swap trick is more difficult to pull off on this Model due to the lack of an access light.

Now there is the "PseudoSaturn" unlocking method. A program created by CyberWarrior2000 which installs in place of the original firmware of a "Pro Action Replay" cart. It unlocks region, frequency and CD protection of most Saturn models. Either a modded Saturn or a swap trick is required to run the installer, which loads the code in the FlashROM of the cartridge. Afterwards, the cartridge unlocks everything and most software can be run, from backups to homebrews.

Virtual Boy

Homebrew has been promoted for years by the site planet Virtual Boy since the system has no region lock but it was not until the flash cart FlashBoy and FlashBoy+ (that has save feature) was released that the homebrew scene grew. Although the Virtual Boy only lasted 8 months before being discontinued in March 1996, dedicated fans have been making a variety of homebrew games for years and even two previously unreleased games, Bound High and the Japanese version of Faceball (known as NikoChan Battle) have been released.

Nintendo 64

The Nintendo 64 homebrew scene is small, but homebrew can still be played and developed through the use of a Doctor V64, (Acclaim used a Doctor V64 to help develop Turok,) the Everdrive 64 or 64drive.

NEC PC-FX

There is only one homebrew development kit known for the PC-FX, which is based on the GNU Compiler Collection version 2.95.1. The Mednafen author began work on a library for the compiler called pcfxlib but it was discontinued due to lack of interest until trap15 started development of a new library called liberis. The toolchain is designed for a Linux environment, although it can also be used with cygwin. To date, no homebrew titles for the PC-FX have been released, although Aetherbyte Studios and Eponasoft have both expressed interest in developing new software for the console.

Nuon

The Nuon was a game chip built into several DVD players. VM Labs, which made the system, released a homebrew SDK just before it went bankrupt. The graphical capabilities are on par with the PlayStation. Homebrew Nuon apps can only be played on Samsung DVD-N50x and RCA Nuon DVD players.

Dreamcast

Despite its short commercial lifespan of less than two years in North America, the Dreamcast benefits from an active homebrew scene even ten years after its discontinuation. Due to a flaw in the Dreamcast BIOS, which was intended for use with MIL-CD's, the console can run software from CD-R without the use of a modchip. Sega reacted by removing MIL-CD support from the BIOS of the later produced Dreamcast consoles manufactured from November 2000 onwards.

The console is especially notable for its commercial homebrew scene. One notable project was the Bleemcast! emulator, which was a series of bootdisks made to play PlayStation games on the system, featuring visual enhancements over the original console. Newer independent releases include Last Hope, released by RedSpotGames in 2007, and DUX, both Shoot 'em up style games. These releases were written using the KallistiOS development system. A port of the freeware high-level development language Fenix and BennuGD is available for use in game development; many DIV Games Studio games have been ported and others were originally written for the system.

PlayStation 2

Early versions of the PlayStation 2 have a buffer overflow bug in the part of the BIOS that handles PS1 game compatibility; hackers found a way to turn this into a loophole called the PS2 Independence Exploit, allowing the use of homebrew software. Another option for homebrew development is the use of a modchip. Also, it is possible for developers to utilize a PS2 hard drive and HD Loader.

As of May 2008, there is a superior exploit called Free McBoot, which is applicable to all PS2s including Slimlines except for SCPH-9000x models with BIOS 2.30 and up, where the exploit was patched by Sony. Manufacturing of such homebrew-proof models started in the third quarter of 2008, which is denoted as date code 8C on the console, although some consoles of this line still have the old unpatched 2.20 BIOS.

Unlike the Independence Exploit, which requires a trigger disk, Free McBoot needs only a standard Memory Card, which allows it to be used on systems with broken optical drives. The installation is keyed to the Memory Card and will be usable on only the same version consoles that it was originally installed on, unless a Multi-Install is performed.

The drawback of this exploit is that it needs to be installed/compiled on each individual memory card. Simply copying the exploit is not possible; this means that an already modded or exploited system is required to install FMCB on a Memory Card.

After installing an exploit, unsigned executables (Executable and Linkable Format) may be launched from a Memory Card or an USB drive. Such programs include emulators, media players, hard drive management tools, and PC-based or NAS-based file shares. The exploit is also notable for allowing the user to copy PS1/PS2 save files from a Memory Card to a USB drive, a functionality normally only possible with tools such as a DexDrive.

Sony also released an official homebrew-development kit that allows PlayStation 2 to run Linux.

Nintendo GameCube

Homebrew development on the Nintendo GameCube tended to be difficult, since it uses a proprietary MiniDVD-based drive and media as opposed to the standard DVD drives of the PS2 and Xbox for piracy protection. Also, its connectivity is limited, as it does not feature a USB port or a HDD port like the PlayStation 2.

The barrier to burning Nintendo GameCube discs with a consumer DVD burner is the Burst Cutting Area, a "barcode" in the innermost ring of the disc, an area inaccessible to most burners and writeable only by very expensive disc pressing machines. For a long time the only way to run homebrew software on Nintendo GameCube was through a patching-system exploit of Phantasy Star Online Episode I & II, requiring users to find the game and a Broadband Adapter. Both of these are difficult to find because a follow-up has been released (under the name Phantasy Star Online Episode I & II Plus) and thus the original PSO was rarely sold after then, and because the Broadband Adapter was not often carried in stores due to the Nintendo GameCube's very limited selection of online games.

Currently the most common method is to use a special loader software, often using a modchip, and homebrew software can be loaded from DVD-R, SD card (with an SD card to memory card adapter and a SD Media Launcher), or over Ethernet. As the Nintendo GameCube's case does not fit a full-size DVD-R, third party replacement cases are available. Most of Nintendo GameCube homebrew software is developed to emulate other video game systems.

The once slow Nintendo GameCube scene is faring better than it was during its commercial lifespan thanks to bearing technical similarities with its popular successor, the Wii.

Xbox

The Xbox console uses several measures, including cryptographically signed code to obfuscate firmware. The primary method of executing homebrew code required installing a mod chip which could be flashed with a modified Microsoft BIOS. This BIOS allowed the system to boot unsigned executables (XBEs) and control several hardware variables, such as region coding and video mode. With the leak of Microsoft's official development kit (XDK) homebrew coders were able to write replacement Xbox GUIs (known as dashboards), games and applications for the Xbox.

A softmod which uses a commercial game such as 007: Agent Under Fire, Mech Assault or Splinter Cell to load up homebrew software has been discovered. This method utilizes modified font and sound files to cause the Xbox to intentionally crash and load one of the homebrew dashboards. Once in this condition, the Xbox is able to execute homebrew games and applications.

Because the Xbox uses standard PC libraries, writing homebrew games is relatively easy, as the vast majority of libraries available for a PC programmer are available to an Xbox homebrew programmer.

One of the more common type of homebrew games for the Xbox are ports of PC games whose source has been publicly released or leaked. Many classic PC games have been released for Xbox, but most are created with the XDK which limits their availability. The only places to find these ports are through IRC or peer-to-peer browsers.

The Xbox system is also very adept at running emulators which have been ported from PC. The Xbox is able to emulate systems up to the previous generation, including the Nintendo 64 and the PlayStation. For this reason, many different emulators have been created for the Xbox, and some of them have even more development support than their PC counterparts.

Recently, progress has been made in the creation of a legal development kit for the Xbox, known as OpenXDK. The OpenXDK is intended to allow coders to create new applications and games, as well as port existing source codes, without using illegally obtained Microsoft software. The games and applications created under the OpenXDK can be legally hosted on the net, and downloaded by users.

Even after the release of the Xbox 360, the Xbox homebrew scene remains extremely active, with new game ports, emulators, and applications coming out weekly. Microsoft is currently encouraging Xbox 360 homebrewed content with XNA, though at a charge of $99 per year.

PlayStation Portable (PSP)

The PSP homebrew scene is very popular, since there are almost every week an updated, or a new homebrew game. PSP homebrew programs are available for download on various sites like "PSP Slim Hacks" or "Wololo," "FouadtjuhMaster" and "PSPCFW"

Nintendo DS

Nintendo DS homebrew programs can be made with several methods usually built upon the devkitARM toolchain (provided by devkitPRO) and the libnds library. Additional utilities such as DS Game Maker provide an extra layer of services for homebrewers. Homebrew programs can be run on the Nintendo DS hardware by using Flashcards or FlashMe. They can also be run on a Nintendo DS emulator.

Xbox 360

Microsoft has released a version of its proprietary Software Development Kit (SDK) for free, to would-be homebrew programmers. This SDK, called XNA Game Studio, is a free version of the SDK available to professional development companies and college students. However, to create Xbox 360 games you must pay for a premium membership to the XNA Creators Club. Once the games are verified, the games written with XNA Studio can be made available for 80, 240, or 400 Microsoft Points to all Xbox 360 owners (through Xbox Live). This allows creators of homebrew content access to their target audience of Xbox 360 owners. This content is available under the Indie Games section of the New Xbox Experience.

On March 20, 2007, it was announced that a hack using the previously discovered hypervisor vulnerability in the Xbox 360 kernel versions 4532 and 4548 had been developed to allow users to run XeLL, a Linux bootloader. The initial hack was beyond the average user and required an Xbox serial cable to be installed and a flashed DVD Drive firmware. Felix Domke, the programmer behind XeLL, has since announced a live bootable Linux CD suitable for novice users, with the capabilities to be installed to the SATA hard drive of the Xbox 360. Despite the availability of such a distribution, the Xbox 360 still isn't considered a popular platform for homebrew development, given the dependence of the exploit on the DVD-ROM being able to load a burnt DVD game, a modified version of the game King Kong, and two older kernel revisions of the console itself.

A group independent of Microsoft is working on the means to run homebrew code, as part of the Free60 project.

Note: The hypervisor vulnerability in the Xbox 360 kernel versions 4532 and 4548 was addressed by Microsoft with the release of the NXE system and dashboard update in 2008.

Homebrew was since re-enabled on any Xbox 360 with dash 2.0.7371.0 or lower via an exploit referred to as the jtag / jtag smc hack but was promptly patched again by Microsoft with the 2.0.8495.0 update.

Homebrew has now become available on most if not all Xbox 360 consoles due to the Reset Glitch Hack. So far it works on all current dashboards up to as of now the latest 17511 dashboard. Although it can run unsigned code some hardware is required to do the hack/exploit. Also soldering skills are a necessity when attempting to use this exploit.

PlayStation 3

The PlayStation 3 was designed to run other operating systems from day one. Very soon after launch, the first users managed to install Fedora Core 5 onto the PlayStation 3 via the 'Install Other OS' option in the PlayStation 3's XMB (Xross Media Bar), which also allows configuring the PlayStation 3 to boot into the other OS installed by default.

So far, several Linux flavors have been successfully installed to the PlayStation 3, such as Fedora Core 5, Fedora Core 6, Gentoo, Ubuntu and Yellow Dog Linux (YDL). The latter comes installed with the Cell SDK by default, allowing programmers a low cost entry into Cell programming. See also: Linux for PlayStation 3

Originally, graphics support was limited to framebuffer access only (no access to the PlayStation 3's graphics chip RSX), yet some access to the RSX graphics processor was achieved (but Sony blocked this with firmware release 2.10).

As of firmware release 3.21, consumers are no longer able to access the 'Other OS' due to Sony removing the facility from the software in an update. Sony said this was in response to several 'security concerns'.

Homebrew developers do have access to the Cell microprocessor, including 6 of its 7 active Synergistic Processing Elements (SPEs). The Game OS resides under a hypervisor and prevents users from taking full control of the PlayStation 3's hardware. This is a security measure which helps Sony feel secure enough to allow users to install other operating systems on the PS3.

The Sixaxis controller has also been exposed to Linux and Windows, but no driver seems to have been successfully created yet that exposes its accelerometer functionality, except for Motioninjoy. However other drivers have successfully used it as a controller for gaming etc.

In May 2008, a vulnerability was found in the PlayStation 3 allowing users to install a partial debug firmware on a regular console. However, the debug functionality is disabled, so neither homebrew applications nor backup games can be run yet.

Another exploit was found on August 14, 2008, allowing users to boot some backup games from the PlayStation 3's HDD, although the exact instructions on how to do this were not released at that time. However, a different person posted instructions 10 days later, which explained the exploit.

On January 6, 2009 a hacking ring known as the "Sh4d0ws" leaked the jig files needed to launch the PlayStation 3 into service mode. Although the PlayStation 3 can be triggered into service mode, it is not yet of any use because the files needed to make changes to the console have not been leaked.

On August 31, 2010 PSGroove, an exploit for the PS3 through the USB port, was released and made open source. This exploit works on all of the PS3 models released up until then. A guide for the creation of the PSGroove is available through several online sources.

George Hotz, better known under his nickname "geohot", has recently appeared on Attack of the Show because he released the PlayStation 3's encryption keys, therefore any homebrew or custom firmware can be signed. Once signed, homebrew can be natively run. It would be difficult for Sony however to fix this because it would most likely require a voluntary recall and the most expensive parts would have to be replaced. In 2011, Sony, with help from law firm Kilpatrick Stockton, sued Hotz and associates of the group fail0verflow for their jailbreaking activities. Charges included violating the DMCA, CFAA, Copyright law, and California's CCDAFA, and for Breach of Contract (related to the PlayStation Network User Agreement), Tortious interference, Misappropriation, and Trespass.

Wii

In advance of the Wii's release, WiiCade was the first site to host Adobe Flash homebrew games specifically designed for the Wii and its remote. The Wii was hacked via a custom serial interface in December 2007. Though Nintendo would attempt to patch the console, the Wii Homebrew Channel could be installed to let users play homebrew games on the console. Its first full release was in December 2008. The Wii Opera software development kit let developers make their own games in JavaScript. The console's controller was also a popular target for modification.

GP32

The GP32 by GamePark could run homebrew software through a special firmware which required the user to register on Gamepark's website, which also hosted some homebrew software.

GP2X

The GP2X, GP2X Wiz, and Caanoo by Gamepark Holdings are fully dedicated to running homebrew software, and require no modification to do so.

Pandora

The Pandora is able to run homebrew software from almost any source, such as SD cards, USB hard disks and flash drives, and wireless shares. It is also capable of compiling its own software internally using the GNU compiler collection.

Gizmondo

The Gizmondo was cracked in early 2006. Because Tiger Telematics, the creator of Gizmondo, is bankrupt, a small fan base provided a fair amount of homebrew applications and emulators.

Nintendo 3DS

Several different exploits for running unsigned software exist. Unsigned software can be launched from the SD card by using a program that takes advantage of these exploits known as "The Homebrew Launcher," similar to the Homebrew Channel on the Wii. The Homebrew Launcher itself can only be launched on system versions 9.0 or above. However, only custom software can be launched this way and only with limited permissions, meaning this software cannot be installed or run on the 3DS system menu or used to install or run unsigned native 3DS software. There are exploits that can bypass these limitations on current firmware. System versions 9.0, 9.1, and 9.2 are no longer required to gain full control access to the console via the Homebrew Launcher.

The first public exploit, Ninjhax (developed by smealum), allows the user to scan a QR Code to exploit the game Cubic Ninja. The first version of this exploit, called Ninjhax 1, is able to run unsigned userland code on system versions 4.0 to 9.2, with the Homebrew Launcher being able to be loaded through the exploit on system versions 9.0 to 9.2. This version uses a system exploit that was patched in system version 9.3 called rohax. The second version of the exploit, called Ninjhax 2, works on system versions 9.0 and above. It uses a different exploit than Ninjhax 1 that has less system permissions but it still grants userland Homebrew Launcher access. On system version 11.0 and above, the exploit requires scanning 16 QR codes instead of 1 QR code, as since 11.0, the game boots without access to the system's "http:C" (internet) and soc:U (socket) services, which were required by the exploit itself to download the necessary payload files required to run the Homebrew Launcher on <=10.7. Other primary exploits (exploits that do not require prior Homebrew Launcher access to run) to run the Homebrew Launcher that work on current firmware (11.2) are now much more numerous, including Soundhax, an exploit developed by Nedwill that loads the Homebrew Launcher through an .m4a file played in the built-in Nintendo 3DS Sound application, genhax, a New 3DS JPN game region exclusive Monster Hunter X exploit, and Freakyhax, an exploit in the Deluxe edition of Freakyforms: Your Creations, Alive!. Smashbroshax, a New 3DS exclusive exploit for the 3DS version of Super Smash Bros. for Nintendo 3DS and Wii U, also works on current firmware, but it is one of the most inconsistent and difficult to set up exploits, so it is not commonly used.

Other Homebrew Launcher exploits, called secondary exploits, require prior Homebrew Launcher access to install. Oot3dhax, an exploit in The Legend of Zelda: Ocarina of Time 3D, can either be a secondary exploit (when installed through the Homebrew Launcher) or a primary exploit when a Powersaves dongle is used to install the hacked save files. A few other secondary exploit games include Citizens of Earth, Pokémon Super Mystery Dungeon, and Pokémon Omega Ruby and Alpha Sapphire, Many of these exploits were temporarily patched in 11.0 or 11.1 due to the updates booting these games into a PASLR mode. However, since the release of new Homebrew Launcher payloads (*hax 2.8), Homebrew Launcher itself can bypass the PASLR mode on such games, allowing the exploits to work once again. The most recent exploits that have been released are steelhax, a homebrew exploit using the game Steel Diver: Sub Wars, Stickerhax, a homebrew exploit in the game Paper Mario: Sticker Star, Painthax, an exploit in the eShop game PixelPaint, and ctpkpwn_tfh, an exploit in The Legend of Zelda: Tri Force Heroes. A new version of menuhax, called bossbannerhax, was also recently released that launches through the built-in Face Raiders game that works on 11.1 and 11.2.

In December 2016, a new ARM11 kernel exploit on current firmware, called fasthax, was announced by Nedwill at the 33c3 hacking conference. It was later released to the public, with a final release in January 2017. Also in January 2017, a new ARM9 kernel exploit, called safehax, was released by TinyVi. These exploits together allow full control to the console via ARM9 kernel access, the security processor of the 3DS. This means that downgrading to the system version with the other last public available pair of ARM11 kernel access (through memchunkhax) and ARM9 kernel access (firmlaunchhax) exploits, which is 9.0-9.2, is no longer required. Instead, fasthax and safehax can be used together to load Decrypt9WIP, an ARM9 program, and perform a 2.1.0-4 ctrtransfer, which is essentially a NAND transfer that swaps console unique data out to preserve it, on any system version with access to the Homebrew Launcher (>=9.0). Users on lower firmwares can use other methods to load Decrypt9WIP and perform the ctrtransfer due to older system exploits that were patched in later updates, such as MSET and ARM9 kernel browser exploits, while users already on 2.1.0-4 don't have to do the ctrtransfer at all. Once on 2.1.0-4, users can load an ARM9 kernel exploit in the browser called 2xrsa to dump the console unique OTP and install arm9loaderhax, an exploit that gains nearly full control of the console milliseconds in boot and loads a custom firmware (CFW) with a 100% boot rate, even on current firmware (11.2). It also allows safely updating to the latest firmware and is not removed via a system format. The exploit can either boot from a CFW file on the SD card or a copy of the same file stored in the CTRNAND of the console, but at least one of them must be present for the console to boot with arm9loaderhax installed. The CFW run through this exploit typically patches signatures, makes the console region free, allows booting older blocked or never working on 3DS DS mode flashcarts (such as the original Revolution for DS R4 cards) on the 3DS, and the installation of unsigned titles to the home menu, such as save managers, emulators, and other utilities.

Homebrew Launcher exploits were also found and developed for the free downloadable game IronFall: Invasion, VVVVVV, the built-in Nintendo 3DS web browser, and the downloadable YouTube application, but these exploits are now obsolete, as they were later patched, with the browser exploit in particular being patched in the 10.6 and later the 11.1 system update, the VVVVVV exploit being patched in version 1.1 of the game (although 1.0 still works), and the IronFall: Invasion exploit, called Ironhax, patched for good in the 10.4 system update due to a forced game update. Another exploit used a BASIC interpreter application called SmileBASIC (a sequel to the DSiWare and DS game Petit Computer) that could be downloaded from the 3DS eShop. The exploit could be used on versions 3.2.1 and 3.3.1 of the application. SmileBASIC was briefly taken down from the North American eShop between July 11, 2016 and August 10, 2016 due to the exploit. The exploit was patched in version 3.3.2 of the application, but was fully patched in system version 11.1 due to a forced game update to 3.3.2 or above, thereby patching the exploit for good. There is also a set of exploits that can launch the Homebrew Launcher using the 3DS Home Menu itself, called menuhax. The first version of menuhax, called themehax, was patched in 10.2. The second, called shufflehax, was patched in 10.6, and the third revision, called sdiconhax, was patched in 11.1. However, the newest revision of menuhax, called bossbannerhax, works on 11.1 and 11.2. However, unlike prior menuhax revisions, it does not have an auto booting function.

Many homebrew developments prior to fasthax and safehax focused on new ways to downgrade from current firmware to 9.0-9.2 and are now considered obsolete, including a variety of ARM11 kernel exploits such as memchunkhax2 (<=10.3) svchax (<=10.7), and waithax (<=11.1). Memchunkhax2 and svchax were used for downgrading to 9.0-9.2, while waithax was used to install a hacked DSiWare save to downgrade on 11.0 and 11.1 without a hacked console and a system transfer between the two, which was previously required. This hacked DSiWare save could then be used to downgrade the NFIRM of the console, which contains an anti-downgrade check and list on >=11.0. Once NFIRM was downgraded to 10.4 from >=11.0, svchax could be used to downgrade the console to 9.0-9.2. This method, called a DSiWare downgrade, caused both Fieldrunners and Legends of Exidia to be pulled from the eShop due to them being one of the compatible exploitable games. The other compatible exploit games, Guitar Rock Tour and The Legend of Zelda: Four Swords Anniversary Edition, were already pulled from the eShop prior to the release of the method. A hardmod, a physical modification to the console that allows direct physical NAND dumping and restoring, can also be used to downgrade the NFIRM of a console to 10.4 and allow downgrading to 9.0-9.2. However, hardmods are not obsolete, as they are still used by homebrew developers to restore bricked consoles if the running of the developed software being tested results in bricking the console. Since KOR region New3DS launched on 9.6, meaning there was no 9.0-9.2 to downgrade to, the downgrade process didn't work for this region. As a result, ARM9 access had to be gained through ntrcardhax (<=10.3) using a lot of hardware or an AceKard 2i with an edited header to get full control of the console. However, this was also made obsolete with the release of fasthax and safehax, which also supported >=10.4 KOR region old3DS and New 3DS consoles.

Currently, the primary thing left to accomplish in 3DS hacking is the public release of protected bootrom dumps of the ARM9 and ARM11 processors. At 33c3, Derrek announced that he had dumped the ARM9 and ARM11 protected bootroms of the 3DS family in Summer 2015, posted the SHA-1 hashes of the dump files, and announced sighax, an exploit that would allow the signing of unofficial NAND images and firmware. However, sighax requires an ARM9 protected bootrom dump as a dependency, and Derrek did not release the dumps themselves or the code or tools used. As a result, someone will need to replicate his bootrom dump method, release the dump file to the public, and then the community will need to brute force the signature needed for sighax using the key located in the bootrom dump for sighax to become usable.

Wii U

The Wii U currently has homebrew execution in both the PowerPC kernel and the ARM9 kernel (nicknamed IOSU by the community). The most common way to execute code on the Wii U is through vulnerabilities in the Wii U's built in web browser app. Other exploits, such as haxchi, launch PowerPC and/or ARM9 kernel homebrew directly from launching a specific DS Virtual Console game with the exploit installed. It is essentially the first "coldboot" exploit on the Wii U, because the only thing required to run homebrew launcher or launch specific applications typically booted from the Homebrew Launcher (such as CFWBooter, a redNAND launcher), is to launch a DS game with the haxchi exploit installed from the HOME menu. There is a dedicated homebrew launcher for the Wii U that can be loaded through an exploit in the internet browser or via haxchi. Many homebrew applications that run via the homebrew launcher have been collected and hosted on wiiubru.com, which has a layout similar to that of the Wii U's own menu. These hosted applications can be downloaded sirectly on the Wii U using the HB App Store app in the repository.

On system firmware versions between 2.0.0 and 5.3.2 (inclusive), C language code is compiled using devkitPPC and embedded in a webpage with JavaScript code that triggers a bug allowing the C code to be run. This exploit only allows user-land permissions, meaning that only basic games and software can be created. This is because the code is running within the confines of the web browser, which doesn't use the SD Card port or filesystem, and as such the homebrew running in the browser cannot use those features either.

On system firmware versions 5.4.0, 5.5.0 and 5.5.1, an exploit is available that allows a specially-crafted MP4 video file to run code within the browser. Once again, this only allows user-land permissions, and does not allow access to any hardware that the browser doesn't use. Due to the nature of this exploit, a developer can only use up to 21.5kB of code in an MP4 file, otherwise the browser will crash trying to execute it. An ELF loading mechanism has been released, which allows the code to be stored in a dedicated file (which can be of a much larger size) and loaded separately.

Firmware versions 5.5.1 and lower also have access to a PowerPC kernel exploit that runs inside the browser. It uses a race attack to install a custom driver on the Wii U, in turn allowing access to basic backup launchers, game modifications and cheat code handlers. It does not allow full access to the system, as the IOSU security processor is not compromised as part of this process. A PowerPC kernel exploit for firmware versions 5.5.0 and 5.5.1 has been developed, it was leaked and was subsequently released. Before the kernel exploit for 5.5.0 and 5.5.1, the only way to get kernel access on a Wii U was to have a console on 5.3.2 and utilize the osdriver exploit present on that system version. However, since the new 5.5.0 and 5.5.1 kernel exploit is much more reliable than the old osdriver exploit, the new exploit is always used, even on older system versions.

An exploit against the Wii U's IOSU security co-processor has been officially released by the Wiiubru team, and allows unrestricted access to the system, such as the dumping of the Wii U console unique OTP file, which contains unqiue console encryption keys and Wii U Common Keys stored in the ARM9 kernel. A boot-time exploit that allows custom firmware and operating systems on the Wii U to run immediately on console boot has been announced. However, the function of creating and booting a redNAND is already possible by using a NAND dumper to dump the Wii U NAND to the SD card and then using a file called fw.img and CFWBooter to launch redNAND from the NAND backup. A redNAND is able to install any title, including unofficial titles and titles without valid signatures. However, there are some disadvantages to redNAND, as the vWii mode does not currently work in redNAND, and it is unknown how a future system update could affect redNAND, as it does not currently emulate the SEEPROM save chip in the Wii U. As a result, an alternative to redNAND has been created to accomplish the same exact results on sysNAND called CFW sysNAND. This is launched the same way as redNAND (boot fw.img from the SD card using CFWbooter), but it uses a different fw.img than the one used for booting redNAND. This actually allows more features than redNAND, such as the installation of vWii games through unofficial means. All of the current fw.img files commonly used also allow editing of files stored on the Wii U via an internet connection and a client called wupserver or wupclient. This server connection allows the installation of haxchi and allows the changing of the console region to make a Wii U region free. However, since this has full access to the console, it also can brick the console easily if not carefully used.

The Wii U's built-in Wii emulator (often nicknamed vWii) is capable of running Wii homebrew, and also allows installation of the Homebrew Channel. However, the virtual Wii is much more fragile than a classic Wii console and has a higher chance of being bricked if dangerous software is used. Also, due to the updated patches, previous exploits that utilized the HOME menu itself to load the HackMii Installer, such as Letterbomb, do not work on vWii. However, exploits that launch the HackMii Installer via a game still work on vWii. The only way to hack vWii without one of the exploit games is using IOSU, using an exploit called wuphax. Wuphax uses the same client used to install Wii U exploits such as haxchi to temporarily load the HackMii Installer from the SD card when loading the Mii Channel. Users can then run the HackMii Installer to install the Homebrew Channel to their vWii. After installing the Homebrew Channel to the vWii, the modification to the Mii Channel is no longer needed and can be restored back to normal using a client script.