PlayStation Portable Nintendo DS Since the release of the Nintendo DS, a great deal of hacking has occurred involving the DS's fully rewritable firmware, Wi-Fi connection, game cards that allow
SD storage (such as
R4 cartridges), and software use. There are now many emulators for the DS, as well as the NES, SNES, Sega Master System, Sega Mega Drive, Neo-Geo Pocket, Neo-Geo MVS (arcade), and older handheld consoles like the Game Boy Color. There are a number of cartridges or cards which either have built-in flash memory or an
SD card slot (in both standard and "micro" formats). These typically enable DS gamers to use their system to play MP3s and videos, as well as other non-gaming functions traditionally reserved for separate devices. In South Korea, many video game consumers exploit illegal copies of video games, including for the Nintendo DS. In 2007, 500,000 copies of DS games were sold, while the sales of the DS hardware units was 800,000. Another modification device called
Action Replay, manufactured by the company Datel, is a device which allows the user to input cheat codes that allows it to hack games, granting the player infinite
health,
power-ups, access to any part of the game, infinite in game currency, the ability to walk through walls, and various other abilities depending on the game and code used. Photographer Steve Chapman, looking for other ways to continue his photography work with smaller equipment, created DS-DSLR, an application that allowed him to control his camera without his bulky laptop. When his camera was connected to the DS through the GBA cartridge slot, DS-DSLR allowed him to execute many tasks, including controlled bracketing, custom interval shots, and timed long exposures. DS-DSLR even had a noise-activated shutter control which was activated when the DS mic detected noise. With the DSi, it too has some homebrew exploits, some of which use DSiWare apps such as Flipnote Studio (aka ugopwn), sudokuhax, using a game called Sudoku by EA Games, grtpwn, exidiahax, fieldrunhax, 4swordhax, UNO*hax, and an exploit using
Petit Computer called petit-compwner. There is also systemflaaw, which uses the DSi-exclusive game System Flaw. A user by the name of shutterbug2000 on GBAtemp has released two DSi exploits, one being called Memory Pit, an exploit using the
DSi Camera app, and the other known as the Flipnote Lenny exploit (aka ugopwn), using
Flipnote Studio.
Xbox 360 Microsoft has released a version of its proprietary Software Development Kit (SDK) for free, to would-be homebrew programmers. This
SDK, called
XNA Game Studio, is a free version of the SDK available to professional development companies and college students. However, to create Xbox 360 games one must pay for a premium membership to the XNA Creators Club. Once the games are verified, the games written with XNA Studio can be made available for 80, 240, or 400 Microsoft Points to all
Xbox 360 owners (through
Xbox Live). This allows creators of homebrew content access to their target audience of Xbox 360 owners. This content is available under the Indie Games section of the New Xbox Experience. On March 20, 2007, it was announced that a hack using the previously discovered hypervisor vulnerability in the Xbox 360 kernel versions 4532 and 4548 had been developed to allow users to run XeLL, a Linux bootloader. The initial hack was beyond the average user and required an Xbox serial cable to be installed and a flashed DVD Drive firmware. Felix Domke, the programmer behind XeLL, has since announced a live bootable Linux CD suitable for novice users, with the capabilities to be installed to the SATA hard drive of the Xbox 360. Despite the availability of such a distribution, the Xbox 360 still isn't considered a popular platform for homebrew development, given the dependence of the exploit on the DVD-ROM being able to load a burnt DVD game, a modified version of the game
King Kong, and two older kernel revisions of the console itself. A group independent of Microsoft was working on the means to run homebrew code, as part of the
Free60 project.
Note: The hypervisor vulnerability in the Xbox 360 kernel versions 4532 and 4548 was addressed by Microsoft with the release of the NXE system and dashboard update in 2008. Homebrew was since re-enabled on any Xbox 360 with dash 2.0.7371.0 or lower via an exploit referred to as the JTAG / SMC hack but was promptly patched again by Microsoft with the 2.0.8495.0 update. Homebrew has now become available on most Xbox 360 consoles due to the Reset Glitch Hack. It works on all current dashboards up to the latest revision. Because the Reset Glitch Hack required a modchip, soldering skills are a necessity when attempting to use this exploit. It was patched in the Winchester revisions of the Xbox 360 with mitigations in the hardware. In early 2025, a software-based exploit known as Bad Update was introduced, which involves a race condition with the hypervisor in software. It depends on an exploit found in ''
Tony Hawk's American Wasteland and Rock Band Blitz'', and works on all Xbox 360 consoles up to the latest Winchester revisions without the need of a modchip or directly modifying the console's hardware (as what was previously done with the JTAG and Reset Glitch Hack exploits). A
fork of Bad Update, ABadAvatar, was introduced later that year, which involves a race condition with the
Xbox Live Avatar sign-in system after the console has booted up rather than the hypervisor, and does not depend on a game to trigger the exploit. Both Bad Update and ABadAvatar are non-persistent exploits however, and will revert back to a stock configuration once it has been turned off, meaning that the exploit must be rerun every time the Xbox 360 is turned on. Though hardware-based exploits such as the JTAG and Reset Glitch Hack are still the preferred methods of hacking the Xbox 360 for homebrew, Bad Update and ABadAvatar allowed for easier accessibility to homebrew for users who are not experienced with hardware modding or soldering skills, and also allowed homebrew to work on the later Winchester revisions of the console which patched out the Reset Glitch Hack exploit.
PlayStation 3 The
PlayStation 3 was designed to run other operating systems from day one. Very soon after launch, the first users managed to install Fedora Core 5 onto the PlayStation 3 via the 'Install Other OS' option in the PlayStation 3's XMB (Xross Media Bar), which also allows configuring the PlayStation 3 to boot into the other OS installed by default. So far, several Linux flavors have been successfully installed to the PlayStation 3, such as
Fedora Core 5, Fedora Core 6,
Gentoo,
Ubuntu and
Yellow Dog Linux (YDL). The latter comes installed with the Cell SDK by default, allowing programmers a low cost entry into Cell programming. See also:
Linux for PlayStation 3 Originally, graphics support was limited to framebuffer access only (no access to the PlayStation 3's graphics chip RSX), yet some access to the
RSX graphics processor was achieved (but Sony blocked this with firmware release 2.10). As of firmware release 3.21, consumers are no longer able to access the 'Other OS' due to Sony removing the facility from the software in an update. Sony said this was in response to several 'security concerns'. Homebrew developers do have access to the
Cell microprocessor, including 6 of its 7 active Synergistic Processing Elements (SPEs). The Game OS resides under a
hypervisor and prevents users from taking full control of the PlayStation 3's hardware. This is a security measure which helps Sony feel secure enough to allow users to install other operating systems on the PS3. The Sixaxis controller has also been exposed to Linux and Windows, but no driver seems to have been successfully created yet that exposes its
accelerometer functionality, except for Motioninjoy. However other drivers have successfully used it as a controller for gaming and other applications. In May 2008, a vulnerability was found in the PlayStation 3 allowing users to install a partial debug firmware on a regular console. However, the debug functionality is disabled, so neither homebrew applications nor backup games can be run yet. Another exploit was found on August 14, 2008, allowing users to boot some backup games from the PlayStation 3's
HDD, although the exact instructions on how to do this were not released at that time. However, a different person posted instructions 10 days later, which explained the exploit. On January 6, 2009, a hacking ring known as the "
Sh4d0ws" leaked the jig files needed to launch the PlayStation 3 into service mode. Although the PlayStation 3 can be triggered into service mode, it is not yet of any use because the files needed to make changes to the console have not been leaked. On August 31, 2010, PSGroove, an exploit for the PS3 through the USB port, was released and made open source. This exploit works on all of the PS3 models released up until then. A guide for the creation of the PSGroove is available through several online sources.
George Hotz, better known under his nickname "geohot", appeared on
Attack of the Show because he released the PlayStation 3's encryption keys, therefore any homebrew or custom firmware can be signed. Once signed, homebrew can be natively run. It would be difficult for Sony to fix this because it would most likely require a voluntary recall and the most expensive parts would have to be replaced. In 2011, Sony, with help from law firm
Kilpatrick Stockton, sued Hotz and associates of the group fail0verflow for their jailbreaking activities. Charges included violating the
DMCA,
CFAA,
copyright law, and
California's CCDAFA, and for
breach of contract (related to the
PlayStation Network User Agreement),
tortious interference,
misappropriation, and
trespass.
Wii In advance of the Wii's release, WiiCade was the first site to host
Adobe Flash homebrew games specifically designed for the Wii and its remote, which could be played without any exploits using the Wii's
Opera web browser. The Wii Opera software development kit lets developers make their own games for the Wii via JavaScript. The Wii was hacked via a custom serial interface in December 2007. The goal of most Wii exploits today is to install The Homebrew Channel, a custom channel that lets users run homebrew software on the console. Its first full release was in December 2008; earlier that year, Team Twiizers (now known as fail0verflow) released an exploit called the Twilight Hack which takes advantage of a
buffer overflow vulnerability found in the Wii version of
The Legend of Zelda: Twilight Princess that utilizes a malformed
save file to load an
ELF file (boot.elf) into memory (if present in the root directory of the SD card), which will then install The Homebrew Channel via unsigned code. Though Nintendo has successfully patched various older exploits to install The Homebrew Channel, many exploits to run the channel on current firmware exist. Note that only exploits that use disc games are compatible with installing The Homebrew Channel on the vWii (virtual Wii) mode on a Wii U (with the exception of "wuphax", an exploit that installs the channel via Wii U-specific system permission exploits). The console's controller was also a popular target for modification. , there are many other exploits that can hack the
Wii for homebrew since the release of the Twilight Hack, allowing for the installation of The Homebrew Channel from supported games and on specific system software revisions. These include exploits such as (but not limited to) Smash Stack (using an exploit found within the game's stage editor in
NTSC releases of
Super Smash Bros. Brawl), BannerBomb (using a malformed Channel; patched in firmware version 4.3), LetterBomb (using the Wii's
Messaging Board), WilBrand (LetterBomb alternative that supports firmware versions 3.0 to 4.3), FlashHax (using the Internet Channel), str2hax (using a DNS exploit in the Wii's EULA), BlueBomb (using Bluetooth), and ModMii (an exploit for PC users). Most exploits for the console typically requires the use of an SD card as they expect the ELF loader file (boot.elf) to be present on the root of the medium. However, some exploits such as FlashHax, str2hax and BlueBomb do not require the use of an SD card in order to exploit the Wii as they can download the ELF loader file directly off the internet (depending on the console model) if the SD card itself or the ELF loader file on the SD card is not present. BlueBomb in particular also allowed for the Wii Mini to become hackable for the first time, which was a hardware revision of the Wii released late in its lifecycle that was deemed "unhackable" by many users prior to the exploit's release, mainly due to the lack of an SD card slot and internet connectivity on the Wii Mini. ==Eighth/ninth generation consoles==