3DS userland exploit for VVVVVV


VVVVVV utilizes multiple savegame buffer overflows in order to run *hax. To install such a savegame, an existing homebrew entrypoint such as browser hax, Smash Bros or Cubic Ninja is required.
To launch *hax, first make sure you download and extract the latest homebrew starter kit to the SD card.
To install the exploit to VVVVVV use the installer found here, extract it to your SD card and run it using the Homebrew Launcher. In the installer you will be prompted to select the appropriate version for the system and then the selected exploit version will be downloaded and installed.
Note that installing (v*)hax will wipe any existing savegame data, and the original game will not be able to be used while (v*)hax is installed. As such it is suggested that a savegame backup be made before installing. For uninstallation, see below. To launch *hax once (v*)hax is installed, start the game and load the main save.

Updating and Removal

(v*)hax includes a payload which allows the *hax payload to be updated in the event that a system update is released, without requiring the installer to be run again. To access this functionality, hold SELECT while the exploit is loading and you will be taken to a menu. In this menu, select Update *hax payload and select the version of the *hax payload you wish to install, and then press A to have it downloaded and installed to the savegame.
In the event that you wish to return the game to it's original cleared save state, you can also select Clear savegame and your save will be wiped, or use the in-game menu's save clearing.


Exploit discovery (writeup here) and ROP implementation by Shiny Quagsire
Region porting, installer and ROP fixes by Dazzozo
Installer icon by WulfyStylez
ironhax by smealum for ROP build system/payload base
sploit installer by smealum and yellows8
Special thanks to FIQ for some VVVVVV background information.


What firmwares does this exploit work with?

This exploit works on all firmwares 2.1.0 and higher, however *hax only supports 9.0.0-7 and higher.

Source Code?

The source code for this exploit can be found here