Guide_3DS/_pages/en_US/installing-boot9strap-(hbl-usm).txt

---
title: "Installing boot9strap (HBL-USM)"
---

{% include toc title="Table of Contents" %}

### Required Reading

In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.

As we already have Homebrew access, we can use slotTool to do this.

This specific method is intended to be used with Homebrew Launcher access through [BrowserHax 2020](homebrew-launcher-(browserhax-2020)).

If you have Homebrew Launcher access through another entry point, you should use [Frogtool](installing-boot9strap-(frogtool)).

Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.

If your (Right/Left Shoulder), (D-Pad Up) or (A) buttons do not work, you will need to use a [Legacy Method](legacy-methods). For assistance with this matter, join [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp) and ask, in English, for help.
{: .notice--danger}

### What You Need

* The latest release archive for [Luma3DS](https://github.com/AuroraWright/Luma3DS/releases/latest)
* The latest release archive for [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/releases/latest)

#### Section I - Prep Work

1. Your console should be powered on and showing the Homebrew Launcher from the previous part of the guide
1. Launch slotTool from the list of homebrew
  + If you get stuck on a red screen, forcefully power off the console by holding the power button for fifteen seconds, then retry this section
1. Select the "INSTALL exploit to wifi slots 1,2,3 & shutdown" option
  + You will see some on-screen text and then your system will shut down
1. Remove your SD card from your console and connect it to your computer
1. Copy `boot.firm` from the Luma3DS `.zip` to the root of your SD card
1. Copy `usm.bin` from the unSAFE_MODE `.zip` to the root of your SD card
1. Put your SD card back into your console

#### Section II - unSAFE_MODE

1. With your system still powered off, hold the following buttons: (Left Shoulder) + (Right Shoulder) + (D-Pad Up) + (A), then press (Power)
  + Keep holding the buttons until the console boots into Safe Mode
1. Press "OK" to accept the update
  + There is no update. This is part of the exploit
1. Press "I accept" to accept the terms and conditions
1. The update will eventually fail, with error code `003-1099`. This is intended behaviour
1. When asked "Would you like to configure Internet settings?", select "Yes"
1. On the following menu, navigate to `Connection 1` -> `Change Settings` -> `Next Page (right arrow)` -> `Proxy Settings` -> `Detailed Setup`
  + Here is a [visual representation](https://uwuu.ca/images/safemode_highlighted.png)
1. Once you see `B9S install SUCCESS` on the top screen, press any button to reboot to Luma Configuration

#### Section III - Configuring Luma3DS

1. Your device should automatically show the Luma Configuration menu
1. Use the (A) button and the D-Pad to turn on the following:
  + **"Show NAND or user string in System Settings"**
1. Press (Start) to save and reboot
  + Your device should load the Home Menu after a short delay. If you get a black screen lasting longer than 5 minutes, [follow this troubleshooting guide](troubleshooting#black-screen-on-sysnand-boot-after-installing-boot9strap)

#### Section IV - Restoring WiFi Configuration Profiles

1. Launch the Download Play application
1. Wait until you see the two buttons
  + Do not press either of the buttons
1. Press (Left Shoulder) + (D-Pad Down) + (Select) at the same time to open the Rosalina menu
1. Select "Miscellaneous options"
1. Select "Switch the hb. title to the current app."
1. Press (B) to continue
1. Press (B) to return to the Rosalina main menu
1. Press (B) to exit the Rosalina menu
1. Press (Home), then close Download Play
1. Relaunch the Download Play application
1. Your device should load the Homebrew Launcher
1. Launch slotTool from the list of homebrew
1. Select "RESTORE original wifi slots 1,2,3"
1. Your device will then reboot

___

### Continue to [Finalizing Setup](finalizing-setup)
{: .notice--primary}
add browserhax (#1785) let's get some wheels spinning 2020-09-05 06:38:34 +02:00			`---`
			`title: "Installing boot9strap (HBL-USM)"`
			`---`

			`{% include toc title="Table of Contents" %}`

			`### Required Reading`

			`In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.`

			`As we already have Homebrew access, we can use slotTool to do this.`

			`This specific method is intended to be used with Homebrew Launcher access through [BrowserHax 2020](homebrew-launcher-(browserhax-2020)).`

			`If you have Homebrew Launcher access through another entry point, you should use [Frogtool](installing-boot9strap-(frogtool)).`

			`Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.`

			`If your (Right/Left Shoulder), (D-Pad Up) or (A) buttons do not work, you will need to use a [Legacy Method](legacy-methods). For assistance with this matter, join [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp) and ask, in English, for help.`
			`{: .notice--danger}`

			`### What You Need`

			`* The latest release archive for [Luma3DS](https://github.com/AuroraWright/Luma3DS/releases/latest)`
			`* The latest release archive for [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/releases/latest)`

			`#### Section I - Prep Work`

streamline browserhax streamline the FUCK out of it 2020-09-08 15:11:23 +02:00			`1. Your console should be powered on and showing the Homebrew Launcher from the previous part of the guide`
add browserhax (#1785) let's get some wheels spinning 2020-09-05 06:38:34 +02:00			`1. Launch slotTool from the list of homebrew`
			`+ If you get stuck on a red screen, forcefully power off the console by holding the power button for fifteen seconds, then retry this section`
			`1. Select the "INSTALL exploit to wifi slots 1,2,3 & shutdown" option`
			`+ You will see some on-screen text and then your system will shut down`
streamline browserhax streamline the FUCK out of it 2020-09-08 15:11:23 +02:00			`1. Remove your SD card from your console and connect it to your computer`
Remove "replacing any existing files" from boot.firm Nobody following the page should ever have that file, and it has only been confusing 2020-10-31 01:09:25 +01:00			1. Copy `boot.firm` from the Luma3DS `.zip` to the root of your SD card
streamline browserhax streamline the FUCK out of it 2020-09-08 15:11:23 +02:00			1. Copy `usm.bin` from the unSAFE_MODE `.zip` to the root of your SD card
			`1. Put your SD card back into your console`
add browserhax (#1785) let's get some wheels spinning 2020-09-05 06:38:34 +02:00
streamline browserhax streamline the FUCK out of it 2020-09-08 15:11:23 +02:00			`#### Section II - unSAFE_MODE`
add browserhax (#1785) let's get some wheels spinning 2020-09-05 06:38:34 +02:00
			`1. With your system still powered off, hold the following buttons: (Left Shoulder) + (Right Shoulder) + (D-Pad Up) + (A), then press (Power)`
			`+ Keep holding the buttons until the console boots into Safe Mode`
			`1. Press "OK" to accept the update`
			`+ There is no update. This is part of the exploit`
			`1. Press "I accept" to accept the terms and conditions`
			1. The update will eventually fail, with error code `003-1099`. This is intended behaviour
			`1. When asked "Would you like to configure Internet settings?", select "Yes"`
			1. On the following menu, navigate to `Connection 1` -> `Change Settings` -> `Next Page (right arrow)` -> `Proxy Settings` -> `Detailed Setup`
			`+ Here is a [visual representation](https://uwuu.ca/images/safemode_highlighted.png)`
			1. Once you see `B9S install SUCCESS` on the top screen, press any button to reboot to Luma Configuration

streamline browserhax streamline the FUCK out of it 2020-09-08 15:11:23 +02:00			`#### Section III - Configuring Luma3DS`
add browserhax (#1785) let's get some wheels spinning 2020-09-05 06:38:34 +02:00
			`1. Your device should automatically show the Luma Configuration menu`
			`1. Use the (A) button and the D-Pad to turn on the following:`
			`+ "Show NAND or user string in System Settings"`
			`1. Press (Start) to save and reboot`
			`+ Your device should load the Home Menu after a short delay. If you get a black screen lasting longer than 5 minutes, [follow this troubleshooting guide](troubleshooting#black-screen-on-sysnand-boot-after-installing-boot9strap)`

streamline browserhax streamline the FUCK out of it 2020-09-08 15:11:23 +02:00			`#### Section IV - Restoring WiFi Configuration Profiles`
add browserhax (#1785) let's get some wheels spinning 2020-09-05 06:38:34 +02:00
			`1. Launch the Download Play application`
			`1. Wait until you see the two buttons`
			`+ Do not press either of the buttons`
			`1. Press (Left Shoulder) + (D-Pad Down) + (Select) at the same time to open the Rosalina menu`
			`1. Select "Miscellaneous options"`
			`1. Select "Switch the hb. title to the current app."`
			`1. Press (B) to continue`
			`1. Press (B) to return to the Rosalina main menu`
			`1. Press (B) to exit the Rosalina menu`
			`1. Press (Home), then close Download Play`
			`1. Relaunch the Download Play application`
			`1. Your device should load the Homebrew Launcher`
			`1. Launch slotTool from the list of homebrew`
			`1. Select "RESTORE original wifi slots 1,2,3"`
			`1. Your device will then reboot`

			`___`

			`### Continue to [Finalizing Setup](finalizing-setup)`
			`{: .notice--primary}`