Add alternate exploits for 11.17

a.k.a. "the worst structural change in the history of this guide"

- freakyhax
- ninjhax
- smilehax-iie
- seedminer (alt) -> pichaxx
- seedminer (alt) -> steelhax
- seedminer (alt) -> eshop dsiware -> fredtool
This commit is contained in:
Lily 2023-05-24 01:01:03 -07:00 committed by lifehackerhansol
parent 54d79779fb
commit 3bff47ca66
No known key found for this signature in database
GPG key ID: 80FB184AFC0B3B0E
19 changed files with 513 additions and 80 deletions

View file

@ -70,9 +70,15 @@ sidebar_pages:
- -
title: ntrboot title: ntrboot
url: ntrboot url: ntrboot
-
title: Alternate Exploits
url: alternate-exploits
- -
title: Seedminer title: Seedminer
url: seedminer url: seedminer
-
title: Seedminer (Alternate)
url: seedminer-(alternate)
- -
title: Seedminer (Mii) title: Seedminer (Mii)
url: seedminer-(mii) url: seedminer-(mii)
@ -85,9 +91,24 @@ sidebar_pages:
- -
title: BannerBomb3 (Legacy) title: BannerBomb3 (Legacy)
url: bannerbomb3-(legacy) url: bannerbomb3-(legacy)
-
title: Homebrew Launcher (ninjhax2-dx)
url: homebrew-launcher-(ninjhax2-dx)
-
title: Homebrew Launcher (PicHaxx)
url: homebrew-launcher-(pichaxx)
-
title: Homebrew Launcher (smilehax-IIe)
url: homebrew-launcher-(smilehax-iie)
-
title: Homebrew Launcher (Steelhax)
url: homebrew-launcher-(steelhax)
- -
title: Homebrew Launcher (super-skaterhax) title: Homebrew Launcher (super-skaterhax)
url: homebrew-launcher-(super-skaterhax) url: homebrew-launcher-(super-skaterhax)
-
title: Dumping eShop DSiWare
url: dumping-eshop-dsiware
- -
title: Dumping Movable (nimhax) title: Dumping Movable (nimhax)
url: dumping-movable-(nimhax) url: dumping-movable-(nimhax)
@ -130,6 +151,9 @@ sidebar_pages:
- -
title: Installing boot9strap (Fredtool) title: Installing boot9strap (Fredtool)
url: installing-boot9strap-(fredtool) url: installing-boot9strap-(fredtool)
-
title: Installing boot9strap (Fredtool-Inject)
url: installing-boot9strap-(fredtool-inject)
- -
title: Installing boot9strap (Fredtool, Legacy) title: Installing boot9strap (Fredtool, Legacy)
url: installing-boot9strap-(fredtool-legacy) url: installing-boot9strap-(fredtool-legacy)

View file

@ -0,0 +1,61 @@
---
title: "Alternate Exploits"
---
{% include toc title="Table of Contents" %}
3DS / 3DS XL / 2DS devices on firmware 11.17.0 do not currently have any free, software-only methods. Therefore, all of the methods here have some sort of prerequisite.
### Installed eShop titles
Because Nintendo eShop no longer allows purchases, it is no longer possible to purchase new titles. However, you can re-download a title if you had purchased or downloaded them before purchases stopped being possible.
Any one of the following titles can be used in conjunction with Seedminer to install custom firmware:
* Pokémon Picross (free-to-play)
* Steel Diver: Sub Wars (free-to-play)
* ANY [DSiWare](https://en.wikipedia.org/wiki/List_of_DSiWare_games_and_applications) title (free or paid)
Continue to [Seedminer (Alternate)](seedminer-(alternate))
{: .notice--primary}
Alternatively, SmileBASIC (a paid game) can be used to get Homebrew Launcher access without using Seedminer.
Continue to [Homebrew Launcher (smilehax-IIe)](homebrew-launcher-(smilehax-iie))
{: .notice--primary}
### Retail 3DS cartridges
#### ninjhax2-dx
This method uses a cartridge or digital copy of the game Cubic Ninja.
Continue to [Homebrew Launcher (ninjhax2-dx)](homebrew-launcher-(ninjhax2-dx))
{: .notice--primary}
#### freakyhax
This method uses a cartridge or digital copy of the game Freakyforms Deluxe.
Continue to [Homebrew Launcher (freakyhax)](homebrew-launcher-(freakyhax))
{: .notice--primary}
### Additional hardware
#### kartdlphax
This method uses another 3DS with custom firmware and a digital or cartridge copy of Mario Kart 7.
Continue to [Installing boot9strap (kartdlphax)](installing-boot9strap-(kartdlphax))
{: .notice--primary}
#### ntrboot
This method requires a compatible DS flashcart to be flashed with ntrboot, which works on all 3DS-family consoles regardless of model or region.
If none of the above options are available to you, this is the cheapest available option. If you don't already have a compatible cartridge, a preflashed ntrboot-compatible cartridge can be purchased [here](https://www.nds-card.com/ProShow.asp?ProID=575) for roughly $20 USD.
Continue to [ntrboot](ntrboot)
{: .notice--primary}

View file

@ -0,0 +1,25 @@
---
title: "Dumping eShop DSiWare"
---
On this page, you will dump an installed DSiWare title from the eShop to your SD card.
## Instructions
1. Power on your device
1. If you haven't already, re-download your DSiWare title from the Nintendo eShop (instructions [here](https://en-americas-support.nintendo.com/app/answers/detail/a_id/607/~/how-to-download-or-redownload-content-in-nintendo-3ds-eshop))
+ A DSiWare title's banner will be a white box with an icon inside of it that is likely animated
1. Launch System Settings on your device
1. Navigate to Data Management -> DSiWare
1. Select your DSiWare title, then tap "Copy", then "OK"
1. Power off your device
1. Put your SD card into your computer
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` -> `Nintendo DSiWare` on your SD card
+ `<ID0>` is the 32-letter folder name that you copied in Seedminer
+ `<ID1>` is a 32-letter folder inside of the `<ID0>`
+ If you have multiple <ID1> folders, follow the instructions [here](troubleshooting#bannerbomb3)
1. Copy the `.bin` file inside of the `Nintendo DSiWare` folder to the root of your SD card
+ You will need this file later
Continue to [Installing boot9strap (Fredtool-Inject)](installing-boot9strap-(fredtool-inject))
{: .notice--primary}

View file

@ -38,19 +38,10 @@ For a more technical explanation, see [here](https://github.com/luigoalma/nimhax
1. Launch nimhax from the list of homebrew 1. Launch nimhax from the list of homebrew
1. If the exploit was successful, a `movable.sed` file will appear on the root of your SD card 1. If the exploit was successful, a `movable.sed` file will appear on the root of your SD card
### Next step: Choose an exploit ### Next step: Frogtool
#### Bannerbomb3 (recommended)
Once you have your device's encryption key (`movable.sed`), you can use it in conjunction with BannerBomb3, which uses your `movable.sed` file to take advantage of exploits in the System Settings application.
Continue to [BannerBomb3](bannerbomb3)
{: .notice--info}
#### Frogtool
Once you have your device's encryption key (`movable.sed`), you can use it in conjunction with Frogtool, which uses your `movable.sed` file to inject and take advantage of JPN Flipnote Studio. \ Once you have your device's encryption key (`movable.sed`), you can use it in conjunction with Frogtool, which uses your `movable.sed` file to inject and take advantage of JPN Flipnote Studio. \
While this method is faster, it requires downloading a file with a torrent client. Do not follow this method if you're unable to use a torrent client. While this method is faster, it requires downloading a file with a torrent client. Do not follow this method if you're unable to use a torrent client.
Continue to [Installing boot9strap (Frogtool)](installing-boot9strap-(frogtool)) Continue to [Installing boot9strap (Frogtool)](installing-boot9strap-(frogtool))
{: .notice--warning} {: .notice--primary}

View file

@ -0,0 +1,54 @@
---
title: "Homebrew Launcher (freakyhax)"
---
{% include toc title="Table of Contents" %}
{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>
[freakyhax](https://plutooo.github.io/freakyhax/) is an exploit for the game Freakyforms Deluxe discovered and released by [plutooo](https://github.com/plutooo). It works on versions 9.0.0 through 11.17.0 on EUR, USA and JPN region devices.
{% endcapture %}
<details>{{ technical_info | markdownify }}</details>
{: .notice--info}
This method requires a working 3DS camera.
{: .notice--info}
## What you need
+ A EUR/USA/JPN copy of Freakyforms Deluxe (eShop or cartridge)
+ The latest release of [freakyhax](https://github.com/plutooo/freakyhax/releases/latest)
+ The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest)
+ [otherapps.zip]({{ base_path }}/assets/otherapps.zip) (direct download)
## Instructions
### Section I - Prep Work
1. Power off your device
1. Insert your SD card into your computer
1. Copy all files and folders inside the `/build/<your console and region>/exploit/` folder from the freakyhax `.zip` to the root of your SD card
+ The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
1. Copy the otherapp payload for your model/region/version from `otherapps.zip` to the root of your SD card, then rename the payload to `otherapp.bin`
+ Do not add the `.bin` extension if you do not already see it
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
1. Reinsert your SD card into your device
1. Power on your device
### Section II - freakyhax
1. Reinsert your SD card into your device
1. Power on your device
1. Launch Freakyforms Deluxe
1. In the game menu, select `Play -> Camera -> Load a QR code`
1. Select the QR code
1. If the exploit was successful, your device will have loaded the Homebrew Launcher
### Section III - Hardware Button Check
{% include_relative include/safemodecheck.txt %}
___
{% include_relative include/hbl-common-exploits.txt %}

View file

@ -0,0 +1,55 @@
---
title: "Homebrew Launcher (ninjhax2-dx)"
---
{% include toc title="Table of Contents" %}
{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>
[Ninjhax2](https://github.com/smealum/ninjhax2.x) is an exploit for the game "Cubic Ninja" made by [smealum](https://github.com/smealum). This page uses an updated version of ninjhax by [zoogie](https://github.com/zoogie) called [ninjhax2-dx](https://github.com/zoogie/ninjhax2-dx), which supports 11.17.0.
{% endcapture %}
<details>{{ technical_info | markdownify }}</details>
{: .notice--info}
This method requires a working 3DS camera.
{: .notice--info}
This process will overwrite your Cubic Ninja save file, if you have one.
{: .notice--warning}
## What You Need
* The game "Cubic Ninja"
* The latest release of [ninjhax2-dx](https://github.com/zoogie/ninjhax2-dx/releases)
* The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
## Instructions
### Section I - Prep Work
1. Power off your device
1. Insert your SD card into your computer
1. Copy `Launcher.dat` from the folder appropriate for your console from the ninjhax2-dx `.zip` file to the root of your SD card
+ The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
### Section II - ninjhax2-dx
1. Reinsert your SD card into your device
1. Power on your device
1. Launch "Cubic Ninja" once and select "Create"
+ If prompted, delete all data
1. Select "QR Code"
1. Select "Scan QR Code"
1. On your PC, open the browser and go to [ninjhax2-dx website](https://zoogie.github.io/web/nh2dx/)
1. Select your console's region and hardware
1. On your device, scan the QR code
+ If the game exits to the HOME Menu, then the exploit has installed correctly
1. Launch "Cubic Ninja" again
+ If the exploit was successful, your device will have booted into the Homebrew Launcher
### Section III - Hardware Button Check
{% include_relative include/safemodecheck.txt %}
___
{% include_relative include/hbl-common-exploits.txt %}

View file

@ -6,32 +6,25 @@ title: "Homebrew Launcher (PicHaxx)"
{% capture technical_info %} {% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary> <summary><em>Technical Details (optional)</em></summary>
[PicHaxx](https://github.com/zoogie/pichaxx) is an exploit for the game Pokémon Picross released by [zoogie](https://github.com/zoogie), originally discovered and [demonstrated](https://twitter.com/mrnbayoh/status/744899681663258624) by [MrNbaYoh](https://github.com/MrNbaYoh).
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used to launch the Homebrew Launcher.
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
{% endcapture %} {% endcapture %}
<details>{{ technical_info | markdownify }}</details> <details>{{ technical_info | markdownify }}</details>
{: .notice--info} {: .notice--info}
### Compatibility Notes
These instructions work on USA, Europe, and Japan consoles as indicated by the letters U, E, or J after the system version.
You will need a Nintendo Network ID to download Pokémon Picross.
This process will overwrite your Pokémon Picross save file, if you have one. If you wish to preserve your Pokémon Picross game data, you should make a backup of your `00000001.sav` file before overwriting it. This process will overwrite your Pokémon Picross save file, if you have one. If you wish to preserve your Pokémon Picross game data, you should make a backup of your `00000001.sav` file before overwriting it.
{: .notice--warning} {: .notice--warning}
### What You Need ### What You Need
* The game "Pokémon Picross" (free on eShop) installed on your device + The game "Pokémon Picross" installed on your device
+ You can scan [this QR code](http://api.qrserver.com/v1/create-qr-code/?color=000000&bgcolor=FFFFFF&data=ESHOP://50010000037815&margin=0&qzone=1&size=400x400&ecc=L) using the Nintendo 3DS Camera for a direct link to the eShop app + If you have downloaded it before, you can [redownload it](https://en-americas-support.nintendo.com/app/answers/detail/a_id/607/~/how-to-download-or-redownload-content-in-nintendo-3ds-eshop)
+ Your SD card must be inserted in your device to install Pokémon Picross + Your SD card must be inserted in your device to install Pokémon Picross
* Your `movable.sed` file from completing [Seedminer](seedminer) + Your `movable.sed` file from completing [Seedminer](seedminer)
* The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file) + The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
* The latest release of [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/releases/latest) (the RELEASE `.zip` file) + [otherapps.zip]({{ base_path }}/assets/otherapps.zip) (direct download)
### Instructions ### Instructions
@ -39,12 +32,13 @@ This process will overwrite your Pokémon Picross save file, if you have one. If
In this section, you will copy some of the files that will be used to launch the Homebrew Launcher. In this section, you will copy some of the files that will be used to launch the Homebrew Launcher.
1. Power off your device
1. Insert your SD card into your computer 1. Insert your SD card into your computer
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card 1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
+ The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it + The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
1. Create a folder named `3ds` on the root of your SD card 1. Copy the otherapp payload for your model/region/version from `otherapps.zip` to the root of your SD card, then rename the payload to `otherapp.bin`
1. Copy the `slotTool` folder from the unSAFE_MODE `.zip` to the `3ds` folder on your SD card + Do not add the `.bin` extension if you do not already see it
1. Copy the otherapp payload for your region/version from the unSAFE_MODE `.zip`'s `otherapps_with_CfgS` folder to the root of your SD card and rename it to `otherapp.bin` 1. Copy `movable.sed` from your computer to the root of your SD card
![]({{ "/images/screenshots/hblpichaxx-root-layout.png" | absolute_url }}) ![]({{ "/images/screenshots/hblpichaxx-root-layout.png" | absolute_url }})
{: .notice--info} {: .notice--info}
@ -55,14 +49,14 @@ In this section, you will copy some of the files that will be used to launch the
#### Section II - PicHaxx #### Section II - PicHaxx
In this section, you will create a hacked Pokémon Picross save file that, when used, will load the Homebrew Launcher on your device. In this section, you will create a hacked Pokémon Picross save file that, when loaded, will run the Homebrew Launcher on your device.
1. Open [the PicHaxx Injector website](https://3dstools.nhnarwhal.com/#/pichaxx) on your computer 1. Open [the PicHaxx Injector website](https://3dstools.nhnarwhal.com/#/pichaxx) on your computer
1. Select your `movable.sed` file 1. Select your `movable.sed` file
1. Select "Build and Download" 1. Select "Build and Download"
1. Wait for the process to complete 1. Wait for the process to complete
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` -> `title` -> `00040000` -> `0017c100` -> `data` on your SD card 1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` -> `title` -> `00040000` -> `0017c100` -> `data` on your SD card
+ The `<ID0>` will be the same one that you used in [Seedminer](seedminer) + The `<ID0>` will be the same one that you used in Seedminer
+ The `<ID1>` is a 32 character long folder inside of the `<ID0>` + The `<ID1>` is a 32 character long folder inside of the `<ID0>`
1. Copy the newly downloaded `00000001.sav` file to the `data` folder on your SD card 1. Copy the newly downloaded `00000001.sav` file to the `data` folder on your SD card
+ Overwrite the old save file when prompted + Overwrite the old save file when prompted
@ -74,9 +68,11 @@ In this section, you will create a hacked Pokémon Picross save file that, when
1. Power on your device 1. Power on your device
1. Launch "Pokémon Picross" 1. Launch "Pokémon Picross"
1. If the exploit was successful, your device will have booted into the Homebrew Launcher 1. If the exploit was successful, your device will have booted into the Homebrew Launcher
+ If you get an error message, [follow this troubleshooting guide](troubleshooting#homebrew-launcher-pichaxx)
#### Section III - Hardware Button Check
{% include_relative include/safemodecheck.txt %}
___ ___
### Continue to [Installing boot9strap (HBL-USM)](installing-boot9strap-(hbl-usm)) {% include_relative include/hbl-common-exploits-movable.txt %}
{: .notice--primary}

View file

@ -0,0 +1,68 @@
---
title: "Homebrew Launcher (smilehax-IIe)"
---
{% include toc title="Table of Contents" %}
This set of instructions does not support the Japanese version of SmileBASIC.
{: .notice--warning}
{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>
[smilehax-IIe](https://github.com/zoogie/smilehax-IIe) is an exploit for the game "SmileBASIC" made by zoogie, compatible with system versions 9.0.0 through 11.17.0 for USA/EUR/JPN region consoles.
{% endcapture %}
<details>{{ technical_info | markdownify }}</details>
{: .notice--info}
## What You Need
+ The game "SmileBASIC" installed on your device
+ If you have downloaded it before, you can [redownload it](https://en-americas-support.nintendo.com/app/answers/detail/a_id/607/~/how-to-download-or-redownload-content-in-nintendo-3ds-eshop)
+ Your SD card must be inserted in your device to install SmileBASIC
+ Your `movable.sed` file from completing [Seedminer](seedminer)
+ The latest release of [smilehax-IIe](https://github.com/zoogie/smilehax-IIe/releases/download/v1.0/Release_sh2e_v1.0.zip) (direct download)
+ The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
+ [otherapps.zip]({{ base_path }}/assets/otherapps.zip) (direct download)
## Instructions
### Section I - Prep Work
1. Power off your device
1. Insert your SD card into your computer
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
+ The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
1. Copy the otherapp payload for your model/region/version from `otherapps.zip` to the root of your SD card, then rename the payload to `otherapp.bin`
+ Do not add the `.bin` extension if you do not already see it
1. Transfer the `.wav` for your region from the Release_sh2e `.zip` to a device that can play `.wav` files, for example a phone
1. Copy the petitcom `.icn` for your region to the root of your SD card
### Section II - smilehax
1. Launch SmileBASIC
+ Update the game if prompted
1. Select the "Publish/Download Projects" option
1. Select the "Download (Receive) using Public Key" option
1. Press the "Yes" button
1. Enter the Public Key "NJEQK3A4" using the on-screen keyboard
1. Press the "Yes" button to confirm the download of PMODEM141
1. Press "OK", then "Back", then "Browse Projects"
1. Select PMODEM141, then press "Select File"
1. Select PMODEM141.PRG, then Press "OK", then "Yes" to execute it
1. Select RECEIVE FILE SIMPLEX
1. Prepare the device you use to play the `.wav` file
1. Keep your console about a foot from the `.wav` file playing devices' speaker and use a reasonable (not loud) volume to play the`.wav`
1. Now select 300BPS, then play the `.wav` file
1. When it finishes, Press "Yes", then press "OK"
1. Press the START button
1. Select the SH2E-xxx.TXT file, then press OK, then "Yes" to execute it
+ If you get kicked back into menu, make sure you're using the latest version of SmileBASIC
1. Your device should load into the Homebrew Launcher
### Section III - Hardware Button Check
{% include_relative include/safemodecheck.txt %}
___
{% include_relative include/hbl-common-exploits.txt %}

View file

@ -4,45 +4,57 @@ title: "Homebrew Launcher (Steelhax)"
{% include toc title="Table of Contents" %} {% include toc title="Table of Contents" %}
### Required Reading {% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Steel Diver: Sub Wars, which can then be used to launch the Homebrew Launcher.
{% endcapture %}
<details>{{ technical_info | markdownify }}</details>
{: .notice--info}
This method of using Seedminer for further exploitation uses your `movable.sed` file to gain access to the Homebrew Launcher using the Steelhax exploit for the purposes of injecting an exploitable DSiWare title into the DS Download Play application. This method requires you to already own (or download) the free "Steel Diver: Sub Wars" game from the eShop. This process will overwrite your Steel Diver: Sub Wars save file, if you have one. If you wish to preserve your Steel Diver: Sub Wars game data, you should make a backup of your `00000001.sav` file before overwriting it.
If your device already has access to the Homebrew Launcher (whether through Steelhax or another exploit), you can skip to [DSiWare Dumper](dsidumper)).
{: .notice--success}
If you already have Steel Diver: Sub Wars, this process will overwrite your game's save file!
{: .notice--warning} {: .notice--warning}
### What You Need ### What You Need
* The free eShop game "Steel Diver: Sub Wars" + The game "Steel Diver: Sub Wars" installed on your device
* Your `movable.sed` file from completing [Seedminer](seedminer) + If you have downloaded it before, you can [redownload it](https://en-americas-support.nintendo.com/app/answers/detail/a_id/607/~/how-to-download-or-redownload-content-in-nintendo-3ds-eshop)
* The latest release of [the Homebrew Launcher](https://github.com/fincs/new-hbmenu/releases/latest) + Your SD card must be inserted in your device to install Steel Diver: Sub Wars
* The latest release of [Steelhax](https://github.com/MechanicalDragon0687/vegaroxas.github.io/releases/download/1.0/steelhax-release.zip) + Your `movable.sed` file from completing [Seedminer](seedminer)
* The [otherapp payload](https://deadphoenix8091.github.io/3ds/#otherapp) *(for your region and version)* + The latest release of [Steelhax](https://github.com/MechanicalDragon0687/vegaroxas.github.io/releases/download/1.0/steelhax-release.zip) (direct download)
+ The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
+ [otherapps.zip]({{ base_path }}/assets/otherapps.zip) (direct download)
### Instructions ### Instructions
#### Section I - Prep Work #### Section I - Prep Work
1. Create a folder named `3ds` on the root of your SD card if it does not already exist In this section, you will copy some of the files that will be used to launch the Homebrew Launcher.
1. Copy `boot.3dsx` to the root of your SD card
1. Power off your device
1. Insert your SD card into your computer
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
+ The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
1. Copy the `steelhax` folder from the `Steelhax-release.zip` to the root of your SD card 1. Copy the `steelhax` folder from the `Steelhax-release.zip` to the root of your SD card
1. Copy the otherapp payload to the `steelhax` folder on your SD card and rename it to `payload.bin` 1. Copy the otherapp payload for your model/region/version from `otherapps.zip` to the root of your SD card, then rename the payload to `otherapp.bin`
+ Do not add the `.bin` extension if you do not already see it
1. Copy `movable.sed` from your computer to the root of your SD card
1. Reinsert your SD card into your device
1. Power on your device
#### Section II - Steelminer #### Section II - Steelminer
1. Insert your SD card into your device In this section, you will create a hacked Steel Diver: Sub Wars save file that, when used, will load the Homebrew Launcher on your device.
1. Launch "Steel Diver: Sub Wars" once and select a Mii to initialize your save file 1. Launch "Steel Diver: Sub Wars" once and select a Mii to initialize your save file
+ Decline the game update when prompted + Decline the game update when prompted
+ If you have already updated the game, use the Data Management menu of the System Settings to delete the update + If you have already updated the game, use the Data Management menu of the System Settings to delete the update
1. Exit "Steel Diver: Sub Wars" 1. Exit "Steel Diver: Sub Wars"
1. Power off your device 1. Power off your device
1. Insert your SD card into your computer 1. Insert your SD card into your computer
1. Open [the Steelminer Injector website](https://seedminer.hacks.guide/steelhax/) on your computer 1. Open [the SteelHax Save Tool website](https://3dstools.nhnarwhal.com/#/steelhax) on your computer
1. Select your `movable.sed` file 1. Select your `movable.sed` file
1. Select "Start!" 1. Select your region based on your console
1. Select "Build and Download"
1. Wait for the process to complete 1. Wait for the process to complete
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<32-character-id>` -> `title` -> `00040000` -> `<8-character-region>` -> `data` on your SD card 1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<32-character-id>` -> `title` -> `00040000` -> `<8-character-region>` -> `data` on your SD card
+ **EUR Region**: `000d7e00` + **EUR Region**: `000d7e00`
@ -53,11 +65,12 @@ If you already have Steel Diver: Sub Wars, this process will overwrite your game
1. Reinsert your SD card into your device 1. Reinsert your SD card into your device
1. Power on your device 1. Power on your device
1. Launch "Steel Diver: Sub Wars" 1. Launch "Steel Diver: Sub Wars"
1. If the exploit was successful, your device will have loaded the Homebrew Launcher 1. If the exploit was successful, your device will have booted into the Homebrew Launcher
+ You may see an error stating there are no applications found.
1. Power off your device. #### Section III - Hardware Button Check
{% include_relative include/safemodecheck.txt %}
___ ___
### Continue to [DSiWare Dumper](dsidumper) {% include_relative include/hbl-common-exploits-movable.txt %}
{: .notice--primary}

View file

@ -75,12 +75,4 @@ If you haven't already, make sure you have a working Internet connection set up
___ ___
### Next step: Choose an exploit {% include_relative include/hbl-common-exploits.txt %}
If the camera appeared in the previous section, Safe Mode is likely to be working on your device.
If the camera appeared, continue to [Installing boot9strap (HBL-USM)](installing-boot9strap-(hbl-usm))
{: .notice--primary}
If the camera did NOT appear, continue to [Dumping Movable (nimhax)](dumping-movable-(nimhax))
{: .notice--info}

View file

@ -0,0 +1,9 @@
### Next step: Choose an exploit
If the camera appeared in the previous section, Safe Mode is likely to be working on your device.
If the camera appeared, continue to [Installing boot9strap (HBL-USM)](installing-boot9strap-(hbl-usm))
{: .notice--primary}
If the camera did NOT appear, continue to [Installing boot9strap (Frogtool)](installing-boot9strap-(frogtool))
{: .notice--info}

View file

@ -0,0 +1,9 @@
### Next step: Choose an exploit
If the camera appeared in the previous section, Safe Mode is likely to be working on your device.
If the camera appeared, continue to [Installing boot9strap (HBL-USM)](installing-boot9strap-(hbl-usm))
{: .notice--primary}
If the camera did NOT appear, continue to [Dumping Movable (nimhax)](dumping-movable-(nimhax))
{: .notice--info}

View file

@ -0,0 +1,59 @@
---
title: "Installing boot9strap (Fredtool-Inject)"
---
{% include toc title="Table of Contents" %}
{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
{% endcapture %}
<details>{{ technical_info | markdownify }}</details>
{: .notice--info}
You should only be able to get to this page if you are running version 11.17.0. If you are on any firmware other than 11.17.0 or 11.16.0, STOP as these instructions WILL LEAD TO A BRICK on other firmwares!!
{: .notice--warning}
### What You Need
* Your `movable.sed` file from completing [Seedminer](seedminer-(alternate))
* Your DSiWare backup from completing [Dumping eShop DSiWare](dumping-eshop-dsiware)
* The latest release of [Frogminer_save](https://github.com/zoogie/Frogminer/releases/latest) (`Frogminer_save.zip`)
* **11.16.0 or 11.17.0 users**: The v6.1.1 release of [b9sTool](https://github.com/zoogie/b9sTool/releases/download/v6.1.1/release_6.1.1.zip)
* Make **absolutely sure** that you download the right file, as using the incorrect file may lead to a BRICK
* The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
#### Section I - CFW Check
{% include_relative include/cfw-check-fredtool.txt %}
#### Section II - Prep Work
{% include_relative include/fredtool-prep.txt %}
#### Section III - Overwriting DS Connection Settings
{% include_relative include/fredtool-write-flipnote.txt %}
#### Section IV - Flipnote Exploit
{% include_relative include/install-boot9strap-b9stool.txt method="dsinternet" %}
#### Section V - Luma3DS Configuration
1. Press and hold (Select), and while holding (Select), power on your device. This will launch Luma3DS configuration
{% include_relative include/configure-luma3ds.txt %}
{% include_relative include/luma3ds-installed-note.txt %}
#### Section VI - Restoring DS Connection Settings
{% include_relative include/fredtool-restore-dsconn.txt %}
___
### Continue to [Finalizing Setup](finalizing-setup)
{: .notice--primary}

View file

@ -0,0 +1,34 @@
---
title: "Seedminer (Alternate)"
---
{% include toc title="Table of Contents" %}
{% include_relative include/seedminer-base.txt %}
___
### Next steps
Select the method based on the application that you have installed on your 3DS. No matter which method you pick, the end result will be the same.
#### DSiWare
If you own any [DSiWare](https://en.wikipedia.org/wiki/List_of_DSiWare_games_and_applications) title on your 3DS, you can dump it to the SD card so that it can be used to temporarily inject Flipnote into DS Connection Settings.
Continue to [Dumping eShop DSiWare](dumping-eshop-dsiware)
{: .notice--primary}
#### PicHaxx
This method uses the game Pokémon Picross, which was a free-to-play game. Using the `movable.sed` file, you can create a hacked save file that will give you access to Homebrew Launcher, which will be used for further exploitation.
Continue to [Homebrew Launcher (PicHaxx)](homebrew-launcher-(pichaxx))
{: .notice--primary}
#### steelhax
This method uses the game Steel Diver: Sub Wars, which was a free-to-play game. Using the `movable.sed` file, you can create a hacked save file that will give you access to Homebrew Launcher, which will be used for further exploitation.
Continue to [Homebrew Launcher (steelhax)](homebrew-launcher-(steelhax))
{: .notice--primary}

View file

@ -17,6 +17,7 @@ sitemap: false
**All** **All**
+ [A9LH to B9S](a9lh-to-b9s) + [A9LH to B9S](a9lh-to-b9s)
+ [Alternate Exploits](alternate-exploits)
+ [BannerBomb3](bannerbomb3) + [BannerBomb3](bannerbomb3)
+ [BannerBomb3 (Legacy)](bannerbomb3-(legacy)) + [BannerBomb3 (Legacy)](bannerbomb3-(legacy))
+ [BannerBomb3 + Fredtool (TWN)](bannerbomb3-fredtool-(twn)) + [BannerBomb3 + Fredtool (TWN)](bannerbomb3-fredtool-(twn))
@ -24,6 +25,7 @@ sitemap: false
+ [Checking for CFW](checking-for-cfw) + [Checking for CFW](checking-for-cfw)
+ [Contribute](contribute) + [Contribute](contribute)
+ [CTRTransfer](ctrtransfer) + [CTRTransfer](ctrtransfer)
+ [Dumping eShop DSiWare](dumping-eshop-dsiware)
+ [Dumping Movable (nimhax)](dumping-movable-(nimhax)) + [Dumping Movable (nimhax)](dumping-movable-(nimhax))
+ [Dumping Titles and Game Cartridges](dumping-titles-and-game-cartridges) + [Dumping Titles and Game Cartridges](dumping-titles-and-game-cartridges)
+ [F3 (Linux)](f3-(linux)) + [F3 (Linux)](f3-(linux))
@ -43,8 +45,14 @@ sitemap: false
+ [GodMode9 Usage](godmode9-usage) + [GodMode9 Usage](godmode9-usage)
+ [H2testw (Windows)](h2testw-(windows)) + [H2testw (Windows)](h2testw-(windows))
+ [Home](/) + [Home](/)
+ [Homebrew Launcher (freakyhax)](homebrew-launcher-(freakyhax))
+ [Homebrew Launcher (ninjhax2-dx)](homebrew-launcher-(ninjhax2-dx))
+ [Homebrew Launcher (PicHaxx)](homebrew-launcher-(pichaxx))
+ [Homebrew Launcher (smilehax-IIe)](homebrew-launcher-(smilehax-iie))
+ [Homebrew Launcher (Steelhax)](homebrew-launcher-(steelhax))
+ [Homebrew Launcher (super-skaterhax)](homebrew-launcher-(super-skaterhax)) + [Homebrew Launcher (super-skaterhax)](homebrew-launcher-(super-skaterhax))
+ [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool)) + [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool))
+ [Installing boot9strap (Fredtool-Inject)](installing-boot9strap-(fredtool-inject))
+ [Installing boot9strap (Fredtool, Legacy)](installing-boot9strap-(fredtool-legacy)) + [Installing boot9strap (Fredtool, Legacy)](installing-boot9strap-(fredtool-legacy))
+ [Installing boot9strap (Frogtool)](installing-boot9strap-(frogtool)) + [Installing boot9strap (Frogtool)](installing-boot9strap-(frogtool))
+ [Installing boot9strap (Hardmod)](installing-boot9strap-(hardmod)) + [Installing boot9strap (Hardmod)](installing-boot9strap-(hardmod))
@ -61,6 +69,7 @@ sitemap: false
+ [Region Changing](region-changing) + [Region Changing](region-changing)
+ [Restoring / Updating CFW](restoring-updating-cfw) + [Restoring / Updating CFW](restoring-updating-cfw)
+ [Seedminer](seedminer) + [Seedminer](seedminer)
+ [Seedminer (Alternate)](seedminer-(alternate))
+ [Seedminer (Mii)](seedminer-(mii)) + [Seedminer (Mii)](seedminer-(mii))
+ [Seedminer (TWN)](seedminer-(twn)) + [Seedminer (TWN)](seedminer-(twn))
+ [Troubleshooting](troubleshooting) + [Troubleshooting](troubleshooting)

View file

@ -226,7 +226,16 @@ $(document).ready(function() {
"updating-firmware-(new-3ds)": "23", "updating-firmware-(new-3ds)": "23",
"seedminer-(mii)": "24", "seedminer-(mii)": "24",
"bannerbomb3-(legacy)": "25", "bannerbomb3-(legacy)": "25",
"installing-boot9strap-(fredtool-legacy)": "26" "installing-boot9strap-(fredtool-legacy)": "26",
"alternate-exploits": "27",
"homebrew-launcher-(ninjhax2-dx)": "28",
"homebrew-launcher-(smilehax-iie)": "29",
"seedminer-(alternate)": "30",
"homebrew-launcher-(pichaxx)": "31",
"homebrew-launcher-(steelhax)": "32",
"homebrew-launcher-(freakyhax)": "33",
"dumping-eshop-dsiware": "34",
"installing-boot9strap-(fredtool-inject)": "35"
}; };
for(var device in devices){ for(var device in devices){
@ -274,17 +283,26 @@ $(document).ready(function() {
"13": ["installing-boot9strap-(ssloth-browser)", "finalizing-setup"], "13": ["installing-boot9strap-(ssloth-browser)", "finalizing-setup"],
"14": ["multiple-options", "finalizing-setup"], "14": ["multiple-options", "finalizing-setup"],
"15": ["seedminer-(twn)", "bannerbomb3-fredtool-(twn)", "finalizing-setup"], "15": ["seedminer-(twn)", "bannerbomb3-fredtool-(twn)", "finalizing-setup"],
"16": ["homebrew-launcher-(super-skaterhax)", "dumping-movable-(nimhax)", "installing-boot9strap-(frogtool)", "finalizing-setup"], "16": ["multiple-options", "installing-boot9strap-(frogtool)", "finalizing-setup"],
"17": ["homebrew-launcher-(super-skaterhax)", "installing-boot9strap-(hbl-usm)", "finalizing-setup"], "17": ["multiple-options", "installing-boot9strap-(hbl-usm)", "finalizing-setup"],
"18": ["homebrew-launcher-(super-skaterhax)", "multiple-options", "finalizing-setup"], "18": ["homebrew-launcher-(super-skaterhax)", "multiple-options", "finalizing-setup"],
"19": ["homebrew-launcher-(super-skaterhax)", "dumping-movable-(nimhax)", "multiple-options", "finalizing-setup"], "19": ["multiple-options", "dumping-movable-(nimhax)", "installing-boot9strap-(frogtool)", "finalizing-setup"],
"20": ["installing-boot9strap-(safecerthax)", "finalizing-setup"], "20": ["installing-boot9strap-(safecerthax)", "finalizing-setup"],
"21": ["updating-firmware-(twn)", "seedminer-(twn)", "bannerbomb3-fredtool-(twn)", "finalizing-setup"], "21": ["updating-firmware-(twn)", "seedminer-(twn)", "bannerbomb3-fredtool-(twn)", "finalizing-setup"],
"22": ["updating-firmware-(kor)", "seedminer", "bannerbomb3", "multiple-options", "finalizing-setup"], "22": ["updating-firmware-(kor)", "seedminer", "bannerbomb3", "multiple-options", "finalizing-setup"],
"23": ["updating-firmware-(new-3ds)", "homebrew-launcher-(super-skaterhax)", "multiple-options", "finalizing-setup"], "23": ["updating-firmware-(new-3ds)", "homebrew-launcher-(super-skaterhax)", "multiple-options", "finalizing-setup"],
"24": ["seedminer-(mii)", "bannerbomb3-(legacy)", "multiple-options", "finalizing-setup"], "24": ["seedminer-(mii)", "bannerbomb3-(legacy)", "multiple-options", "finalizing-setup"],
"25": ["seedminer-(mii)", "bannerbomb3-(legacy)", "multiple-options", "finalizing-setup"], "25": ["seedminer-(mii)", "bannerbomb3-(legacy)", "multiple-options", "finalizing-setup"],
"26": ["seedminer-(mii)", "bannerbomb3-(legacy)", "installing-boot9strap-(fredtool-legacy)", "finalizing-setup"] "26": ["seedminer-(mii)", "bannerbomb3-(legacy)", "installing-boot9strap-(fredtool-legacy)", "finalizing-setup"],
"27": ["alternate-exploits", "multiple-options", "finalizing-setup"],
"28": ["alternate-exploits", "homebrew-launcher-(ninjhax2-dx)", "multiple-options", "finalizing-setup"],
"29": ["alternate-exploits", "homebrew-launcher-(smilehax-iie)", "multiple-options", "finalizing-setup"],
"30": ["alternate-exploits", "seedminer-(alternate)", "multiple-options", "finalizing-setup"],
"31": ["alternate-exploits", "seedminer-(alternate)", "homebrew-launcher-(pichaxx)", "multiple-options", "finalizing-setup"],
"32": ["alternate-exploits", "seedminer-(alternate)", "homebrew-launcher-(steelhax)", "multiple-options", "finalizing-setup"],
"33": ["alternate-exploits", "homebrew-launcher-(freakyhax)", "multiple-options", "finalizing-setup"],
"34": ["alternate-exploits", "seedminer-(alternate)", "dumping-eshop-dsiware", "installing-boot9strap-(fredtool-inject)", "finalizing-setup"],
"35": ["alternate-exploits", "seedminer-(alternate)", "dumping-eshop-dsiware", "installing-boot9strap-(fredtool-inject)", "finalizing-setup"],
} }
// Can add custom routing if necessary but currently both routes are identical // Can add custom routing if necessary but currently both routes are identical
var device_old = Object.assign({}, device_common,{ var device_old = Object.assign({}, device_common,{

File diff suppressed because one or more lines are too long

View file

@ -179,6 +179,21 @@ function can_seedminer(major, minor, native, region, model) {
return false; return false;
} }
function is_o3ds_1117(major, minor, native, region, model) {
let do_redirect = false;
if (model == 0) {
if (major == 11 && minor == 17) {
// sanity check this: K/T/C does not have 11.17 (yet?)
if (["U", "E", "J"].includes(region)) do_redirect = true;
}
}
if (do_redirect) {
window.location.href = "alternate-exploits"
return true;
}
return false;
}
/* /*
Redirects page based on input from user. Redirects page based on input from user.
Input: Input:
@ -202,7 +217,7 @@ function can_seedminer(major, minor, native, region, model) {
- N3DS & 11.17 (EUR / JPN / USA): - N3DS & 11.17 (EUR / JPN / USA):
- super-skaterhax - super-skaterhax
- O3DS & 11.17: - O3DS & 11.17:
- Unhackable - Use alternate exploits; can't hack without any extra stuff
*/ */
function redirect() { function redirect() {
let major = document.getElementById("major"); let major = document.getElementById("major");
@ -235,6 +250,7 @@ function redirect() {
can_miimine, can_miimine,
can_seedminer, can_seedminer,
can_superskaterhax, can_superskaterhax,
is_o3ds_1117
].some(func => func(major.value, minor.value, nver.value, region.value, model)); ].some(func => func(major.value, minor.value, nver.value, region.value, model));
if (redirected) return true; if (redirected) return true;

BIN
assets/otherapps.zip Normal file

Binary file not shown.