New Crowdin updates (#2150)
* New translations installing-boot9strap-(usm).txt (Italian) * New translations homebrew-launcher-(pichaxx).txt (Italian) * New translations installing-boot9strap-(kartdlphax).txt (Italian) * New translations homebrew-launcher-(pichaxx).txt (Dutch) * New translations installing-boot9strap-(kartdlphax).txt (Dutch) * New translations installing-boot9strap-(usm).txt (Dutch) * New translations seedminer.txt (Dutch) * New translations installing-boot9strap-(fredtool).txt (Dutch) * New translations installing-boot9strap-(kartdlphax).txt (Korean) * New translations installing-boot9strap-(fredtool).txt (Norwegian) * New translations installing-boot9strap-(fredtool).txt (Russian) * New translations seedminer.txt (Russian) * New translations installing-boot9strap-(usm).txt (Russian) * New translations homebrew-launcher-(pichaxx).txt (Russian) * New translations installing-boot9strap-(kartdlphax).txt (Russian) * New translations installing-boot9strap-(fredtool).txt (Swedish) * New translations seedminer.txt (Swedish) * New translations installing-boot9strap-(usm).txt (Swedish) * New translations homebrew-launcher-(pichaxx).txt (Swedish) * New translations installing-boot9strap-(kartdlphax).txt (Portuguese) * New translations homebrew-launcher-(pichaxx).txt (Portuguese) * New translations seedminer.txt (Norwegian) * New translations seedminer.txt (Polish) * New translations installing-boot9strap-(usm).txt (Norwegian) * New translations homebrew-launcher-(pichaxx).txt (Norwegian) * New translations installing-boot9strap-(kartdlphax).txt (Norwegian) * New translations installing-boot9strap-(fredtool).txt (Polish) * New translations installing-boot9strap-(usm).txt (Polish) * New translations installing-boot9strap-(usm).txt (Portuguese) * New translations homebrew-launcher-(pichaxx).txt (Polish) * New translations installing-boot9strap-(kartdlphax).txt (Polish) * New translations installing-boot9strap-(fredtool).txt (Portuguese) * New translations seedminer.txt (Portuguese) * New translations installing-boot9strap-(kartdlphax).txt (Swedish) * New translations installing-boot9strap-(usm).txt (Turkish) * New translations installing-boot9strap-(kartdlphax).txt (Turkish) * New translations homebrew-launcher-(pichaxx).txt (Turkish) * New translations seedminer.txt (Turkish) * New translations installing-boot9strap-(fredtool).txt (Turkish) * New translations seedminer.txt (Chinese Traditional) * New translations installing-boot9strap-(fredtool).txt (Chinese Traditional) * New translations installing-boot9strap-(usm).txt (Chinese Traditional) * New translations homebrew-launcher-(pichaxx).txt (Chinese Traditional) * New translations installing-boot9strap-(kartdlphax).txt (Chinese Traditional) * New translations installing-boot9strap-(kartdlphax).txt (Chinese Simplified) * New translations homebrew-launcher-(pichaxx).txt (Chinese Simplified) * New translations homebrew-launcher-(pichaxx).txt (Ukrainian) * New translations installing-boot9strap-(fredtool).txt (Ukrainian) * New translations seedminer.txt (Ukrainian) * New translations installing-boot9strap-(usm).txt (Ukrainian) * New translations installing-boot9strap-(usm).txt (Chinese Simplified) * New translations installing-boot9strap-(kartdlphax).txt (Ukrainian) * New translations installing-boot9strap-(fredtool).txt (Chinese Simplified) * New translations seedminer.txt (Chinese Simplified) * New translations installing-boot9strap-(fredtool).txt (Vietnamese) * New translations seedminer.txt (Vietnamese) * New translations installing-boot9strap-(kartdlphax).txt (Thai) * New translations installing-boot9strap-(fredtool).txt (Thai) * New translations seedminer.txt (Thai) * New translations installing-boot9strap-(usm).txt (Thai) * New translations homebrew-launcher-(pichaxx).txt (Thai) * New translations installing-boot9strap-(kartdlphax).txt (Indonesian) * New translations installing-boot9strap-(fredtool).txt (Croatian) * New translations seedminer.txt (Croatian) * New translations installing-boot9strap-(usm).txt (Croatian) * New translations homebrew-launcher-(pichaxx).txt (Croatian) * New translations installing-boot9strap-(kartdlphax).txt (Croatian) * New translations installing-boot9strap-(usm).txt (Vietnamese) * New translations installing-boot9strap-(usm).txt (Portuguese, Brazilian) * New translations homebrew-launcher-(pichaxx).txt (Vietnamese) * New translations installing-boot9strap-(kartdlphax).txt (Vietnamese) * New translations installing-boot9strap-(fredtool).txt (Portuguese, Brazilian) * New translations seedminer.txt (Portuguese, Brazilian) * New translations homebrew-launcher-(pichaxx).txt (Portuguese, Brazilian) * New translations homebrew-launcher-(pichaxx).txt (Indonesian) * New translations installing-boot9strap-(kartdlphax).txt (Portuguese, Brazilian) * New translations installing-boot9strap-(fredtool).txt (Indonesian) * New translations seedminer.txt (Indonesian) * New translations installing-boot9strap-(usm).txt (Indonesian) * New translations installing-boot9strap-(soundhax).txt (Romanian) * New translations installing-boot9strap-(hardmod).txt (Romanian) * New translations bannerbomb3.txt (Romanian) * New translations installing-boot9strap-(hardmod).txt (French) * New translations installing-boot9strap-(fredtool).txt (Malay) * New translations seedminer.txt (Malay) * New translations installing-boot9strap-(usm).txt (Malay) * New translations homebrew-launcher-(pichaxx).txt (Malay) * New translations installing-boot9strap-(kartdlphax).txt (Malay) * New translations installing-boot9strap-(fredtool).txt (Pirate English) * New translations seedminer.txt (Pirate English) * New translations installing-boot9strap-(usm).txt (Pirate English) * New translations homebrew-launcher-(pichaxx).txt (Pirate English) * New translations installing-boot9strap-(kartdlphax).txt (Pirate English) * New translations installing-boot9strap-(hardmod).txt (Arabic) * New translations bannerbomb3.txt (Spanish) * New translations installing-boot9strap-(soundhax).txt (Arabic) * New translations bannerbomb3.txt (Arabic) * New translations installing-boot9strap-(soundhax).txt (Spanish) * New translations installing-boot9strap-(soundhax).txt (French) * New translations bannerbomb3.txt (French) * New translations installing-boot9strap-(hardmod).txt (Spanish) * New translations installing-boot9strap-(soundhax).txt (Catalan) * New translations bannerbomb3.txt (Catalan) * New translations installing-boot9strap-(hardmod).txt (Czech) * New translations installing-boot9strap-(hardmod).txt (Bulgarian) * New translations installing-boot9strap-(soundhax).txt (Bulgarian) * New translations bannerbomb3.txt (Bulgarian) * New translations installing-boot9strap-(hardmod).txt (Catalan) * New translations installing-boot9strap-(soundhax).txt (Czech) * New translations bannerbomb3.txt (German) * New translations installing-boot9strap-(soundhax).txt (German) * New translations installing-boot9strap-(hardmod).txt (German) * New translations bannerbomb3.txt (Czech) * New translations installing-boot9strap-(soundhax).txt (Greek) * New translations bannerbomb3.txt (Greek) * New translations installing-boot9strap-(hardmod).txt (Finnish) * New translations installing-boot9strap-(hardmod).txt (Greek) * New translations bannerbomb3.txt (Hebrew) * New translations installing-boot9strap-(hardmod).txt (Hungarian) * New translations installing-boot9strap-(soundhax).txt (Hungarian) * New translations bannerbomb3.txt (Hungarian) * New translations installing-boot9strap-(soundhax).txt (Hebrew) * New translations installing-boot9strap-(soundhax).txt (Finnish) * New translations bannerbomb3.txt (Finnish) * New translations installing-boot9strap-(hardmod).txt (Hebrew) * New translations installing-boot9strap-(soundhax).txt (Japanese) * New translations bannerbomb3.txt (Japanese) * New translations installing-boot9strap-(hardmod).txt (Korean) * New translations installing-boot9strap-(soundhax).txt (Korean) * New translations bannerbomb3.txt (Korean) * New translations installing-boot9strap-(hardmod).txt (Italian) * New translations installing-boot9strap-(hardmod).txt (Japanese) * New translations installing-boot9strap-(soundhax).txt (Italian) * New translations bannerbomb3.txt (Italian) * New translations installing-boot9strap-(hardmod).txt (Dutch) * New translations bannerbomb3.txt (Norwegian) * New translations installing-boot9strap-(hardmod).txt (Polish) * New translations installing-boot9strap-(soundhax).txt (Polish) * New translations bannerbomb3.txt (Polish) * New translations installing-boot9strap-(soundhax).txt (Norwegian) * New translations installing-boot9strap-(soundhax).txt (Dutch) * New translations bannerbomb3.txt (Dutch) * New translations installing-boot9strap-(hardmod).txt (Norwegian) * New translations installing-boot9strap-(soundhax).txt (Russian) * New translations bannerbomb3.txt (Russian) * New translations installing-boot9strap-(hardmod).txt (Swedish) * New translations installing-boot9strap-(hardmod).txt (Portuguese) * New translations installing-boot9strap-(hardmod).txt (Russian) * New translations installing-boot9strap-(soundhax).txt (Portuguese) * New translations bannerbomb3.txt (Portuguese) * New translations bannerbomb3.txt (Turkish) * New translations installing-boot9strap-(soundhax).txt (Turkish) * New translations bannerbomb3.txt (Swedish) * New translations installing-boot9strap-(soundhax).txt (Swedish) * New translations installing-boot9strap-(hardmod).txt (Turkish) * New translations bannerbomb3.txt (Ukrainian) * New translations installing-boot9strap-(soundhax).txt (Ukrainian) * New translations installing-boot9strap-(hardmod).txt (Ukrainian) * New translations installing-boot9strap-(hardmod).txt (Chinese Simplified) * New translations installing-boot9strap-(soundhax).txt (Chinese Traditional) * New translations bannerbomb3.txt (Chinese Traditional) * New translations installing-boot9strap-(hardmod).txt (Vietnamese) * New translations installing-boot9strap-(soundhax).txt (Vietnamese) * New translations installing-boot9strap-(soundhax).txt (Chinese Simplified) * New translations bannerbomb3.txt (Chinese Simplified) * New translations installing-boot9strap-(hardmod).txt (Chinese Traditional) * New translations bannerbomb3.txt (Vietnamese) * New translations bannerbomb3.txt (Indonesian) * New translations installing-boot9strap-(soundhax).txt (Indonesian) * New translations installing-boot9strap-(hardmod).txt (Indonesian) * New translations installing-boot9strap-(hardmod).txt (Thai) * New translations installing-boot9strap-(hardmod).txt (Portuguese, Brazilian) * New translations installing-boot9strap-(soundhax).txt (Portuguese, Brazilian) * New translations bannerbomb3.txt (Portuguese, Brazilian) * New translations installing-boot9strap-(soundhax).txt (Croatian) * New translations bannerbomb3.txt (Croatian) * New translations installing-boot9strap-(hardmod).txt (Croatian) * New translations bannerbomb3.txt (Thai) * New translations installing-boot9strap-(soundhax).txt (Thai) * New translations bannerbomb3.txt (Malay) * New translations installing-boot9strap-(soundhax).txt (Malay) * New translations installing-boot9strap-(hardmod).txt (Malay) * New translations installing-boot9strap-(hardmod).txt (Pirate English) * New translations installing-boot9strap-(soundhax).txt (Pirate English) * New translations bannerbomb3.txt (Pirate English) * New translations 404.txt (Korean) * New translations installing-boot9strap-(hbl-usm).txt (Romanian) * New translations installing-boot9strap-(hbl-usm).txt (German) * New translations installing-boot9strap-(hbl-usm).txt (Czech) * New translations installing-boot9strap-(hbl-usm).txt (Catalan) * New translations installing-boot9strap-(hbl-usm).txt (Bulgarian) * New translations installing-boot9strap-(hbl-usm).txt (Arabic) * New translations installing-boot9strap-(hbl-usm).txt (Spanish) * New translations installing-boot9strap-(hbl-usm).txt (French) * New translations installing-boot9strap-(hbl-usm).txt (Japanese) * New translations installing-boot9strap-(hbl-usm).txt (Italian) * New translations installing-boot9strap-(hbl-usm).txt (Hungarian) * New translations installing-boot9strap-(hbl-usm).txt (Hebrew) * New translations installing-boot9strap-(hbl-usm).txt (Greek) * New translations installing-boot9strap-(hbl-usm).txt (Finnish) * New translations installing-boot9strap-(hbl-usm).txt (Polish) * New translations installing-boot9strap-(hbl-usm).txt (Russian) * New translations installing-boot9strap-(hbl-usm).txt (Swedish) * New translations installing-boot9strap-(hbl-usm).txt (Norwegian) * New translations installing-boot9strap-(hbl-usm).txt (Dutch) * New translations installing-boot9strap-(hbl-usm).txt (Korean) * New translations installing-boot9strap-(hbl-usm).txt (Turkish) * New translations installing-boot9strap-(hbl-usm).txt (Portuguese) * New translations installing-boot9strap-(hbl-usm).txt (Portuguese, Brazilian) * New translations installing-boot9strap-(hbl-usm).txt (Indonesian) * New translations installing-boot9strap-(hbl-usm).txt (Chinese Traditional) * New translations installing-boot9strap-(hbl-usm).txt (Chinese Simplified) * New translations installing-boot9strap-(hbl-usm).txt (Ukrainian) * New translations installing-boot9strap-(hbl-usm).txt (Thai) * New translations installing-boot9strap-(hbl-usm).txt (Vietnamese) * New translations installing-boot9strap-(hbl-usm).txt (Croatian) * New translations installing-boot9strap-(hbl-usm).txt (Malay) * New translations installing-boot9strap-(hbl-usm).txt (Pirate English) * New translations installing-boot9strap-(ssloth-browser).txt (Arabic) * New translations installing-boot9strap-(ssloth-browser).txt (Catalan) * New translations installing-boot9strap-(ssloth-browser).txt (Czech) * New translations installing-boot9strap-(ssloth-browser).txt (Spanish) * New translations installing-boot9strap-(ssloth-browser).txt (French) * New translations installing-boot9strap-(ssloth-browser).txt (Romanian) * New translations installing-boot9strap-(ssloth-browser).txt (Bulgarian) * New translations installing-boot9strap-(ssloth-browser).txt (Hungarian) * New translations installing-boot9strap-(ssloth-browser).txt (Japanese) * New translations installing-boot9strap-(ssloth-browser).txt (German) * New translations installing-boot9strap-(ssloth-browser).txt (Greek) * New translations installing-boot9strap-(ssloth-browser).txt (Finnish) * New translations installing-boot9strap-(ssloth-browser).txt (Hebrew) * New translations installing-boot9strap-(ssloth-browser).txt (Italian) * New translations installing-boot9strap-(ssloth-browser).txt (Swedish) * New translations installing-boot9strap-(ssloth-browser).txt (Turkish) * New translations installing-boot9strap-(ssloth-browser).txt (Korean) * New translations installing-boot9strap-(ssloth-browser).txt (Norwegian) * New translations installing-boot9strap-(ssloth-browser).txt (Polish) * New translations installing-boot9strap-(ssloth-browser).txt (Portuguese) * New translations installing-boot9strap-(ssloth-browser).txt (Russian) * New translations installing-boot9strap-(ssloth-browser).txt (Dutch) * New translations installing-boot9strap-(ssloth-browser).txt (Ukrainian) * New translations installing-boot9strap-(ssloth-browser).txt (Chinese Simplified) * New translations installing-boot9strap-(ssloth-browser).txt (Chinese Traditional) * New translations installing-boot9strap-(ssloth-browser).txt (Vietnamese) * New translations installing-boot9strap-(ssloth-browser).txt (Portuguese, Brazilian) * New translations installing-boot9strap-(ssloth-browser).txt (Indonesian) * New translations installing-boot9strap-(ssloth-browser).txt (Thai) * New translations installing-boot9strap-(ssloth-browser).txt (Croatian) * New translations installing-boot9strap-(ssloth-browser).txt (Malay) * New translations installing-boot9strap-(ssloth-browser).txt (Pirate English)
This commit is contained in:
parent
dcbadfa8b6
commit
92a67c29c2
322 changed files with 3332 additions and 1636 deletions
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### What You Need
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installing boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### What You Need
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installing boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### What You Need
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installing boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### What You Need
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installing boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>Damit wir unseren Code auf der Konsole ausführen können, nutzen wir eine Schwachstelle im DSiWare-Datenverwaltungs-Fenster der Systemeinstellungen aus.</p>
|
||||
<p>Um dies zu erreichen, nutzen wir die Verschlüsselung deiner Konsole (movable.sed), um ein DSiWare-Backup zu erstellen, welches die Schwachstelle ausnutzt.</p>
|
||||
<p>Für eine ausführlichere Erklärung, siehe <a href="https://github.com/zoogie/Bannerbomb3"></a>hier.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Was du brauchst
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installieren von boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installation von boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Kompatibilitätshinweise
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Inhalt" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technische Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### What You Need
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installing boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Πίνακας περιεχομένων" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### What You Need
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installing boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Qué necesitas
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Instalar boot9strap (hardmod)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Instalar boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Instalar boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Instalar boot9strap (USM)"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Tabla de contenidos" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Tarpeet
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Boot9strapin asentaminen (laitteistomodaus)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installing boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installing boot9strap (USM)"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Sisällysluettelo" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "BannerBomb3"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
|
||||
</details>
|
||||
|
||||
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
||||
{% endcapture %}
|
||||
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,15 @@ title: "Homebrew Launcher (PicHaxx)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller. For information on PicHaxx itself, see <a href="https://github.com/zoogie/pichaxx">here</a>.
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to write a custom save file for Pokémon Picross, which can then be used with unSAFE_MODE (via Homebrew Launcher) to run SafeB9SInstaller.
|
||||
|
||||
For information on PicHaxx itself, see [here](https://github.com/zoogie/pichaxx).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,11 +4,15 @@ title: "Installing boot9strap (Fredtool)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
</details>
|
||||
|
||||
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
## Ce dont vous avez besoin
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Installer boot9strap (Hardmod)"
|
|||
|
||||
{% include toc title="Table of Contents" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>An excellent guide to getting a hardmod can be found <a href="https://gbatemp.net/threads/414498/">here</a>.</p>
|
||||
<p>This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed <a href="https://www.3dbrew.org/wiki/3DS_System_Flaws">here</a>.</p>
|
||||
<p>Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.</p>
|
||||
</details>
|
||||
|
||||
An excellent guide to getting a hardmod can be found [here](https://gbatemp.net/threads/414498/).
|
||||
|
||||
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed [here](https://www.3dbrew.org/wiki/3DS_System_Flaws).
|
||||
|
||||
Using a hardmod, we can dump the NAND image, install custom firmware to the NAND image, then re-install the hacked NAND image to the console.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (HBL-USM)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>As we already have Homebrew access, we can use slotTool to do this.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see <a href="https://github.com/zoogie/unSAFE_MODE/">here</a> for information about the unSAFE_MODE exploit.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
As we already have Homebrew access, we can use slotTool to do this.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see [here](https://github.com/zoogie/unSAFE_MODE/) for information about the unSAFE_MODE exploit.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installation de boot9strap (kartdlphax)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.</p>
|
||||
<p>This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: <a href="https://github.com/PabloMK7/kartdlphax">kartdlphax</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||
|
||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,10 +4,13 @@ title: "Installer boot9strap (Soundhax)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/nedwill/soundhax">here</a> (Soundhax) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/nedwill/soundhax) (Soundhax) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,13 +4,19 @@ title: "Installing boot9strap (SSLoth-Browser)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.</p>
|
||||
<p>A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.</p>
|
||||
<p>Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.</p>
|
||||
<p>For technical details on the exploits that you will be using on this page, see <a href="https://github.com/MrNbaYoh/3ds-ssloth">here</a> (SSLoth) and <a href="https://github.com/TuxSH/universal-otherapp/">here</a> (universal-otherapp).</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the Browser application, we need to bypass the browser version check, which is designed to disallow the use of the browser without updating to the latest system version.
|
||||
|
||||
A public proxy server is available, which, with the help of the SSLoth exploit, can bypass this check.
|
||||
|
||||
Once the bypass is active, an exploit webpage will be accessible which will do the rest of the job.
|
||||
|
||||
For technical details on the exploits that you will be using on this page, see [here](https://github.com/MrNbaYoh/3ds-ssloth) (SSLoth) and [here](https://github.com/TuxSH/universal-otherapp) (universal-otherapp).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,14 +4,21 @@ title: "Installation de boot9strap (USM)"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.</p>
|
||||
<p>We can do this using an existing exploit, BannerBomb3.</p>
|
||||
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.</p>
|
||||
<p>Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.</p>
|
||||
<p>For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: <a href="https://github.com/zoogie/Bannerbomb3">BannerBomb3</a>, <a href="https://github.com/zoogie/unSAFE_MODE/">unSAFE_MODE</a>.</p>
|
||||
</details>
|
||||
|
||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
||||
|
||||
We can do this using an existing exploit, BannerBomb3.
|
||||
|
||||
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile into your connections list.
|
||||
|
||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
||||
|
||||
For a more technical explanation, see the following links for information on the BannerBomb3 and unSAFE_MODE exploits: [BannerBomb3](https://github.com/zoogie/Bannerbomb3), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Compatibility Notes
|
||||
|
|
|
@ -4,12 +4,17 @@ title: "Seedminer"
|
|||
|
||||
{% include toc title="Table des matières" %}
|
||||
|
||||
<details>
|
||||
{% capture technical_info %}
|
||||
<summary><em>Technical Details (optional)</em></summary>
|
||||
<p>To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.</p>
|
||||
<p>For information on how Seedminer works, see <a href="https://zoogie.github.io/web/34⅕c3">this presentation</a>.</p>
|
||||
<p>This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.</p>
|
||||
</details>
|
||||
|
||||
To install boot9strap on your device, we derive your device's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your device.
|
||||
|
||||
For information on how Seedminer works, see [this presentation](https://zoogie.github.io/web/34⅕c3).
|
||||
|
||||
This method uses a powerful graphics card to perform the calculations needed. A volunteer-run website is used for the purpose of assisting you with this method.
|
||||
|
||||
{% endcapture %}
|
||||
<details>{{ technical_info | markdownify }}</details>
|
||||
{: .notice--info}
|
||||
|
||||
### Section I - Prep Work
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue