kartminer7 v2: use nimdsphax (#2321)

Co-authored-by: lifehackerhansol <lifehackerhansol@ds-homebrew.com>

_pages/en_US/alternate-exploits.txt

@@ -11,14 +11,15 @@ title: "Alternate Exploits"
 Because Nintendo eShop no longer allows purchases, it is no longer possible to purchase new titles. However, you can re-download a title if you had purchased or downloaded them before purchases stopped being possible.
 
 Any one of the following titles can be used in conjunction with Seedminer to install custom firmware:
-* Pokémon Picross (free-to-play)
-* Steel Diver: Sub Wars (free-to-play)
-* ANY [DSiWare](https://en.wikipedia.org/wiki/List_of_DSiWare_games_and_applications) title (free or paid)
+* Mario Kart 7 (common preinstalled title; a physical cartridge also works)
+* Pokémon Picross (free-to-play; digital only)
+* Steel Diver: Sub Wars (free-to-play; digital only)
+* ANY [DSiWare](https://en.wikipedia.org/wiki/List_of_DSiWare_games_and_applications) title (free or paid; digital only)
 
 Continue to [Seedminer (Alternate)](seedminer-(alternate))
 {: .notice--primary}
 
-Alternatively, SmileBASIC (a paid game) can be used to get Homebrew Launcher access without using Seedminer.
+Alternatively, SmileBASIC (a paid game; digital only) can be used to get Homebrew Launcher access without using Seedminer.
 
 Continue to [Installing boot9strap (smilehax-IIe)](installing-boot9strap-(smilehax-iie))
 {: .notice--primary}

_pages/en_US/include/menuhax67-install.txt

@@ -0,0 +1,9 @@
+1. Press (Y) + (D-Pad Down) to install menuhax67
+  * The console will automatically power off
+1. Power on your console
+1. Tap on the small HOME Menu settings icon in the top left of the bottom screen (![]({{ "/images/homemenuicon.png" | absolute_url }}){: height="32px" width="52px"})
+  + If the console freezes for a while and then crashes, make sure you have Launcher.dat on the root of your SD card
+1. If the exploit was successful, your console will have booted into the Homebrew Launcher
+1. Launch nimdsphax from the list of homebrew
+1. If the exploit was successful, you will have booted into SafeB9SInstaller
+  + If your console freezes on a red screen, hold the POWER button until it turns off, then try running menuhax again by powering on your console and tapping on the HOME Menu settings icon

_pages/en_US/installing-boot9strap-(kartdlphax).txt

@@ -7,15 +7,15 @@ title: "Installing boot9strap (kartdlphax)"
 {% capture technical_info %}
 <summary><em>Technical Details (optional)</em></summary>
 
-In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
+In order to install custom firmware on our console, we need to get Homebrew Launcher access.
 
 To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
 
-This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
+This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject menuhax67, which will allow us to get Homebrew Launcher access.
 
-Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
+Once we have Homebrew Launcher access, we can run nimdsphax to install boot9strap.
 
-For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
+See [here](https://github.com/PabloMK7/kartdlphax) for information about kartdlphax, [here](https://github.com/zoogie/menuhax67) for information about menuhax67, and [here](https://github.com/luigoalma/nimdsphax) for information about nimdsphax.
 
 {% endcapture %}
 <details>{{ technical_info | markdownify }}</details>
@@ -36,16 +36,10 @@ In order to follow these instructions, you will need the following:
 * The latest release of [kartdlphax](https://github.com/PabloMK7/kartdlphax/releases/latest) (`plugin.3gx`)
 * The latest release of [SafeB9SInstaller](https://github.com/d0k3/SafeB9SInstaller/releases/download/v0.0.7/SafeB9SInstaller-20170605-122940.zip) (direct download)
 * The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
-* The latest release of [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/releases/latest) (the RELEASE `.zip` file)
+* The latest release of [menuhax67](https://github.com/zoogie/menuhax67/releases/latest)
+* The latest release of [nimdsphax](https://github.com/luigoalma/nimdsphax/releases/latest)
 
-#### Section I - Hardware Button Check (target 3DS)
-
-{% include_relative include/safemodecheck.txt %}
-
-If the camera does not open, you cannot follow this method. If this is the case, join [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp) and ask, in English, for help.
-{: .notice--warning}
-
-#### Section II - Prep Work (source 3DS)
+#### Section I - Prep Work (source 3DS)
 
 In this section, you will set up your source 3DS (the 3DS with custom firmware) for delivery of the exploit data to the target 3DS.
 
@@ -59,23 +53,31 @@ In this section, you will set up your source 3DS (the 3DS with custom firmware)
     - Create the `plugins` and `00040000...` folders if they do not already exist
 1. Eject the SD card and put it in the **source 3DS**
 
-#### Section III - Prep Work (target 3DS)
+#### Section II - Prep Work (target 3DS)
 
-In this section, you will copy the files needed to trigger the unSAFE_MODE exploit onto your target 3DS (the 3DS that you are trying to modify)'s SD card.
+In this section, you will set up the files that the target 3DS will need to install custom firmware.
 
 1. Insert the SD card of your **target 3DS** in your computer
 1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of the **target 3DS's** SD card
 1. Create a folder named `boot9strap` on the root of your SD card
 1. Copy `boot9strap.firm` and `boot9strap.firm.sha` from the RELEASE `.zip` to the `/boot9strap/` folder on your SD card
 1. Copy `SafeB9SInstaller.bin` from the SafeB9SInstaller `.zip` to the root of your SD card
-1. Copy `usm.bin` from the RELEASE `.zip` to the root of your SD card
-1. Create a folder called `3ds` on the root of your SD card
-1. Copy `slotTool.3dsx` from the `slotTool` folder inside the RELEASE `.zip` to the `/3ds/` folder on your SD card
+1. Create a folder named `3ds` on the root of your SD card if it does not already exist
+  * This folder stores homebrew applications and data; it is different from the `Nintendo 3DS` folder that the console automatically generates
+1. Copy the `nimdsphax` folder from the nimdsphax`.zip` to the `/3ds/` folder on your SD card
+1. Copy `menuhax_manager.3dsx` from the menuhax `.zip` to the `/3ds/` folder on your SD card
+1. Copy Launcher.dat from the folder for your model and region inside the menuhax `.zip` to the root of your SD card
 1. Eject the SD card and put it in the **target 3DS**
 
-#### Section IV - kartdlphax
+![]({{ "/images/screenshots/kart-root-layout.png" | absolute_url }})
+{: .notice--info}
 
-In this section, you will use Download Play to transfer the exploit data from the source 3DS to the target 3DS, which can be used to overwrite your Wi-Fi slots with hacked data. Your Wi-Fi connection settings will be temporarily overwritten while the exploit is active.
+![]({{ "/images/screenshots/kart-3ds-layout.png" | absolute_url }})
+{: .notice--info}
+
+#### Section III - kartdlphax
+
+In this section, you will use Download Play to transfer the exploit data from the source 3DS to the target 3DS, which can be used to install menuhax67, a Homebrew Launcher entrypoint. Your HOME Menu settings will be temporarily inaccessible on the target 3DS while this exploit is active.
 
 1. Power on the **source 3DS**
     - If you are prompted to set up Luma3DS, just press START to save the configuration
@@ -104,45 +106,26 @@ In this section, you will use Download Play to transfer the exploit data from th
 1. Wait a while (a percentage should be displayed on the **source 3DS**)
 1. If the exploit was successful, the **target 3DS** will have booted into the 3DS ROP xPloit Injector
     - If the exploit was not successful, power off the **source 3DS** and **target 3DS** and start again from the beginning of `Section III - kartdlphax`
-1. Press (X) to inject unSAFE_MODE
-1. If the injection was successful, the screen will turn green and the **target 3DS** will automatically power off
-    + If the screen turns red, power off the target 3DS and start again from the beginning of `Section III - kartdlphax`. If this doesn't work, ask for help at [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp))
 
-You will **not** need to use your **source 3DS** to complete any further steps on this guide. Any further steps should only be completed on the **target 3DS**.
-{: .notice--info}
+## Section IV - Installing menuhax67
 
-#### Section V - unSAFE_MODE
+{% include_relative include/menuhax67-install.txt %}
 
-In this section, you will enter Safe Mode (a feature available on all 3DS family consoles) and navigate to a menu where unSAFE_MODE will be triggered, which will launch you into the boot9strap (custom firmware) installer.
-
-1. With your console still powered off, hold the following buttons: (Left Shoulder) + (Right Shoulder) + (D-Pad Up) + (A), and while holding these buttons together, power on your console
-    + Keep holding the buttons until the console boots into Safe Mode (a "system update" menu)
-1. Press "OK" to accept the update
-    + There is no update. This is part of the exploit
-1. Press "I accept" to accept the terms and conditions
-1. The update will eventually fail, with the error code `003-1099`. This is intended behaviour
-1. When asked "Would you like to configure Internet settings?", select "Yes"
-1. On the following menu, navigate to `Connection 1` -> `Change Settings` -> `Next Page (right arrow)` -> `Proxy Settings` -> `Detailed Setup` ([image](/images/screenshots/usm/safemode_highlighted.png))
-1. If the exploit was successful, your console will have booted into SafeB9SInstaller
-    + If your console instead freezes on a white screen, hold the POWER button until it turns off, then retry this section
-    + If your console instead freezes on a red screen, you are missing `usm.bin` from the root of your SD card
-    + If you get a different error, [follow this troubleshooting guide](troubleshooting#installing-boot9strap-usm)
-
-#### Section VI - Installing boot9strap
+#### Section V - Installing boot9strap
 
 {% include_relative include/install-boot9strap-safeb9sinstaller.txt %}
 {%- include_relative include/configure-luma3ds.txt %}
 
 {% include_relative include/luma3ds-installed-note.txt %}
 
-#### Section VII - Restoring WiFi Configuration Profiles
+#### Section VI - Removing menuhax67
 
-In this section, you will enter the Homebrew Launcher (using custom firmware) so that you can restore the Wi-Fi connection slots that were overwritten in Section I.
+In this section, you will use the Homebrew Launcher to remove menuhax67, which will let you access the HOME Menu Settings option normally.
 
 {% include_relative include/launch-hbl-dlp.txt %}
-1. Launch slotTool from the list of homebrew
-1. Select "RESTORE original wifi slots 1,2,3"
-1. Your console will then reboot
+1. Launch menuhax_manager from the list of homebrew
+1. Select REMOVE menuhax67
+1. When you see "done.", press (A), then press (A) on "EXIT to menu"
 
 ___
 

_pages/en_US/installing-boot9strap-(kartminer7).txt

@@ -0,0 +1,117 @@
+---
+title: "Installing boot9strap (Kartminer7)"
+---
+
+{% include toc title="Table of Contents" %}
+
+{% capture technical_info %}
+<summary><em>Technical Details (optional)</em></summary>
+
+To install boot9strap on your console, we derive your console's unique encryption key. To accomplish this, we use a tool called Seedminer to calculate the data encryption key (movable.sed) for your console.
+
+Once we have `movable.sed`, we can edit the SD card data of the game Mario Kart 7 to install menuhax67, which will allow us to get Homebrew Launcher access.
+
+Once we have Homebrew Launcher access, we can run nimdsphax to install boot9strap.
+
+See [here](https://github.com/zoogie/kartminer7) for information about Kartminer7, [here](https://github.com/zoogie/menuhax67) for information about menuhax67, and [here](https://github.com/luigoalma/nimdsphax) for information about nimdsphax.
+
+{% endcapture %}
+<details>{{ technical_info | markdownify }}</details>
+{: .notice--info}
+
+### What You Need
+
+* A physical or digital copy of Mario Kart 7 updated to the latest version (v1.2)
+    * You can update Mario Kart 7 from eShop or by following the update prompt when you launch the game
+* A Windows computer
+* Your `movable.sed` file from completing Seedminer
+* The latest release of [Kartminer7](https://github.com/zoogie/Kartminer7/releases/latest)
+* The latest release of [menuhax67](https://github.com/zoogie/menuhax67/releases/latest)
+* The latest release of [nimdsphax](https://github.com/luigoalma/nimdsphax/releases/latest)
+* The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest)
+
+#### Section I - Preparing Mario Kart 7 data
+
+In this section, you will have the 3DS generate some data in Mario Kart 7 that will be used to install the exploit in a later section.
+
+1. Insert your SD card into your console
+1. Open Mario Kart 7
+1. Tap the "Mario Kart Channel" button on the bottom
+1. If you are prompted to, hit "Next" and "OK" to all of the prompts that you see
+1. Tap the "StreetPass List" button on the bottom of the screen, in the middle
+1. Press the (Home) button to suspend Mario Kart 7
+1. Disable wireless connections by flicking the wireless switch on the side of the console or by navigating to HOME Menu Settings (top left) -> Wireless Communication -> OFF
+1. Power off your console
+
+#### Section II - SD Card Prep Work
+
+1. Insert your SD card into your computer
+1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
+    * The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
+1. Create a folder named `boot9strap` on the root of your SD card
+1. Copy `boot9strap.firm` and `boot9strap.firm.sha` from the boot9strap `.zip` to the `/boot9strap/` folder on your SD card
+1. Copy `SafeB9SInstaller.bin` to the root of your SD card
+1. Create a folder named `3ds` on the root of your SD card if it does not already exist
+    * This folder stores homebrew applications and data; it is different from the `Nintendo 3DS` folder that the console automatically generates
+1. Copy the `nimdsphax` folder from the nimdsphax `.zip` to the `/3ds/` folder on your SD card
+1. Copy `menuhax_manager.3dsx` from the menuhax `.zip` to the `/3ds/` folder on your SD card
+1. Copy Launcher.dat from the folder for your model and region inside the menuhax `.zip` to the root of your SD card
+1. Keep your SD card inserted in your computer, as it is still required in the next section
+
+![]({{ "/images/screenshots/kart-root-layout.png" | absolute_url }})
+{: .notice--info}
+
+![]({{ "/images/screenshots/kart-3ds-layout.png" | absolute_url }})
+{: .notice--info}
+
+#### Section III - Installing Kartminer7
+
+1. Extract the Release_BETA_mk7 `.zip` to **somewhere on your computer** (i.e. your desktop)
+1. Copy your `movable.sed` file to the `resources` folder of the Release_BETA_mk7 folder
+    * Ensure that the file is named exactly `movable.sed`
+1. Open the `backup` folder inside of the Release_BETA_mk7 folder
+1. Double-click on the BACKUP `.bat` file corresponding to your console's region (e.g. backup_USA.bat if you have a USA copy of Mario Kart 7)
+    * If you are unsure of your console region, you can check System Settings. U = USA; E = EUR, J = JPN
+    * If you get a message from Windows Defender, click "More info", "Run anyway", then press any key to continue
+    * If the backup was successful, you should see a new folder appear
+    * If you wish to restore this data at a later date (after finishing this guide), insert your SD card and double-click on the RESTORE `.bat` file corresponding to your console's region
+1. Go back to the Release_BETA_mk7 folder, then double-click on the `.bat` file corresponding to your console's region (e.g. USA.bat if you have a USA copy of Mario Kart 7)
+1. Reinsert your SD card into your console
+
+#### Section IV - Kartminer7
+
+1. Power on your console
+1. Open Mario Kart 7
+1. Tap the "Mario Kart Channel" button on the bottom
+1. Tap the "StreetPass List" button on the bottom of the screen, in the middle
+1. Press (A) over and over again
+    * The colours on the bottom screen should change from red, to blue, to white
+    * If you see the red/blue/white screens but the 3DS crashes, just reboot and try again
+    * If you don't see ANY colours, change your system language (if possible), then try the exploit again
+1. If the exploit was successful, the 3DS will have booted into the 3DS ROP xPloit Injector
+
+## Section V - Installing menuhax67
+
+{% include_relative include/menuhax67-install.txt %}
+
+#### Section VI - Installing boot9strap
+
+{% include_relative include/install-boot9strap-safeb9sinstaller.txt %}
+{%- include_relative include/configure-luma3ds.txt %}
+
+{% include_relative include/luma3ds-installed-note.txt %}
+
+#### Section VII - Removing menuhax67
+
+In this section, you will use the Homebrew Launcher to remove menuhax67, which will let you access the HOME Menu Settings option normally.
+
+{% include_relative include/launch-hbl-dlp.txt %}
+1. Launch menuhax_manager from the list of homebrew
+1. Select REMOVE menuhax67
+1. When you see "done.", press (A), then press (A) on "EXIT to menu"
+
+___
+
+Continue to [Finalizing Setup](finalizing-setup)
+{: .notice-primary}
+

_pages/en_US/installing-boot9strap-(menuhax).txt

@@ -48,6 +48,7 @@ See [here](https://github.com/luigoalma/nimdsphax) for information about nimdsph
 
 In this section you will use the menuhax67 exploit installed earlier to launch nimdsphax, which will load SafeB9SInstaller.
 
+1. Power on your console
 1. Tap on the small HOME Menu settings icon in the top left of the bottom screen (![]({{ "/images/homemenuicon.png" | absolute_url }}){: height="32px" width="52px"})
     + If the console freezes for a while and then crashes, make sure you have Launcher.dat on the root of your SD card
 1. If the exploit was successful, your console will have booted into the Homebrew Launcher

_pages/en_US/seedminer-(alternate).txt

@@ -12,6 +12,16 @@ ___
 
 Select the method based on the application that you have installed on your 3DS. No matter which method you pick, the end result will be the same.
 
+#### Mario Kart 7
+
+This method uses a cartridge or digital copy of Mario Kart 7. Using the `movable.sed` file, you can modify Mario Kart 7's SD card data that will give you access to Homebrew Launcher, which will be used for further exploitation.
+
+This method requires a computer running Windows.
+{: .notice--warning}
+
+Contineu to [Installing boot9strap (Kartminer7)](installing-boot9strap-(kartminer7))
+{: .notice--primary}
+
 #### DSiWare
 
 If you own any [DSiWare](https://en.wikipedia.org/wiki/List_of_DSiWare_games_and_applications) title on your 3DS, you can dump it to the SD card so that it can be used to temporarily inject Flipnote into DS Connection Settings.

_pages/en_US/site-navigation.txt

@@ -46,7 +46,8 @@ sitemap: false
 + [Installing boot9strap (freakyhax)](installing-boot9strap-(freakyhax))
 + [Installing boot9strap (Fredtool-Inject)](installing-boot9strap-(fredtool-inject))
 + [Installing boot9strap (Hardmod)](installing-boot9strap-(hardmod))
-* [Installing boot9strap (kartdlphax)](installing-boot9strap-(kartdlphax))
++ [Installing boot9strap (kartdlphax)](installing-boot9strap-(kartdlphax))
++ [Installing boot9strap (Kartminer7)](installing-boot9strap-(kartminer7))
 + [Installing boot9strap (menuhax)](installing-boot9strap-(menuhax))
 + [Installing boot9strap (ninjhax2-dx)](installing-boot9strap-(ninjhax2-dx))
 + [Installing boot9strap (ntrboot)](installing-boot9strap-(ntrboot))

assets/js/_main.js

@@ -229,7 +229,8 @@ $(document).ready(function() {
     "installing-boot9strap-(steelhax)": "26",
     "installing-boot9strap-(freakyhax)": "27",
     "dumping-eshop-dsiware": "28",
-    "installing-boot9strap-(fredtool-inject)": "29"
+    "installing-boot9strap-(fredtool-inject)": "29",
+    "installing-boot9strap-(kartminer7)": "30"
   };
 
   for(var device in devices){
@@ -291,6 +292,7 @@ $(document).ready(function() {
       "27": ["alternate-exploits", "installing-boot9strap-(freakyhax)", "finalizing-setup"],
       "28": ["alternate-exploits", "seedminer-(alternate)", "dumping-eshop-dsiware", "installing-boot9strap-(fredtool-inject)", "finalizing-setup"],
       "29": ["alternate-exploits", "seedminer-(alternate)", "dumping-eshop-dsiware", "installing-boot9strap-(fredtool-inject)", "finalizing-setup"],
+      "30": ["alternate-exploits", "seedminer-(alternate)", "installing-boot9strap-(kartminer7)", "finalizing-setup"]
     }
     // Can add custom routing if necessary but currently both routes are identical
     var device_old =  Object.assign({}, device_common,{