Revert "TEMPORARY: revert kartdlphax to 19f4ef7"
This reverts commit ac15f7fc85
.
This commit is contained in:
parent
9a225b126c
commit
f8c1fdd87a
1 changed files with 32 additions and 48 deletions
|
@ -7,15 +7,15 @@ title: "Installing boot9strap (kartdlphax)"
|
||||||
{% capture technical_info %}
|
{% capture technical_info %}
|
||||||
<summary><em>Technical Details (optional)</em></summary>
|
<summary><em>Technical Details (optional)</em></summary>
|
||||||
|
|
||||||
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
|
In order to install custom firmware on our console, we need to get Homebrew Launcher access.
|
||||||
|
|
||||||
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
To accomplish this, we can use the Download Play functionality of the game Mario Kart 7, using a 3DS with custom firmware already installed along with a custom game plugin.
|
||||||
|
|
||||||
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject the exploited WiFi profile into your connections list.
|
This custom plugin will send a hacked payload to an unhacked console, which then exploits the system in order to inject menuhax67, which will allow us to get Homebrew Launcher access.
|
||||||
|
|
||||||
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
|
Once we have Homebrew Launcher access, we can run nimdsphax to install boot9strap.
|
||||||
|
|
||||||
For a more technical explanation, see the following links for information on the kartdlphax and unSAFE_MODE exploits: [kartdlphax](https://github.com/PabloMK7/kartdlphax), [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/).
|
See [here](https://github.com/PabloMK7/kartdlphax) for information about kartdlphax, [here](https://github.com/zoogie/menuhax67) for information about menuhax67, and [here](https://github.com/luigoalma/nimdsphax) for information about nimdsphax.
|
||||||
|
|
||||||
{% endcapture %}
|
{% endcapture %}
|
||||||
<details>{{ technical_info | markdownify }}</details>
|
<details>{{ technical_info | markdownify }}</details>
|
||||||
|
@ -34,18 +34,13 @@ In order to follow these instructions, you will need the following:
|
||||||
### What You Need
|
### What You Need
|
||||||
|
|
||||||
* The latest release of [kartdlphax](https://github.com/PabloMK7/kartdlphax/releases/latest) (`plugin.3gx`)
|
* The latest release of [kartdlphax](https://github.com/PabloMK7/kartdlphax/releases/latest) (`plugin.3gx`)
|
||||||
|
* The latest release of [boot9strap](https://github.com/SciresM/boot9strap/releases/download/1.4/boot9strap-1.4.zip) (direct download)
|
||||||
* The latest release of [SafeB9SInstaller](https://github.com/d0k3/SafeB9SInstaller/releases/download/v0.0.7/SafeB9SInstaller-20170605-122940.zip) (direct download)
|
* The latest release of [SafeB9SInstaller](https://github.com/d0k3/SafeB9SInstaller/releases/download/v0.0.7/SafeB9SInstaller-20170605-122940.zip) (direct download)
|
||||||
|
* The latest release of [nimdsphax](https://github.com/luigoalma/nimdsphax/releases/download/v1.0/nimdsphax_v1.0.zip) (direct download)
|
||||||
|
* The latest release of [menuhax67](https://github.com/zoogie/menuhax67/releases/latest)
|
||||||
* The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
|
* The latest release of [Luma3DS](https://github.com/LumaTeam/Luma3DS/releases/latest) (the Luma3DS `.zip` file)
|
||||||
* The latest release of [unSAFE_MODE](https://github.com/zoogie/unSAFE_MODE/releases/latest) (the RELEASE `.zip` file)
|
|
||||||
|
|
||||||
#### Section I - Hardware Button Check (target 3DS)
|
#### Section I - Prep Work (source 3DS)
|
||||||
|
|
||||||
{% include_relative include/safemodecheck.txt %}
|
|
||||||
|
|
||||||
If the camera does not open, you cannot follow this method. If this is the case, join [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp) and ask, in English, for help.
|
|
||||||
{: .notice--warning}
|
|
||||||
|
|
||||||
#### Section II - Prep Work (source 3DS)
|
|
||||||
|
|
||||||
In this section, you will set up your source 3DS (the 3DS with custom firmware) for delivery of the exploit data to the target 3DS.
|
In this section, you will set up your source 3DS (the 3DS with custom firmware) for delivery of the exploit data to the target 3DS.
|
||||||
|
|
||||||
|
@ -59,23 +54,31 @@ In this section, you will set up your source 3DS (the 3DS with custom firmware)
|
||||||
+ Create the `plugins` and `00040000...` folders if they do not already exist
|
+ Create the `plugins` and `00040000...` folders if they do not already exist
|
||||||
1. Eject the SD card and put it in the **source 3DS**
|
1. Eject the SD card and put it in the **source 3DS**
|
||||||
|
|
||||||
#### Section III - Prep Work (target 3DS)
|
#### Section II - Prep Work (target 3DS)
|
||||||
|
|
||||||
In this section, you will copy the files needed to trigger the unSAFE_MODE exploit onto your target 3DS (the 3DS that you are trying to modify)'s SD card.
|
In this section, you will set up the files that the target 3DS will need to install custom firmware.
|
||||||
|
|
||||||
1. Insert the SD card of your **target 3DS** in your computer
|
1. Insert the SD card of your **target 3DS** in your computer
|
||||||
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of the **target 3DS's** SD card
|
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of the **target 3DS's** SD card
|
||||||
1. Create a folder named `boot9strap` on the root of your SD card
|
1. Create a folder named `boot9strap` on the root of your SD card
|
||||||
1. Copy `boot9strap.firm` and `boot9strap.firm.sha` from the RELEASE `.zip` to the `/boot9strap/` folder on your SD card
|
1. Copy `boot9strap.firm` and `boot9strap.firm.sha` from the boot9strap `.zip` to the `/boot9strap/` folder on your SD card
|
||||||
1. Copy `SafeB9SInstaller.bin` from the SafeB9SInstaller `.zip` to the root of your SD card
|
1. Copy `SafeB9SInstaller.bin` from the SafeB9SInstaller `.zip` to the root of your SD card
|
||||||
1. Copy `usm.bin` from the RELEASE `.zip` to the root of your SD card
|
1. Create a folder named `3ds` on the root of your SD card if it does not already exist
|
||||||
1. Create a folder called `3ds` on the root of your SD card
|
+ This folder stores homebrew applications and data; it is different from the `Nintendo 3DS` folder that the console automatically generates
|
||||||
1. Copy `slotTool.3dsx` from the `slotTool` folder inside the RELEASE `.zip` to the `/3ds/` folder on your SD card
|
1. Copy the `nimdsphax` folder from the nimdsphax`.zip` to the `/3ds/` folder on your SD card
|
||||||
|
1. Copy `menuhax67_installer.3dsx` from the menuhax `.zip` to the `/3ds/` folder on your SD card
|
||||||
|
1. Copy Launcher.dat from the folder for your model and region inside the menuhax `.zip` to the root of your SD card
|
||||||
1. Eject the SD card and put it in the **target 3DS**
|
1. Eject the SD card and put it in the **target 3DS**
|
||||||
|
|
||||||
#### Section IV - kartdlphax
|
![]({{ "/images/screenshots/kart-root-layout.png" | absolute_url }})
|
||||||
|
{: .notice--info}
|
||||||
|
|
||||||
In this section, you will use Download Play to transfer the exploit data from the source 3DS to the target 3DS, which can be used to overwrite your Wi-Fi slots with hacked data. Your Wi-Fi connection settings will be temporarily overwritten while the exploit is active.
|
![]({{ "/images/screenshots/kart-3ds-layout.png" | absolute_url }})
|
||||||
|
{: .notice--info}
|
||||||
|
|
||||||
|
#### Section III - kartdlphax
|
||||||
|
|
||||||
|
In this section, you will use Download Play to transfer the exploit data from the source 3DS to the target 3DS, which can be used to install menuhax67, a Homebrew Launcher entrypoint. Your HOME Menu settings will be temporarily inaccessible on the target 3DS while this exploit is active.
|
||||||
|
|
||||||
1. Power on the **source 3DS**
|
1. Power on the **source 3DS**
|
||||||
+ If you are prompted to set up Luma3DS, just press START to save the configuration
|
+ If you are prompted to set up Luma3DS, just press START to save the configuration
|
||||||
|
@ -104,45 +107,26 @@ In this section, you will use Download Play to transfer the exploit data from th
|
||||||
1. Wait a while (a percentage should be displayed on the **source 3DS**)
|
1. Wait a while (a percentage should be displayed on the **source 3DS**)
|
||||||
1. If the exploit was successful, the **target 3DS** will have booted into the 3DS ROP xPloit Injector
|
1. If the exploit was successful, the **target 3DS** will have booted into the 3DS ROP xPloit Injector
|
||||||
+ If the exploit was not successful, power off the **source 3DS** and **target 3DS** and start again from the beginning of `Section III - kartdlphax`
|
+ If the exploit was not successful, power off the **source 3DS** and **target 3DS** and start again from the beginning of `Section III - kartdlphax`
|
||||||
1. Press (X) to inject unSAFE_MODE
|
|
||||||
1. If the injection was successful, the screen will turn green and the **target 3DS** will automatically power off
|
|
||||||
+ If the screen turns red, power off the target 3DS and start again from the beginning of `Section III - kartdlphax`. If this doesn't work, ask for help at [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp))
|
|
||||||
|
|
||||||
You will **not** need to use your **source 3DS** to complete any further steps on this guide. Any further steps should only be completed on the **target 3DS**.
|
#### Section IV - Installing menuhax67
|
||||||
{: .notice--info}
|
|
||||||
|
|
||||||
#### Section V - unSAFE_MODE
|
{% include_relative include/menuhax67-install.txt %}
|
||||||
|
|
||||||
In this section, you will enter Safe Mode (a feature available on all 3DS family consoles) and navigate to a menu where unSAFE_MODE will be triggered, which will launch you into the boot9strap (custom firmware) installer.
|
#### Section V - Installing boot9strap
|
||||||
|
|
||||||
1. With your console still powered off, hold the following buttons: (Left Shoulder) + (Right Shoulder) + (D-Pad Up) + (A), and while holding these buttons together, power on your console
|
|
||||||
+ Keep holding the buttons until the console boots into Safe Mode (a "system update" menu)
|
|
||||||
1. Press "OK" to accept the update
|
|
||||||
+ There is no update. This is part of the exploit
|
|
||||||
1. Press "I accept" to accept the terms and conditions
|
|
||||||
1. The update will eventually fail, with the error code `003-1099`. This is intended behaviour
|
|
||||||
1. When asked "Would you like to configure Internet settings?", select "Yes"
|
|
||||||
1. On the following menu, navigate to `Connection 1` -> `Change Settings` -> `Next Page (right arrow)` -> `Proxy Settings` -> `Detailed Setup` ([image](/images/screenshots/usm/safemode_highlighted.png))
|
|
||||||
1. If the exploit was successful, your console will have booted into SafeB9SInstaller
|
|
||||||
+ If your console instead freezes on a white screen, hold the POWER button until it turns off, then retry this section
|
|
||||||
+ If your console instead freezes on a red screen, you are missing `usm.bin` from the root of your SD card
|
|
||||||
+ If you get a different error, [follow this troubleshooting guide](troubleshooting#installing-boot9strap-usm)
|
|
||||||
|
|
||||||
#### Section VI - Installing boot9strap
|
|
||||||
|
|
||||||
{% include_relative include/install-boot9strap-safeb9sinstaller.txt %}
|
{% include_relative include/install-boot9strap-safeb9sinstaller.txt %}
|
||||||
{%- include_relative include/configure-luma3ds.txt %}
|
{%- include_relative include/configure-luma3ds.txt %}
|
||||||
|
|
||||||
{% include_relative include/luma3ds-installed-note.txt %}
|
{% include_relative include/luma3ds-installed-note.txt %}
|
||||||
|
|
||||||
#### Section VII - Restoring WiFi Configuration Profiles
|
#### Section VI - Removing menuhax67
|
||||||
|
|
||||||
In this section, you will enter the Homebrew Launcher (using custom firmware) so that you can restore the Wi-Fi connection slots that were overwritten in Section I.
|
In this section, you will use the Homebrew Launcher to remove menuhax67, which will let you access the HOME Menu Settings option normally.
|
||||||
|
|
||||||
{% include_relative include/launch-hbl-dlp.txt %}
|
{% include_relative include/launch-hbl-dlp.txt %}
|
||||||
1. Launch slotTool from the list of homebrew
|
1. Launch menuhax67_installer from the list of homebrew
|
||||||
1. Select "RESTORE original wifi slots 1,2,3"
|
1. Select REMOVE menuhax67
|
||||||
1. Your console will then reboot
|
1. When you see "done.", press (A), then press (A) on "EXIT to menu"
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue