---
title: "BannerBomb3"
---

{% include toc title="條目內容" %}

{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>

To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.

To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.

For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
{% endcapture %}

<details>{{ technical_info | markdownify }}</details>
{: .notice--info}

### 相容性資訊

這些操作在美、歐、日、韓版可用，可透過系統版本號末尾的 「U、E、J、K」 字元來辨別。

如果您的主機為台灣版主機(系統版本號以 T 結尾的主機)，請見[此頁面](bannerbomb3-fredtool-(twn))。
{: .notice--warning}

### 必備項目

* Your `movable.sed` file from completing Seedminer or nimhax

#### 第一節 — 準備工作

In this section, you will copy the files needed to trigger the BannerBomb3 exploit onto your device's SD card.

1. 關閉您的主機
1. 將 SD 卡插入至電腦中
1. Open [Bannerbomb3 Injector](http://3dstools.nhnarwhal.com/#/bb3gen) on your computer
1. Upload your movable.sed using the “Choose File” option
1. Click “Build and Download”
  + This will download an exploit DSiWare called `F00D43D5.bin` and a payload called `bb3.bin` inside of a zip archive (`DSIWARE_EXPLOIT.zip`)
1. Copy `bb3.bin` from `DSIWARE_EXPLOIT.zip` to the root of your SD card
  + 「SD 卡的根目錄」指的是你的 SD 卡含有 Nintendo 3DS 資料夾的目錄，而非該資料夾內部
  + This file does not need to be opened or extracted
  ![]({{ "/images/screenshots/bb3/bb3-root-layout.png" | absolute_url }}){: .notice--info}
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` on your SD card
  + `<ID0>` is the 32-letter folder name that you copied in [Seedminer](seedminer)
  + `<ID1>` is a 32-letter folder inside of the `<ID0>`
  + If you have multiple `<ID1>` folders, follow the instructions [here](troubleshooting#bannerbomb3)
  ![]({{ "/images/screenshots/bb3/dsiware-location-1.png" | absolute_url }}){: .notice--info}
1. Create a folder named `Nintendo DSiWare` inside of the `<ID1>`
  + If you already had the folder *and* there are any existing DSiWare backup files (`<8-character-id>.bin`) inside, copy them to your PC and remove them from your SD card
1. Copy the `F00D43D5.bin` file from `DSIWARE_EXPLOIT.zip` to the `Nintendo DSiWare` folder

![]({{ "/images/screenshots/bb3/dsiware-location-2.png" | absolute_url }})
{: .notice--info}

#### 第二節 — 按鍵檢查

In this section, you will see whether you can access Safe Mode on your device. This will determine which method you will follow on the next page.

Your SD card should remain in your computer while you perform this check.

{% include_relative include/safemodecheck.txt %}

___

### Next steps: Choose an exploit

If you saw the system update screen in the previous section, Safe Mode is working on your device.

If your device booted into Safe Mode, continue to [Installing boot9strap (USM)](installing-boot9strap-(usm))
{: .notice--primary}

If your device did NOT boot into Safe Mode, continue to [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool))
{: .notice--info}