---
title: "BannerBomb3"
---

{% include toc title="תוכן העניינים" %}

{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>

To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.

To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.

For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
{% endcapture %}

<details>{{ technical_info | markdownify }}</details>
{: .notice--info}

### Compatibility Notes

These instructions work on USA, Europe, Japan, and Korea region consoles as indicated by the letters U, E, J, or K after the system version.

If you have a Taiwanese console (indicated by a T after the system version), follow [this page](bannerbomb3-fredtool-(twn)) instead.
{: .notice--warning}

### What You Need

* Your `movable.sed` file from completing Seedminer or nimhax

#### חלק I - הכנות

In this section, you will copy the files needed to trigger the BannerBomb3 exploit onto your device's SD card.

1. תכבו את המכשיר
1. תכניסו את ה-SD שלכם למחשב
1. Open [Bannerbomb3 Injector](http://3dstools.nhnarwhal.com/#/bb3gen) on your computer
1. Upload your movable.sed using the “Choose File” option
1. Click “Build and Download”
  + This will download an exploit DSiWare called `F00D43D5.bin` and a payload called `bb3.bin` inside of a zip archive (`DSIWARE_EXPLOIT.zip`)
1. Copy `bb3.bin` from `DSIWARE_EXPLOIT.zip` to the root of your SD card
  + The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
  + This file does not need to be opened or extracted
  ![]({{ "/images/screenshots/bb3/bb3-root-layout.png" | absolute_url }}){: .notice--info}
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` on your SD card
  + `<ID0>` is the 32-letter folder name that you copied in [Seedminer](seedminer)
  + `<ID1>` is a 32-letter folder inside of the `<ID0>`
  + If you have multiple `<ID1>` folders, follow the instructions [here](troubleshooting#bannerbomb3)
  ![]({{ "/images/screenshots/bb3/dsiware-location-1.png" | absolute_url }}){: .notice--info}
1. Create a folder named `Nintendo DSiWare` inside of the `<ID1>`
  + If you already had the folder *and* there are any existing DSiWare backup files (`<8-character-id>.bin`) inside, copy them to your PC and remove them from your SD card
1. Copy the `F00D43D5.bin` file from `DSIWARE_EXPLOIT.zip` to the `Nintendo DSiWare` folder

![]({{ "/images/screenshots/bb3/dsiware-location-2.png" | absolute_url }})
{: .notice--info} 

#### Section II - Hardware Button Check

In this section, you will see whether you can access Safe Mode on your device. This will determine which method you will follow on the next page.

{% include_relative include/safemodecheck.txt %}

___

### Next steps: Choose an exploit

If you saw the system update screen in the previous section, Safe Mode is working on your device.

If your device booted into Safe Mode, continue to [Installing boot9strap (USM)](installing-boot9strap-(usm))
{: .notice--primary}

If your device did NOT boot into Safe Mode, continue to [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool))
{: .notice--info}