---
title: "BannerBomb3"
---

{% include toc title="Table of Contents" %}

{% capture technical_info %}
<summary><em>Technical Details (optional)</em></summary>

To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.

To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.

For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
{% endcapture %}

<details>{{ technical_info | markdownify }}</details>
{: .notice--info}

### Compatibility Notes

These instructions work on USA, Europe, Japan, and Korea region consoles as indicated by the letters U, E, J, or K after the system version.

If you have a Taiwanese console (indicated by a T after the system version), follow [this page](bannerbomb3-fredtool-(twn)) instead.
{: .notice--warning}

### What You Need

* Your `movable.sed` file from completing Seedminer or nimhax

#### Section I - Prep Work

In this section, you will copy the files needed to trigger the BannerBomb3 exploit onto your device's SD card.

1. Power off your device
1. Pasang kad SD anda ke dalam komputer
1. Open [Bannerbomb3 Injector](http://3dstools.nhnarwhal.com/#/bb3gen) on your computer
1. Upload your movable.sed using the “Choose File” option
1. Click “Build and Download”
  + This will download an exploit DSiWare called `F00D43D5.bin` and a payload called `bb3.bin` inside of a zip archive (`DSIWARE_EXPLOIT.zip`)
1. Copy `bb3.bin` from `DSIWARE_EXPLOIT.zip` to the root of your SD card
  + The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
  + This file does not need to be opened or extracted
  ![]({{ "/images/screenshots/bb3/bb3-root-layout.png" | absolute_url }}){: .notice--info}
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` on your SD card
  + `<ID0>` is the 32-letter folder name that you copied in [Seedminer](seedminer)
  + `<ID1>` is a 32-letter folder inside of the `<ID0>`
  + If you have multiple `<ID1>` folders, follow the instructions [here](troubleshooting#bannerbomb3)
  ![]({{ "/images/screenshots/bb3/dsiware-location-1.png" | absolute_url }}){: .notice--info}
1. Create a folder named `Nintendo DSiWare` inside of the `<ID1>`
  + If you already had the folder *and* there are any existing DSiWare backup files (`<8-character-id>.bin`) inside, copy them to your PC and remove them from your SD card
1. Copy the `F00D43D5.bin` file from `DSIWARE_EXPLOIT.zip` to the `Nintendo DSiWare` folder

![]({{ "/images/screenshots/bb3/dsiware-location-2.png" | absolute_url }})
{: .notice--info}

#### Section II - Hardware Button Check

In this section, you will see whether you can access Safe Mode on your device. This will determine which method you will follow on the next page.

Your SD card should remain in your computer while you perform this check.

{% include_relative include/safemodecheck.txt %}

___

### Next steps: Choose an exploit

If the camera appeared in the previous section, Safe Mode is likely to be working on your device.

If the camera appeared, continue to [Installing boot9strap (USM)](installing-boot9strap-(usm))
{: .notice--primary}

If the camera did NOT appear, continue to [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool))
{: .notice--info}