---
title: "BannerBomb3"
---

{% include toc title="條目內容" %}

<details>
<summary><em>Technical Details (optional)</em></summary>
<p>To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.</p>
<p>To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.</p>
<p>For a more technical explanation, see <a href="https://github.com/zoogie/Bannerbomb3">here</a>.</p>
</details>
{: .notice--info}

### Compatibility Notes

這些操作在美、歐、日、韓版可用，可透過系統版本號末尾的 「U、E、J、K」 字元來辨別。

如果您的主機為台灣版主機(系統版本號以 T 結尾的主機)，請見[此頁面](bannerbomb3-fredtool-(twn))。
{: .notice--warning}

### 必備項目

* 您自 [Seedminer](seedminer) 步驟中所取得的 `movable.sed` 檔案

#### 第一節 — 準備工作

In this section, you will copy the files needed to trigger the BannerBomb3 exploit onto your device's SD card.

1. 關閉您的主機
1. 將 SD 卡插入至電腦中
1. Open [Bannerbomb3 Injector](http://3dstools.nhnarwhal.com/#/bb3gen) on your computer
1. Upload your movable.sed using the “Choose File” option
1. Click “Build and Download”
  + This will download an exploit DSiWare called `F00D43D5.bin` and a payload called `bb3.bin` inside of a zip archive (`DSIWARE_EXPLOIT.zip`)
1. Copy `bb3.bin` from `DSIWARE_EXPLOIT.zip` to the root of your SD card
  + 「SD 卡的根目錄」指的是你的 SD 卡含有 Nintendo 3DS 資料夾的目錄，而非該資料夾內部
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` on your SD card
  + `<ID0>` is the 32-letter folder name that you copied in [Seedminer](seedminer)
  + `<ID1>` is a 32-letter folder inside of the `<ID0>`
  ![]({{ "/images/screenshots/bb3/dsiware-location-1.png" | absolute_url }}){: .notice--info}
1. Create a folder named `Nintendo DSiWare` inside of the `<ID1>`
  + If you already had the folder *and* there are any existing DSiWare backup files (`<8-character-id>.bin`) inside, copy them to your PC and remove them from your SD card
1. Copy the `F00D43D5.bin` file from `DSIWARE_EXPLOIT.zip` to the `Nintendo DSiWare` folder

![]({{ "/images/screenshots/bb3/dsiware-location-2.png" | absolute_url }})
{: .notice--info} 

#### Section II - Hardware Button Check

In this section, you will test the SAFE_MODE function of your device. This will determine which method you will follow in the next page.

1. With your device still powered off, hold the following buttons: (Left Shoulder) + (Right Shoulder) + (D-Pad Up) + (A), and while holding these buttons together, power on your device
  + Keep holding the buttons until the device boots into Safe Mode (a "system update" menu)
1. If prompted to update, press Cancel
  + If the device boots to the HOME Menu, just continue to the next step
1. 關閉您的主機

___

### Next steps: Choose an exploit

If your device booted into Safe Mode and prompted to you to do a system update in Section II, Safe Mode is working on your device.

If your device booted into Safe Mode, continue to [Installing boot9strap (USM)](installing-boot9strap-(usm))
{: .notice--primary}

If your device did NOT boot into Safe Mode, continue to [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool))
{: .notice--warning}