76 lines
3.5 KiB
Text
76 lines
3.5 KiB
Text
---
|
|
title: "BannerBomb3"
|
|
---
|
|
|
|
{% include toc title="Table of Contents" %}
|
|
|
|
{% capture technical_info %}
|
|
<summary><em>Technical Details (optional)</em></summary>
|
|
|
|
To launch custom code, we exploit a flaw in the DSiWare Data Management window of the Settings application.
|
|
|
|
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system.
|
|
|
|
For a more technical explanation, see [here](https://github.com/zoogie/Bannerbomb3).
|
|
{% endcapture %}
|
|
|
|
<details>{{ technical_info | markdownify }}</details>
|
|
{: .notice--info}
|
|
|
|
### Compatibility Notes
|
|
|
|
These instructions work on USA, Europe, Japan, and Korea region consoles as indicated by the letters U, E, J, or K after the system version.
|
|
|
|
If you have a Taiwanese console (indicated by a T after the system version), follow [this page](bannerbomb3-fredtool-(twn)) instead.
|
|
{: .notice--warning}
|
|
|
|
### What You Need
|
|
|
|
* Your `movable.sed` file from completing Seedminer or nimhax
|
|
|
|
#### Section I - Prep Work
|
|
|
|
In this section, you will copy the files needed to trigger the BannerBomb3 exploit onto your device's SD card.
|
|
|
|
1. Power off your device
|
|
1. Insert your SD card into your computer
|
|
1. Open [Bannerbomb3 Injector](http://3dstools.nhnarwhal.com/#/bb3gen) on your computer
|
|
1. Upload your movable.sed using the “Choose File” option
|
|
1. Click “Build and Download”
|
|
+ This will download an exploit DSiWare called `F00D43D5.bin` and a payload called `bb3.bin` inside of a zip archive (`DSIWARE_EXPLOIT.zip`)
|
|
1. Copy `bb3.bin` from `DSIWARE_EXPLOIT.zip` to the root of your SD card
|
|
+ The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
|
|
+ This file does not need to be opened or extracted
|
|
![]({{ "/images/screenshots/bb3/bb3-root-layout.png" | absolute_url }}){: .notice--info}
|
|
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<ID1>` on your SD card
|
|
+ `<ID0>` is the 32-letter folder name that you copied in [Seedminer](seedminer)
|
|
+ `<ID1>` is a 32-letter folder inside of the `<ID0>`
|
|
+ If you have multiple `<ID1>` folders, follow the instructions [here](troubleshooting#bannerbomb3)
|
|
![]({{ "/images/screenshots/bb3/dsiware-location-1.png" | absolute_url }}){: .notice--info}
|
|
1. Create a folder named `Nintendo DSiWare` inside of the `<ID1>`
|
|
+ If you already had the folder *and* there are any existing DSiWare backup files (`<8-character-id>.bin`) inside, copy them to your PC and remove them from your SD card
|
|
1. Copy the `F00D43D5.bin` file from `DSIWARE_EXPLOIT.zip` to the `Nintendo DSiWare` folder
|
|
|
|
![]({{ "/images/screenshots/bb3/dsiware-location-2.png" | absolute_url }})
|
|
{: .notice--info}
|
|
|
|
+ If you have further difficulty identifying the ID0, ID1 or where to put the `F00D43D5.bin` file, please watch [this video](https://www.youtube.com/watch?v=T67kcO3wvHY) for a more in-depth explanation
|
|
{: .notice--info}
|
|
|
|
#### Section II - Hardware Button Check
|
|
|
|
In this section, you will see whether you can access Safe Mode on your device. This will determine which method you will follow on the next page.
|
|
|
|
{% include_relative include/safemodecheck.txt %}
|
|
|
|
___
|
|
|
|
### Next steps: Choose an exploit
|
|
|
|
If you saw the system update screen in the previous section, Safe Mode is working on your device.
|
|
|
|
If your device booted into Safe Mode, continue to [Installing boot9strap (USM)](installing-boot9strap-(usm))
|
|
{: .notice--primary}
|
|
|
|
If your device did NOT boot into Safe Mode, continue to [Installing boot9strap (Fredtool)](installing-boot9strap-(fredtool))
|
|
{: .notice--info}
|