3DS:Bannerbomb3/Installing boot9strap (Fredtool): Difference between revisions

To dump system DSiWare, we exploit a flaw in the DSiWare Data Management window of the Settings application.

To accomplish this, we use your system’s encryption key (movable.sed) to build a DSiWare backup that exploits the system to dump the DSi Internet Settings application to the SD root.

Once you have a DSiWare backup, an exploitable DSiWare title can be injected into DS Internet, which can be used to install custom firmware.

What you need

• Your movable.sed file completing Mii Mining
• The latest release of Luma3DS (the Luma3DS .zip file)
• The 6.0.1 release of b9stool for 11.15.0-47 (direct download)
• The latest release of Frogminer_save (direct download)

Section I - CFW Check

As an additional safety measure, we will perform an additional check for custom firmware. This is because using this method when custom firmware is already installed has a risk of bricking the console (rendering it unusable without recovery methods like ntrboot).

1. Power off your device
2. Hold the (Select) button
3. Power on your device while still holding the (Select) button
4. If the check was successful, you will boot to the HOME Menu and you may proceed with this guide
5. Power off your device

If you see a configuration menu or the console immediately powers off, you already have CFW, and continuing with these instructions may BRICK your device! Follow Checking for CFW to upgrade your existing CFW.

Section II - Prep Work

1. Power off your device
2. Insert your SD card into your computer
3. Copy boot.firm and boot.3dsx from the Luma3DS .zip to the root of your SD card
   • The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
4. Copy boot.nds (B9STool) from the release .zip to the root of your SD card
5. Copy the private folder from the Frogminer_save .zip to the root of your SD card
6. Keep your SD card in your computer - there are more things to do in the next section

Section III - BannerBomb3

1. Power off your device
2. Insert your SD card into your computer
3. Open Bannerbomb3 Injector on your computer
4. Upload your movable.sed using the “Choose File” option
5. Click “Build and Download”
   • This will download an exploit DSiWare called F00D43D5.bin and a payload called bb3.bin inside of a zip archive (DSIWARE_EXPLOIT.zip)
6. Copy bb3.bin from DSIWARE_EXPLOIT.zip to the root of your SD card
   • This file does not need to be opened or extracted
7. Navigate to Nintendo 3DS -> <ID0> -> <ID1> on your SD card
   • <ID0> is the 32-letter folder name that you copied in Seedminer
   • <ID1> is a 32-letter folder inside of the <ID0>
   • If you have multiple <ID1> folders, follow the instructions here and return to this page
8. Create a folder named Nintendo DSiWare inside of the <ID1>
   • If you already had the folder and there are any existing DSiWare backup files (<8-character-id>.bin) inside, copy them to your PC and remove them from your SD card
9. Copy the F00D43D5.bin file from DSIWARE_EXPLOIT.zip to the Nintendo DSiWare folder

Section IV - Fredtool

1. Open the DSIHaxInjector_new website on your computer
2. Under the “Username” field, enter any alphanumeric name (no spaces or special characters)
   • You might want to put in a different name to differentiate it from BannerBomb3’s output
3. Under the “DSiBin” field, upload your 42383841.bin file using the first “Browse…” option
4. Under the “MovableSed” field, upload your movable.sed file using the second “Browse…” option
5. Under the “InjectionTarget” field, set the injection target to DSinternet(NOT memorypit)
6. Click “Build”
   • Wait a few seconds for the build process to complete
7. In the Build History section on the left, type the Username into the “Filter Builds” field
8. Click on the first search result
   • This result should have the latest timestamp
9. Click the “output_(name).zip” link
10. Navigate to Nintendo 3DS -> <ID0> -> <ID1> -> Nintendo DSiWare on your SD card
11. Delete F00D43D5.bin from your Nintendo DSiWare folder
12. Copy the 42383841.bin file from the hax folder of the downloaded DSiWare archive (output_(name).zip) to the Nintendo DSiWare folder
13. Reinsert your SD card into your device
14. Power on your device
15. Launch System Settings on your device
16. Navigate to Data Management -> DSiWare
17. Under the “SD Card” section, select the “Haxxxxxxxxx!” title
18. Select “Copy”, then select “OK”
19. Exit System Settings
20. Return to main menu of the System Settings
21. Navigate to Internet Settings -> Nintendo DS Connections, then select “OK” (image)
22. If the exploit was successful, your 3DS will have loaded into the JPN version of Flipnote Studio

Section V - Flipnote Exploit

If you would prefer a visual guide to this section, one is available here.

In this section, you will perform a series of very specific steps within Flipnote Studio that, when performed correctly, will launch the boot9strap (custom firmware) installer.

1. Complete the initial setup process for the launched game until you reach the main menu
   • Select the left option whenever prompted during the setup process
2. Using the touch-screen, select the large left box, then select the box with an SD card icon
3. Once the menu loads, select the face icon, then the bottom right icon to continue
4. Press (X) or (UP) on the D-Pad depending on which is shown on the top screen
5. Select the second button along the top with a film-reel icon
6. Scroll right until reel “3/3” is selected
7. Tap the third box with the letter “A” in it
8. Scroll left until reel “1/3” is selected
9. Tap the fourth box with the letter “A” in it
10. If the exploit was successful, your device will have loaded b9sTool
11. Using the D-Pad, move to “Install boot9strap”
    • If you miss this step, the system will exit to HOME Menu instead of installing boot9strap and you will need to open Nintendo DS Connections and start over from the beginning of this section
12. Press (A), then press START and SELECT at the same time to begin the process
13. Once completed and the bottom screen says “done.”, exit b9sTool, then power off your device
    • You may have to force power off by holding the power button
    • If your device shuts down when you try to power it on, ensure that you have copied boot.firm from the Luma3DS .zip to the root of your SD card
    • If you see the Luma Configuration screen, power off your device and continue to the next section

Section VI - Luma3DS Configuration

1. Press and hold (Select), and while holding (Select), power on your device. This will launch Luma3DS configuration
   • Luma3DS configuration menu are settings for the Luma3DS custom firmware. Many of these settings may be useful for customization or debugging
   • For the purpose of this guide, these settings will be left on default settings
   • If you boot to HOME Menu, follow this troubleshooting guide
2. Press (Start) to save and reboot
3. Power off your device

Section VII - Restoring DS Internet

1. Insert your SD card into your computer
2. Navigate to Nintendo 3DS -> <ID0> -> <ID1> -> Nintendo DSiWare on your SD card
3. Copy the 484E4441.bin file from the clean folder of the downloaded DSiWare archive (output_(name).zip) to the Nintendo DSiWare folder
4. Reinsert your SD card into your device
5. Power on your device
6. Launch System Settings on your device
7. Navigate to Data Management -> DSiWare
8. Under the “SD Card” section, select the “Haxxxxxxxxx!” title
9. Select “Copy”, then select “OK”
10. Exit System Settings
11. Power off your device