< 3DS:Alternate Exploits
Revision as of 14:05, 9 October 2023 by Lifehackerhansol (talk | contribs) (Sync with upstream fredtool-inject, which splits b9stool from flipnote exploit section)
Required Reading
We will now use our Homebrew Launcher access to run the Frogtool utility in order to inject the exploitable Japanese version of the "Flipnote Studio" title, which we then use to run b9sTool and install boot9strap.
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed here.
To use the magnet links on this page, you will need a torrent client like Deluge.
What You Need
- Your
movable.sed
file from completing Seedminer or nimhax - frogcert.bin (magnet link)
- The latest release of Frogtool
- One of the following:
Instructions
Section I - CFW Check
- Power off your device
- Hold the (Select) button
- Power on your device while still holding the (Select) button
- If the check was successful, you will boot to the HOME Menu and you may proceed with this guide
If you see a configuration menu, you already have CFW, and continuing with these instructions may BRICK your device! Follow Checking for CFW to upgrade your existing CFW. |
Section II - Prep Work
- Power off your device
- Insert your SD card into your computer
- Copy your
movable.sed
file to the root of your SD card- If you followed nimhax, this will already be on your SD card
- Copy
boot.firm
andboot.3dsx
from the Luma3DS.zip
to the root of your SD card - Copy
boot.nds
(b9sTool) from the b9sTool release.zip
to the root of your SD card - Copy
Frogtool.3dsx
to the/3ds/
folder on your SD card - Copy
frogcert.bin
to the root of your SD card - Reinsert your SD card into your device
- Power on your device
Section III - Patching DS Download Play
- Open the Homebrew Launcher using any method
- Launch Frogtool from the list of homebrew
- Select the "INJECT patched DS Download Play" option
- Frogtool will automatically run and inject the JPN version of Flipnote Studio into your DS Download Play
- Once this operation has finished, read the screens and check if the process was successful
- If there are any errors or missing files, correct the problem and try again
- If the process was successful, tap the touch screen, then select "BOOT patched DS Download Play"
- If the exploit was successful, your device will have loaded the JPN version of Flipnote Studio
- If you get stuck on a black screen, follow this section, then try again
Section IV - Flipnote Exploit
In this section, you will perform a series of very specific steps within Flipnote Studio that, when performed correctly, will launch b9sTool, the boot9strap (custom firmware) installer.
If you would prefer a visual guide to this section, one is available here. |
- Complete the initial setup process for the launched game until you reach the main menu
- Select the left option whenever prompted during the setup process
- Using the touch-screen, select the large left box, then select the box with an SD card icon
- Once the menu loads, select the face icon, then the bottom right icon to continue
- Press (X) or (UP) on the D-Pad depending on which is shown on the top screen
- Select the second button along the top with a film-reel icon
- Scroll right until reel “3/3” is selected
- Tap the third box with the letter “A” in it
- Scroll left until reel “1/3” is selected
- Tap the fourth box with the letter “A” in it
- If the exploit was successful, your console will have loaded b9sTool
Section V - Installing boot9strap
In this section, you will install custom firmware onto your console.
- Using the D-Pad, move to "Install boot9strap"
- If you miss this step, the system will exit to HOME Menu instead of installing boot9strap and you will need to open DS Download Play and start over from the beginning of this section
- Press (A), then press START and SELECT at the same time to begin the process
- Once completed and the bottom screen says “done.”, exit b9sTool, then power off your console
- You may have to force power off by holding the power button
- If your console shuts down when you try to power it on, ensure that you have copied
boot.firm
from the Luma3DS.zip
to the root of your SD card - If you see the Luma Configuration screen, power off your console and continue to the next section
Section VI - Luma3DS Configuration
- Press and hold (Select), and while holding (Select), power on your device. This will launch Luma3DS configuration
- Luma3DS configuration menu are settings for the Luma3DS custom firmware. Many of these settings may be useful for customization or debugging
- For the purpose of this guide, these settings will be left on default settings
- If you boot to HOME Menu, follow this troubleshooting guide
- Press (Start) to save and reboot
At this point, your console will boot to Luma3DS by default.
|
Section VII - Restoring DS Download Play
- Launch the Download Play application
- Wait until you see the two buttons
- Do not press either of the buttons
- Press (Left Shoulder) + (D-Pad Down) + (Select) at the same time to open the Rosalina menu
- Select "Miscellaneous options"
- Select "Switch the hb. title to the current app."
- Press (B) to continue
- Press (B) to return to the Rosalina main menu
- Press (B) to exit the Rosalina menu
- Press (Home), then close Download Play
- Relaunch the Download Play application
- Your device should load the Homebrew Launcher
- Launch Frogtool from the list of homebrew
- Select the "RESTORE patched DS Download Play" option
- Once this operation has finished, read the screens and check if the process was successful
- If there are any errors or missing files, correct the problem and try again
- If the process was successful, tap the touch screen, then press START to exit
Continue to Finalizing Setup