3DS:Alternate Exploits/Installing boot9strap (Fredtool): Difference between revisions

From Hacks Guide Wiki
No edit summary
m (fix link 2)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:


== What you need ==
== Technical Details ==
This method of using Seedminer for further exploitation uses your <code>movable.sed</code> file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.


* Your <code>movable.sed</code> file completing Seedminer or nimhax
This is a currently working implementation of the “FIRM partitions known-plaintext” exploit detailed [https://www.3dbrew.org/wiki/3DS_System_Flaws here].
* The latest release of [https://github.com/zoogie/b9sTool/releases/download/v6.0.1/release_6.0.1.zip Luma3DS] (the Luma3DS <code>.zip</code> file)
{{Warning
* The latest release of [https://github.com/zoogie/Frogminer/releases/download/v1.0/Frogminer_save.zip Frogminer_save] (direct download)
| text = You should only be able to get to this page if you are running version 11.16.0. If you are on any firmware other than 11.17.0 or 11.16.0, STOP as these instructions WILL LEAD TO A BRICK on other firmwares!!
* One of the following:
}}
** System version 11.14.0 or 11.15.0: The 6.0.1 release of [https://github.com/zoogie/b9sTool/releases/download/v6.0.1/release_6.0.1.zip b9stool] (direct download)
 
** System version 11.16.0: The 6.1.1 release of [https://github.com/zoogie/b9sTool/releases/download/v6.1.1/release_6.1.1.zip b9stool] (direct download)
== What You Need ==
*Your <code>movable.sed</code> file from completing [[3dsguide:seedminer|Seedminer]]
*The latest release of [https://github.com/zoogie/Frogminer/releases/latest Frogminer_save] (<code>Frogminer_save.zip</code>)
*'''11.16.0 or 11.17.0 users''': The v6.1.1 release of [https://github.com/zoogie/b9sTool/releases/download/v6.1.1/release_6.1.1.zip b9sTool] (direct download)  
*The latest release of [https://github.com/LumaTeam/Luma3DS/releases/latest Luma3DS] (the Luma3DS <code>.zip</code> file)
 
== Instructions ==


=== Section I - CFW Check ===
=== Section I - CFW Check ===
As an additional safety measure, we will perform an additional check for custom firmware. This is because using this method when custom firmware is already installed has a risk of bricking the console (rendering it unusable without recovery methods like ntrboot).
As an additional safety measure, we will perform an additional check for custom firmware. This is because using this method when custom firmware is already installed has a risk of bricking the console (rendering it unusable without recovery methods like [[3dsguide:ntrboot|ntrboot]]).


# Power off your device
#Power off your console
# Hold the (Select) button
#Hold the (Select) button
# Power on your device while still holding the (Select) button
# Power on your console while still holding the (Select) button
# If the check was successful, you will boot to the HOME Menu and you may proceed with this guide
#If the check was successful, you will boot to the HOME Menu and you may proceed with this guide
# Power off your device
#Power off your console
{{Warning
{{Critical
| text = If you see a configuration menu or the console immediately powers off, you already have CFW, and continuing with these instructions may BRICK your device! Follow Checking for CFW to upgrade your existing CFW.
| text = If you see a configuration menu or the console immediately powers off, you already have CFW, and continuing with these instructions may BRICK your console! Follow [https://3ds.hacks.guide/checking-for-cfw.html Checking for CFW] to upgrade your existing CFW.
}}
}}


=== Section II - BannerBomb3 ===
=== Section II - BannerBomb3 ===
In this section, you will trigger the BannerBomb3 exploit using the DSiWare Management menu and copy the resulting file dump to your computer so that you can use it on the next section.


In this section, you will trigger the BannerBomb3 exploit using the DSiWare Management menu and copy the resulting file dump to your computer so that you can use it on the next section.
#Reinsert your SD card into your console
 
#Power on your console
# Reinsert your SD card into your device
#Launch System Settings on your console
# Power on your device
#Navigate to <code>Data Management</code> -> <code>DSiWare</code> -> <code>SD Card</code> (image)
# Launch System Settings on your device
#*Your console should show the BB3 multihax menu
# Navigate to <code>Data Management</code> -> <code>DSiWare</code>-> <code>SD Card</code>
#*If this step causes your console to crash, follow this troubleshooting guide
#* Your device should show the BB3 multihax menu
# Use the D-Pad to navigate and press the (A) button to select “Dump DSiWare”
#* If this step causes your device to crash, [3dsguide:troubleshooting#installing-boot9strap-fredtool|follow this troubleshooting guide]
#*Your console will automatically reboot
# Use the D-Pad to navigate and press the (A) button to select "Dump DSiWare"
#Power off your console
#* Your device will automatically reboot
# Power off your device


=== Section III - Prep Work ===
=== Section III - Prep Work ===
In this section, you will copy the files necessary to temporarily replace DS Connection Settings with Flipnote Studio, which is used to launch the boot9strap (custom firmware) installer.


# Insert your SD card into your computer
#Insert your SD card into your computer
# Open the [https://jenkins.nelthorya.net/job/DSIHaxInjector_new/build?delay=0sec DSIHaxInjector_new] website on your computer
#Open the DSIHaxInjector_new website on your computer
# Under the “Username” field, enter any alphanumeric name (no spaces or special characters)
#Under the “Username” field, enter any alphanumeric name (no spaces or special characters)
#* You might want to put in a different name to differentiate it from BannerBomb3’s output
#Under the “DSiBin” field, upload your DSiWare backup file (e.g. 42383841.bin) from the root of your SD card using the first “Browse…” option
# Under the “DSiBin” field, upload your <code>42383841.bin</code> file using the first “Browse…” option
#Under the “MovableSed” field, upload your <code>movable.sed</code> file using the second “Browse…” option
# Under the “MovableSed” field, upload your <code>movable.sed</code> file using the second “Browse…” option
#Under the “InjectionTarget” field, set the injection target to <code>DSinternet</code> (NOT memorypit)
# Under the “InjectionTarget” field, set the injection target to <code>DSinternet</code>(NOT memorypit)
#Click “Build”
# Click “Build”
#*Wait a few seconds for the build process to complete
#* Wait a few seconds for the build process to complete
#In the Build History section on the left, type the Username into the “Filter Builds” field
# In the Build History section on the left, type the Username into the “Filter Builds” field
#Click on the first search result  
# Click on the first search result
#*This result should have the latest timestamp
#* This result should have the latest timestamp
#Click the “output_(name).zip” link
# Click the “output_(name).zip” link
#Navigate to <code>Nintendo 3DS</code> -> <code><ID0></code> -> <code><ID1></code> -> <code>Nintendo DSiWare</code> on your SD card  
# Navigate to <code>Nintendo 3DS</code> -> <code><ID0></code> -> <code><ID1></code> -> <code>Nintendo DSiWare</code> on your SD card
#*<code><ID0></code> is the 32-letter folder name that you copied in Seedminer
#*<code><ID1></code> is a 32-letter folder inside of the <code><ID0></code>
# Delete <code>F00D43D5.bin</code> from your Nintendo DSiWare folder
# Delete <code>F00D43D5.bin</code> from your Nintendo DSiWare folder
# Copy the <code>42383841.bin</code>  file from the <code>hax</code> folder of the downloaded DSiWare archive (output_(name).zip) to the <code>Nintendo DSiWare</code> folder
#Copy the <code>42383841.bin</code>  file from the <code>hax</code> folder of the downloaded DSiWare archive (output_(name).zip) to the <code>Nintendo DSiWare</code> folder
# Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
# Copy <code>boot.firm</code> and <code>boot.3dsx</code> from the Luma3DS <code>.zip</code> to the root of your SD card
#* The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
#*The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
# Copy `boot.nds` (B9STool) from the release `.zip` to the root of your SD card
#Copy <code>boot.nds</code> (B9STool) from the release <code>.zip</code> to the root of your SD card
# Copy the `private` folder from the Frogminer_save `.zip` to the root of your SD card
#Copy the <code>private</code> folder from the Frogminer_save <code>.zip</code> to the root of your SD card
# Reinsert your SD card into your device
#Reinsert your SD card into your console
# Power on your device
# Power on your console


=== Section IV - Overwriting DS Connection Settings ===
=== Section IV - Overwriting DS Connection Settings ===
In this section, you will copy the hacked DS Connection Settings DSiWare to internal memory, which will temporarily replace it with Flipnote Studio.


In this section, you will copy the hacked DS Connection Settings DSiWare to internal memory, which will temporarily replace it with Flipnote Studio.
#Launch System Settings on your console
 
#Navigate to <code>Data Management</code> -> <code>DSiWare</code> -> <code>SD Card</code> (image)
# Launch System Settings on your device
#Select the “Haxxxxxxxxx!” title
# Navigate to <code>Data Management</code> -> <code>DSiWare</code>
#*If you are unable to select the “Haxxxxxxxxx” title, follow this troubleshooting guide
# Under the “SD Card” section, select the “Haxxxxxxxxx!” title
#Select “Copy”, then select “OK”
# Select “Copy”, then select “OK”
#Return to main menu of the System Settings
# Exit System Settings
#Navigate to <code>Internet Settings</code> -> <code>Nintendo DS Connections</code>, then select “OK” (image)
# Return to main menu of the System Settings
#If the exploit was successful, your console will have loaded the JPN version of Flipnote Studio  
# Navigate to <code>Internet Settings</code> -> <code>Nintendo DS Connections</code>, then select “OK” (image)
#*If your console does not load the JPN version of Flipnote Studio, follow this troubleshooting guide
# If the exploit was successful, your 3DS will have loaded into the JPN version of Flipnote Studio


=== Section V - Flipnote Exploit ===
=== Section V - Flipnote Exploit ===
If you would prefer a visual guide to this section, one is available [https://zoogie.github.io/web/flipnote_directions/ here].
{{Info
 
| text = If you would prefer a visual guide to this section, one is available [https://zoogie.github.io/web/flipnote_directions/ here].
In this section, you will perform a series of very specific steps within Flipnote Studio that, when performed correctly, will launch the boot9strap (custom firmware) installer.
}}
In this section, you will perform a series of very specific steps within Flipnote Studio that, when performed correctly, will launch b9sTool, the boot9strap (custom firmware) installer.


# Complete the initial setup process for the launched game until you reach the main menu
#Complete the initial setup process for the launched game until you reach the main menu
#* Select the left option whenever prompted during the setup process
#* Select the left option whenever prompted during the setup process
# Using the touch-screen, select the large left box, then select the box with an SD card icon
#*If you encounter an issue while doing this section, check this troubleshooting guide for your issue
# Once the menu loads, select the face icon, then the bottom right icon to continue
#Using the touch-screen, select the large left box, then select the box with an SD card icon
# Press (X) or (UP) on the D-Pad depending on which is shown on the top screen
#Once the menu loads, select the face icon, then the bottom right icon to continue
# Select the second button along the top with a film-reel icon
#Press (X) or (UP) on the D-Pad depending on which is shown on the top screen
# Scroll right until reel “3/3” is selected
#Select the second button along the top with a film-reel icon
# Tap the third box with the letter “A” in it
#Scroll right until reel “3/3” is selected
# Scroll left until reel “1/3” is selected
#Tap the third box with the letter “A” in it
#Scroll left until reel “1/3” is selected
# Tap the fourth box with the letter “A” in it
# Tap the fourth box with the letter “A” in it
# If the exploit was successful, your device will have loaded b9sTool
#If the exploit was successful, your console will have loaded b9sTool
# Using the D-Pad, move to “Install boot9strap”
# Using the D-Pad, move to “Install boot9strap”
#* If you miss this step, the system will exit to HOME Menu instead of installing boot9strap and you will need to open Nintendo DS Connections and start over from the beginning of this section
#* If you miss this step, the system will exit to HOME Menu instead of installing boot9strap and you will need to open Nintendo DS Connections and start over from the beginning of this section
# Press (A), then press START and SELECT at the same time to begin the process
#Press (A), then press START and SELECT at the same time to begin the process
# Once completed and the bottom screen says “done.”, exit b9sTool, then power off your device
#Once completed and the bottom screen says “done.”, exit b9sTool, then power off your console
#* You may have to force power off by holding the power button
#*You may have to force power off by holding the power button
#* If your device shuts down when you try to power it on, ensure that you have copied <code>boot.firm</code> from the Luma3DS <code>.zip</code> to the root of your SD card
#*If your console shuts down when you try to power it on, ensure that you have copied <code>boot.firm</code> from the Luma3DS <code>.zip</code> to the root of your SD card
#* If you see the Luma Configuration screen, power off your device and continue to the next section
#*If you see the Luma Configuration screen, power off your console and continue to the next section


=== Section VI - Luma3DS Configuration ===
=== Section VI - Luma3DS Configuration ===
#Press and hold (Select), and while holding (Select), power on your console
#Your console should have booted into the Luma3DS configuration menu
#*Luma3DS configuration menu are settings for the Luma3DS custom firmware. Many of these settings may be useful for customization or debugging
#*For the purpose of this guide, '''leave these options on the default settings''' (do not check or uncheck anything)
#*If your console shuts down when you try to power it on, ensure that you have copied <code>boot.firm</code> from the Luma3DS <code>.zip</code> to the root of your SD card
#Press (Start) to save and reboot


# Press and hold (Select), and while holding (Select), power on your device. This will launch Luma3DS configuration
At this point, your console will boot to Luma3DS by default.
#* Luma3DS configuration menu are settings for the Luma3DS custom firmware. Many of these settings may be useful for customization or debugging
#* For the purpose of this guide, these settings will be left on default settings
#* If you boot to HOME Menu, follow this troubleshooting guide
# Press (Start) to save and reboot
# Power off your device


{{ Luma3DS is default }}
*Luma3DS does not look any different from the normal HOME Menu. If your console has booted into the HOME Menu, it is running custom firmware.
*On the next page, you will install useful homebrew applications to complete your setup.


=== Section VII - Restoring DS Internet ===
=== Section VII - Restoring DS Connection Settings ===
In this section, you will restore DS Connection Settings to the way it was before it was temporarily replaced with Flipnote Studio in an earlier section.


# Insert your SD card into your computer
#Navigate to <code>Nintendo 3DS</code> -> <code><ID0></code> -> <code><ID1></code> -> <code>Nintendo DSiWare</code> on your SD card
# Navigate to <code>Nintendo 3DS</code> -> <code><ID0></code> -> <code><ID1></code> -> <code>Nintendo DSiWare</code> on your SD card
#Copy the <code>42383841.bin</code>  file from the <code>clean</code> folder of the downloaded DSiWare archive (output_(name).zip) to the <code>Nintendo DSiWare</code> folder, replacing the existing one
# Copy the <code>484E4441.bin</code>  file from the <code>clean</code> folder of the downloaded DSiWare archive (output_(name).zip) to the <code>Nintendo DSiWare</code> folder
#Reinsert your SD card into your console
# Reinsert your SD card into your device
#Power on your console
# Power on your device
#Launch System Settings on your console
# Launch System Settings on your device
#Navigate to <code>Data Management</code> -> <code>DSiWare</code> -> <code>SD Card</code> (image)
# Navigate to <code>Data Management</code> -> <code>DSiWare</code>
#Select the “Nintendo DSi™” title
# Under the “SD Card” section, select the “Haxxxxxxxxx!” title
#Select “Copy”, then select “OK”
# Select “Copy”, then select “OK”
# Exit System Settings
# Power off your device


<span style="font-size:200%;">Continue to [[3dsguide:finalizing-setup|Finalizing Setup]]</span>
<span style="font-size:200%;">Continue to [[3dsguide:finalizing-setup|Finalizing Setup]]</span>

Latest revision as of 22:12, 18 July 2023

Technical Details

This method of using Seedminer for further exploitation uses your movable.sed file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.

This is a currently working implementation of the “FIRM partitions known-plaintext” exploit detailed here.

OOjs UI icon information-warning.svg You should only be able to get to this page if you are running version 11.16.0. If you are on any firmware other than 11.17.0 or 11.16.0, STOP as these instructions WILL LEAD TO A BRICK on other firmwares!!

What You Need

  • Your movable.sed file from completing Seedminer
  • The latest release of Frogminer_save (Frogminer_save.zip)
  • 11.16.0 or 11.17.0 users: The v6.1.1 release of b9sTool (direct download)
  • The latest release of Luma3DS (the Luma3DS .zip file)

Instructions

Section I - CFW Check

As an additional safety measure, we will perform an additional check for custom firmware. This is because using this method when custom firmware is already installed has a risk of bricking the console (rendering it unusable without recovery methods like ntrboot).

  1. Power off your console
  2. Hold the (Select) button
  3. Power on your console while still holding the (Select) button
  4. If the check was successful, you will boot to the HOME Menu and you may proceed with this guide
  5. Power off your console
OOjs UI icon information-destructive.svg If you see a configuration menu or the console immediately powers off, you already have CFW, and continuing with these instructions may BRICK your console! Follow Checking for CFW to upgrade your existing CFW.

Section II - BannerBomb3

In this section, you will trigger the BannerBomb3 exploit using the DSiWare Management menu and copy the resulting file dump to your computer so that you can use it on the next section.

  1. Reinsert your SD card into your console
  2. Power on your console
  3. Launch System Settings on your console
  4. Navigate to Data Management -> DSiWare -> SD Card (image)
    • Your console should show the BB3 multihax menu
    • If this step causes your console to crash, follow this troubleshooting guide
  5. Use the D-Pad to navigate and press the (A) button to select “Dump DSiWare”
    • Your console will automatically reboot
  6. Power off your console

Section III - Prep Work

In this section, you will copy the files necessary to temporarily replace DS Connection Settings with Flipnote Studio, which is used to launch the boot9strap (custom firmware) installer.

  1. Insert your SD card into your computer
  2. Open the DSIHaxInjector_new website on your computer
  3. Under the “Username” field, enter any alphanumeric name (no spaces or special characters)
  4. Under the “DSiBin” field, upload your DSiWare backup file (e.g. 42383841.bin) from the root of your SD card using the first “Browse…” option
  5. Under the “MovableSed” field, upload your movable.sed file using the second “Browse…” option
  6. Under the “InjectionTarget” field, set the injection target to DSinternet (NOT memorypit)
  7. Click “Build”
    • Wait a few seconds for the build process to complete
  8. In the Build History section on the left, type the Username into the “Filter Builds” field
  9. Click on the first search result
    • This result should have the latest timestamp
  10. Click the “output_(name).zip” link
  11. Navigate to Nintendo 3DS -> <ID0> -> <ID1> -> Nintendo DSiWare on your SD card
    • <ID0> is the 32-letter folder name that you copied in Seedminer
    • <ID1> is a 32-letter folder inside of the <ID0>
  12. Delete F00D43D5.bin from your Nintendo DSiWare folder
  13. Copy the 42383841.bin file from the hax folder of the downloaded DSiWare archive (output_(name).zip) to the Nintendo DSiWare folder
  14. Copy boot.firm and boot.3dsx from the Luma3DS .zip to the root of your SD card
    • The root of the SD card refers to the initial directory on your SD card where you can see the Nintendo 3DS folder, but are not inside of it
  15. Copy boot.nds (B9STool) from the release .zip to the root of your SD card
  16. Copy the private folder from the Frogminer_save .zip to the root of your SD card
  17. Reinsert your SD card into your console
  18. Power on your console

Section IV - Overwriting DS Connection Settings

In this section, you will copy the hacked DS Connection Settings DSiWare to internal memory, which will temporarily replace it with Flipnote Studio.

  1. Launch System Settings on your console
  2. Navigate to Data Management -> DSiWare -> SD Card (image)
  3. Select the “Haxxxxxxxxx!” title
    • If you are unable to select the “Haxxxxxxxxx” title, follow this troubleshooting guide
  4. Select “Copy”, then select “OK”
  5. Return to main menu of the System Settings
  6. Navigate to Internet Settings -> Nintendo DS Connections, then select “OK” (image)
  7. If the exploit was successful, your console will have loaded the JPN version of Flipnote Studio
    • If your console does not load the JPN version of Flipnote Studio, follow this troubleshooting guide

Section V - Flipnote Exploit

OOjs UI icon information-progressive.svg If you would prefer a visual guide to this section, one is available here.

In this section, you will perform a series of very specific steps within Flipnote Studio that, when performed correctly, will launch b9sTool, the boot9strap (custom firmware) installer.

  1. Complete the initial setup process for the launched game until you reach the main menu
    • Select the left option whenever prompted during the setup process
    • If you encounter an issue while doing this section, check this troubleshooting guide for your issue
  2. Using the touch-screen, select the large left box, then select the box with an SD card icon
  3. Once the menu loads, select the face icon, then the bottom right icon to continue
  4. Press (X) or (UP) on the D-Pad depending on which is shown on the top screen
  5. Select the second button along the top with a film-reel icon
  6. Scroll right until reel “3/3” is selected
  7. Tap the third box with the letter “A” in it
  8. Scroll left until reel “1/3” is selected
  9. Tap the fourth box with the letter “A” in it
  10. If the exploit was successful, your console will have loaded b9sTool
  11. Using the D-Pad, move to “Install boot9strap”
    • If you miss this step, the system will exit to HOME Menu instead of installing boot9strap and you will need to open Nintendo DS Connections and start over from the beginning of this section
  12. Press (A), then press START and SELECT at the same time to begin the process
  13. Once completed and the bottom screen says “done.”, exit b9sTool, then power off your console
    • You may have to force power off by holding the power button
    • If your console shuts down when you try to power it on, ensure that you have copied boot.firm from the Luma3DS .zip to the root of your SD card
    • If you see the Luma Configuration screen, power off your console and continue to the next section

Section VI - Luma3DS Configuration

  1. Press and hold (Select), and while holding (Select), power on your console
  2. Your console should have booted into the Luma3DS configuration menu
    • Luma3DS configuration menu are settings for the Luma3DS custom firmware. Many of these settings may be useful for customization or debugging
    • For the purpose of this guide, leave these options on the default settings (do not check or uncheck anything)
    • If your console shuts down when you try to power it on, ensure that you have copied boot.firm from the Luma3DS .zip to the root of your SD card
  3. Press (Start) to save and reboot

At this point, your console will boot to Luma3DS by default.

  • Luma3DS does not look any different from the normal HOME Menu. If your console has booted into the HOME Menu, it is running custom firmware.
  • On the next page, you will install useful homebrew applications to complete your setup.

Section VII - Restoring DS Connection Settings

In this section, you will restore DS Connection Settings to the way it was before it was temporarily replaced with Flipnote Studio in an earlier section.

  1. Navigate to Nintendo 3DS -> <ID0> -> <ID1> -> Nintendo DSiWare on your SD card
  2. Copy the 42383841.bin file from the clean folder of the downloaded DSiWare archive (output_(name).zip) to the Nintendo DSiWare folder, replacing the existing one
  3. Reinsert your SD card into your console
  4. Power on your console
  5. Launch System Settings on your console
  6. Navigate to Data Management -> DSiWare -> SD Card (image)
  7. Select the “Nintendo DSi™” title
  8. Select “Copy”, then select “OK”

Continue to Finalizing Setup

Retrieved from "https://wiki.hacks.guide/w/index.php?title=3DS:Alternate_Exploits/Installing_boot9strap_(Fredtool)&oldid=3354"