hacks-guide/Guide_3DS
1
0
Fork 0
mirror of https://github.com/hacks-guide/Guide_3DS.git synced 2024-11-23 09:29:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

introduce new method (#1751)

Browse Source 
new method courtest of zoog and dp
approved by nh helpers and hax
This commit is contained in:
eip 2020-04-27 14:00:56 +10:00 committed by GitHub
parent b83fe454e2
commit bf7a743b46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 121 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_pages/en_US/finalizing-setup.txt
View File

@ -72,7 +72,7 @@ If, before following this guide, you already had an EmuNAND setup and would like
1. Launch the Download Play application (![]({{ "/images/download-play-icon.png" | absolute_url }}){: height="24px" width="24px"})
1. Wait until you see the two buttons
1. Press (L) + (Down) + (Select) at the same time to open the Rosalina menu
1. Press (Left Shoulder) + (D-Pad Down) + (Select) at the same time to open the Rosalina menu
1. Select "Miscellaneous options"
1. Select "Switch the hb. title to the current app."
1. Press (B) to continue

90
_pages/en_US/installing-boot9strap-(usm).txt Normal file
View File

@ -0,0 +1,90 @@
---
title: "Installing boot9strap (USM)"
---
{% include toc title="Table of Contents" %}
### Required Reading
In order to exploit the SAFE_MODE firmware of our system, we need to inject an exploited WiFi profile.
We can do this using an existing exploit, BannerBomb3.
To accomplish this, we use your system's encryption key (movable.sed) to build a DSiWare backup that exploits the system in order to inject the exploited WiFi profile to your connections list.
Once the WiFi profile has been injected, we will use SAFE_MODE, which is a recovery feature present on all 3DS consoles, to activate the exploited WiFi profile.
These instructions work on USA, Europe, Japan, and Korea region consoles as indicated by the letters U, E, J, or K after the system version.
If your (Right/Left Shoulder), (D-Pad Up) or (A) buttons do not work, you will need to use a [Legacy Method](legacy-methods). For assistance with this matter, join [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp) and ask, in English, for help.
{: .notice--danger}
### What You Need
* Your `movable.sed` file from completing [Seedminer](seedminer)
* The latest release of [Luma3DS](https://github.com/AuroraWright/Luma3DS/releases/latest)
#### Section I - Prep Work
1. Open [unSAFE_MODE-bb3 tool](https://usm.bruteforcemovable.com/) on your computer
1. Upload your movable.sed using the "Choose File" option
1. Click "Download unSAFE_MODE-bb3 archive"
+ This will download an exploit DSiWare called `F00D43D5.bin` and a SAFE_MODE exploit data file called `usm.bin` inside of a zip folder (`unSAFE_MODE-bb3.zip`)
1. If your console is powered on, power off your console
1. Insert your SD card into your computer
1. Copy `boot.firm` and `boot.3dsx` from the Luma3DS `.zip` to the root of your SD card
1. Copy `usm.bin` from the USM archive (`unSAFE_MODE-bb3.zip`) to the root of your SD card
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<32-character-id>` -> `Nintendo DSiWare` on your SD card
+ This `<ID0>` will be the same one that you used in [Seedminer](seedminer)
+ If `Nintendo DSiWare` does not exist, create it
1. If there are any existing DSiWare backup files (`<8-character-id>.bin`) in this folder, move them to your PC
+ This will leave you with an empty Nintendo DSiWare folder. Moving the files to your PC ensures you don't delete any intentional backups
1. Copy the `F00D43D5.bin` file from the USM archive (`unSAFE_MODE-bb3.zip`) to the `Nintendo DSiWare` folder
#### Section II - BannerBomb3
1. Reinsert your SD card into your device
1. Power on your device
1. Launch System Settings on your device
1. Navigate to `Data Management` -> `DSiWare`
1. Click on the SD Card section
+ Your system should flash Red and then crash a few seconds later. This means the exploit profile was successfully copied
1. Power off your device
#### Section III - unSAFE_MODE
1. With your system still powered off, hold the following buttons: (Left Shoulder) + (Right Shoulder) + (D-Pad Up) + (A), then press (Power)
+ Release the buttons after a few seconds. Your console will boot into Safe Mode
1. Press "OK" to accept the update
+ There is no update. This is part of the exploit
1. Press "I accept" to accept the terms and conditions
1. The update will eventually fail, with error code `003-1099`. This is intended behaviour
1. When asked "Would you like to configure Internet settings?", select "Yes"
1. On the following menu, navigate to `Connection 1` -> `Change Settings` -> `Next Page (right arrow)` -> `Proxy Settings` -> `Detailed Setup`
1. Once you see `B9S install SUCCESS` on the top screen, press any button to reboot to Luma Configuration
#### Section IV - Configuring Luma3DS
1. Your device should automatically show the Luma Configuration menu
1. Use the (A) button and the D-Pad to turn on the following:
+ **"Show NAND or user string in System Settings"**
1. Press (Start) to save and reboot
+ Your device should load the Home Menu after a short delay. If you get a black screen lasting longer than 5 minutes, [follow this troubleshooting guide](troubleshooting#black-screen-on-sysnand-boot-after-installing-boot9strap)
#### Section V - Restoring WiFi Configuration Profiles
1. Launch System Settings on your device
1. Navigate to `Data Management` -> `DSiWare`
1. Click on the SD Card section
+ Your system should flash Green and then crash a few seconds later. This means your WiFi configuration profiles were successfully restored
1. Power your system off
1. Insert your SD card into your computer
1. Navigate to `Nintendo 3DS` -> `<ID0>` -> `<32-character-id>` -> `Nintendo DSiWare` on your SD card
+ This `<ID0>` will be the same one that you used in [Seedminer](seedminer)
1. Delete `F00D43D5.bin` from your Nintendo DSiWare folder
1. Put your SD card back in your console and power on
___
### Continue to [Finalizing Setup](finalizing-setup)
{: .notice--primary}

21
_pages/en_US/legacy-methods.txt Normal file
View File

@ -0,0 +1,21 @@
---
title: "Legacy Methods"
---
{% include toc title="Table of Contents" %}
### Required Reading
There have been multiple improvements and advancements to methods for installing CFW over the last short while.
For this reason, it is recommended you use the most up-to-date method found on the [Seedminer](seedminer) page.
However, "legacy" or outdated methods are kept here for various purposes. They will require that you have done [Seedminer](seedminer) first.
If you need help, join [Nintendo Homebrew on Discord](https://discord.gg/MWxPgEp) and ask, in English, for assistance.
1. [BannerBomb3](bannerbomb3): Seedminer + BannerBomb3 + Fredtool
1. [Pichaxx](homebrew-launcher-(pichaxx)): Seedminer + Pichaxx + DSiWare Dumper + Fredtool
+ Pichaxx also has a sub method: [Frogtool](installing-boot9strap-(frogtool)): Seedminer + Pichaxx + Frogtool
All of these options should also finish with [Finalizing Setup](finalizing-setup).

21
_pages/en_US/seedminer.txt
View File

@ -75,29 +75,20 @@ There are two different methods for building on the Seedminer exploit (described
+ Keep this file as you will need it in the upcoming pages
___
### Methods
___
#### Seedminer + unSAFE_MODE
#### Seedminer + BannerBomb3 + Fredtool
This method of using Seedminer for further exploitation uses your `movable.sed` file to decrypt any DSiWare title for the purposes of injecting an exploitable DSiWare title into the DS Internet Settings application.
This method of using Seedminer for further exploitation uses your `movable.sed` file to take advantage of exploits in the SAFE_MODE firmware present on all 3DS units.
This method is compatible with all regions, though CHN region is not covered by this guide.
This method requires that the DS Internet Settings be functioning properly (see the test at the top of this page).
Continue to [BannerBomb3](bannerbomb3)
Continue to [unSAFE_MODE](installing-boot9strap-(usm))
{: .notice--primary}
___
#### Seedminer + PicHaxx + DSiDumper + Fredtool
#### Legacy Methods
This method of using Seedminer for further exploitation uses your `movable.sed` file to gain access to the Homebrew Launcher using the PicHaxx exploit for the purpose of dumping a system DSiWare. This method requires you to already own (or download) the free "Pokemon Picross" game from the eShop.
This method is only compatible with the EUR, JPN, and USA regions, and is somewhat more complicated than the above method. It is only recommended to use this method if you do not have a functioning DS Internet Settings application.
Continue to [Homebrew Launcher (PicHaxx)](homebrew-launcher-(pichaxx))
{: .notice--primary}
These methods are outdated and not recommended unless you have a specific purpose for them, or you have been advised to use them.
[Legacy Methods](legacy-methods)

4
_pages/en_US/site-navigation.txt
View File

@ -9,7 +9,7 @@ sitemap: false
+ [Finalizing Setup](finalizing-setup)
+ [Homebrew Launcher (Soundhax)](homebrew-launcher-(soundhax))
+ [Installing boot9strap (SafeB9SInstaller)](installing-boot9strap-(SafeB9SInstaller))
+ [Installing boot9strap (unSAFE_MODE)](installing-boot9strap-(usm))
{% endcapture %}
<div class="notice--info">{{ notice-1 | markdownify }}</div>
@ -49,10 +49,12 @@ sitemap: false
+ [Installing boot9strap (ntrboot)](installing-boot9strap-(ntrboot))
+ [Installing boot9strap (SafeB9SInstaller)](installing-boot9strap-(safeb9sinstaller))
+ [Installing boot9strap (Soundhax)](installing-boot9strap-(soundhax))
+ [Installing boot9strap (unSAFE_MODE)](installing-boot9strap-(usm))
+ [Move EmuNAND](move-emunand)
+ [ntrboot](ntrboot)
+ [Region Changing](region-changing)
+ [Seedminer](seedminer)
+ [Legacy Seedminer Methods](legacy-methods)
+ [Troubleshooting](troubleshooting)
+ [Uninstall CFW](uninstall-cfw)
+ [Updating B9S](updating-b9s)