Run exploit on your 3DS

April 15, 2021 - 2 min read

The goal of this guide is to enable an unmodified 3DS to run homebrew apps and backup games. This guide will install a file to a critical partition on the 3DS system, which will execute automatically on boot to enable additional features.

Preparation

What you will need

  • New 3DS, New 3DS XL, or New 2DS XL in any region with firmware 11.14.0

  • microSD card and microSD card reader

    Format your microSD card to FAT32 if your 3DS doesn't recognize it.

  • Computer with internet access

Download 3ds-sd.zip and extract its content to the root of the microSD card.

microSD card folder structure

├── arm11code.bin
├── boot.firm
├── SafeB9SInstaller.bin
├── boot9strap/
│   ├── boot9strap.firm
│   └── boot9strap.firm.sha
├── cias/
│   └── FBI.cia
│   └── Universal-Updater.cia
├── gm9/
│   ├── scripts/
│   └── support/
└── luma/
    └── payloads
        └── GodMode9.firm

Insert the microSD card into your 3DS and turn it on.

Run exploit

On the 3DS home screen, press the Left and Right shoulder buttons together to open the camera. Tap the QR code button and scan the QR code below.

QR Code

Alternatively, manually open https://zoogie.github.io/web/nbhax-xl/ in the 3DS Internet Browser.

You should see the SafeB9SInstaller screen in a few seconds.

There is a small chance that the exploit might fail and cause your 3DS to freeze. In this case you will need to shut down your 3DS (hold down the power button for 4 seconds) and try again.

Install boot9strap

When prompted, input the given key combo to install boot9strap. Once it has completed, press the A button to reboot your 3DS.

Configure Luma3DS

Your 3DS should have rebooted into the Luma3DS configuration menu. Use the D-Pad and the A button to turn on Show NAND or user string in System Settings. Press the START button to save. You should see the 3DS home screen in a few seconds.

The config menu is shown once. The next time your 3DS is turned on, it will go directly to the 3DS home screen. If you want to access the config menu again, hold down the SELECT button while turning on your 3DS with the power button.

Backup essential files

Turn your 3DS off. Hold down the START button while turning on your 3DS with the power button to launch GodMode9.

If you are prompted with Essential files backup not found. Create one now?, press the A button to do so. Once it has completed, press the A button to continue.

If you are prompted with RTC date&time seems to be wrong. Set it now?, press the A button to do so. Set the date and time, then press the A button to continue.

  1. Press the Home button to open the actions menu
  2. Select Scripts... -> GM9Megascript -> Backup Options -> SysNAND Backup
  3. Press the A button to confirm backup

The backup process will take about 6 minutes. If you get an error, make sure that you have at least 1.3GB of free space on your microSD card.

  1. Press the A button to continue
  2. Press the B button to return to the parent menu
  3. Select Exit
Exploited devices are vulnerable to malware and user error because the original firmware's security features are bypassed in order to gain additional features. 2 backup files (<date>_<serial>_sysnand_##.bin and essential.exefs) are created on your microSD card in the `gm9/out` folder. These files will help you recover your device if anything goes wrong in the future.

Install included CIAs

  1. Select [0:] SDCARD (3DS) -> cias
  2. Use the D-Pad and the L shoulder button to mark FBI.cia and Universal-Updater.cia
  3. Press the A button to open the file actions menu
  4. Select CIA image options... -> Install game image
  5. Press the A button, then input the given key combo to confirm unlocking write permissions
  6. Once the installation completes, press the A button to continue
  7. Press the A button to relock write permissions
  8. Press the START button to reboot to the home screen

Homebrew apps

Now you have succesfully run exploit on your 3DS. There are a few homebrew apps installed during the process and their usages are explained below.

Luma3DS

Luma3DS runs automatically on boot. It removes region lock and allows you to run unauthorized content by removing signature checks. It also has an in-game menu (triggered by L+Down+Select) for cheats, taking screenshots, etc. Check Luma3DS's documentation for its features and usage.

GodMode9

Launch GodMode9 by holding down the START button while turning on your 3DS with the power button. GodMode9 can manage files on the microSD card, and on the 3DS system storage. It can also install titles in different file formats on your microSD card to appear on the 3DS HOME screen.

To install a title in CIA format:

  1. Select the CIA file
  2. Press the A button
  3. Select CIA image options... -> Install game image

To install a title downloaded from CDN/NUS:

  1. Select the TMD file for the title
  2. Press the A button
  3. Select TMD/CDN options... -> Install game image

Check GodMode9's documentation for its features and usage.

FBI

Install games or homebrew apps in CIA format from your microSD card, or over the Internet with a URL or QR code.

Universal-Updater

A homebrew app store for downloading and installing homebrew apps.

Additional homebrew apps

You can install additional homebrew apps by using Universal-Updater or FBI.

© 2023 RunExploit