This page still works fine, however, it is quite outdated and complicated. Follow here for an updated Sudoku+sudokuhax guide. Sudokuhax is really the only exploit you need.
We will now install an exploitable DSiWare on your DSi. Before starting, look at the table below and choose one of the DSiWares for your region. If you have already gotten one of these on your DSi or on a 3DS, choose that one. If not, choose Sudoku, which is the only one still purchaseable on the 3DS eshop. After choosing a DSiWare, write down its short and long IDs.
|DSiWare/Application||Short ID||Long ID|
|Legends of Exidia||USA: 4b4c4545
|The Legend of Zelda: Four Swords Anniversary Edition||USA: 4b513945
We do not condone the use of piracy to obtain a copy of one of these DSiWare applications, and strongly encourage you to buy Sudoku on the 3DS eshop instead of resorting to piracy (seriously, it's only $2).
What you need
- A way to boot into FWTool, such as ugopwn (incompatible with non-USA consoles)
- A decrypted Nand backup of the DSi you are installing an exploit to
- A .app or .cia version of the DSiWare you want to install
- The latest release of ctrtool
- The sudoku patch pack
- The tmds for exploitable DSiWares
- The latest release of HxD, or some other hex editor
- The latest release of OSFMount
- The latest release of TWLTool
- The DSiWareHax Saves pack
- The latest release of No$GBA
- The Nintendo DSi BIOS
- The DSi footer template
- The latest release of fwTool
- You don't need to follow this section if you already have your DSiWare installed, or if you already have a .app version of your DSiWare.
- If you don't have a .cia version of the DSiWare you want to install, use FunkeyCIA or Villain3DS to get one using the eshop data of a 3DS console that has bought one of these apps (if you haven't bought one yet, Sudoku is the only one still on the eShop).
- Download and extract the contents of the
crtool releaseto a new folder
- Place your .cia file in the crtool folder and rename it to
extract.bat. You should get a file called
00000000.app, which is the .app version of your DSiWare.
- You do not need to follow this section if the DSiWare app you are exploiting is not Sudoku. If you have Sudoku on your DSi already but bought after 2011, you should still follow this section and the next one, because you probably have the version that cannot execute the exploit.
- Download the
sudoku patch packand extract it to a new folder.
- Place your .app version of sudoku in that folder. (If you have sudoku on your DSi already, you can find it in the
title/00030004/XXXXXXXX/content folderof your decrypted nand backup, with XXXXXXXX being the short ID of your version of Sudoku.
- Open Lunar IPS. Select "Apply IPS patch".
- Select the .ips file corresponding to your DSi's region.
- Switch the file view from "Most Common ROM Files" to "All files (*.*)".
- Select your .app file. It will then be turned into the original Sudoku.
- If your DSi already has the app you're trying to install an exploit to, you can skip this section (this only applies if that app is not Sudoku, refer to Section II for why that is).
- Create a new folder with a name that matches the short ID of the game you are trying to install. From now on, this guide will refer to that folder as the "short ID folder".
- Inside the short ID folder, create two new folders, called "content" and "data".
- Put the .app version of your DSiWare in the "content folder".
- Download the
tmd packand drag the .tmd file corresponding to your DSiWare into the content folder.
- Rename it to
- Open title.tmd in a hex editor. Go to offset 208 (Row 20, column 08). Delete it and everything after it, shortening the file.
- Go to offset 1E7. Write down the two numbers you see there.
- Rename your .app file to
000000XX.app, with XX being the two numbers you got in the previous step.
- Make a copy of your decrypted nand backup, and use OSFMount to mount it.
- Open the
titlefolder, and then open the
00030004folder inside it.
- Move the short ID folder into the
- Go back to the root of the mounted nand backup, then open the
- Open the
00030004folder inside the
- Copy any of the .tik files you see there to another folder on your computer.
TWLTool.zipand extract it into a new folder.
- Move the .tik file you got in the previous steps to the TWLTool folder.
- Download the
ticket-handling.zipand extract the two .bat files into the TWLTool folder.
decrypt ticket.batin a text editor and replace "ConsoleID_BLANK" with your DSi's Console ID.
- Save and run
decrypt ticket.bat. You should get a file called
dec_ticket.tikin a hex editor.
- Go to offset 1DC and replace it (and the next 8 offsets) with the long ID of your DSiWare, then save the file.
- Open the other .bat file,
encrypt ticket.bat, in a text editor and replace "ConsoleID_BLANK" with your DSi's Console ID.
- Save and run
encrypt ticket.bat. You should get a file called
- Rename it to
XXXXXXXX.tik, with XXXXXXXX being your DSiWare's short ID.
- Move that .tik file to the
ticket/00030004 folderof your Nand backup.
- If you haven't already done so, mount your decrypted Nand backup
- Download and open the
DSiWareHax saves pack.
- Choose the folder for your DSiWare and region and open it. You should see a “title” folder inside it.
- Drag that “title” folder onto the root of your decypted Nand backup. Accept if it asks if you want to merge folders and overwrite the public.sav file already there.
- Unmount your decrypted nand backup, then re-encrypt it with TWLTool.
- Download and extract NO$GBA to a directory.
- Make a copy of the re-encrypted nand backup in your NO$GBA directory (make sure you have extracted the NO$GBA archive) and rename it to DSI-1.mmc
- Extract the DSi BIOS files from the "DSi firmware files.zip" archive into the NO$GBA directory
- Download the DSi footer template file and extract it to the NO$GBA directory.
- Open it in HxD.
- Replace the 16 bytes filed with AAs with your CID
- Replace the 8 bytes filed with BBs with your Console ID, but reversed. This means that if your Console ID starts with the byte 26 and ends with 08, for example, it should now end with 26 and start with 08.
- After you have inserted your CID and Console ID, highlight and copy the entire footer file.
- Open DSi-1.mmc and scroll to the end of the file. At the end of the file, paste in the footer.
- Save and close DSi-1.mmc and open No$GBA.
- Go to options and then Emulation setup.
- In the Emulation tab, set “Reset/Startup Entrypoint” to “GBA/NDS BIOS (Nintendo logo)” and NDS Mode Colors to “DSi (retail/16MB)”. Then click Save Now and then OK.
- Go to File, Cartridge Menu (FileName), and then open any .nds file (such as FWTool).
- Your NAND will now be emulated by NO$GBA. Go to the DSi main menu.
- You should see a gift-wrapped icon. Tap it to reveal your newly-installed DSiWare.
- Open the DSiWare you installed and trigger the exploit. You should see an error occur in NO$GBA.
- If anything that was described above does not match what you saw, you made a mistake. Either try to find what it is or try this procedure again from the beginning.
- If your encrypted NAND and exploit works on NO$GBA, then rename the original re-encrypted nand backup to nand_dsi.bin (if it asks you to overwrite, you may want to move the other nand_dsi.bin somewhere else and try renaming it again)
- Move the new nand_dsi.bin to the folder in your SD card with random letters (if it asks to overwrite, simply accept)
- Open fwtool using any exploit you have on your DSi (if you only have ugopwn, follow steps 8-22 of the Downgrading page to open fwtool).
- Once in FWTool again, select
Restore nand_dsi.bin(This may take a while. DO NOT EXIT FWTool until the restoration is complete.)
- Exit FWTool. You should now have an exploited DSiWare installed!
Section I - Converting your .cia to a .app
Section II - Patching Sudoku
Section III - Installing the DSiWare app to a nand backup
Section IV - Installing the exploited save
Section V - Testing Your NAND with NO$GBA
Section VI - Flashing your NAND
If you would like to check out what DSi Homebrew you can now use, check out the Homebrew Downloads page.