It's here!

​

Info

@Normmatt has created a way to run B9S .firm files from bootrom via a DSi Flashcard and a magnet! This works on every 3DS on any firmware version.

For installation without a PC, user @TheCyberQuake has created a pack which will automatically install B9S and copy over essential starter homebrew from the flashcard's SD to the 3DS's. This will mainly be used for PC-less B9S installations. If you have a PC with you, use 3ds.guide. Read more here: https://gbatemp.net/threads/481141/

How does this work?

This works because of a flaw in the bootrom. Before the bootrom boots the NAND, it checks to see if Start+Select+X is held down, and if the shell is closed. If these requirements are met, it will boot an NDS cartridge from the bootrom. This give that cartridge bootrom access. You might be wondering how you'd hold down buttons while the shell is closed, and why you need a magnet. If you put a magnet in a specific spot on the 3DS, it will go into sleep mode. Using this, you can boot the NDS cartridge with the buttons held down while in sleep mode! Using a reflashable flashcard, you can boot B9SInstaller using the flashcard, and easily install it on your 3DS.

The 2DS doesn't need a magnet since a switch puts it to sleep instead of a magnet.

What does this mean?

1. Any 3DS model on any firmware can be hacked with minimal effort
2. You can unbrick any 3DS model from any type of brick.
   - Remember, you don't need a NAND backup for this. Just do a CTRTransfer.
   - This does not apply to MCU bricks.
3. Even consoles with fried NAND, or even the NAND chip physically removed, can use this

This is incredibly impressive stuff, and will most likely be released soon! edit: now!

FAQ

Q: Can Nintendo patch this?
A: Nope! Not without a new hardware revision.

Q: My flashcard is blocked by my firmware! Can I still use this?
A: Yes! The flashcard blacklist is not enabled on the bootrom.

Q: Why can't this work with my flashcard?
A: The installation requires you to flash NTRBoot to the flashcard's nand. Most DS flashcards, such as the original R4, have a ROM, which is not flashable.

Q: Can I install NTRBoot on my flashcard without another 3DS system?
A: If you can run NDS roms on your 3DS with it, then yes. If it's blocked on your 3DS version, then you'll need another 3DS system to use it.

Q: Will my 3DS flashcard work?
A: No, only the NDSi flashcards listed above.

Q: Will any other flash cards work?
A: Only the ones listed in the OP. However keep in mind that flashcards such as the DSTT, Supercard DS2 and R4 SDHC Dualcore are planned to be supported in the future.

Q: I tried to do this with my cartridge and it didn't work?
A: It doesn't work with regular DS cards.

Q: Can I unbrick from a ____ brick?
A: Considering the card has access to the bootrom, yes! This can unbrick any brick (except MCU), unless you've taken a knife to the motherboard.

Q: Can I install B9S on the latest firmware with this?
A: Again, since the card has access to the bootrom, you can do this easily! Just plug in your flashcard, boot up using the magnet and button combination, and install.

Q: Does this work on the New Nintendo 2DS XL?
A: Yes!

Release
Guide
Free NTRBoot Flashing
Free B9S Installations

Here is SciresM's post about this

Please see SciresM's presentation on bootromhax.​

 

[Cuphat]

EMUNAND has ALWAYS been a choice. A good choice, but to fair, it was never required for any cfw or GW. Not at all. Now there is less reason to have one, but some people have use for it regardless. (region-free patches don't let you browse other region's eshop, but a region change can (I think?) for example)

While technically true, unless you had a hardmod, an EmuNAND was required for N3DS to downgrade to 2.1 before CTRTransfers where created. Downgrading to 2.1 was of course required to get the OTP and install A9LH.

Sure, you could run Pasta from the Homebrew Launcher forever and have CFW that way, but that was hardly ideal.

 

[urherenow]

You should've seen how painful it was back then when we have to make an emunand first and all, and have to brick the 3ds intentionally just to install a9lh. Oh, those were the times.

Sent from my SM-G950F using Tapatalk

While technically true, unless you had a hardmod, an EmuNAND was required for N3DS to downgrade to 2.1 before CTRTransfers where created. Downgrading to 2.1 was of course required to get the OTP and install A9LH.

Sure, you could run Pasta from the Homebrew Launcher forever and have CFW that way, but that was hardly ideal.

Why was that? I don't remember and I've always been hardmodded. But I'm fairly certain there were tools like decrypt9 already available to dump your nand and xorpads... weren't there? Actually, I'm sure of it. I wrote the tutorial on Maxconsole to manually perform a system transfer way before a9lh was a thing, because my regular transfer from o3ds to new3ds got messed up somehow, and I REFUSED to lose my Mii Plaza progress, among other things.

EDIT: And I'm fairly certain you could already dump and flash sysnand from the GW menu, as well as emunand. You've never needed a GW card to use that menu either. Although since at least b9s, that menu seems to be gone now

EDIT2: Nevermind. I forgot the button. Had to hold L+Select (perhaps because of my Luma settings). I can still get there without my GW inserted though, although it's not automatic, like it used to be. I HAVE to hold the buttons, even without a GW.

 

[Cuphat]

Why was that? I don't remember and I've always been hardmodded. But I'm fairly certain there were tools like decrypt9 already available to dump your nand and xorpads... weren't there? Actually, I'm sure of it. I wrote the tutorial on Maxconsole to manually perform a system transfer way before a9lh was a thing, because my regular transfer from o3ds to new3ds got messed up somehow, and I REFUSED to lose my Mii Plaza progress, among other things.

Downgrading to 2.1 before CTRTransfers was done using sysUpdater, and downgrading to 2.1 on a N3DS that way is a guaranteed brick. You had to then unbrick it (by dumping the NAND, using a PC tool, and then restoring the NAND to sysNAND originally, OTPHelper eventually was made to do it without the PC step).

An O3DS could YOLO downgrade to 2.1 and pray it doesn't brick, but a N3DS needed an EmuNAND as it would absolutely brick otherwise. Or, I guess, a hardmod.

 

[Lindorel]

I have a DSTT if you need testers, no problem! Feel free to contact me

Ídem, I have a DSTT and I could test

 

[Timburpton]

Also, why isn't the AK2i even more recommended as the nds cart to buy if you're looking to get into ntrboot?

You can flash NTRboot and still the AK2i working as an nds cart!

Now as long as I carry my AK2i and a screw driver, I can mod any console on the go. Heck, if I see a gameshop trying to charge people $100 for a 11.5 mod, I can simply charge them $10 for the mod or even do it for free if I was feeling generous.

 

[RustInPeace]

Also, why isn't the AK2i even more recommended as the nds cart to buy if you're looking to get into ntrboot?

You can flash NTRboot and still the AK2i working as an nds cart!

Now as long as I carry my AK2i and a screw driver, I can mod any console on the go. Heck, if I see a gameshop trying to charge people $100 for a 11.5 mod, I can simply charge them $10 for the mod or even do it for free if I was feeling generous.

For someone with an NDS or another N3DS with CFW, AK2i is a prime choice. But strip away those, and the person just has a stock 3DS, they need a supported R4i, as flashing on stock with AK2i only goes up to FW 4.3.0. This is considering they want to do this by themselves and/or can't access you or someone similar in any way.

 

[Timburpton]

For someone with an NDS or another N3DS with CFW, AK2i is a prime choice. But strip away those, and the person just has a stock 3DS, they need a supported R4i, as flashing on stock with AK2i only goes up to FW 4.3.0. This is considering they want to do this by themselves and/or can't access you or someone similar in any way.

Oh yeah, fair enough.

I was thinking more along the lines as having AK2i-NTRboot as a unbricker first followed by a modding tool.

 

[mvmiranda]

What console do you have? New, old, USA, EUR, JPN?

I have both a O3DS classic and a 2DS with the same issue.
They are all USA.
Thx!

 

[DocKlokMan]

I have both a O3DS classic and a 2DS with the same issue.
They are all USA.
Thx!

Okay, I will have something to test later today. Need to dig out my o3DS.

 

[tw_gbman]

3ds b9s1.2

Uninstall CFW

ver11.5

ntrboot test 1

work

ntrboot test 2

work

 

[Shadicluigi]

3ds b9s1.2
View attachment 96690
Uninstall CFW
View attachment 96691
ver11.5
View attachment 96692
ntrboot test 1
View attachment 96693
work

ntrboot test 2
View attachment 96694
work

It works on R4i 3DS RTS!? Edit: that's the r4ids.cn one

 

[tw_gbman]

It works on R4i 3DS RTS!? Edit: that's the r4ids.cn one

yes! R4i 3DS RTS www.r4ids.cn

 

[mvmiranda]

Okay, I will have something to test later today. Need to dig out my o3DS.

No rush, @AnalogMan!
Just tag me when you have something ready!
Thank you very much, in advance!

 

[greatdini]

Hi there!
First of all, I would like to thank the developers for such a good job, and all those involved.
Now I have a question. I followed the 3ds.guide tutorial using the NTRboothax and an Acekard 2i to mod my O3DSXL. As a result, now I got a 3DS with luma and the starter pack installed and working. The only issue is that when I open Download Play app it ends openning the Homebrew Launcher. And when I open the Homebrew Launcher it gives me an error. Tried deleting DownloadPlay and installing again via update, but it gives the same errors. Did someone get this problem too? And how to solve that? Searching the web and forum, just found an error that opening HBlauncher it opens the DownlosdPlay. It's not the same problem but it may be related. If the post is on the wrong place, then sorry. And sorry for my bad english too.

Enviado de meu Redmi Note 3 usando Tapatalk

 

[PolskiWisnia]

Did I understand everything correctly:
- there's zero chance to brick the 3DS during installing CFW
- you can unbrick many of already bricked 3DSes
- it can't be patched
- it's easy to do
- you mustn't downgrade to 2.1 for OTP dump

 

[GerbilSoft]

Did I understand everything correctly:
- there's zero chance to brick the 3DS during installing CFW
- you can unbrick many of already bricked 3DSes
- it can't be patched
- it's easy to do
- you mustn't downgrade to 2.1 for OTP dump

That's correct.

Regarding patching: In theory, Nintendo could update the boot ROM in new production runs. (This would only affect new systems.) Thing is, they knew about the vulnerability since the first 3DSes shipped in 2011, since it was present in factory FIRM but not 1.0. They've had over 6 years to fix it, and haven't done a single thing.

 

[KunoichiZ]

Did I understand everything correctly:
- there's zero chance to brick the 3DS during installing CFW
- you can unbrick many of already bricked 3DSes
- it can't be patched
- it's easy to do
- you mustn't downgrade to 2.1 for OTP dump

That's all correct.

Edit: Ninja'd

 

[PolskiWisnia]

What's an OTP anyway (yeah, offtopic question, but I really don't know)?

 

[yacepi15]

What's an OTP anyway (yeah, offtopic question, but I really don't know)?

One Time Programable memory.

 

[PolskiWisnia]

OK, I understand it now. Thanks for that