It's here!

​

Info

@Normmatt has created a way to run B9S .firm files from bootrom via a DSi Flashcard and a magnet! This works on every 3DS on any firmware version.

For installation without a PC, user @TheCyberQuake has created a pack which will automatically install B9S and copy over essential starter homebrew from the flashcard's SD to the 3DS's. This will mainly be used for PC-less B9S installations. If you have a PC with you, use 3ds.guide. Read more here: https://gbatemp.net/threads/481141/

How does this work?

This works because of a flaw in the bootrom. Before the bootrom boots the NAND, it checks to see if Start+Select+X is held down, and if the shell is closed. If these requirements are met, it will boot an NDS cartridge from the bootrom. This give that cartridge bootrom access. You might be wondering how you'd hold down buttons while the shell is closed, and why you need a magnet. If you put a magnet in a specific spot on the 3DS, it will go into sleep mode. Using this, you can boot the NDS cartridge with the buttons held down while in sleep mode! Using a reflashable flashcard, you can boot B9SInstaller using the flashcard, and easily install it on your 3DS.

The 2DS doesn't need a magnet since a switch puts it to sleep instead of a magnet.

What does this mean?

1. Any 3DS model on any firmware can be hacked with minimal effort
2. You can unbrick any 3DS model from any type of brick.
   - Remember, you don't need a NAND backup for this. Just do a CTRTransfer.
   - This does not apply to MCU bricks.
3. Even consoles with fried NAND, or even the NAND chip physically removed, can use this

This is incredibly impressive stuff, and will most likely be released soon! edit: now!

FAQ

Q: Can Nintendo patch this?
A: Nope! Not without a new hardware revision.

Q: My flashcard is blocked by my firmware! Can I still use this?
A: Yes! The flashcard blacklist is not enabled on the bootrom.

Q: Why can't this work with my flashcard?
A: The installation requires you to flash NTRBoot to the flashcard's nand. Most DS flashcards, such as the original R4, have a ROM, which is not flashable.

Q: Can I install NTRBoot on my flashcard without another 3DS system?
A: If you can run NDS roms on your 3DS with it, then yes. If it's blocked on your 3DS version, then you'll need another 3DS system to use it.

Q: Will my 3DS flashcard work?
A: No, only the NDSi flashcards listed above.

Q: Will any other flash cards work?
A: Only the ones listed in the OP. However keep in mind that flashcards such as the DSTT, Supercard DS2 and R4 SDHC Dualcore are planned to be supported in the future.

Q: I tried to do this with my cartridge and it didn't work?
A: It doesn't work with regular DS cards.

Q: Can I unbrick from a ____ brick?
A: Considering the card has access to the bootrom, yes! This can unbrick any brick (except MCU), unless you've taken a knife to the motherboard.

Q: Can I install B9S on the latest firmware with this?
A: Again, since the card has access to the bootrom, you can do this easily! Just plug in your flashcard, boot up using the magnet and button combination, and install.

Q: Does this work on the New Nintendo 2DS XL?
A: Yes!

Release
Guide
Free NTRBoot Flashing
Free B9S Installations

Here is SciresM's post about this

Please see SciresM's presentation on bootromhax.​

 

[urherenow]

Idk how find the requirement files i have only the 11.5 bin

--------------------- MERGED ---------------------------

Do you have a tuto and the files for the script?

they're godmode9 scripts.

 

[laharl22]

they're godmode9 scripts.

But how To find the neccessary files for the script?

 

[laharl22]

I want to try ctr transfert with decrypt9 but it say me 0x24 keys not found and freeze

 

[laharl22]

There are other method for unbrick a 3ds with b9s?im missing with azadur script and decrypt9 doesnt boot and ctr transfert with gm9 give me black screen i really need help

 

[CrunchyChicks]

ak2i_ntrcardhax_flasher has now been updated but it says that R4i SDHC cannot support restore feature. How would I go about doing it so that I can still use it as a DS flashcart afterwards? I only have an unhacked 3DS with me.

 

[RustInPeace]

Still how do ppl know that cards over 2014 will work????

Maybe not too useful to you, my 2015 R4iSDHC RTS Lite works with the new update.

 

[PolskiWisnia]

No you won't be able to play DS games after flashing.

ak2i_ntrcardhax_flasher has now been updated but it says that R4i SDHC cannot support restore feature. How would I go about doing it so that I can still use it as a DS flashcart afterwards? I only have an unhacked 3DS with me.

 

[laharl22]

Anybody can help me for unbrick my 3ds?

 

[signz]

I don't suppose any of those work with NTRBoot yet?

While the upper left one is a "r4i-sdhc.com" cart I'm not sure it's included in the "Support for r4i-sdhc.com and r4isdhc.com carts has been added!" part of the changelog.

 

[Technicmaster0]

I don't suppose any of those work with NTRBoot yet?

Correct. Only the R4i 3DS RTS and the R4i 3DS B9S by r4i-sdhc.com are supported.

 

[MrJason005]

Correct. Only the R4i 3DS RTS and the R4i 3DS B9S by r4i-sdhc.com are supported.

Err, no?

 

[Technicmaster0]

Err, no?
-snip-

Where is the problem?

 

[RedBlueGreen]

I don't suppose any of those work with NTRBoot yet?

While the upper left one is a "r4i-sdhc.com" cart I'm not sure it's included in the "Support for r4i-sdhc.com and r4isdhc.com carts has been added!" part of the changelog.

You could try using the build in this thread http://gbatemp.net/threads/r4i-b9s-flashcart-tested-and-impression.484620/ it doesn't support NTRBoot injection officially but you can inject the R4i B9S card's flash dump into other R4-SDHC cards (after backing up your card's flash first).

Use the version that says it has the NOR sanity check removed. That's assuming the top leftmost cart has a flash chip and not just a plain ROM chip.

--------------------- MERGED ---------------------------

There are other method for unbrick a 3ds with b9s?im missing with azadur script and decrypt9 doesnt boot and ctr transfert with gm9 give me black screen i really need help

I just did a CTR transfer with Godmode9 and Luma. Worked fine, my restored console also has my old friends list

 

[Technicmaster0]

You could try using the build in this thread http://gbatemp.net/threads/r4i-b9s-flashcart-tested-and-impression.484620/ it doesn't support NTRBoot injection officially but you can inject the R4i B9S card's flash dump into other R4-SDHC cards (after backing up your card's flash first).

Use the version that says it has the NOR sanity check removed. That's assuming the top leftmost cart has a flash chip and not just a plain ROM chip.

His card isn't even DSi compatible. I'm 97% sure that it won't work with the curent flasher.

 

[emuashui]

fyi 1. ntrboot_flasher v0.31 unable to detect silver r4isdhc2013, but can detect 2014, 2017.

2. Backing up the flash as default filename backup.bin for 2014 and 2017 was successful.

3. Restoring dumped flash for 2014 was tested and at the end restore was reported failed.

4. Not yet tried ntrboot inject as without way of successful restore/flashing there is no immediate need for me.

 

[CheatFreak47]

I was bored the other day and decided to sort out making a build of GodMode9 you can flash to an R4i Gold 3DS RTS that will allow any 3DS to be hacked in seconds without needing to remove the SD card- including almost every homebrew you'd need.

When compiling GodMode9, it supports including a mountable image in vram (in my case a romfs built with 3dstool) of up to 3MB, you can also include an aeskeydb and a *.gm9 script that you can have run immediately when GM9 boots.

Unfortunately the R4i Gold 3DS RTS won't boot ntrboot payloads of about 1.4MiB, so I had to get clever.
Thanks to @AnalogMan for helping me with the idea to use multiupdater and for knowing the max size of the GodMode9 payload for this flashcart.

These things combined allowed me to craft a godmode9 ntrboot flashable payload that contains:

• Boot9Strap 1.3 (installed by the script, no need for safeb9sinstaller or anything)
  
• Luma 3DS 8.1.1 (copied to both NAND and SD card by script)
• config.bin for Luma 3DS (hand-made by myself to point at Activity Log for HBL, as well as turn on 4 configuration settings I use)
• boot.3dsx (A copy of multiupdater 3.2.1, dropped on the root of the Sd where HBL usually goes)
• config.json (A configuration for that multiupdater that downloads a file I've uploaded to the internet, and replaces itself with it.)

The item I uploaded to the internet is ZIP3DSFX by d0k3 with an archive full of homebrew and payloads. When extracting the zip, the homebrew launcher will replace the ZIP3DSFX 3dsx and the multiupdater config, leaving no traces of extra junk on the SD card from that process, after the zip3dsfx finishes extracting, it'll exit to the newly dropped homebrew launcher, leaving you to any additional operations you want to perform.

The end all be all is this, any online 3DS can be hacked completely in a bit over a minute using just the flashcart and magnet with only a handful of user inputs needed.

I might make a detailed tutorial on how to do this sometime later maybe, the process for setting this up yourself is rather complex if you're a noob since you need to have devkitpro, firmtool, and a few other things installed in order to build homebrew, which is very much required here.

 

[DocKlokMan]

-snip-

Hey, you beat me to it! I'm glad it ended up working out just as planned. And thanks for making a video on it too!

 

[urherenow]

There are other method for unbrick a 3ds with b9s?im missing with azadur script and decrypt9 doesnt boot and ctr transfert with gm9 give me black screen i really need help

First, go make your own thread and maybe you'll get some help. This thread is about ntrboot.

 

[Quantumcat]

I want to try ctr transfert with decrypt9 but it say me 0x24 keys not found and freeze

You need aeskeydb.bin

 

[jimmyj]

So does the .com.cn variant of the r4 dual core 2017 work ? Some say just .com and others say that .com.cn also works. Anyone know anything?