It's here!

​

Info

@Normmatt has created a way to run B9S .firm files from bootrom via a DSi Flashcard and a magnet! This works on every 3DS on any firmware version.

For installation without a PC, user @TheCyberQuake has created a pack which will automatically install B9S and copy over essential starter homebrew from the flashcard's SD to the 3DS's. This will mainly be used for PC-less B9S installations. If you have a PC with you, use 3ds.guide. Read more here: https://gbatemp.net/threads/481141/

How does this work?

This works because of a flaw in the bootrom. Before the bootrom boots the NAND, it checks to see if Start+Select+X is held down, and if the shell is closed. If these requirements are met, it will boot an NDS cartridge from the bootrom. This give that cartridge bootrom access. You might be wondering how you'd hold down buttons while the shell is closed, and why you need a magnet. If you put a magnet in a specific spot on the 3DS, it will go into sleep mode. Using this, you can boot the NDS cartridge with the buttons held down while in sleep mode! Using a reflashable flashcard, you can boot B9SInstaller using the flashcard, and easily install it on your 3DS.

The 2DS doesn't need a magnet since a switch puts it to sleep instead of a magnet.

What does this mean?

1. Any 3DS model on any firmware can be hacked with minimal effort
2. You can unbrick any 3DS model from any type of brick.
   - Remember, you don't need a NAND backup for this. Just do a CTRTransfer.
   - This does not apply to MCU bricks.
3. Even consoles with fried NAND, or even the NAND chip physically removed, can use this

This is incredibly impressive stuff, and will most likely be released soon! edit: now!

FAQ

Q: Can Nintendo patch this?
A: Nope! Not without a new hardware revision.

Q: My flashcard is blocked by my firmware! Can I still use this?
A: Yes! The flashcard blacklist is not enabled on the bootrom.

Q: Why can't this work with my flashcard?
A: The installation requires you to flash NTRBoot to the flashcard's nand. Most DS flashcards, such as the original R4, have a ROM, which is not flashable.

Q: Can I install NTRBoot on my flashcard without another 3DS system?
A: If you can run NDS roms on your 3DS with it, then yes. If it's blocked on your 3DS version, then you'll need another 3DS system to use it.

Q: Will my 3DS flashcard work?
A: No, only the NDSi flashcards listed above.

Q: Will any other flash cards work?
A: Only the ones listed in the OP. However keep in mind that flashcards such as the DSTT, Supercard DS2 and R4 SDHC Dualcore are planned to be supported in the future.

Q: I tried to do this with my cartridge and it didn't work?
A: It doesn't work with regular DS cards.

Q: Can I unbrick from a ____ brick?
A: Considering the card has access to the bootrom, yes! This can unbrick any brick (except MCU), unless you've taken a knife to the motherboard.

Q: Can I install B9S on the latest firmware with this?
A: Again, since the card has access to the bootrom, you can do this easily! Just plug in your flashcard, boot up using the magnet and button combination, and install.

Q: Does this work on the New Nintendo 2DS XL?
A: Yes!

Release
Guide
Free NTRBoot Flashing
Free B9S Installations

Here is SciresM's post about this

Please see SciresM's presentation on bootromhax.​

 

[yacepi15]

Just regarding the what is fixable discussion.
Blue screen is caused by the 3DS not being able to read the NAND. So if you get a blue screen without an SD reader, your NAND chip is dead. This is not fixable without replacing the chip, however, this entrypoint should allow us to emuNAND everything thus bypassing the integrated NAND.
Black screen bricks are worse in that you don't actually know what is wrong, because as far as I know, MCU bricks blackscreen too. However, if you blackscreen due to a NAND issue, it is most like a working chip whit crap data on it. That would be fixable wihtout the need for permanent emuNAND.

Blue screen: Unless F800FE, should be fixable. (You could use a EmuNAND, but you would need to do the magnet trick every time you power on the console.)
Black Screen: If it goes to the Nintendo error screen, should be fixable. If it stays in black, but the screens are powered on, it may be fixed. If screens are not on, it can be anything.

 

[gamesquest1]

Just regarding the what is fixable discussion.
Blue screen is caused by the 3DS not being able to read the NAND. So if you get a blue screen without an SD reader, your NAND chip is dead. This is not fixable without replacing the chip, however, this entrypoint should allow us to emuNAND everything thus bypassing the integrated NAND.
Black screen bricks are worse in that you don't actually know what is wrong, because as far as I know, MCU bricks blackscreen too. However, if you blackscreen due to a NAND issue, it is most like a working chip whit crap data on it. That would be fixable wihtout the need for permanent emuNAND.

Again both black and blue screens can indicate perfectly fixable issues or completely no hope issues, there is no definitive blue= fixable, black= dead as a dodo

A system with some components ripped of the board would probably display either of those to symptoms or just pop and turn off depending on what was removed


I guess if anything atleast if you see the blue screens you know both lcd's are working so it has some value

 

[BlastedGuy9905]

OK HOW THE FUCC DO THEY DISCOVER THESE?!
Here's my theory:
Random 3ds user: *what would happen if i put a magnet in a very certain point, hold down a finger-twisting button combo and have my flashcard get flashed with a random thingy?* *OH WAIT I KNOW I COULD INSTALL B9S!!!*





yes.

 

[RedBlueGreen]

OK HOW THE FUCC DO THEY DISCOVER THESE?!
Here's my theory:
Random 3ds user: *what would happen if i put a magnet in a very certain point, hold down a finger-twisting button combo and have my flashcard get flashed with a random thingy?* *OH WAIT I KNOW I COULD INSTALL B9S!!!*





yes.

Well the 3DS uses a magnet in the right speaker to put the console to sleep so putting another magnet on the sensor does the same thing. And the button combination is programmed into the bootrom likely to fix software damaged consoles easily. I assume this was discovered by reverse engineering the bootrom.

 

[Quantumcat]

But, if the NAND is not accessible, how is an emuNAND even going to be created? Doesn't it normally copy the sysNAND?

 

[ItsMetaKnight]

Well the 3DS uses a magnet in the right speaker to put the console to sleep so putting another magnet on the sensor does the same thing. And the button combination is programmed into the bootrom likely to fix software damaged consoles easily. I assume this was discovered by reverse engineering the bootrom.

This. It's all scientific, no black magic.

 

[yacepi15]

But, if the NAND is not accessible, how is an emuNAND even going to be created? Doesn't it normally copy the sysNAND?

In my case, i have loots of NAND backups of my failed-hardmod system... And it initially bricked for restoring a corrupted one...

Also... Firm0 + Firm1 : B9Strap . CTRNand: CTRTransfer. I think that wont be a problem for the rest of the people.

 

[Baoulettes]

Random question, if this load before any other system protect etc, would it allow to boot nand from another console?
I ask it just out of curiousity it seem it would work to launch fully custom "rom" on it ?

 

[gamesquest1]

But, if the NAND is not accessible, how is an emuNAND even going to be created? Doesn't it normally copy the sysNAND?

Well I'm sure if there was a real demand for it, it would be fairly simple to botch up a manually made Emunand for that purpose

 

[Deleted User]

Random question, if this load before any other system protect etc, would it allow to boot nand from another console?
I ask it just out of curiousity it seem it would work to launch fully custom "rom" on it ?

This is my curiosity as well. I am not sure what part of NAND (or all of it) is console specific. If you have a NAND issue (most BSoD bricks and some eternal black screen bricks) you can install B9S and CTRNAND over it. So I am very confused. But if it works, I don't need to question it. I just am appreciative of our devs

 

[Snooli]

This is my curiosity as well. I am not sure what part of NAND (or all of it) is console specific. If you have a NAND issue (most BSoD bricks and some eternal black screen bricks) you can install B9S and CTRNAND over it. So I am very confused. But if it works, I don't need to question it. I just am appreciative of our devs

My theory behind this is, that this entrypoint is a restore entry for Nintendo. Thus it should be able to restore a completely fked up NAND. Don't ask me if we would also have to create an image generator from serial code or something, or if it automatically generates that partition, but we "should" be able to duplicate software restore of a Nintendo repair facility.
Again, take this with a grain of salt, it's just a theory.

 

[BlastedGuy9905]

Well the 3DS uses a magnet in the right speaker to put the console to sleep so putting another magnet on the sensor does the same thing. And the button combination is programmed into the bootrom likely to fix software damaged consoles easily. I assume this was discovered by reverse engineering the bootrom.

I did know that... I just wanted to have a little fun you know

 

[ivoyko]

its funny how most people here think they are more wise than rest of forum and think they know what its fixable or no fixable before the release its out.

 

[Deleted User]

its funny how most people here think they are more wise than rest of forum and think they know what its fixable or no fixable before the release its out.

We are making assumptions based off of facts we already know.

Here is a logical train of though:

devs say we can even fix a brick with a fried NAND chip -> we can boot NAND from SD card

this boots before everything else on console -> we have NAND access before NAND does -> we can fix a BSoD (mostly) by installing the right NAND or booting from SD card

this boots before everything else on console -> we have NAND access before NAND does -> we might be able to fix some of the Black Screen of Deaths (ignoring MCU bricks)

It is logical thought based off of previously acquired information. Normmatt/SciresM also said it fixes any kind of brick besides MCU or if your hardware had a stop-sign hammered into it with a diamond chainsaw

 

[RedBlueGreen]

Any new info?

 

[linuxares]

Any new info?

When its done

 

[gamesquest1]

Any new info?

I saw a bee today

 

[tivu100]

Blue screen: Unless F800FE, should be fixable. (You could use a EmuNAND, but you would need to do the magnet trick every time you power on the console.)
Black Screen: If it goes to the Nintendo error screen, should be fixable. If it stays in black, but the screens are powered on, it may be fixed. If screens are not on, it can be anything.

Are you sure Blue screen F800FE not fixable? Anyone else can confirm?

Where did you get that info from?

 

[ivoyko]

Are you sure Blue screen F800FE not fixable? Anyone else can confirm?

Where did you get that info from?

His brian because i dont see that in any place.

 

[yacepi15]

His brian because i dont see that in any place.

F800FE is NAND chip damaged error.