It's here!

​

Info

@Normmatt has created a way to run B9S .firm files from bootrom via a DSi Flashcard and a magnet! This works on every 3DS on any firmware version.

For installation without a PC, user @TheCyberQuake has created a pack which will automatically install B9S and copy over essential starter homebrew from the flashcard's SD to the 3DS's. This will mainly be used for PC-less B9S installations. If you have a PC with you, use 3ds.guide. Read more here: https://gbatemp.net/threads/481141/

How does this work?

This works because of a flaw in the bootrom. Before the bootrom boots the NAND, it checks to see if Start+Select+X is held down, and if the shell is closed. If these requirements are met, it will boot an NDS cartridge from the bootrom. This give that cartridge bootrom access. You might be wondering how you'd hold down buttons while the shell is closed, and why you need a magnet. If you put a magnet in a specific spot on the 3DS, it will go into sleep mode. Using this, you can boot the NDS cartridge with the buttons held down while in sleep mode! Using a reflashable flashcard, you can boot B9SInstaller using the flashcard, and easily install it on your 3DS.

The 2DS doesn't need a magnet since a switch puts it to sleep instead of a magnet.

What does this mean?

1. Any 3DS model on any firmware can be hacked with minimal effort
2. You can unbrick any 3DS model from any type of brick.
   - Remember, you don't need a NAND backup for this. Just do a CTRTransfer.
   - This does not apply to MCU bricks.
3. Even consoles with fried NAND, or even the NAND chip physically removed, can use this

This is incredibly impressive stuff, and will most likely be released soon! edit: now!

FAQ

Q: Can Nintendo patch this?
A: Nope! Not without a new hardware revision.

Q: My flashcard is blocked by my firmware! Can I still use this?
A: Yes! The flashcard blacklist is not enabled on the bootrom.

Q: Why can't this work with my flashcard?
A: The installation requires you to flash NTRBoot to the flashcard's nand. Most DS flashcards, such as the original R4, have a ROM, which is not flashable.

Q: Can I install NTRBoot on my flashcard without another 3DS system?
A: If you can run NDS roms on your 3DS with it, then yes. If it's blocked on your 3DS version, then you'll need another 3DS system to use it.

Q: Will my 3DS flashcard work?
A: No, only the NDSi flashcards listed above.

Q: Will any other flash cards work?
A: Only the ones listed in the OP. However keep in mind that flashcards such as the DSTT, Supercard DS2 and R4 SDHC Dualcore are planned to be supported in the future.

Q: I tried to do this with my cartridge and it didn't work?
A: It doesn't work with regular DS cards.

Q: Can I unbrick from a ____ brick?
A: Considering the card has access to the bootrom, yes! This can unbrick any brick (except MCU), unless you've taken a knife to the motherboard.

Q: Can I install B9S on the latest firmware with this?
A: Again, since the card has access to the bootrom, you can do this easily! Just plug in your flashcard, boot up using the magnet and button combination, and install.

Q: Does this work on the New Nintendo 2DS XL?
A: Yes!

Release
Guide
Free NTRBoot Flashing
Free B9S Installations

Here is SciresM's post about this

Please see SciresM's presentation on bootromhax.​

 

[Jayro]

There surely is some easy way to reflash the entire Switch in Nintendo repair facilities.

Probably over USB with the right drivers and signed closed-source software, yeah. Maybe even in a special maintenance mode used just for flashing, like Android recovery type stuff.

 

[Snooli]

Probably over USB with the right drivers and signed closed-source software, yeah. Maybe even in a special maintenance mode used just for flashing, like Android recovery type stuff.

That seems easier than a custom cartrige with proprietary code completely different from amy game, closed-sourced AND signed and only triggerable while in an unachievable state.

 

[RedBlueGreen]

That seems easier than a custom cartrige with proprietary code completely different from amy game, closed-sourced AND signed and only triggerable while in an unachievable state.

The cartridge method is probably easier actually. They can produce tons of cartridges and just flash the NAND if that's what needs fixing. That would allow a lot of employees to quickly and easily repair consoles. With USB and flashing drivers you would need the console hooked up to some form of computer, which would take up space (unless it's a chip computer like a Pi), be more expensive, and possibly take longer.

 

[Deleted member 381889]

Please DO NOT spread misinformation saying that some flashcards will or won't work!

 

[Gamer4647]

If somebody makes a flashcard just for this, we might have a flashcard that can't be touched legally. Flashcards are stopped by Nintendo for piracy and the use of headers and NLDFs of legit games to bypass checks. If a flashcard was made only to do this exploit, it can't be touched for piracy (at least not specifically), it can't be touched for DS or 3DS headers and logos (copyrighted content), and it can't be touched since it uses a built-in / official feature (we didn't break anything).

At least I wish it would be like that. Note that I said might.

 

[Spore2]

If the button combo works with the magnet place above the B button, the 3DS should boot into the DS flashcard right? I did it but it boots into the Luma menu. So it's possible that the video is not the actual hacked flashcard but just a B9S 3DS flashed with a bad nand.bin in safe mode so when you press SELECT+START+X it is just recognizing the SELECT button which boots the Luma menu which can be done with all B9S 3DS units. Maybe to prove that its the flashcard booting the device it should be shown that it won't boot without the flashcard then when he inserts the hacked flashcard it will boot to Luma

 

[Deleted member 381889]

If the button combo works with the magnet place above the B button, the 3DS should boot into the DS flashcard right? I did it but it boots into the Luma menu.

It doesn't work with any flashcard or DS Card.

 

[Gamer4647]

It doesn't work with any flashcard or DS Card.

I think they meant it went to Luma instead of showing the bootrom screen, because Luma is mapped to Select.

 

[The Real Jdbye]

AK2i will work with this, as confirmed by Normmatt himself. @Lia You may want to add that to the OP.
Seems that it also requires a flasher currently, but that it could technically be done with a 3DS homebrew.

[23:49:00] <+Normmatt> currently Ak2i works (including all the fake ones)
[23:49:28] <+Normmatt> you need another deivce also
[23:49:34] <+Normmatt>
[23:49:43] <+Normmatt> currently that is
[23:50:03] <+Normmatt> technically you could flash it using a 3DSX file on homebrew loader
[23:50:17] <+Normmatt> but i dont use a 3DS at all to flash it
[23:51:36] <+Normmatt> only problem is
[23:51:49] <+Normmatt> any card you flash, no longer will work as a Flashcard

 

[Gamer4647]

AK2i will work with this, as confirmed by Normmatt himself. @Lia You may want to add that to the OP.
Seems that it also requires a flasher currently, but that it could theoretically be done with a 3DS homebrew.

[23:51:36] <+Normmatt> only problem is
[23:51:49] <+Normmatt> any card you flash, no longer will work as a Flashcard

Guessing that just means you just can't load it as a DS game anymore.

 

[The Real Jdbye]

Guessing that just means you just can't load it as a DS game anymore.

Basically. Not a big deal to me, my AK2i has been collecting dust since it stopped supporting the 3DS and I got a DSTWO instead.

 

[Yepi69]

Here's hoping this will work with the DSTwo+. Either way, it's impressive, and comical to see how bad Nintendo goofed leaving this in the bootrom. Maybe it'll even still be in the New 2DS XL's bootrom, allowing for a bootrom dump on day 1, lol.

Makes sense for them to do add this, they could recover bricked consoles for their customers rather than manufacturing new ones.

Sent from my Vodafone Smart ultra 6 using Tapatalk

 

[Gamer4647]

Makes sense for them to do add this, they could recover bricked consoles for their customers rather than manufacturing new ones.

Sent from my Vodafone Smart ultra 6 using Tapatalk

Could've done with a better button combination.

 

[Snooli]

Let's start work on a GBAtemp repair cartrige. I'm sure we could get it under $5 if we make a bulk order. And as Gamer explained above, it shouldn't even be legaly exploitable by nintendo.

--------------------- MERGED ---------------------------

Actually you still might be. He later on said the he could work out a backup for the AK2i, which would allow it to be flashed back. Once I get home, I'll sort through all these IRC screenshots I have on my phone.

 

[Deleted member 381889]

AK2i will work with this, as confirmed by Normmatt himself. @Lia You may want to add that to the OP.
Seems that it also requires a flasher currently, but that it could technically be done with a 3DS homebrew.

I will not be adding this to the OP yet, as I do not want lots of people buying an Acekard 2i now, when it could support their flashcard.

 

[Snooli]

I will not be adding this to the OP yet, as I do not want lots of people buying an Acekard 2i now, when it could support their flashcard.

Pretty much why I think we should make our own card specially designed for this.

 

[Gamer4647]

Pretty much why I think we should make our own card specially designed for this.

The only problem is setting up deals with a manufacturer or seller.

Edit: Well idk. If you buy blank cards instead, it would have to be flashed manually. If you're talking about mass production, it's going to be challenging.

 

[ItsMetaKnight]

Does nobody remember the PassMe homebrew cartridges for the original DS? It's not impossible to make a cheap mass production of NTR cartridges.

 

[Yepi69]

Guessing that just means you just can't load it as a DS game anymore.

Time to buy a new dedicated flashcard and retire my DSTT to the b9s gods

Sent from my Vodafone Smart ultra 6 using Tapatalk

 

[Gamer4647]

Does nobody remember the PassMe homebrew cartridges for the original DS? It's not impossible to make a cheap mass production of NTR cartridges.

Didn't say it's impossible, but you'd have to gather some DS card manufacturers.