It's here!

​

Info

@Normmatt has created a way to run B9S .firm files from bootrom via a DSi Flashcard and a magnet! This works on every 3DS on any firmware version.

For installation without a PC, user @TheCyberQuake has created a pack which will automatically install B9S and copy over essential starter homebrew from the flashcard's SD to the 3DS's. This will mainly be used for PC-less B9S installations. If you have a PC with you, use 3ds.guide. Read more here: https://gbatemp.net/threads/481141/

How does this work?

This works because of a flaw in the bootrom. Before the bootrom boots the NAND, it checks to see if Start+Select+X is held down, and if the shell is closed. If these requirements are met, it will boot an NDS cartridge from the bootrom. This give that cartridge bootrom access. You might be wondering how you'd hold down buttons while the shell is closed, and why you need a magnet. If you put a magnet in a specific spot on the 3DS, it will go into sleep mode. Using this, you can boot the NDS cartridge with the buttons held down while in sleep mode! Using a reflashable flashcard, you can boot B9SInstaller using the flashcard, and easily install it on your 3DS.

The 2DS doesn't need a magnet since a switch puts it to sleep instead of a magnet.

What does this mean?

1. Any 3DS model on any firmware can be hacked with minimal effort
2. You can unbrick any 3DS model from any type of brick.
   - Remember, you don't need a NAND backup for this. Just do a CTRTransfer.
   - This does not apply to MCU bricks.
3. Even consoles with fried NAND, or even the NAND chip physically removed, can use this

This is incredibly impressive stuff, and will most likely be released soon! edit: now!

FAQ

Q: Can Nintendo patch this?
A: Nope! Not without a new hardware revision.

Q: My flashcard is blocked by my firmware! Can I still use this?
A: Yes! The flashcard blacklist is not enabled on the bootrom.

Q: Why can't this work with my flashcard?
A: The installation requires you to flash NTRBoot to the flashcard's nand. Most DS flashcards, such as the original R4, have a ROM, which is not flashable.

Q: Can I install NTRBoot on my flashcard without another 3DS system?
A: If you can run NDS roms on your 3DS with it, then yes. If it's blocked on your 3DS version, then you'll need another 3DS system to use it.

Q: Will my 3DS flashcard work?
A: No, only the NDSi flashcards listed above.

Q: Will any other flash cards work?
A: Only the ones listed in the OP. However keep in mind that flashcards such as the DSTT, Supercard DS2 and R4 SDHC Dualcore are planned to be supported in the future.

Q: I tried to do this with my cartridge and it didn't work?
A: It doesn't work with regular DS cards.

Q: Can I unbrick from a ____ brick?
A: Considering the card has access to the bootrom, yes! This can unbrick any brick (except MCU), unless you've taken a knife to the motherboard.

Q: Can I install B9S on the latest firmware with this?
A: Again, since the card has access to the bootrom, you can do this easily! Just plug in your flashcard, boot up using the magnet and button combination, and install.

Q: Does this work on the New Nintendo 2DS XL?
A: Yes!

Release
Guide
Free NTRBoot Flashing
Free B9S Installations

Here is SciresM's post about this

Please see SciresM's presentation on bootromhax.​

 

[Majickhat55]

i've attempted 3 different ctrtransfers, i'm not as incompetent as you're making me out to be. i wouldn't be doing a ctrtransfer if i had a nand backup, but again, i don't.

Not making you out to be incompetent man, I don't know you. More often than not people either claim to have done things they haven't, thought they did them and didn't or skipped them entirely and swore they did them. I'm not just going to assume you're a pro when you thought you had an unrecoverable brick and 100% didn't which is obvious if you were able to install B9S without NTR_Flasher.

Sorry for trying to help.

 

[DocKlokMan]

oh hey, its me!
Seems like that the 2.1 sleep mode brick isn't fixable by this method, I decided to see if I could try, to no success. Got b9s installed and everything, then did a 9.2 ctrtransfer, just to a consistent "failed to mount ctrnand" from luma. Unless I'm doing something wrong, I guess it's an unrecoverable brick

@Slattz had this too. He had to use Decrypt9 to do the CTRNAND transfer instead of GodMode9, for some reason only the former worked.

 

[Slattz]

@Slattz had this too. He had to use Decrypt9 to do the CTRNAND transfer instead of GodMode9, for some reason only the former worked.

Apparently it's because "Godmode9 doesn't handle header or encryption changes".
Anyways, I can confirm only D9 worked, GM9 didn't. Kinda odd since GM9 is meant to be superior.

 

[annson24]

oh hey, its me!
Seems like that the 2.1 sleep mode brick isn't fixable by this method, I decided to see if I could try, to no success. Got b9s installed and everything, then did a 9.2 ctrtransfer, just to a consistent "failed to mount ctrnand" from luma. Unless I'm doing something wrong, I guess it's an unrecoverable brick

@Slattz had this too. He had to use Decrypt9 to do the CTRNAND transfer instead of GodMode9, for some reason only the former worked.

Apparently it's because "Godmode9 doesn't handle header or encryption changes".
Anyways, I can confirm only D9 worked, GM9 didn't. Kinda odd since GM9 is meant to be superior.

@d0k3

Edit: didn't tagged the dev apparently. Will just report this as an issue then.

Sent from my SM-G950F using Tapatalk

 

[SteelWolf89]

Wait, is the SuperCard DSTWO no longer being worked on?

 

[BetterDuck]

Wait, is the SuperCard DSTWO no longer being worked on?

The original DSTWO is no longer being manufactured, from what I can tell. You'll have to get a DSTWO+ or just settle for something cheaper.

 

[SteelWolf89]

No, I mean I have a DSTWO, but I was asking if the DSTWO was no longer being worked on for NTRboot

 

[tw_gbman]

ak2i? 0r ak2.1?

hw:80 2.1

not dump

 

[DocKlokMan]

@d0k3

Edit: didn't tagged the dev apparently. Will just report this as an issue then.

Sent from my SM-G950F using Tapatalk

Did Decrypt9 work for you?

 

[GerbilSoft]

No. I think from what ive read. a MCU brick ends up frying the capacitors of the 3ds when they got overloaded during sleep mode on the lower fireware.

No, it definitely does not "fry the capacitors". If anything, the problem is the MCU firmware is overwritten due to a bad command and insufficient error checking.

It should be possible to unbrick this somehow, but I don't know if it would be possible without a hardmod (and not the standard eMMC hardmod).

 

[some1ne]

This is pretty rad lol

Spoiler

Hey, it works.

 

[XLuma]

Does ntrboothax only support the Acecard and the r4i gold 3ds, or the r4i-SDHC 3DS is supported too?

 

[BetterDuck]

Does ntrboothax only support the Acecard and the r4i gold 3ds, or the r4i-SDHC 3DS is supported too?

Support for that specific card is coming soon, along with other possible cards. They're still testing others as well.

 

[XLuma]

Great! Hope it will be supported! One of myfrined wanted to hack her n3ds ( on 11.5 ) So I will be able to help her

 

[urherenow]

ak2i? 0r ak2.1?

hw:80 2.1

not dump

HW 44 and HW81 are supported. Nowhere does anything mention that HW80 is supported.

 

[TheCyberQuake]

Pretty much finished setting up a pack that will install b9s and copy essential starter homebrew including Themely, FBI, freeShop, and NTRBootSelector.
All essential homebrew is .3dsx version for both speed and ease of installation
Simple scripts allow quick copying from SD to ramdrive, then back from ramdrive to target SD
Pack is simply placed on the microSD of the flashcard
All you would need is the flashcard with it's microSD, a microSD to SD adapter, magnet and screwdriver bit. With those four items and the pack you can install b9s on any system in 5 minutes or less.
Still putting the process and scripts through testing, but I'll probably make a separate thread later with the pack and a the instructions of how to use it.
I also need to remove things like the titlekey url from freeshop before releasing. My personal pack includes it for my friends, but can't post that online for obvious reasons.

It's taken a little trial and error, writing and modifying scripts, and streamlining the process as much as I can.
Release will probably be put out by the end of the week, including a video showing just how quick it can be done.
Currently requires 37.4MB free space on the microSD and target SD.

Edit: I of course always recommend to just follow the guide if you have a PC. This pack is more as a just-in-case. Better to be hacked but out of date than not hacked at all.

 

[bladerx]

Can support for standard Acekard 2 be added?

 

[Cuphat]

Can support for standard Acekard 2 be added?

Nope.

 

[RedBlueGreen]

Can the R4i (www.r4igold.cn) work? My friend has one of these.

 

[nl255]

No, it definitely does not "fry the capacitors". If anything, the problem is the MCU firmware is overwritten due to a bad command and insufficient error checking.

It should be possible to unbrick this somehow, but I don't know if it would be possible without a hardmod (and not the standard eMMC hardmod).

If it was a MCU brick then why does booting gm9 from ntrboot work on such a system at all?