3DS developer Normmatt has recently demonstrated an upcoming technique to unbrick 3DS consoles, using, among other things, a simple magnet. The technique, in some aspects, is reminiscent of the “pandora battery” used to put early PSP models into service mode.
How a magnet can unbrick your 3DS
Of course, there’s much more to it than a simple magnet. A group of hackers (including Normmatt and SciresM, who spread the word on the magnet technique) discovered, and revealed a few weeks ago, that the 3DS can enter some equivalent of the PSP’s service mode, and get bootrom execution through the use of a crafted NDS cartridge on the 3DS.
It appears that this might have been intentional on Nintendo’s end, to fix potential bricks. In order to prevent hackers from discovering the trick, an additional layer of security was added: The console will only enter this special mode when a specific combination of buttons is pressed while the shell is also closed. A physical impossibility, except a carefully positioned magnet on the console will have the hardware believe that the console is closed, letting you press the buttons you want.
In addition to the magnet, people willing to unbrick their 3DS consoles will also need a Nintendo DS Flashcart. Not all flascharts will be compatible though, as they need to be reflashable (re-written with custom unbrick code). The hackers are working on making their code compatible with as many flashcarts as possible before they release. The reason, they say, is to avoid seeing the scene jump onto a single brand of flashcarts and see prices skyrocket.
For now, the unbricking technique has not been released, and only confirmed to work by the closed group of developers behind the hack. However, their findings have been endorsed by the 3DS scene, and in particular Smealum. There’s no reason at the moment to believe this could be a hoax.
Magnethax, as it’s been nicknamed, will allegedly let people unbrick all models of 3DS, including the New 3DS and the 2DS. Of course, this will only work for software-based issues (such as a NAND gone wrong), and not hardware problems (e.g. MCU bricks).
I’m sure other tools than a magnet could have been used here, including maybe 3D-printing some piece of plastic, integrated in the shell, that would be able to press the buttons while still closing the console. Still, the simplicity of the magnet is probably what makes the beauty of this trick, even though it had to be the simplest problem to solve, compared to what hackers have to do once they gain bootrom code execution.
Lia over at GBATemp has a great FAQ on what is known so far:
Q: Can Nintendo patch this? A: Nope! Not without a new hardware revision.
Q: My flashcard is blocked by my firmware! Can I still use this? A: Yes! The flashcard blacklist is not enabled on the bootrom.
Q: So, can this work with any flashcard? A: No, it is not an NDS file. The flashcard needs to be reflashable.
Q: What flashcards have been confirmed to work at this time? A: None, as of now. However, we have proof that at least one works.
Q: But this flashcard is flashable, should I buy this? A: No! They are working on making this compatible for more devices, please wait until it is released, your flashcard might be compatible!
Q: Will my 3DS flashcard work? A: No, only NDS flashcards.
Q: When will the compatible flashcards be confirmed? A: Most likely when it’s released.
Q: I tried to do this with my cartridge and it didn’t work? A: It doesn’t work with regular DS cards.
Q: When will it be released? A: When it’s ready. Don’t pester the developers for it. It’ll be ready when it’s ready.
Q: Can I unbrick from a ____ brick? A: Considering the card has access to the bootrom, most likely yes! This can potentially unbrick any brick (except MCU), unless you’ve taken a knife to the motherboard.
Q: Can I install B9S on the latest firmware with this? A: Again, since the card has access to the bootrom, you can potentially do this easily! Just plug in your flashcard, boot up using the magnet and button combination, and install.
Time to look in your old pile of electronics to see if you still have some of these NDS flashcarts lying around.
1- Extract your SysNAND using Win32DiskImager via hardmod and take it to a safe place in your PC (doesn´t even matter if this SysNAND is fuc..ked up it could be used as a “checkpoint” in the future)
2- Follow this guide to Install B9S (sighax) in the copy of your SysNAND via hardmod (in my case I use the 11.4 native firm as current.firm -2nd Step of the Guide- because when I updated my 3ds the v11.4 was the last firm launched by Nintendo If you dont remember which firm was the last when you updated your 3ds just try one by one) https://3ds.guide/installing-boot9strap-(hardmod)
3-Flash back to your 3ds the copy of your SysNAND that was renamed to NAND-patched.bin as the guide says with Win32DiskImager (at this point your SysNAND already has the sighax installed and now you can launch luma chainloader)
4-Download and copy to your SDCard the latest Luma Files for Boot9Strap (sighax) and the latest Decrypt9Wip for Boot9Strap (this should be at luma/payloads and in .firm Format) and make sure the file “aeskeydb.bin” is at the “files9” folder on the root of your SDCard
6-Conect the SdCard back to your 3ds and power on the 3ds holding “start” bottom to launch luma’s chainloader and launch Decrypt9Wip and then go to “Sysnand Options>CTRNAND transfer…>Auto CTRNAND transfer” complete the combo keys and choose the CTRtransfer File and wait until finish
7-After rebooting the console it has to boot Normally then you just have to update your firm to 11.4 and install FBI and that stuff
For the technical details on what the unbrick process is based on, check the presentation by SciresM, here