In order: Gold Key and Iron Key, my pair of NTRBoot carts made from dying flashcarts.

Would you like cheese on your burger? :)

They are just pieces of plastic.

@Gregozor2121 yes but they're also the key to hacking any 3DS, no matter the system version.

@Parzi How do they work?

@Gregozor2121 If I remember correctly, it's a title ID buffer overflow exploiting a factory-use boot-directly-to-cart-yes-i'm-sure-do-it-now function. Basically, normally the 3DS would see the fucked title and go "welp, this cart's fucked" and refuse to show it's even there, but in this bootloader-only factory-override mode it would copy the name to RAM then immediately jump to an area of memory with the code to wipe RAM and launch a cart while disregarding everything else about system state... oh wait the cart title's there too and we're running from the name of the cart. From there, keys are pulled from memory, saved to SD, and a firmware is launched to install a new bootloader, which is signed with those keys that were just pulled.

This works even with 0-size NAND and you have 100% control over the hardware in that state, so even the most devastating bricks can be fixed (aside from ones caused physically, that is...)

tl;dr: Pandora Battery but with extra steps and it's a gamecart.

@Parzi Sounds like sci fi but it actualy works!

@Gregozor2121 some people still swear it's actual witchcraft as technically key extraction should be impossible at that point

but it's possible somehow?