Okay, thanks again! So, there is still a problem with all ExeFS data besides the .code, starting from 7x up? At this point this shouldn't happen, but I'll take a close look. I guess a need ztwo or three hours.
With Decrypt9 xorpads i can convert to cia or unpack rebuild 3ds convert to cia.And it always shows up on home menu and work.
With rxTools title decryptor i can convert to cia or unpack rebuild 3ds convert to cia.And it always shows up on home menu and work.
The icon and banner from Decrypt9 xorpads and rxTools title decryptor are always the same.
With Decrypt9 title decryptor i can convert to cia or unpack rebuild 3ds convert to cia,With old ncch games.And it always shows up on home menu and work.
With Decrypt9 title decryptor and 7.x ncch games if i convert to cia or unpack rebuild 3ds convert to cia they don't show up on home menu,But you can launch them with devmenu.
If i use the icon and banner from Decrypt9 xorpads or rxTools title decryptor with Decrypt9 title decryptor game they show up on home menu and work.
Would be good if someone else could try Decrypt9 title decryptor and see if they have the same problem.
I'm just taking a look at the data (P&D Demo)... from the output, it is clear that something went wrong. So it's not only you 
. I have an idea, though.
EDIT: If I'm right, the majority of 7x / seed games should have been okay and the problem only affects a subset. Is that correct?
. I have an idea, though.EDIT: If I'm right, the majority of 7x / seed games should have been okay and the problem only affects a subset. Is that correct?
I'm just taking a look at the data (P&D Demo)... from the output, it is clear that something went wrong. So it's not only you
EDIT: If I'm right, the majority of 7x / seed games should have been okay and the problem only affects a subset. Is that correct?
All 7x ncch games i have tried don't show up.
Okay, I got the problem. Just give me a few more minutes for a proper implementation and testing. In the meantime... RomFS and ExHeader was always properly decrypted, correct?
Still confused as to why you never asked me how I did this. I don't bite.
Well I'll ask.
How did you do this? It's ok if you bite a little, i don't mind. haha
That was a hard one... New release available that should fix the remaining problems.
The issue was in the alignment of the data to decrypt. Normally that's aligned to media units (0x200 byte) for all data and has to be aligned to 16 (0x10) byte (to make it more obvious, everything that is aligned 0x200 bytes, is also aligned to 0x10 bytes, cause that's a divisor). However, in ExeFS, data is aligned to bytes.
More info: while this release should fix all the remaining issues and all decrypted roms should be fine now, you should know that rxTools decrypted roms, xorer decrypted roms and Decrypt9 decrypted roms are not identical. rxTools uses the wrong keyslot for 7x / seed crypto file padding (just a cosmetic issue, though, files themselves are fine). Xorer doesn't reset the crypto flags in the NCCH header (that makes a difference of 2 byte to Decrypt9 decrpted ones). And Decrypt9 always uses the correct keyslot and properly sets the flags.
Still confused as to why you never asked me how I did this. I don't bite.
How to hell did you do this?Well I'll ask.
It's ok if you bite a little, i don't mind. haha
Haven't seen it earlier, but good thing! I also already took a look but don't see yet where the magic happens.Edit:
Code:
memcpy(CID,(u32*)0x01FFCD84,16); //get nand CID from arm9 ITCM
Last edited by d0k3,
Ok here's a recent version of decrypt9 with the spider launcher fix (with src). danger_zone enabled so watch out. I did test dumping and writing back all 6 partitions but your mileage may vary. Be careful, use at your own risk etc.
@d0k3 that source was for the 3ds_multi_decryptor fork. This release has the spider fix source.
@d0k3 that source was for the 3ds_multi_decryptor fork. This release has the spider fix source.
Last edited by zoogie,
You did it again everything works great now.
I tried old ncch,new ncch and 9.6 seed and all worked.
The only thing i didn't try was n3ds only games.Xenoblade is the only n3ds only game and that is 4GB and i don't have time to try that right now.
Of course it won't work on n3ds, n3ds doesn't have SPIDER.
There's no browser version for n3ds, only ninjhax version. Unless there's some way to run it from MSET on n3ds that I'm not aware of yet...
I know what you meant, and as far as i know there isn't a way to run it from the DS Profile (MSET) on n3ds. (yet).
Would be nice if it's possible though.
I took a look:
Code:
u32 GetNandCtr(u8* ctr, u32 offset)
{
int ctr_offset=0;
u8 temp[16]={0};
static const char* versions[] = {"4.x", "5.0","5.1","6.x", "7.x", "8.x", "9.x"};
static const u8* version_ctrs[] = {
(u8*)0x080D7CAC, //4.x
(u8*)0x080D866C, //5.0
(u8*)0x080D858C, //5.1
(u8*)0x080D748C, //6.x
(u8*)0x080D740C, //7.x
(u8*)0x080D74CC, //8.x
(u8*)0x080D794C //9.x
};
if (offset >= 0x0B100000){
ctr_offset=0x30; //ctr
}
else{
ctr_offset=0xB8; //twl
}
static const u32 version_ctrs_len = sizeof(version_ctrs) / sizeof(u32);
for (u32 i = 0; i < version_ctrs_len; i++) {
if (*(u32*)version_ctrs[i] == 0x5C980) {
memcpy(temp,(u8*)(version_ctrs[i] + ctr_offset),16);
goto finish;
}
}
// If value not in previous list start memory scanning (test range)
for (u8* c = (u8*)0x080D8FFF; c > (u8*)0x08000000; c--) {
if (*(u32*)c == 0x5C980 && *(u32*)(c + 1) == 0x800005C9) {
memcpy(temp,(u8*)(c + ctr_offset),16);
goto finish;
}
}
finish:
for(u32 i = 0; i < 16; i++) ctr[i] = temp[15-i];
add_ctr(ctr, offset / 0x10);
return 0;
}For now, thanks a ton for pointing that out!
Last edited by d0k3,
It's the same basic method as the highly used and trusted main branch of decrypt 9 so I don't see how the code is unsafe, although actually checking the header of each decrypted partition for known plaintext (FAT16, .SAV etc.) would make it unquestionably more robust and safe. (even if you stick with the itcm method). And I would do it both ways, decryption and encryption, just to make sure the ctr is correct.I took a look:
So, the TWL CTR was in memory all along? However, the code above (which is a modified version of Archshifts original code) relies on scanning the memory in search of a 5 byte 'magic number', which can still lead to false positives (I know, unlikely). Getting the NAND CID and calculating the CTR via SHA-1 / SHA-256 is much more elegant and also safer. Plus, the TWLNAND xorpad generator can read the NAND CID even with the launcher.dat, so I want that in Decrypt9, tooCode:u32 GetNandCtr(u8* ctr, u32 offset) { int ctr_offset=0; u8 temp[16]={0}; static const char* versions[] = {"4.x", "5.0","5.1","6.x", "7.x", "8.x", "9.x"}; static const u8* version_ctrs[] = { (u8*)0x080D7CAC, //4.x (u8*)0x080D866C, //5.0 (u8*)0x080D858C, //5.1 (u8*)0x080D748C, //6.x (u8*)0x080D740C, //7.x (u8*)0x080D74CC, //8.x (u8*)0x080D794C //9.x }; if (offset >= 0x0B100000){ ctr_offset=0x30; //ctr } else{ ctr_offset=0xB8; //twl } static const u32 version_ctrs_len = sizeof(version_ctrs) / sizeof(u32); for (u32 i = 0; i < version_ctrs_len; i++) { if (*(u32*)version_ctrs[i] == 0x5C980) { memcpy(temp,(u8*)(version_ctrs[i] + ctr_offset),16); goto finish; } } // If value not in previous list start memory scanning (test range) for (u8* c = (u8*)0x080D8FFF; c > (u8*)0x08000000; c--) { if (*(u32*)c == 0x5C980 && *(u32*)(c + 1) == 0x800005C9) { memcpy(temp,(u8*)(c + ctr_offset),16); goto finish; } } finish: for(u32 i = 0; i < 16; i++) ctr[i] = temp[15-i]; add_ctr(ctr, offset / 0x10); return 0; }
For now, thanks a ton for pointing that out!
Last edited by zoogie,
Good idea! Especially before injecting anything. You don't happen to know how to enable ITCM access in the Decrypt9 launcher.dat exploit method?
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
BigOnYa:
Caller -"Everytime I start a Pc game on my S24, playing on a external monitor, someone calls or texts me, n it kicks me out of the game." Customer Support - Click (hangs up)+1 -
-
-
-
-
-
-
@
BigOnYa:
I found it funny cause many many years ago, had a roommate in college that did this same dumbass branding of the school logo, but it didn't look anything like it after it healed. Just looked like a birthmark.
-
-
