ROM Hack 3DS Decryption Key Generator

[quantumboy]

Can this key be used to decrypt and re-encrypt pokemon saves(that were saved on a 4.5 with emunand) or actual saves from real carts (dumped with power saves)

 

[idunoe]

so I can use this to decrypt ROMS with ctrtool?

 

[Abcdfv]

so I can use this to decrypt ROMS with ctrtool?

Seems that way.

 

[idunoe]

Seems that way.

cool i'll give it a shot now!

edit: Team Fail your program doesn't work

Spoiler

Header:                NCSD
Signature (FAIL):      C38C33762FEE267353FAEF479458DFAFCF0527C26D9F52E87300B1B3A6512C60
                        43C774793360C08FA838546D428C56715020EEDB787AD2AA3AEE50DDEE39643E
                        95BF07387A831B2E0819E64B67027CFA99E60CF6EEE78543C2FBFC0203E5B826
                        71066278EFC0C4B62C811AEA3450F8D789213E887C99D5305B73BAC2B300102A
                        1E05AA3531228BCD25E643249C144AC71FF3A712066ADD4CC3E55F2BCA210636
                        D3178B50A1CC80444F5CB266D4356910BB187B168ABB9F6FED7898BCEA86EA44
                        291C65DED4D2AC17777C3C167BF713F2962E0549B6424DEF08A749DBB2DDAD58
                        790E8298A08BAD43188FA57F0731A21EA6BEEA1D764C9042788805DA5E2381AD
Media size:            0x00040000
Media id:              0004000000074800
 
Partition 0           
Id:                    0048070000000400
Area:                  0x00004000-0x00478000
Filesystem:            00
Encryption:            00
 
Partition 1           
Id:                    00FFF30F00000400
Area:                  0x00478000-0x004B0000
Filesystem:            00
Encryption:            00
 
Extended header hash:  0000000000000000000000000000000000000000000000000000000000000000
Additional header size: 00000000
Sector zero offset:    00000000
Flags:                  0000000201020000
> Mediaunit size:      0x200
> Mediatype:          Card2
> Card Device:        None
 
NCCH:
Header:                NCCH
Signature (FAIL):      5032D0D6E4BFDB6914348AE2063A6186C034C9E796F0E19FD0DCBC7C8E9A3BFB
                        1E753DFCBD8C1A04579BD154B9CB0ABC160581790F98BFA9C17D88036207A4ED
                        D38EFB0735667FFF57A451CD1702041A1282EF6D84B26AA9E59E6E5448656322
                        136A7D9739AECA725D0405FB159A77596AB8BCA8EB523832F6C56822E9C4F259
                        24B5D8A135C9D3842E886569627D52AB846B16F9A9BA44ECF51EFA007B34B429
                        8BB37CE8CC8CE8EB87F17F2F5F8D38B28640C89DF67E376F8D680B7818F7ED5B
                        B99C88D9E04BACCBFB94FD092DCC5C08C83463A2F0797AF83AE23F4C6EF0B924
                        E9BC9042A055084ECEA74D2EB7857186EFAAD08445233B1D5D7B0C53951F31C7
Content size:          0x00474000
Partition id:          0004000000074800
Maker code:            3130
Version:                0002
Program id:            0004000000074800
Logo hash:              0000000000000000000000000000000000000000000000000000000000000000
Product code:          CTR-N-PAAJ
Exheader size:          00000400
Exheader hash (FAIL):  2787D6299EB2DFA8B491CAA71F9639619264DD0170F3296EE0049CA4671232A0
Flags:                  0000030100000000
> Mediaunit size:      0x200
> Crypto key:          Secure
> Form type:          Executable content
> Content type:        Application
> Content platform:    CTR
Plain region offset:    0x00000000
Plain region size:      0x00000000
Logo offset:            0x00000000
Logo size:              0x00000000
ExeFS offset:          0x00004a00
ExeFS size:            0x0046f000
ExeFS hash region size: 0x00000200
RomFS offset:          0x00474000
RomFS size:            0x00004000
RomFS hash region size: 0x00000200
ExeFS Hash (FAIL):      399B28799679B0537617E57CFBDE8B1E229E153D53315CC797FD29330DFF787F
RomFS Hash (FAIL):      8B6BD5BB80376C70C1458919DF58F87923A8289518E6861FB3A5E72960B5F1C6

 

[Abcdfv]

cool i'll give it a shot now!

I also have no idea what I'm talking about but I think they still need to run through the aes core.

 

[idunoe]

I also have no idea what I'm talking about but I think they still need to run through the aes core.

wait? if it's the key, why does it need to go through the aes core?

 

[loco365]

wait? if it's the key, why does it need to go through the aes core?

The keys need to be put in the aes core, and it spits out an xorpad, which, from there, when xored on your romfs or encrypted files, decrypts them into the readable formats.

Basically

1. You get your keys.
2. Put them into the aes core, and get your xorpad. <- This is the only step that hasn't been completed. However, all the files to achieve this are public.
3. xor the file you want to decrypt.
4. ???
5. Profit!

 

[idunoe]

The keys need to be put in the aes core, and it spits out an xorpad, which, from there, when xored on your romfs or encrypted files, decrypts them into the readable formats.

Basically

1. You get your keys.
2. Put them into the aes core, and get your xorpad. <- This is the only step that hasn't been completed. However, all the files to achieve this are public.
3. xor the file you want to decrypt.
4. ???
5. Profit!

so I just checked the source code, this isn't a key generator, this is a keyY generator. the CTR isn't a key, its just "CTR" or "counter". you stuffed up the endianness for the outputted "keys"

 

[loco365]

so I just checked the source code, this isn't a key generator, this is a keyY generator. the CTR isn't a key, its just "CTR" or "counter". you stuffed up the endianness for the outputted "keys"

That'd be my mistake (Looks like I'll have to update this), but yeah. You do use the KeyY, but there's a second key that you need to generate the xorpad. This just makes it easier to work with.

 

[atenzor]

OK so I have 3ds explorer and one version which is a mod of 3ds explorer (but to me looks exactly the same, but whatever), I also have the ctr toolkit (with extdata_tool, etc), rom_tool, your 3ds key decrypter, a copy of super mario 3d land rom (3ds format), and so my question is how do I proceed from here to extract anything from the mario rom? any tutorials? thanks guys!

p.s.: some people mention ctrtool, but is that rom_tool or something else? i saw a github of ctrtool but is not compiled and im not very good with compile stuff, can anyone upload an exe for me of latest version? thanks!

 

[Relys]

We have our own tools to calculate initial ctr along with code to generate xor pad on 3DS. We're polishing them up for release. Expect lamers from #3dsdev rushing to release there's even though they had no plans to before our team got together and started working on this two days ago.

 

[zecoxao]

https://dl.dropboxusercontent.com/u/35197530/zip/ctrtool.zip compiled on cygwin, cluttered with all the dlls lol

 

[atenzor]

https://dl.dropboxusercontent.com/u/35197530/zip/ctrtool.zip compiled on cygwin, cluttered with all the dlls lol

thanks a lot!

 

[loco365]

Expect lamers from #3dsdev rushing to release there's even though they had no plans to before our team got together and started working on this two days ago.

I'm just taking public information and putting it to use. Because I am bored.

 

[SonyUSA]

http://puu.sh/baAIj/ec0b7f0050.png

WAIT WAIT! WHAT? .szs?
Thanks Team Fail. .
Time for translation, tools, rom hacks, and more. but I think nintendo might make future 3ds games with a newer algorithm and keys.
I can't do anything because I don't have a 3ds, a game(if I download a .3ds without owning the game it will be piracy), and a horrible gateway/flashcard.

Let's be clear: Team Fail did not decrypt that ROM in the screenshot, that is the work of others.

 

[Apache Thunder]

Perhaps one day Pokemon XY can have a randomizer and a Draino hack or stuff similar to that effect. Still gonna need a Gateway to play it, but whatever.

 

[Deleted User]

Still gonna need a Gateway to play it, but whatever.

That crappy Gateway only works on 4.5. So have fun finding a 4.5 3ds

Let's be clear: Team Fail did not decrypt that ROM in the screenshot, that is the work of others.

I wasn't talking about the screenshot. I was talking about this Decryption KeyGen.

 

[Abcdfv]

That crappy Gateway only works on 4.5. So have fun finding a 4.5 3ds.

I found one in the second shop (first shop wouldn't let me check FW) I went into on my first try. The're far more common than you think.

 

[Relys]

I'm just taking public information and putting it to use. Because I am bored.

Ah, I wasn't talking about you. Just the other people who have decrypted roms before.

I love the work you've done for music and video extraction.

 

[Celice]

I'm just taking public information and putting it to use. Because I am bored.

Yours is the best kind of boredom