ROM Hack 3DS Decryption Key Generator

[4gionz]

Great job team fail

 

[jocopoco]

Can I also decrypt a 3ds hb?

 

[Blueie]

I would like to test this. Can anyone please link me to a ctrtool binary?

 

[piratesephiroth]

I would like to test this. Can anyone please link me to a ctrtool binary?

right there on the previous page

https://dl.dropboxusercontent.com/u/35197530/zip/ctrtool.zip compiled on cygwin, cluttered with all the dlls lol

 

[Duo8]

So, if I understand this correctly, this tool extracts/generates the key for the partitions. Then you run those keys through the AES engine to get OTPs to xor with the partitions, thus decrypting the ROM?

Spoiler

I now wish that fundraiser had succeeded

 

[omarrrio]

And for all the irredeemable fuckwits that think this is fake, here's the source: https://dl.dropboxusercontent.com/u/34957059/3DS Rom Decryptor Key Generator source.zip

The source code shows clean bro, thank you very much

 

[redact]

I now wish that fundraiser had succeeded

*hadn't been a scam

 

[cracker]

Is the homebrew ROP chain able to access the AES functions on the 3DS? If not then it would probably require a real-time RAM injection and additional code (perhaps requiring another exploit) to generate the XOR value or a hacked GW perhaps?

 

[Cjuub]

Is the homebrew ROP chain able to access the AES functions on the 3DS?

I believe it is, I have reversed a bit of the first gw-launcher some time ago and it did call the aes-engine to decrypt part of their Launcher.dat in the ROP-chain.

 

[Blueie]

right there on the previous page

Whoops, missed that! Thanks!


Ugh, I keep getting an exception no matter what I do. For instance, the following command:

ctrtool.exe -i "E:/ROMs/3DS/Pokemon X (E).3ds"

Generates messages like this one:

1 [main] ctrtool 12016 cygwin_exception::open_stackdumpfile: Dumping stack trace to ctrtool.exe.stackdump

 

[ground]

Maybe a dump question:

Can this be used to decrypt the data file of a .cia file and repack it as .3ds?

 

[3dslove79]

Graeat job team fail! a little question ,thanks to this program is possible in the near future to translate a game?

 

[Cyan]

Simply open your 3DS or 3DZ (I need confirmation on this format, as I cannot dump them at this time)

.3dz is only a file extension renaming.
.3dz is used to allow online access by storing an unique cartridge ID and a Chip ID in the ROM header. It's added automatically by Gateway 3DS ROM dumper, or by users sharing ID togethers (you can find threads with more details on ChipID).
Unique cartridge ID located at 0x1200.
Chip ID located at 0x1240.

 

[Abcdfv]

Can I also decrypt a 3ds hb?

Sure, just use all 0s as the key. Homebrew isnt truly encrypted.

 

[loco365]

So, if I understand this correctly, this tool extracts/generates the key for the partitions. Then you run those keys through the AES engine to get OTPs to xor with the partitions, thus decrypting the ROM?

Spoiler

I now wish that fundraiser had succeeded

Exactly. I am aware of a set of libraries that can actually communicate with the AES engine, but I can't locate it at this time, although the contents of this 3DBrew page would be of use.

 

[Lone Fail]

So what does this do? Does this mean i could play pokemon x and y yet? What is decrypting and what does the key do? I have r4i gold deluxe btw

 

[Abcdfv]

So what does this do? Does this mean i could play pokemon x and y yet? What is decrypting and what does the key do? I have r4i gold deluxe btw

Read the thread. And nope.

 

[kiryu1]

Can I make undubbed 3DS ROMs with this? I want to undub 3DS RPGs..

 

[Herobroski]

This is simple as fuck. Also http://puu.sh/baAIj/ec0b7f0050.png

LOL

 

[Jorsher]

Will this have any benefit for decrypting newer saves?

Since injecting a new header ruins any saves made before injecting the data, the save data is surely bound to the cart ID somehow and likely something else.