Hacking Attempt to hack Gateway .sav's

[mimicmasterax]

After browsing through this forum for a bit, I'm surprised that nobody has yet discussed the possibility of modifying 3DS save games created by the Gateway (well, 'cept for some related chat in 1 other thread).

I'm not exactly sure how the 3DS save games are encrypted, nor am I certain how the .sav files created by Gateway are similar to save games extracted previously from the R4i dongle. Nevertheless, to get the process started, I've created 4 saves using Culdcept 3DS (JPN), for those interested (see attachment).

The first 3 are after 3 consecutive battles, where I've gained around 15 cards (~12 new) each time; saves 4 is taken after trading 3 cards (giant rat, new quantity 1; wolf, new quantity 2; shield, new quantity 1) and obtaining 2 new cards in return.

So far, I am unable to ascertain how the save structure changes between saves. It seems that there are numerous blocks of 100-500 bytes different between saves, though in its original (encrypted?) form there's a patch of over 10000 bytes common.

I've also tried using 3DS Save De/Encrypter 1.5a, which seems to have created more differences. I also suspect that the decrypting algorithm used is incompatible with Gateway saves, since after decrypting the files, there are numerous blocks of 511 bytes different, followed by 1 byte same, and repeats. This pattern suggests block-cyphered data, which is odd since it's suppose to be decrypted.

Anyone else interested?

 

[Cyan]

The saves can be shared with other users?

 

[alirezay]

The saves can be shared with other users?

I think i heard somewhere that if u both use the same rom u can share....but cause i dont have a gw i cant confirm that!

 

[mimicmasterax]

Yup. I've personally confirmed being able to load another person's Kingdom Hearts save game.

Still no progress on decoding the save though...

 

[DragonSky]

Yeh as soon my gateway has arrived I'll test my mario 3d land save.
Besides it are 3ds saves so they can't probably be hacked.
Only if gateway release a hack program but what is the chance by it. Mayby in 2014/2015.

 

[drfsupercenter]

If you guys want to start a site for sharing Gateway saves (like GamesEngine, but with 100% reliability as they're all from GW3DS), I could probably host it. Someone just has to write the code and I'll stick it up on my server
Or I could make a public FTP where people just stick save files with a readme.txt if you want to be lazy about it

 

[kingsora831]

If you guys want to start a site for sharing Gateway saves (like GamesEngine, but with 100% reliability as they're all from GW3DS), I could probably host it. Someone just has to write the code and I'll stick it up on my server
Or I could make a public FTP where people just stick save files with a readme.txt if you want to be lazy about it

That sounds like a good idea, im not much of a coder, but i feel like this would be beneficial to alot of people.
Perhaps you should start a separate thread title it "The gw3ds Save share thread" everyone who wants can contribute their own save, others can test and once you have a good amount of saves you could host them all on a separate site.
Once, i receive my own Gw later on, ill definitely contribute.

 

[drfsupercenter]

I could make a thread, but it would end up being tons of pages long and sort-of a pain for people to find anything :/

 

[Quicksilver88]

I started a thread a few days back on this and can also confirm we can share gateway saves....most likely because either we are all using the same scene dumped rom image (meaning the encryption would be the same) or because the gateway catridge itself all present the same ID....only way to verify that is if we have two different dumps of the same game from the same region....then we would know if all gateway saves are 'shareable' or only ones using the same dump image....I also tried using the decrypt/encrypt tool from 2011 to decrypt an r4 save of kindom hearts and reencrypt with the key from a decrypted gateway save...this did not work but I think it is because from my understanding of the 3DS save game info, Nintendo changed their encryption method in firmware v2.2 and no one has figured it out since....lame

I am going to try the same thing decrypting the save from an older pre v2.2 game like Mario 3D or Zelda and see if I can get one of those to work with gateway.

drfsupercenter if you would put up an FTP that would be great if we are going to do it the low rent way just create a direcetory for each letter of the alphabit and people should attatch an .nfo file describing the basics like what rom dump they are using, region, and save sumary. I am at about 40% on Castlevania LOS and would upload that as well as my progress on DKCR and ML Dream Team....

 

[Vengenceonu]

If you guys want to start a site for sharing Gateway saves (like GamesEngine, but with 100% reliability as they're all from GW3DS), I could probably host it. Someone just has to write the code and I'll stick it up on my server
Or I could make a public FTP where people just stick save files with a readme.txt if you want to be lazy about it

People have already been sharing them via filetrip.com.

 

[drfsupercenter]

Yeah, I'd try out Ocarina of Time 3D, since there actually *is* a save editor for that one. I don't have a physical copy to test it on, but that might be a good one to try decrypting and see if the hashes match

 

[Quicksilver88]

Yeah, I'd try out Ocarina of Time 3D, since there actually *is* a save editor for that one. I don't have a physical copy to test it on, but that might be a good one to try decrypting and see if the hashes match

Ok I took a Zelda save file from the r4 game save site and used their dongle tool's decrypt feature to decrypt it....of course this was an early game so it is using 128k saves. The r4 tool is useful in that it will actually tell you if it can't find the decryption key from newer save types. I then popped Zelda in the gateway and started a new game and saved in the game then used the home/close to create the .sav file (BTW the .sav file does not actually get created until you do the first home/close per the time stamp). The gateway Zelda .sav file actually was created as a 512k file which makes some sense since the gateway must have a 512k eeprom so they dump the entire thing. I then ran the gateway .sav thru the decrypt process and it did seem to find the key and do the decryption.

I was expecting the gateway file to be laid out like the r4 save in that I thought all the data would be in the first 128k then the rest would be FFs. It wasn't. It looks like there is header data on the gateway file....then a bunch of FFs then some more data around the mid way, then near the end of the file is a text string Zelda Link.....which you can also find near the end of the r4 128k file.

Strange....gateway must have done a little 'tweaking' to somehow make the 128k games' saves work with their 512k eeprom, which I would have thought they would have just treated it like a 128k and left the rest of the dump empty.

I am attaching my dump/decrypts in case you or anyone else wants to look at them in a hex editor. There are a few games that use the pre fw2.2 save encyption and 512k eeprom so I have downloaded some r4 files of those and am going to create gateway files and compare them next to see if their layout is the same or if they are also somehow 'tweaked'.

I wonder if either of the members who wrote the original command line or gui decrypt tools a few years ago are around as they should know a little more about the older save game structure than anyone else.

 

[Enigma Hall]

Any save could be used some day like the smash bros hack of wii, to run homebrew?

 

[isaac52]

I hope the saves don't crack pokemon x/y

 

[jqrn]

How are you guys able to extract save game files?

When ever i read my sd micro from the usb reader in my pc, it only promts for a format of the card.

What i want is to extract save game from my sd micro placed in the red card, and put it in a folder on my pc for example.

 

[jastolze]

Yeah, I'd try out Ocarina of Time 3D, since there actually *is* a save editor for that one. I don't have a physical copy to test it on, but that might be a good one to try decrypting and see if the hashes match

There's an editor for this game already? What's it called? I tried googling it, but didn't come across it...

 

[Cyan]

How are you guys able to extract save game files?

When ever i read my sd micro from the usb reader in my pc, it only promts for a format of the card.

What i want is to extract save game from my sd micro placed in the red card, and put it in a folder on my pc for example.

The microSD card doesn't contain the save, only the game.
The save file is on the BIG official SD card inside your 3DS (not the microSD).

 

[drfsupercenter]

I wonder if either of the members who wrote the original command line or gui decrypt tools a few years ago are around as they should know a little more about the older save game structure than anyone else.

I don't think so... I think the people who helped write those now "know too much" so they've basically said they aren't helping anymore until the 3DS is EOL. Same people I mentioned before, if I'm not mistaken. The whole thing just angers me.

So were you able to get one of the R4i saves to work with the Gateway?

I hope the saves don't crack pokemon x/y

Why? Assuming there will be some way to import Pokémon from B/W anyway, there will already be hacked ones. Let those of us who want to screw around in our own games do so, please. I'm against cheating online, but I don't use my hacked teams online. If you meet someone who does, that's just them being a sore loser, and shouldn't be taken out on the community as a whole...

There's an editor for this game already? What's it called? I tried googling it, but didn't come across it...

I'll have to find it for you. I only ever heard of it in passing anyway, but I'm quite sure one exists, somewhere.

 

[how_do_i_do_that]

There's an editor for this game already? What's it called? I tried googling it, but didn't come across it...

It is called a hex editor, you can use 3DSExplorer to rip the individual save blobs from the save file to work on.

3DSExplorer: http://code.google.com/p/3dsexplorer/

I put some info on picking apart a zelda 3DS save a while back before 3DSExplorer was made.

 

[Quicksilver88]

drfsupercenter