Homebrew Can One Backup an Imported Seed?

[starburst]

I am currently using Luma 7.1 and B9S on a N3DS XL with 11.0.0-33U firmware.

During the last week, I have been using CIAngel to create pure CIAs and have a backup of the games, DLCs and updates. When installing these CIAs with FBI, I noticed that some recent titles (like FE Fates or FE Echoes) also require a seed to be playable, and this seed can be downloaded using FBI.
This was the first time that I noticed this because, on my previous installations, I had installed the games directly with CIAngel or FreeShop (or FBI for CIAs from that ISO site.)

Is it possible to re-download (or copy) and store those imported seeds, so that I can have a completely offline backup of games, DLCs and updates? Where are these seeds downloaded from, CDN? Are they stored somewhere on the system, or are they deleted after the validation?

 

[cearp]

you can get them via http from cdn yes, no purchase necessary (strangely)
as for any computer based tools that automate it... i'm not sure?
but if not it's very possible


the seeds are stored in the seed.db on the nand, they are not needed for installation of the cia, just the decryption on runtime

 

[starburst]

you can get them via http from cdn yes, no purchase necessary (strangely) [...]
the seeds are stored in the seed.db on the nand, they are not needed for installation of the cia, just the decryption on runtime

I see. Well, hopefully someone will provide more information and point us into the right direction.
As of now, my CIAngel-downloaded CIAs are useless offline, for they are unplayable without the seeds.

I know that I could simply use other CIAs as my backup, but I am thinking ahead, when Nintendo finally (and sadly) abandons the 3DS (what will happen in the near future.)
I like the idea of being able to store content that was downloaded directly from Nintendo servers, as one could attach a checksum to verify the data integrity and others would know that those CIAs are unmodified, direct versions of the game. For this to work, one would also need the corresponding seed (or a way to bypass the validation.)

By the way, I am now checking your Funk*yCIA tools. That might be what I am looking for.

 

[pixelmasher]

Why not just download the seeddb.bin from the title key site?

 

[Drakia]

As pixelmasher said, the title key site has a seeddb with all of the titles seeds for titles on the site. The CIAs will also never be "clean" because we generate part of the ticket with junk data (ignored due to signature patching) where it would normally have signatures. My understanding is that currently the available tools generate a slightly different ticket from each other as a kind of watermark.

 

[starburst]

As pixelmasher said, the title key site has a seeddb with all of the titles seeds for titles on the site.

Thank you both. I was actually reading about it on https://github.com/ihaveamac/3DS-rom-tools/wiki and realised that by using an already full Seed Database, one would not face this problem.

One more question, though: If one creates a CIA of an installed title using GodMode9, will it need to be seed-validated (again) when it is installed on a new system?
Having only one 3DS system makes testing this very time consuming, because if seeds are kept in the database after uninstalling a title, I would need to format the system before giving it a try.

The CIAs will also never be "clean" because we generate part of the ticket with junk data (ignored due to signature patching) where it would normally have signatures. My understanding is that currently the available tools generate a slightly different ticket from each other as a kind of watermark.

Thank you for telling me this; I will focus on what is achievable.
I would still like to download content directly from Nintendo servers and create an offline installable backup. And that would be as clean as it gets. Too bad that the contents will not be verifiable in the future, when the original servers are down.

 

[Drakia]

Thank you both. I was actually reading about it on https://github.com/ihaveamac/3DS-rom-tools/wiki and realised that by using an already full Seed Database, one would not face this problem.

One more question, though: If one creates a CIA of an installed title using GodMode9, will it need to be seed-validated (again) when it is installed on a new system?
Having only one 3DS system makes testing this very time consuming, because if seeds are kept in the database after uninstalling a title, I would need to format the system before giving it a try.

I believe FBI has a way to remove seeds, though I'm not 100% sure on that. You would still need to install a seed even if you dump the installed title with GM9 though, as the seed is used during runtime, not install time.

Thank you for telling me this; I will focus on what is achievable.
I would still like to download content directly from Nintendo servers and create an offline installable backup. And that would be as clean as it gets. Too bad that the contents will not be verifiable in the future, when the original servers are down.

Yeah, there's no "agreed upon" standard for what should be placed in that location. Though I just checked, and FreeShop and CIAngel both use the same ticket header, so they should create matching output data I believe. The parts I could see differing between software (Based on the offsets on this wiki page: https://www.3dbrew.org/wiki/Ticket ) would be:
Signature (We use D15EA5E0 repeating)
ECC PublicKey (We use FEEDFACE repeating)
ConsoleID (We use 0000)
eShop Account ID (We use 0000)

There may be other data that can be changed without breaking installation, but those are the dynamic values I see off the top of my head.

 

[cearp]

Thank you for telling me this; I will focus on what is achievable.
I would still like to download content directly from Nintendo servers and create an offline installable backup. And that would be as clean as it gets. Too bad that the contents will not be verifiable in the future, when the original servers are down.

the contents of the cia as in the actual application content files will be verifiable, the tmd (title metadata) in the cia has hashes of each content file.
but yes the actual signature of the ticket - it HAS to be broken, apart from system and preinstalled cias.
if

Yeah, there's no "agreed upon" standard for what should be placed in that location. Though I just checked, and FreeShop and CIAngel both use the same ticket header, so they should create matching output data I believe. The parts I could see differing between software (Based on the offsets on this wiki page: https://www.3dbrew.org/wiki/Ticket ) would be:
Signature (We use D15EA5E0 repeating)
ECC PublicKey (We use FEEDFACE repeating)
ConsoleID (We use 0000)
eShop Account ID (We use 0000)

There may be other data that can be changed without breaking installation, but those are the dynamic values I see off the top of my head.

the console id needs to be 000000, if not, the cia simply won't install.
even if the ticket/cia is 100% legit and its your console!
a mystery as to why... but yeah i could only get them to install when making the console id 0, thus breaking the signature.
which means no perfect legit backups.

 

[key1340]

I would still like to download content directly from Nintendo servers and create an offline installable backup. And that would be as clean as it gets. Too bad that the contents will not be verifiable in the future, when the original servers are down.

Yes you can download the game and seed for offline install.

Download the game with FunKeyCIA. And download the seed with eseedgbr.

Then open the seed with a hex editor and delete the titleid and the zero's before and after the seed so you are left with just the 32 character seed. Save that as titleid.dat with the titleid part being the games titleid.

You can then install the game and seed with fbi.

 

[The Real Jdbye]

I believe FBI has a way to remove seeds, though I'm not 100% sure on that. You would still need to install a seed even if you dump the installed title with GM9 though, as the seed is used during runtime, not install time.


Yeah, there's no "agreed upon" standard for what should be placed in that location. Though I just checked, and FreeShop and CIAngel both use the same ticket header, so they should create matching output data I believe. The parts I could see differing between software (Based on the offsets on this wiki page: https://www.3dbrew.org/wiki/Ticket ) would be:
Signature (We use D15EA5E0 repeating)
ECC PublicKey (We use FEEDFACE repeating)
ConsoleID (We use 0000)
eShop Account ID (We use 0000)

There may be other data that can be changed without breaking installation, but those are the dynamic values I see off the top of my head.

I think ConsoleID and Account ID will always be 0000, as I don't think CFW patches out the ConsoleID check (it at least didn't use to, since CIAs made with the "personal" option in FunkyCIA would not install on another 3DS IIRC), and changing the account ID would likely result in the games being deleted/disabled when you enter eShop (that's just a guess though based on what happens if you system transfer a 3DS to another, restore a NAND backup from before the transfer then try accessing eShop)

 

[cearp]

the account id can have a value and still install, but i blanked it in FunkyCIA to remove any data that could tie the cia to the user (back when we were making good cias from real tickets, instead of just creating the ticket)
@The Real Jdbye could be right about the guess, i have no idea

 

[Trojaner]

require a seed to be playable

few games need a Seed, but we have only one time need for the seed ... install game with the seed (seeddb.bin from that side doesn´t work on all games like Pokemon Moon/Sun can´t be decrypt for me atleast) ... build cia from installed game ... decrypt the game cia ... game work allways with this steps, reflashed my old Nand Backup and the Seed needed games still work

 

[starburst]

few games need a Seed, but we have only one time need for the seed ... install game with the seed (seeddb.bin from that side doesn´t work on all games like Pokemon Moon/Sun can´t be decrypt for me atleast) ... build cia from installed game ... decrypt the game cia ... game work allways with this steps, reflashed my old Nand Backup and the Seed needed games still work

I only have less than ten games installed, but two of them, FE Fates and FE Echoes, needed a seed. And they happen to be the ones I play the most.

Using a full Seed Database has already been suggested, and I guess that it will be the easiest solution to my situation. This way, I will be able to backup content downloaded through CIAngel and install everything offline on a new system.

 

[starburst]

A year later, this question is more relevant now that Nintendo is about to change the way one access CDN, making current download tools obsolete.
It seems that creating CIA's of every downloaded game through CIAngel was indeed the right choice.

I still do not know how to backup the seeds of my installed games. Perhaps I do need to create new CIA's of them using Godmode9, as Trojaner suggested.

 

[potatoho]

You can backup the seed. FBI downloads from Nintendo if not found on the SD card. See the FBI GitHub source code for the URL in the file "source/core/http.c".

To backup the seed, use the URL and save it on your computer. Rename the file to "<titleID>.dat" and put it in "/fbi/seed/" folder on your SD card.

For example, for Pokemon Ultra Sun save the downloaded seed to "/fbi/seed/00040000001b5000.dat" on your SD card. FBI will look for this file first when you "Import seed" before attempting to download off the internet. This also means that you don't need an internet connection if you have the file saved.

 

[TurdPooCharger]

For future reference, here's a round about way of importing the seed for a 9.6.0+ game if you have no online access using FBI's Import Seed function and refuse to use hydroseed.

Let's suppose you download a *.cia through Villain3DS which happens to be a newer title that requires a seed. If you install this game with FBI and try launching it, the game will crash your 3DS or bug out.

From that title site, put the decTitleKeys.bin , encTitleKeys.bin , and seeddb.bin files in the gm9/support folder found on your SD card.

With the (nonworking) game already FBI installed on the 3DS, use GodMode9 to build it into a new *.cia. Go back to FBI and reinstall that rebuilt *.cia.

With those support files in place, GodMode9 should produce a correctly decrypted version of your game.

***

Again, this method is extremely unlikely to be employed unless you live out in the middle of no where with bad Internet access, world is in a Mad Max state of things, or you're on a nature trip of some sort.

 

[starburst]

Again, this method is extremely unlikely to be employed unless you live out in the middle of no where with bad Internet access, world is in a Mad Max state of things, or you're on a nature trip of some sort.

Or when Nintendo changes the way one access its servers and downloading Seeds is no longer possible.
When the 3DS eShop no longer exists, I would still like to be able to install the CIAs that I created with CIAngel.

You can backup the seed. FBI downloads from Nintendo if not found on the SD card. See the FBI GitHub source code for the URL in the file "source/core/http.c".
To backup the seed, use the URL and save it on your computer. Rename the file to "<titleID>.dat" and put it in "/fbi/seed/" folder on your SD card.

For example, for Pokemon Ultra Sun save the downloaded seed to "/fbi/seed/00040000001b5000.dat" on your SD card. FBI will look for this file first when you "Import seed" before attempting to download off the internet. This also means that you don't need an internet connection if you have the file saved.

This is exactly what I was looking for, mate!

The relevant lines from FBI's source code are 324 and 321. 'Converting' that line into a static URI for the browser, it looks like this:

https://kagiya-ctr.cdn.nintendo.net/title/0x[titleID]/ext_key?country=[two-letter region from line 321]

For Fire Emblem Fates EUR the URI would be:

https://kagiya-ctr.cdn.nintendo.net/title/0x000400000017a400/ext_key?country=GB

I had to add a temporary security exception on Firefox because of an invalid certificate, but I finally got a 16 bytes file named ext_key. Hopefully, that is the Seed that I am looking for.
I will download the Seeds for all my recent titles and then try them on a 'blank', NAND-restored console.


Additional resources:
http://3dbrew.org/wiki/NIM_Services#kagiya_server
https://gbatemp.net/threads/release...-6-ncch-encryption.399809/page-3#post-5775936

 

[starburst]

Nintendo just started applying the changes to its servers, and that title keys site is down... right after I learnt how to download seeds. What a lucky timing!

During the last week, I created CIAs of as many interesting titles as possible using CIAngel. And at the start of this week, I began storing the (available) seeds of all my games, both of the installed ones and of those that I had just downloaded.

Today, I formatted my console and SD card and started anew (something that I already wanted to do.) And every single title and seed worked as expected! I could finally build a complete collection entirely offline, using content that had been downloaded directly from the Nintendo servers. This was my original goal last year, when I started this thread. And I am very happy that it all fell into place.


As of today, one can still download seeds, and Title IDs can be checked on sites like 3DSdb.com

 

[TurdPooCharger]

I would like to make correction to my post #16.

If you downloaded a *.cia from Villain3DS that requires a 9.6.0+ crypto import seed, you don't need to install it first with FBI.

Follow the steps of placing the encTitleKeys.bin, decTitleKeys.bin, and seeddb.bin files in the gm9/support folder, and then use the GodMode9 CIA image options... > Decrypt file (...) option.

Your title should install, launch, and play without any problems after.

 

[R0B0T0]

Follow the steps of placing the encTitleKeys.bin, decTitleKeys.bin, and seeddb.bin files in the gm9/out support folder, and then use the GodMode9 CIA image options... > Decrypt file (...) option.

The problem with this method is that the .bin files are now unavailable due to the title key site being down (permanently?).

--------------------- MERGED ---------------------------

And at the start of this week, I began storing the (available) seeds of all my games, both of the installed ones and of those that I had just downloaded.

Did you manage find a list of which titles (9.6.0+) require a seed? Or did you simply hit the CDN with every single titleId via trial-and-error?