ROM Hack New powersaves 3ds thread

[gamesquest1]

it wouldnt surprise me if cyber gadget tool was a pet project of datel to test the waters on how nintendo responds without putting their name to it, if the whole 3DS farm is true it doesnt seem like the kind of thing that would just appear without some advanced knowledge and work put into it

 

[Hozu]

it wouldnt surprise me if cyber gadget tool was a pet project of datel to test the waters on how nintendo responds without putting their name to it, if the whole 3DS farm is true it doesnt seem like the kind of thing that would just appear without some advanced knowledge and work put into it

I thought Cyber Gadget existed before Powersaves did. If that's the case, it says a lot about their intentions when it comes to offering support for other regions.

 

[gamesquest1]

I thought Cyber Gadget existed before Powersaves did. If that's the case, it says a lot about their intentions when it comes to offering support for other regions.

tbh idk, but with big companies trying to sue anyone for anything now days(tbh they always have but its having a bit of a popularity boost again lately), it would always be a good idea to test the waters with a product via a different outlet and branding so as to not put all your assets on the line before taking the plunge, just looking at other stuff from cyber gadget (assuming its the same company) they mostly dealt in cases,screen protectors any replacement stylus's ....doesn't seem like the most likely candidate to hack the 3ds save system and set up a 3ds farm.........but again you never know maybe they did, it just seems like a big jump from cheap accessories.

 

[MGS1980]

This isn't Cyber Gadget's first foray into console hacking. They also rolled out a device for the PS3 back in 2011 as well. I never used it, but it allowed for cheat application. The big difference here is that for 3DS gaming, if you slap "We do Pokemon too!," you have a huge corner of the market at your beck and call since the install base is huge chunk for the Nintendo's portable market throughout it's various iterations.

 

[Apache Thunder]

I find this idea of using "3DS Farms" to handle the encryption kinda disturbing. It kinda shows how pointless the security that Nintendo and other componies try to pack into their consoles to prevent homebrew and piracy. It takes only one exploit or mistake for this to happen and that msett exploit in 4.5 opened the floodgates. It's irrelevent if they patched it. The fact that tons of 4.5 consoles exist and are being used as farms shows that Nintendo failed at securing their platform.

 

[gamesquest1]

not sure it would be 4.x farms, if they have 6.x encryption they would have to be on 6.x minimum...unless they have somehow extracted the encryption key, in which case they wouldnt need the farms

 

[MGS1980]

I find this idea of using "3DS Farms" to handle the encryption kinda disturbing. It kinda shows how pointless the security that Nintendo and other componies try to pack into their consoles to prevent homebrew and piracy. It takes only one exploit or mistake for this to happen and that msett exploit in 4.5 opened the floodgates. It's irrelevent if they patched it. The fact that tons of 4.5 consoles exist and are being used as farms shows that Nintendo failed at securing their platform.

On the contrary, it shows just how well they secured the system. Think about it. Back in previous generations, you ripped a system wide open (including all security related features) so that you could literally reconstruct the system on a computer without the need of the hardware itself. Thus, emulators were born.

Now, the system design is such that you cannot even rip the security arm without serious hardware hacking. The fact that we have yet to see only primitive (by last gen's standards) homebrew and no emulators just goes to show how well this system is secured compared to it's predecessors.

 

[Hozu]

not sure it would be 4.x farms, if they have 6.x encryption they would have to be on 6.x minimum...unless they have somehow extracted the encryption key, in which case they wouldnt need the fards

Yeah, they can't use farms of 4.x 3DS units because the Pokémon games require higher firmware. Plus, due to the difference in the save file encryption, loading a save from higher firmware on a 4.x 3DS would just delete the save because the 3DS will think it's corrupt.

 

[Apache Thunder]

The lack of homebrew is mostly self-inflicted as a result of some people being a little too concerned that their work might facilitate future piracy. We didn't have this problem last gen.

But let's not foul up this topic with offtopic chatter over this.

 

[TheWord21]

The lack of homebrew is mostly self-inflicted as a result of some people being a little too concerned that their work might facilitate future piracy. We didn't have this problem last gen.

But let's not foul up this topic with offtopic chatter over this.

Agreed. The last thing that needs to happen is this thread being locked.

 

[MGS1980]

This is actually a debate that we had in the original thread that went by without modding as long as it stayed civilized since it does get to the core of what Powersaves does. How are they bypassing the AES MAC portion of the security architecture?

The way the encryption arm works is that each unit has a different set of keys to it to sign the saves with. These keys are generated upon booting the unit and dumped directly from the into an area of the hardware that is write only, so you cannot get at an individual unit's keys through the traditional methods. The actual generator is stored on the main processor and would require decapping the chip to even get a shot at obtaining that piece. There have been no publicly successful chip decapping ventures out there thus far. This process is very time consuming and requires equipment not found in everybody's basement. The fact that somebody has found a way to get past this is what made Datel's and now Cyber Gadget's devices impressive.

This is where the theory of 3DS farms came into play. Since it takes so much time, effort, and money to decap only to just get a chance that you can retrieve the information that you need to sign saves, if you could find a way to "hotwire" a console to hijack it's engine, then why not do that if it can give you similar results that you want. It is no doubt cheaper to do and would make great business sense. You can basically make you a server full of hardmodded systems running your save signing exploit. It is a rather smart and impressive idea if you think about it. It just goes to show you that there are two ways to rob a bank so to speak. You can go in guns ablaze and take it all at once (via decapping in this case), or you can take it all one bit at a time indirectly (which is kind of how you can look what Datel and now Cyber Gadget has done it according to most opinions.)

In the end, it would be interesting to see just what Datel and Cyber Gadget have sitting in their home offices.

 

[Apache Thunder]

Whose to say they hardmodded them at all. They could be using 4.5 consoles with code running to make the 3DS sign the saves in software. Smealum seems to have indicated he has already figured out how to decrypt 3DS roms which appears to have been something he's done through software. (he won't disclose how he does it though, but I'm sure it's not a hardware mod)


The 3DS's may have custom homebrew coded in house by Datel/Cyber that does this encryption/decryption stuff and additional homebrew that connects them via wifi to a server they control so that they can then proceed to send other folks saves files into a que line for the 3DSs to process. That's my theory on how it works. Which in the end makes Nintendo's attempt to keep out hackers via hardware a moot point if your software isn't secure.

 

[MGS1980]

Whose to say they hardmodded them at all. They could be using 4.5 consoles with code running to make the 3DS sign the saves in software. Smealum seems to have indicated he has already figured out how to decrypt 3DS roms which appears to have been something he's done through software. (he won't disclose how he does it though, but I'm sure it's not a hardware mod)


The 3DS's may have custom homebrew coded in house by Datel/Cyber that does this encryption/decryption stuff and additional homebrew that connects them via wifi to a server they control so that they can then proceed to send other folks saves files into a que line for the 3DSs to process. That's my theory on how it works. Which in the end makes Nintendo's attempt to keep out hackers via hardware a moot point if your software isn't secure.

The problem with using software hacked 4.5 units is that the save encryptions employed by successive firmwares are only rough approximations of the real thing. That is why you cannot take a cart played on a software modded unit (even one with an updated emuNAND) and play it in a unmodded, up-to-date system. The stock system will always reject the save as corrupt and vice versa. The farms are would almost certainly have to be employing up-to-date firmware in order to handle games like Pokemon correctly. Because of this fact, this makes the likelihood of them having to use a hardmodded system much more likely. This is what gamesquest1 was referring to in his post.

 

[Apache Thunder]

Well the fact Gateway has indicated they have a way of getting the 7.0x encryption working in their emunand on 4.5 consoles might negate that arguement entirely. But we'll have to wait and see how that update will fix the 8.0x booting issues in emunand to know for sure. But there might be away to work around that limitation without hardware mods. Either way we don't know enough on how it works to know for sure unfortunately.

 

[MGS1980]

Well the fact Gateway has indicated they have a way of getting the 7.0x encryption working in their emunand on 4.5 consoles might negate that arguement entirely. But we'll have to wait and see how that update will fix the 8.0x booting issues in emunand to know for sure. But there might be away to work around that limitation without hardware mods. Either way we don't know enough on how it works to know for sure unfortunately.

Actually the hacking community knows a lot about the security architecture. They just do not know how to get at the generator for the AES MAC without decapping. You can actually read up on the different types of encryptions that have been rolled out over the successive firmware revisions and how they are handled here:

http://www.3dbrew.org/wiki/Savegames

The wiki itself is very informative and interesting to read on multiple topics. Granted, most of this is heavily technical and you will not understand all of it, but reading over it can give you enough knowledge to serve as a jumping point so that you can have intelligent conversations with hackers about it. This is what I did and it works just like it would in any everyday profession. You are much more likely to get somebody to help you understand things if you go into it with a little bit of base knowledge (or at least by attempting to show that tried to get it) than you are by just showing up and say "teach me."

 

[gamesquest1]

tbh it is quite a read, but basically the 3ds hardware has a aes chip so even if the base encryption key was know it would still need to pass through the aes engine to generate a valid encrypted save....but if the base key was known you could initialize the key on a 4.x console and it would then be able to decrypt and re-encrypt valid 6.x encrypted saves once passed through the aes engine(same goes for 8.x 7.x rom encryption but with another aes function)

i may have some bits wrong there im not claiming to be an expert or anything, i have just had a read through 3dbrew and thats how i have understood it, if im wrong anyone feel free to correct me

basically there are 2 methods supporting a 3ds farm theory, and 1 to support they have decapped the aes engine figured out how the key scrambler works and now have a valid method to encrypt/decrypt saves with no 3ds at all

 

[guruswamp]

Anyone knows if datel could make a cheat that make posible nickeable a pokemon??

 

[Kaphotics]

Anyone knows if datel could make a cheat that make posible nickeable a pokemon??

not happening, only possible through 2 ways:

Copying the TID and SID and OT of the save file onto the Pokemon.
Changing the Nickname to an input string.

Neither of which are happening as they don't want designer crap and don't allow input of dynamic codes.

 

[IdahoNate153]

Found out what Datel means with their "Unique User Customisation" on the Amazon website it says "UNIQUE CUSTOMIZATION FUNCTION
Create your own Pokemon X&Y saves with the Unique Customizer Function! Choose from: Max Battle Points Master Balls Max Cash Evolution Stones Shiny Pokemon and many more..."

 

[Kaphotics]

Found out what Datel means with their "Unique User Customisation" on the Amazon website it says "UNIQUE CUSTOMIZATION FUNCTION
Create your own Pokemon X&Y saves with the Unique Customizer Function! Choose from: Max Battle Points Master Balls Max Cash Evolution Stones Shiny Pokemon and many more..."

Which is exactly what Powersaves currently does. Nothing new.