Hacking 3DS Explorer won't extract ROMFS, alternatives?

[Deleted User]

Hey Guys.

So I've been trying, and successfuly extracting ROMFS files from a few 3DS games, worked fine for Fantasy Life, Attack of the Friday Monsters, will be trying on other games, but it fails consistently on the romfs.bin from Bravely default.

It doesn't matter if its a .3ds a .cci, or even if its an entirely different dump from my game (EU) or any other.

I get an error about array being above whats expected.

If I had to take a guess I'd say its because 3DS explorer is only 32bit, and the Bravely default ROMFS.bin is the largest I've tried so far (coming in a 3.22gb) so I imagine it loads that into memory, plus a littlemore, pushing the temp file upto 4gb, which is above what it can handle, this is just a guess though. Rebuilding the project on a 64bit system doesn't fix it, because its using .NET 4.0 and support for 4+GB files wasn't added till .NET4.5 so the entire project would need upgrading and thats beyond me.

Is there anything else that can extract romfs.bin from a cci file at all?

getromfs seems to extract the romfs, but it calls it encryptedromfs.bin and well, nothing seems to be able to work with that romfs.bin (even if I rename it correctly).

 

[gamesquest1]

Hey Guys.

So I've been trying, and successfuly extracting ROMFS files from a few 3DS games, worked fine for Fantasy Life, Attack of the Friday Monsters, will be trying on other games, but it fails consistently on the romfs.bin from Bravely default.

It doesn't matter if its a .3ds a .cci, or even if its an entirely different dump from my game (EU) or any other.

I get an error about array being above whats expected.

If I had to take a guess I'd say its because 3DS explorer is only 32bit, and the Bravely default ROMFS.bin is the largest I've tried so far (coming in a 3.22gb) so I imagine it loads that into memory, plus a littlemore, pushing the temp file upto 4gb, which is above what it can handle, this is just a guess though. Rebuilding the project on a 64bit system doesn't fix it, because its using .NET 4.0 and support for 4+GB files wasn't added till .NET4.5 so the entire project would need upgrading and thats beyond me.

Is there anything else that can extract romfs.bin from a cci file at all?

getromfs seems to extract the romfs, but it calls it encryptedromfs.bin and well, nothing seems to be able to work with that romfs.bin (even if I rename it correctly).

did you xor the encryptedromfs.bin............all retail games are encrypted you need to use the xorpads to decrypt them

 

[Deleted User]

did you xor the encryptedromfs.bin............all retail games are encrypted you need to use the xorpads to decrypt them

No need, these are all .cia files (then converted to CCI), Cia files are already unencrypted as it is.

getromfs chucks out a file called encryptedromfs.bin even with files that I managed to extract the original romfs from with no problems (games where the romfs is under 3.2GB), i imagine its just named that way regardless of encrypted or non-encryted as it auto assumes the file must be encrypted even when its not.

 

[Deleted User]

I know I'm not really supposed to double post, but it'd be great if anyone had some information here, I'm completely stumped.

 

[Falo]

Simply, don't use 3ds explorer, it doesn't support chunk reading/writing.
This means, if you extract a file, it is loaded into ram before extracting.
In this case it loads a 3,2 GB file into ram, even if you have 8 GB ram it can crash windows/3ds explorer by extracting a 1GB file in .NET...
Note: .NET 2.0/3.0/4.0 supports files bigger than 4 GB, you don't need to use 4.5.

If getromfs works and is extracting a file, than what's your problem ?
If it is still encryped after extracting, then you need a 4.5 3ds to generate the xorpads.

Look with an hex editor into "encryptedromfs.bin", if you see "IVFC" it is decrypted, otherwise it's encrypted.

 

[Deleted User]

hey thanks Falo.

My main wonder is, its a .cia file, which is already decrypted anyway.

If I use getromfs on the cci file from Persona Q then its also written IVFC, yet that file can be extracted using 3ds explorer with no problems, and the output from 3ds explorer doesn't start with IVFC, and from there I can extract the exheader, exefs and the romfs file using ctrtool with no problems at all.

If I use getromfs on persona q, then I can still extract the data from it using with no issues at all using ctrtool, so its not the IVFC thats causing the issue.

I run the following commands in ctrtool:

ctrtool -p --romfs=romfs.bin --exefs=exefs.bin --exheader=exheader.bin game.cci
ctrtool -t romfs --romfsdir=romfs romfs.bin

But if I run that first line on the Bravely default cci and the romfs.bin that I've gotten from getromfs (exactly the same method as PersonaQ) then I get an error asking if I'm sure the key is correct.

Bravely Default is the only game that has this issue so far, My only possible assumption is that it might have something to do with how large the rom itself is, everything else this was successful on was much smaller in size.

 

[Falo]

Ok after getting the bravely default 3,2GB cia, from a known iso site, i tried my own tool and it extracts the cia,cfa,romfs without a problem.

ctrtool.exe on the same file did fail. Of course my program is not public and i don't want to make it public.

I guess for ctrtool the problem is indeed the filesize.
You could ask someone to fix this bug (use int64, fopen64, fseek64... instead of int, fopen, fseek...) or write your own tool or extract everything manually with a hex editor or find another tool.

 

[Deleted User]

Hi Falo, oh thats good to hear then, that its not me just consistently buggering it up, everyone was replying like I've got no idea what I'm doing (which to be fair, is somewhat true).

If someone was able to run me through the quick steps of editing things with a hex editor I'd be able to give that a shot.

I would ask if you could share your tool, but I'll respect that you don't wish to.

 

[cearp]

No need, these are all .cia files (then converted to CCI), Cia files are already unencrypted as it is.

just incase someone understands this the wrong way, this cia file is only unencrypted because it was unencrypted during the process of turning the 3ds into a cia file.
'proper' cia files made from cdn contents (not ones that are made from decrypted contents), sure, they will be encrypted.

 

[I pwned U!]

just incase someone understands this the wrong way, this cia file is only unencrypted because it was unencrypted during the process of turning the 3ds into a cia file.
'proper' cia files made from cdn contents (not ones that are made from decrypted contents), sure, they will be encrypted.

I have been wondering, can the raw data (not yet packed into a .cia file) from the cdn be decrypted with the NCCH padgen and xor tools from the multi decryptor programs so that they can be edited and rebuilt?

 

[cearp]

I have been wondering, can the raw data (not yet packed into a .cia file) from the cdn be decrypted with the NCCH padgen and xor tools from the multi decryptor programs so that they can be edited and rebuilt?

sure, you have to first use aescbc to decrypt it, so you need to get the decrypted title key etc.
then you can use the ncch padgen