Hacking [Release][v.1.5.1] Sky Army Knife - a Sky3DS Template Tool

[SomecallmeBerto]

Yeah I would love too, but I'm on 9.5 so
There was a user on that giant ban thread, I belive it was WulfyStylez, he figured out a way to dump those informations and promised a tutorial after explaining it breafly but should I say... not noob friendly enough xd

Or maybe I'm missing something?

Ah I see well hopefully GW comes out with something soon for you then. As for WulfyStylez I wonder what he was talking about. It would be cool to see what he comes up with.

 

[Foxi4]

I have a question...
What technically is the zero-fill? What will happen if I Zero-fill a game that uses online, like Pokemon for example? I would be "safe" from playing on public headers yet won't be able to go online right? Or would it give me an error and require a ID?

You can Zero-fill a UniqueID and the game will boot, but you won't have access to any online features - it's a quick solution for offline games, but it's not recommended for obvious reasons.

But overall, fantastic work Foxi4. Ah ci polacy, taki zdolny naród xD
Now the only thing we sky3ds users meed is a way to somehow dump the IDs from our legit cards.

Dzięki.

 

[hackotedelaplaqu]

Nice Foxi4 but ...you just code again Falo's template maker.
Very sexy GUI still. Thanks.

 

[Foxi4]

Nice Foxi4 but ...you just code again Falo's template maker.
Very sexy GUI still. Thanks.

I asked Falo if I can use his source and expand on it and he agreed, there's a number of changes and the whole thing was ported from C# to C++, it's not just a GUI. He is mentioned in the acknowledgements, his code was a great base and it saved me a lot of time I'd otherwise spend on reinventing the wheel.

 

[hackotedelaplaqu]

I asked Falo if I can use his source and expand on it and he agreed, there's a number of changes and the whole thing was ported from C# to C++, it's not just a GUI. He is mentioned in the acknowledgements, his code was a great base and it saved me a lot of time I'd otherwise spend on reinventing the wheel.

Sorry, I'm bad english spoker. I did not mean you just made a GUI. I know you hard coded all the crc stuff. I was just saying your UI is clean and convenient.

Talking about template, do you know why in very few situations, you need to play with the chip maker (2nd byte) to play online ? With the same rom and different private headers, sometime you have to change manufacturer ID. Strange, isn't it ?

 

[mary1517]

Here is the "solution" I was talking about, maybe it will come in use for testing in this app as well. Al credit goes to WulfyStylez,
and the original post can be found here: http://gbatemp.net/threads/rom-headers-question.381164/page-2#post-5335271

I'm too busy with some other RE to type up a full guide at the moment, but the gist is:
1) Use a public header on your rom of the game you own. Note the cartridge (unique) ID of that rom. (0x1240, 16 bytes, or 0x40 in sky3ds template)
2) Start the backup of that game up, try to connect to its online functions, then hit home as it's trying to connect and dump memory.

3) Do that again, but with your real cart.
4) Find your unique ID from your public header in your dump from that. Flip byte order if you can't find it.
5) Search for the same region in your genuine dump. Do this by either jumping to the same address in your first dump (unlikely) or searching for data that was close to your ID in the first dump (do this).
6) When you've found your legit unique ID, add it to your template with sky template maker (or manually if you hate yourself)
EDIT: Oh and here's the dumper I use for my 9.x hax, use it if you don't have your own already.

 

[Foxi4]

Sorry, I'm bad english spoker. I did not mean you just made a GUI. I know you hard coded all the crc stuff. I was just saying your UI is clean and convenient.

Talking about template, do you know why in very few situations, you need to play with the chip maker (2nd byte) to play online ? With the same rom and different private headers, sometime you have to change manufacturer ID. Strange, isn't it ?

I have absolutely no idea how the NN protocol works, I'm not a reverse engineerer, just a really amateur coder. No offense taken, I just like to give credit where credit is due and chances are that without Falo's code this would have taken me much longer to make, if it would exist at all - a lot of it is copy-pasted code with adjustments for C++ and hole-patching.

Here is the "solution" I was talking about, maybe it will come in use for testing in this app as well. Al credit goes to WulfyStylez,
and the original post can be found here: http://gbatemp.net/threads/rom-headers-question.381164/page-2#post-5335271

Sounds a lot like playing with fire, your timing would have to be pretty impecable.

 

[duke_srg]

Foxi4 Macronix EEPROM ID looks like not working. BTW, the third byte in EEPROM ID is density
10 - 512Kb/64KB
11 - 1Mb/128KB
12 - 2 Mb/256KB
13 - 4Mb/512KB
14 - 8Mb/1MB
and so on.
So it should be MX25L1001 for 128KB and MX25L4001 for 512KB save. I've never met 256Kb save EEPROM, neither Sky templates have C22212 chip ID. But I dumped with the dongle several titles EEPROM having 1 Mb (at least New Art Academy, RE: Revelations, Castelvania, Batman Black Gate, Mario & Luigi: Dream Team, Rabbids Rumble, Zelda: A Link Between Worlds) and I have no idea what should be the real EEPROM ID for that titles.
All of the above is true for Sharp EEPROM, i.e. at least 622611 and 622613 exists for 128/512KB flash size.
Several Sky templates have wrong density in card ID comparing with thr original eeprom dump, that maybe can affect save transfer from retail cards as well as EEPROM manufacturer (not sure about that, need to check, just get several saves corrupted while transferring from the retail to the sky, while others are working. That is not the encryption issue, because different SDK titles was successfully tested to transfer saves.)

 

[Cetara360]

It would be possible to create NDS rom model to Play without 3ds by sky3ds ? ex .: Pokemon Black 2

 

[Foxi4]

Foxi4 Macronix EEPROM ID looks like not working. BTW, the third byte in EEPROM ID is density
10 - 512Kb/64KB
11 - 1Mb/128KB
12 - 2 Mb/256KB
13 - 4Mb/512KB
14 - 8Mb/1MB
and so on.
So it should be MX25L1001 for 128KB and MX25L4001 for 512KB save. I've never met 256Kb save EEPROM, neither Sky templates have C22212 chip ID. But I dumped with the dongle several titles EEPROM having 1 Mb (at least New Art Academy, RE: Revelations, Castelvania, Batman Black Gate, Mario & Luigi: Dream Team, Rabbids Rumble, Zelda: A Link Between Worlds) and I have no idea what should be the real EEPROM ID for that titles.
All of the above is true for Sharp EEPROM, i.e. at least 622611 and 622613 exists for 128/512KB flash size.
Several Sky templates have wrong density in card ID comparing with thr original eeprom dump, that maybe can affect save transfer from retail cards as well as EEPROM manufacturer (not sure about that, need to check, just get several saves corrupted while transferring from the retail to the sky, while others are working. That is not the encryption issue, because different SDK titles was successfully tested to transfer saves.)

Thank you, I couldn't find much info on the EEPROM ID so I went with what I found in templates, what you're saying makes total sense. I'll update the values and release an update as soon as I can, big props!

It would be possible to create NDS rom model to Play without 3ds by sky3ds ? ex .: Pokemon Black 2

Impossible, the cart interface is completely different.

 

[Fire_Slasher]

Great starting point! Thanks Foxi4 you rock brotha!

 

[delt31]

can we use this to now play eshop games like shovel knight?

 

[gamesquest1]

can we use this to now play eshop games like shovel knight?

no, sky3ds will only ever play legitimate retail card dumps*, its not a issue with templates, but the fact that the card only emulates a retail card, so if the game wasn't released on a cart, there is no way to run it on sky3ds

(*unless the sky3ds team, or someone else develops a hack that disables signature checks like gateway does, but it would still only work on exploitable systems in the exact same fashion as gateway, but that really doesn't seem to be sky3ds's target audience, they would prefer to get all sales for 9.3-9.5 users rather than fight over 1.x-9.2 with gateway)

 

[delt31]

damn - I want to buy shovel knight but can't get on eshop to purchase b/c that would make me update right? Nothing I'm missing here right (and again, no problem paying the money to buy it).

 

[gamesquest1]

damn - I want to buy shovel knight but can't get on eshop to purchase b/c that would make me update right? Nothing I'm missing here right (and again, no problem paying the money to buy it).

what system are you using, 3DS/3DS X/2DS/n3DS?

if you have a 3ds/XL you could downgrade and use the MT launcher to run 9.5 emunand.....but its a bit buggy, but if you make a nand dump you should be able to play shovel knight, and once you finish playing it restore your newer nand backup,

also if your using sky3ds and have no intention of buying a gateway at any point you could just update to 9.5, sky3ds will still work on it and you will have eshop access to buy it

 

[Bloodangel]

So with this, it creates private headers/templates for roms, so that we can safely play them online?

does it have to be created for each individual rom? Once injected into rom and written to sky3ds.. We just do the next rom?
what if at a later date, that rom was removed to make space to play another rom, will the save game be compatible with the removed rom, if we ever put this rom back on to continue playing.... After we have created another private header to get this rom back on? If you know what I mean

 

[Bloodangel]

I have legit game carts... But I have a n3ds xl 9.5 and a sky3ds .... So can't grab myself my own private header from one of my 4gb carts

 

[Bloodangel]

Quite often, you mention consulting the "sky3ds template file entry" .... What you mean by this?

 

[Sixul]

Will this work with modded roms? im trying to get other roms to work with powersaver pro and so far no luck

 

[delt31]

what system are you using, 3DS/3DS X/2DS/n3DS?

if you have a 3ds/XL you could downgrade and use the MT launcher to run 9.5 emunand.....but its a bit buggy, but if you make a nand dump you should be able to play shovel knight, and once you finish playing it restore your newer nand backup,

also if your using sky3ds and have no intention of buying a gateway at any point you could just update to 9.5, sky3ds will still work on it and you will have eshop access to buy it

using the new 3ds so prob out of luck.