So, I was able to edit items in MH4U messing with the Gateway 512KB .sav but I got good news and bad news about it.
First of all what I did.
I'm not a programmer or an hacker and I don't use any advanced tool or tech, it was just Ultraedit and Ultracompare.
Since I saw MH4U can't be cheated with the browser trick, I couldn't resist going for the savegame and trying to understand.
I spent some hours this night by looking and comparing the gateway save games, I compared MH4U savegame with 1 save slot and 2 save slot used, or with little items or money change, or without change nothing but just saving more than once and I did even compare just the empty formatted savegame with other 6.x empty formatted savegames and compared them all too.
Doing so I was able to have a nice geography on how the savegame are being made.
First of all they are sequential, it's like 3DS count how many time you overwrite that savegame, and every time the encryption change.
Second of all by comparing the identical part of different games empty formatted saves with the actual MH4U save game I understand were you can edit stuff, and the fixed things you don't have to touch.
Basically, the actual game savegame data starts at 00002000h after the second wave of FF FF FF FF, everything before it's pretty similar on all the other saves and different games with a lot of fixed and/or sequential hex, so you don't mess around with those or the game will reboot the 3DS in home, or will say that the savegame is corrupted and need to be reformatted to be used.
Now, since my MH4U savegame is at almost 500hours and I'm full of stuff, I just backed up the save and sold almost everything, dismissed all the palicoes, so I just ended up with 9999999 zenny, 4 talismans (my best one), one equipped set, and just few things in the item box (10 of each abrasive, 10 of each armor sphere, and 10 wyvern honing gems normal and L) so I can actually see if I changed something.
Now for the good news, after few testing the first thing that actually did something was changing 2b80h from 69 to 79, but the results were pretty ugly, just by changing that, I ended up in my item box with 2 new more items at 13 and 8 (earth crystal and another one) and some of my items changed from 10 to 11 or from 10 to 3, and one of my abrasives from 10 to 18.
Making this even more weird is that if I revert all and try to change that single string from 69 to 89, the results with the items are identical!
Another single hex change that did something (I don't remember the address, but always around the 00002bXXh range) was just deleting all my unregistered quests.
So it's not only that you can't change one string to change one things in the game, it's just like messing with one string, and the game sorta recalculate and re decrpyt and encrypt the savegame.
So bottom line is that decryption seems the only way to make the savegames editable properly.
I also don't know if that layer of encryption is made by the actual 3DS or by Gateway, but I didn't have time to check the proper 3ds user savegames too to compare them.
I'll probably test other things but before going on I thought I could share those, maybe somebody will find them useful maybe not, and maybe somebody who knows a lot more than me will might tell me I'm just wasting time or will point me in the right direction as how to use my time to test things more properly.
P.S.: Another inherent thing I was thinking is if somebody with a Powersave can use a packet sniffer like Fiddler when they use it to see what's going on, but as I heard how Powersave works I'm pretty sure that all the decryption-encryption happens on their server after you upload your save, so you won't actually see nothing.
First of all what I did.
I'm not a programmer or an hacker and I don't use any advanced tool or tech, it was just Ultraedit and Ultracompare.
Since I saw MH4U can't be cheated with the browser trick, I couldn't resist going for the savegame and trying to understand.
I spent some hours this night by looking and comparing the gateway save games, I compared MH4U savegame with 1 save slot and 2 save slot used, or with little items or money change, or without change nothing but just saving more than once and I did even compare just the empty formatted savegame with other 6.x empty formatted savegames and compared them all too.
Doing so I was able to have a nice geography on how the savegame are being made.
First of all they are sequential, it's like 3DS count how many time you overwrite that savegame, and every time the encryption change.
Second of all by comparing the identical part of different games empty formatted saves with the actual MH4U save game I understand were you can edit stuff, and the fixed things you don't have to touch.
Basically, the actual game savegame data starts at 00002000h after the second wave of FF FF FF FF, everything before it's pretty similar on all the other saves and different games with a lot of fixed and/or sequential hex, so you don't mess around with those or the game will reboot the 3DS in home, or will say that the savegame is corrupted and need to be reformatted to be used.
Now, since my MH4U savegame is at almost 500hours and I'm full of stuff, I just backed up the save and sold almost everything, dismissed all the palicoes, so I just ended up with 9999999 zenny, 4 talismans (my best one), one equipped set, and just few things in the item box (10 of each abrasive, 10 of each armor sphere, and 10 wyvern honing gems normal and L) so I can actually see if I changed something.
Now for the good news, after few testing the first thing that actually did something was changing 2b80h from 69 to 79, but the results were pretty ugly, just by changing that, I ended up in my item box with 2 new more items at 13 and 8 (earth crystal and another one) and some of my items changed from 10 to 11 or from 10 to 3, and one of my abrasives from 10 to 18.
Making this even more weird is that if I revert all and try to change that single string from 69 to 89, the results with the items are identical!
Another single hex change that did something (I don't remember the address, but always around the 00002bXXh range) was just deleting all my unregistered quests.
So it's not only that you can't change one string to change one things in the game, it's just like messing with one string, and the game sorta recalculate and re decrpyt and encrypt the savegame.
So bottom line is that decryption seems the only way to make the savegames editable properly.
I also don't know if that layer of encryption is made by the actual 3DS or by Gateway, but I didn't have time to check the proper 3ds user savegames too to compare them.
I'll probably test other things but before going on I thought I could share those, maybe somebody will find them useful maybe not, and maybe somebody who knows a lot more than me will might tell me I'm just wasting time or will point me in the right direction as how to use my time to test things more properly.
P.S.: Another inherent thing I was thinking is if somebody with a Powersave can use a packet sniffer like Fiddler when they use it to see what's going on, but as I heard how Powersave works I'm pretty sure that all the decryption-encryption happens on their server after you upload your save, so you won't actually see nothing.
