ROM Hack [Tutorial] How to Decrypt, Extract & Rebuild a CIA

[Asia81]

PLEASE FORGOT THIS THREAD.
I WILL ASK FOR A LOCK.
IF YOU'RE SEARCHING ON HOW TO EXTRACT A CIA FILE,
THEN GO HERE, I MERGED THE TUTORIAL THERE:
https://gbatemp.net/threads/383055/

THANKS!

 

[medoli900]

If I follow your tutorial, you need a 4.5 FW, since it uses the DS profile hack. I tried booting your launcher.dat by the roploader website, but it failed.

 

[soneek]

Glad you're doing a tutorial! I'm finished within exams and every on Friday, so I'll help out with the rebuilding part by then if necessary.

 

[Asia81]

Glad you're doing a tutorial! I'm finished within exams and every on Friday, so I'll help out with the rebuilding part by then if necessary.

Thanks, i need again some help :')

 

[BryanPereza]

And if you want to rebuild the cia again? Did I missed something? Sorry for bothering and thanks for taking the time to make this possible

 

[Asia81]

And if you want to rebuild the cia again? Did I missed something? Sorry for bothering and thanks for taking the time to make this possible

You are speaking about what ?

 

[soneek]

And if you want to rebuild the cia again? Did I missed something? Sorry for bothering and thanks for taking the time to make this possible

The rebuilding part should be coming soon.

 

[cearp]

I can make a python tool to extract the contents from a CIA file if you want, so you do not need to install it...
but, you will have to generate the decrypted title key, on the 3ds, to decrypt it

 

[Asia81]

I can make a python tool to extract the contents from a CIA file if you want, so you do not need to install it...
but, you will have to generate the decrypted title key, on the 3ds, to decrypt it

But the cia need always to be decrypted, right ?
I can't see what your python script can do.

 

[cearp]

But the cia need always to be decrypted, right ?
I can't see what your python script can do.

the CIA file contain the contents.
you install the CIA because you want to access the contents.

if you want to decrypt a 2gb CIA, you will have to install it. it is very slow.
but, you can use the contents from the CIA without installing it.
but you will need to decrypt them.
when you install a CIA, the contents become decrypted (partially)

if you generate the title key (option 3 in ctr decryptor multi tool) - you can decrypt the contents without having to install the CIA


-- if you get the movable.sed file from nand, and put it on the sd card root, it does not matter if the nand is linked/unlinked, etc

 

[liomajor]

Depending on the content you have decrypted, it's not a must to have romfs or exefs inside DLC or Updates.

As example Shin Megami Tensei Record Breaker's DLC has multiple .app files, the first is only exheader and romfs,
the others only romfs with a txt file (same name, different content). Update 1.1 stores all Details in code.bin.

 

[Asia81]

the CIA file contain the contents.
you install the CIA because you want to access the contents.

if you want to decrypt a 2gb CIA, you will have to install it. it is very slow.
but, you can use the contents from the CIA without installing it.
but you will need to decrypt them.
when you install a CIA, the contents become decrypted (partially)

if you generate the title key (option 3 in ctr decryptor multi tool) - you can decrypt the contents without having to install the CIA


-- if you get the movable.sed file from nand, and put it on the sd card root, it does not matter if the nand is linked/unlinked, etc

Oh nice, thanks if you can do it

 

[soneek]

the CIA file contain the contents.
you install the CIA because you want to access the contents.

if you want to decrypt a 2gb CIA, you will have to install it. it is very slow.
but, you can use the contents from the CIA without installing it.
but you will need to decrypt them.
when you install a CIA, the contents become decrypted (partially)

if you generate the title key (option 3 in ctr decryptor multi tool) - you can decrypt the contents without having to install the CIA


-- if you get the movable.sed file from nand, and put it on the sd card root, it does not matter if the nand is linked/unlinked, etc

That would be cool. This method is still good though for any updates we install ourselves via the eShop.

I'm guessing the method would be similar to Wii U stuff? Decrypt the title key, then AES-128-CBC decrypt the CIA partitions with that decrypted key?

 

[Asia81]

soneek

I added you if you want edit the first post for try to make the rebuild part or other

 

[liomajor]

Example to extract CIA without installing:

ctrtool -x -t cia <name of your cia> --contents=<name of content> --meta=<name of meta(same as content> --tmd=<name of tmd file> --tik=<name of tik file> --certs=<name of cert file>

For Games:

#0000 = Similar to .3ds with different Header
#0001 = Manual.cfa
#0002 = DLP.cfa

ctrtool -p --exheader="exheaderEncrypted.bin" --romfs="romfsEncrypted.bin" --exefs="exefsEncrypted.bin" --logo="logo.bin" "<name of #0000>"

What is left, is to fetch the xorpad for #0000 to decrypt the files.

 

[cearp]

Example to extract CIA without installing:

ctrtool -x -t cia <name of your cia> --contents=<name of content> --meta=<name of meta(same as content> --tmd=<name of tmd file> --tik=<name of tik file> --certs=<name of cert file>

oh cool, i don't need to make that tool now! thanks

 

[liomajor]

oh cool, i don't need to make that tool now! thanks

Yes, it didn't need titlekey to get the encrypted files. Would be nice if there is a way without xorpads ^^

 

[cearp]

Yes, it didn't need titlekey to get the encrypted files. Would be nice if there is a way without xorpads ^^

yes sure, we don't need the title key to extract the cia, but if you want to decrypt the contents, then we need the title key.
for most people, having the encrypted contents is not very important

like powersaves allegedly has an online 3ds farm to decrypt saves (funny but i guess true) - imagine a website connected to a 3ds where you type in the title key and it decrypts it for you...
it would not be impossible with homebrew... correct.

a 3ds that is always plugged in, and connected to wifi. running a homebrew that connects and replies to a server to get the latest title key to encrypt, first in first out.
do i sense a personal summer project coming? (maybe, maybe not)

 

[liomajor]

but if you want to decrypt the contents, then we need the title key.

How to decrypt with titlekey?

 

[cearp]

How to decrypt with titlekey?

aescbc.
but that gets removes the 'eshop encryption'.
then there is the sd card encryption... which we still need xorpads for lol.
so, yeah maybe not much of a project if it only saves 1 boot cycle, 1 sd card eject, etc