Homebrew Official [Download] Decrypt9 - Open Source Decryption Tools (WIP)

[NickValentine2k]

Exactly - we can't do what SteveIce10 does, because we have no access to AM services. Also, those .db files have not been fully figured out yet (thus we can't do any edits). It is highly unlikely the console ID is anywhere else inside the ticket.db but in the tickets themselves (why should it?). You can try to find out, though. Find a clean ticket.db first, then try to find the console ID via a hex editor.


Yup, good answer. There really is no good reason for a standard user to have a full sized NAND backup. Everything you need is there, in the min size one.

I checked my title.db today as well. It turned out, that my title.db also shows some entries including unique ids. Interestingly I never installed or requested one of those games on my 3ds, I didn't even know that nintendo has given those games away for free, however. How can I delete the ticket entries (Virtual Console + Ambassador)?

 

[MushGuy]

Hello. Maybe someone here can help me. I recently switched from rxtools to arm9loaderhax+luma. And I noticed that all of my gba game saves are gone. I made a thread about it here.

https://gbatemp.net/threads/i-just-...d-that-all-my-gba-save-files-are-gone.442513/

I tried using decrypt 9. I restored my old sysnand, dumped the gbavc save, restored my new sysnand, injected the gbavc save. But the saved still weren't there. Not sure what to do now.

If you flashed your emunand to sysnand, then sorry, all of the GBA saves that were on sysnand got deleted.

 

[Bryon15]

If you flashed your emunand to sysnand, then sorry, all of the GBA saves that were on sysnand got deleted.

Then the arm9loaderhax guide needs to specify this!

https://github.com/Plailect/Guide/wiki/Part-3-(arm9loaderhax)

I wouldn't have done it had I known.

 

[ih8ih8sn0w]

Then the arm9loaderhax guide needs to specify this!

https://github.com/Plailect/Guide/wiki/Part-3-(arm9loaderhax)

I wouldn't have done it had I known.

It probably should, but most people following the guide don't have gba roms installed to their sysnand, and those that do should have been aware of the reasons you must install it to sysnand. You can try to restore an old sysnand backup (that you know has the saves) using hourglass9, dump the saves, then restore your current nand (which is why the guide says to keep nand backups).

 

[kasai07]

@d0k3

"hid.c"

Spoiler

#include "hid.h"
#include "timer.h"
#include "i2c.h"

u32 InputWait() {
    static u64 delay = 0;
    u32 pad_state_old = HID_STATE;
    delay = (delay) ? 72 : 128;
    timer_start();
    u32 HID_Flag = 0;
    while (true) {
  
        HID_Flag = HIDFlag();
        if (HID_Flag == 0x01){return ~pad_state_old + 0x00002000;}//button power
        if (HID_Flag == 0x04){return ~pad_state_old + 0x00003000;}//button home
        if (HID_Flag == 0x10){return ~pad_state_old + 0x00005000;}//button wifi
        if (TOUCH_SCREEN == 1){return ~pad_state_old + 0x00009000;}//button touch screen
     
        u32 pad_state = HID_STATE;
        if (!(~pad_state & BUTTON_ANY)) { // no buttons pressed
            pad_state_old = pad_state;
            delay = 0;
            continue;
        }
     
        if ((pad_state == pad_state_old) &&
        (!(~pad_state & BUTTON_ARROW) ||
        (delay && (timer_msec() < delay))))
        continue;
     
        //Make sure the key is pressed
        u32 t_pressed = 0;
        for(; (t_pressed < 0x13000) && (pad_state == HID_STATE); t_pressed++);
     
        if (t_pressed >= 0x13000)return ~pad_state + 0x00001000;
    }
}

u32 HIDFlag()
{
    return i2cReadRegister(I2C_DEV_MCU, 0x10);
}

"hid.h"

Spoiler

#pragma once
#include "common.h"

#define EMMC_STATUS (*(volatile u8*)0x1000601C)
#define SD_CARD_INSERTION        (1 << 5)

#define TOUCH_SCREEN (*(volatile u32*)0x10147000)

#define FLAG_CHARGE (*(volatile u32*)0x10144000)
#define CHARGE           0xFA // no charge = 0xE2


#define HID_STATE (*(volatile u32*)0x10146000)

#define BUTTON_A         (1 << 0)      //0x00000001
#define BUTTON_B         (1 << 1)       //0x00000002
#define BUTTON_SELECT       (1 << 2)   //0x00000004
#define BUTTON_START        (1 << 3)     //0x00000008
#define BUTTON_RIGHT        (1 << 4)  //0x00000010
#define BUTTON_LEFT         (1 << 5)     //0x00000020
#define BUTTON_UP         (1 << 6)    //0x00000040
#define BUTTON_DOWN        (1 << 7)  //0x00000080
#define BUTTON_R1         (1 << 8)    //0x00000100
#define BUTTON_L1         (1 << 9)     //0x00000200
#define BUTTON_X         (1 << 10)    //0x00000400
#define BUTTON_Y         (1 << 11)    //0x00000800

#define BUTTON_POWER        (1 << 12)    //0x00001000
#define BUTTON_HOME         (1 << 13)    //0x00002000
#define BUTTON_WIFI         (1 << 14)     //0x00004000
#define BUTTON_SCREEN       (1 << 15)    //0x00008000

#define BUTTON_ANY         0x00000FFF
#define BUTTON_ARROW  (BUTTON_RIGHT|BUTTON_LEFT|BUTTON_UP|BUTTON_DOWN)

u32 InputWait();
u32 HID_Flag();

} else if (pad_state & BUTTON_POWER) {
      PowerOff();
     }

 

[Eddy119]

Hello,
I'm trying to decrypt my pokemon save on the sd card from a broken 3ds... I have the movable.sed of the broken 3ds. I tried to use the SD card decrypting option in decrypt9 on another 3dsbut it didn't work, so I injected the source movable.sed to the other 3ds but it just made another id0 folder on the SD card. I'm losing hope... can anybody please help me?

 

[nanashi723]

hi, is there a limit on encrypting keys from decryptkeys.bin ? i tried decrypting all the keys from that title key site but i encounter an error saying, too many/few entries specified: 3644 so im guessing thats too much at once for decrypt9 to encrypt?

 

[Mikemk]

1. Start the GBA game you want to dump the save
2. Start Decrypt9 and dump the save (SysNAND Option ->Miscellaneous -> GBA VC Save Dump )
3. Edit the save
4. Start the GBA game you want to inject the save (only if you have turned off the 3DS before),
and start decrypt9 WITHOUT turn off your 3DS (you can reboot the 3ds using system settings).
5. Inject the save (SysNAND Option ->Miscellaneous -> GBA VC Save Inject )
6. Start the GBA game.
7. Profit!

I cannot get D9 to inject a save. It can dump fine, and claims it's injecting, but the game never sees it.
What I'm doing:

1. Start the game
2. Hit the home button (not sure how else I can do #3
3. Go to system settings
4. Hold ↓ while closing, so D9 starts.
5. Going to SysNAND > Miscellaneous > GBA VC Inject
6. Hit ←, ↑, →, ↑, A, A
7. D9 says it injects successfully.
8. Hit start to reboot, I go to the home menu with system settings selected.
9. Go to the GBA game and start it.
10. Nothing's changed.

 

[RealityNinja]

I cannot get D9 to inject a save. It can dump fine, and claims it's injecting, but the game never sees it.
What I'm doing:

1. Start the game
2. Hit the home button (not sure how else I can do #3
3. Go to system settings
4. Hold ↓ while closing, so D9 starts.
5. Going to SysNAND > Miscellaneous > GBA VC Inject
6. Hit ←, ↑, →, ↑, A, A
7. D9 says it injects successfully.
8. Hit start to reboot, I go to the home menu with system settings selected.
9. Go to the GBA game and start it.
10. Nothing's changed.

What's the game? What's the save file? (is it 32KB?).

There are incompatibilities with some games... So maybe you can't inject the save file...

 

[Mikemk]

What's the game? What's the save file? (is it 32KB?).
For the step 1, you can directly
Start the GBA game you want to dump the save, then press the home button, and start decrypt9 with a9lh (so the ↓ button for you).


There are incompatibilities with some games... So maybe you can't inject the save file...

Zelda Minish Cap, 8k

 

[RealityNinja]

Zelda Minish Cap, 8k

That's weird. It.... it doesn't work with me?!
I can't inject the save either....

 

[d0k3]

For everyone who hasn't seen it, we've got a new D9 release. This is new:

• New SD content ->CIA converter - you can now convert installed content back to CIA!
• POWER (poweroff) and HOME button (reboot) are now functional
• Introduced color to console / menu in some places
• On 3DS cart dumping, the CARD2 save area is now wiped
• New choosable (during build) font, thanks to @Ennea

To get the new font, you need to compile with FONT=GB. For convenience, this release also contains precompiled fonts with the new font and the original font.

 

[Inochi.no.Zenmai]

I tried the new installed content to CIA with two demos I had installed, but I'm being greeted with these errors when I try to install them in another console. I can install others CIAs normally.

 

[cvskid]

Where is the directory that has the converted content to a .cia file? I converted something but i have no idea where it is.

 

[ihaveahax]

Where is the directory that has the converted content to a .cia file? I converted something but i have no idea where it is.

the "game" directory. usually /D9Game or /files9/D9Game if you have one of these.

 

[cvskid]

the "game" directory. usually /D9Game or /files9/D9Game if you have one of these.

Found it, thank you for the help.

 

[DocKlokMan]

For everyone who hasn't seen it, we've got a new D9 release. This is new:

• New SD content ->CIA converter - you can now convert installed content back to CIA!
• POWER (poweroff) and HOME button (reboot) are now functional
• Introduced color to console / menu in some places
• On 3DS cart dumping, the CARD2 save area is now wiped
• New choosable (during build) font, thanks to @Ennea

To get the new font, you need to compile with FONT=GB. For convenience, this release also contains precompiled fonts with the new font and the original font.

How does the ticket get made? Does it include the ticket already on your system, does it generate its own ticket and if made from an eShop purchase is there any identifying information in the ticket?

EDIT: Never mind, read the source and see it only pull the title ID and Key and does use the tickets in your system. So this should make good CIA's similar to FunKeyCIA or CDN-FX.

 

[ihaveahax]

How does the ticket get made? Does it include the ticket already on your system, does it generate its own ticket and if made from an eShop purchase is there any identifying information in the ticket?

it finds it in ticket.db. which isn't 100% reliable, since multiple tickets can exist in the file, despite only one being active. we don't really know enough about the ticket.db format to find the active one.

 

[DocKlokMan]

This is great, I have a couple games I've modded and then lost the CIA for. This will save me a ton of time not having to mod them all over again.

 

[d0k3]

I tried the new installed content to CIA with two demos I had installed, but I'm being greeted with these errors when I try to install them in another console. I can install others CIAs normally.

Okay. I noticed both of them are demos. Also tried it with non demos? Also, is there any chance you had the full titles installed for these demos in the meantime? Or maybe even did some modifications to the files?

EDIT: Oh. Well, the problem here is, you got that stuff from eShop. This feature creates legit CIAs, which can be installed without CFW (from HBL, f.e.). Problem here is: These CIAs contain your console unique ID, meaning, they can only be installed back to the console they came from.

If I removed that limitation, the generated CIAs wouldn't be legit anymore. Most of your installed CIAs are not legit anyways, though (came from *cough* other sources), so I'll need to think about this problem.

EDIT2: Long story short, try this build to transfer stuff between consoles. Let me know if it works for you:
https://transfer.sh/Tr7ik/decrypt9wip-20161015-174153.zip