Homebrew My Secret World DS: is there a way to bypass the password lock?

yokaiwhat · Jun 2, 2026

hi

I'm new here, and tired, so I'm sorry if I've messed something up!
I recently bought a copy of My Secret World for the DS from a second hand store. It's a diary game aimed at tween girls, I enjoyed the idea of using this random game as my actual journal so I bought it. When I opened it on my 3DS, there was an existing save file (last opened 26 December 2013), but I couldn't access it because I didn't know the 4 digit PIN or the security question. I tried a bunch of super common PINs (like 0000, 1234, 9876 etc) but no luck.

I erased the file (my new diary is going strong, it's actually a fun little game), but before I did I saved a backup with Checkpoint of the original save. I'm curious if there's a way of getting around that lock, without just straight up brute forcing? Is there anything I could use to look into this more? Honestly I'm most interested in the process (if it can be done) than the actual diary.

The Real Jdbye · Jun 2, 2026

yokaiwhat said:
hi I'm new here, and tired, so I'm sorry if I've messed something up!
I recently bought a copy of My Secret World for the DS from a second hand store. It's a diary game aimed at tween girls, I enjoyed the idea of using this random game as my actual journal so I bought it. When I opened it on my 3DS, there was an existing save file (last opened 26 December 2013), but I couldn't access it because I didn't know the 4 digit PIN or the security question. I tried a bunch of super common PINs (like 0000, 1234, 9876 etc) but no luck.

I erased the file (my new diary is going strong, it's actually a fun little game), but before I did I saved a backup with Checkpoint of the original save. I'm curious if there's a way of getting around that lock, without just straight up brute forcing? Is there anything I could use to look into this more? Honestly I'm most interested in the process (if it can be done) than the actual diary.

It's probably stored as plaintext in the save file. Make a backup of a save file with a known pin code, and look at the save file in a hex editor and ctrl+f for your pin (try it both as decimal, and as a string), once you know the offset, look at the same offset in the original save.

zxr750j · Jun 2, 2026

You could create 2 or 3 (as identical as possible) saves with to different pins and compare the saves to locate the offset.
But I think brute forcing it on an emulator with a python script could be a nice little project.

SylverReZ · Jun 2, 2026

0x368 or 0x768 offsets in the save file has the recovery answer if you cannot unlock with the PIN, it's in plain-text. For all I know, the PIN could be crypted which requires looking through a debugger.

yokaiwhat · Jun 2, 2026

thank you so much everyone! I did it, the PIN wasn't visible from what I could find but the answer to the security question was in plaintext: "banana split". shoutout to Alicia, who would now be 27 :wtf:

hope you're doing well out there and that Annie could come to your sleepover in the end

I still haven't figured out the code, that might be a project for another day.

jonhon · Jun 3, 2026

Can you upload the save?

KleinesSinchen · 2026-06-11T14:33:56+0100

Already posted a mini-rant in my profile… but this is not enough. It belongs right into this thread. I just had to wait for things to arrive.

If “security” applies only to the user interface but is not enforced cryptographically, the system must be considered fully compromised.
Please don't say that it’s just a toy after all. I would counter that a diary can be something very personal. The target audience might lack background knowledge to recognize the difference between a UI lock and secure encryption. A PIN of 4-digits is never enough though.
This thread shows once again the reason why you should always overwrite unencrypted storage media before selling them. There are horror stories from used HDDs or computers received via eBay containing masses of personal information.

My Secret World DS is an exceptionally dangerous application! Not only that is stores potentially intimate content under the premise of being "Secret" in plain text, it also supported sharing texts with friends over WFC and voice chat according to the manual.
Such things targeting minors are probably illegal nowadays (of course not when this was published).

I've ordered a legitimate, used copy via eBay and what I got was a DS game cart containing a 64KB save chip with some highly private texts and a full name and birthday. Data that might be still usable for breaking into real life online accounts (I've seen password reset functions on e-mail that solely asked for some personal information)
====

Since there are more "Diary" applications for DS I ordered a second one: Winx Club Secret Diary 2009 to see if the privacy problem is present as well. At first glance it performs better than the other app because it allows setting a real password instead of a 4-digit PIN (which is in range of manual bruteforce). Alas, in reality it performs even worse! According to the manual there is an official backdoor left in. Just give the wrong password a few times… then pressing (Select)+(L)+(R) allows resetting the (clear text saved) password.
This means one can't even argue that the DS had been intended to be a closed platform with no way to access data on low level like GodMode9 allows us.

Yes the second DS game also has personal texts left on it.
No, I will certainly not upload such data because it is a gross privacy violation. I will delete both flash chips.
=====

The idea of having a secret diary on DS isn't even bad. A little computer would allow for actual security opposed to classic real diaries. The difference is that anybody will acknowledge the openness of a paper book. Even a little kid will know their paper book is in no way private if anybody gets it. Providing any false sense of security when handling potentially intimate data is inexcusable.
If only I was able to develop… a 3DS homebrew app doing things right (at least attempting to… crypto is hard).

Homebrew My Secret World DS: is there a way to bypass the password lock?

New Member

Le derg

Longtime member

Well-Known Member

New Member

Well-Known Member

GBAtemp's Backup Reminder + Fearless Testing Sina

Similar threads

Popular threads in this forum