ROM Hack Is there any tutorial on how to Cryptofix a 3DS rom/cia and a game update?

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States
Been curious on how the process goes to cryptofix a game/game update, as I want to personally try it out as I currently own a N3DS and newer games need to be cryptofixed.

I know that I could technically wait till someone else creates one, but on the off chance that someone doesn't, I would like to know the process on how to cryptofix either the game itself or an update for the game.

I primarily want to know how to do it for .3ds files dumped from the physical cart and not from the eshop.

Any able to help/know what to do?
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
3
Age
33
XP
8,253
Country
United States
Been curious on how the process goes to cryptofix a game/game update, as I want to personally try it out as I currently own a N3DS and newer games need to be cryptofixed.

I know that I could technically wait till someone else creates one, but on the off chance that someone doesn't, I would like to know the process on how to cryptofix either the game itself or an update for the game.

I primarily want to know how to do it for .3ds files dumped from the physical cart and not from the eshop.

Any able to help/know what to do?

You will never need to cryptofix ROMs dumped from cart because no cartridge can ever use SeedDB because that's not how that works.
 

hippy dave

BBMB
Member
Joined
Apr 30, 2012
Messages
9,789
Trophies
2
XP
28,227
Country
United Kingdom
True. Also you would need a hardmod. There's some descriptions of the process in the Binding of Isaac thread in the cfw forum, don't know how thorough they are.
 

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States
You will never need to cryptofix ROMs dumped from cart because no cartridge can ever use SeedDB because that's not how that works.
Oh okay, so cryptofix only works for eshop versions? So if for some odd reason a game only has a cart and no eshop version you're screwed on cryptofixing it correct?
Also just wanted to know the process of cryptofixing in general for games.
How would you go about cryptofixing game updates though?

True. Also you would need a hardmod. There's some descriptions of the process in the Binding of Isaac thread in the cfw forum, don't know how thorough they are.
Is there any link to when the post actually starts talking about cryptofixing? Currently at work and unable look through the thread.
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
3
Age
33
XP
8,253
Country
United States
Oh okay, so cryptofix only works for eshop versions? So if for some odd reason a game only has a cart and no eshop version you're screwed on cryptofixing it correct?
Also just wanted to know the process of cryptofixing in general for games.
How would you go about cryptofixing game updates though?

Cryptofixing "only works" for eShop titles because physical cartridges will NEVER need to be cryptofixed because that's not how SEEDDB works, at all.

Updates will never need to be cryptofixed either -- or at least, no currently released update on the eShop uses seed crypto...and I have a complete list of all titles and their seeds.

Cartridges and updates may need their exheaders spoofed to play on lower firmware versions than intended, but that's completely different.
 
  • Like
Reactions: 2manyGames2play

Xenon Hacks

Well-Known Member
Member
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
Cryptofixing "only works" for eShop titles because physical cartridges will NEVER need to be cryptofixed because that's not how SEEDDB works, at all.

Updates will never need to be cryptofixed either -- or at least, no currently released update on the eShop uses seed crypto...and I have a complete list of all titles and their seeds.

Cartridges and updates may need their exheaders spoofed to play on lower firmware versions than intended, but that's completely different.
Wow I rarely see you post anymore, are you working on anything pokemon related?
 

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States
Cryptofixing "only works" for eShop titles because physical cartridges will NEVER need to be cryptofixed because that's not how SEEDDB works, at all.

Updates will never need to be cryptofixed either -- or at least, no currently released update on the eShop uses seed crypto...and I have a complete list of all titles and their seeds.

Cartridges and updates may need their exheaders spoofed to play on lower firmware versions than intended, but that's completely different.
How do you spoof exheaders then?
 

Mr. Prince

Well-Known Member
Member
Joined
Oct 29, 2011
Messages
537
Trophies
0
Location
All Blue
XP
245
Country
Saudi Arabia
Cryptofixing "only works" for eShop titles because physical cartridges will NEVER need to be cryptofixed because that's not how SEEDDB works, at all.

Updates will never need to be cryptofixed either -- or at least, no currently released update on the eShop uses seed crypto...and I have a complete list of all titles and their seeds.

Cartridges and updates may need their exheaders spoofed to play on lower firmware versions than intended, but that's completely different.

Fire Emblem IF update 1.1 requires cryptofixing.
 

RainThunder

Well-Known Member
Member
Joined
Jun 22, 2012
Messages
212
Trophies
0
Location
Hanoi
XP
351
Country
So is there any guide on how to spoof games and their updates? :v
Asia81's tutorial is a good start. According to my experience in creating a firmware spoofed version of Fire Emblem If update, you only need to edit a few bytes (@0x39C and @0x79C) in exheader to make the update works on lower firmware.
 

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States
Last edited by Xanek,

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
3
Age
33
XP
8,253
Country
United States
Asia81's tutorial is a good start. According to my experience in creating a firmware spoofed version of Fire Emblem If update, you only need to edit a few bytes (@0x39C and @0x79C) in exheader to make the update works on lower firmware.

Editing 0x39c and 0x79c to "21 02" is how you do it, yeah (0x221 in little endian)

Also OR 0xD with 0x2 if it's an sd title.
 

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States
I'm looking through a few of the threads that Asia81 created, I don't see where it says to edit bytes, which thread are you looking at @RainThunder ?

Also how would you know what bytes to alter? Is it kind of trial and error until it eventually works? Or is there like a range that they are usually in so it's not as hard?

And would the bytes be different each update?
 
Last edited by Xanek,

RainThunder

Well-Known Member
Member
Joined
Jun 22, 2012
Messages
212
Trophies
0
Location
Hanoi
XP
351
Country
I'm looking through a few of the threads that Asia81 created, I don't see where it says to edit bytes, which thread are you looking at @RainThunder ?

Also how would you know what bytes to alter? Is it kind of trial and error until it eventually works? Or is there like a range that they are usually in so it's not as hard?

And would the bytes be different each update?
Look at SciresM's post above. You have to open the exheader.bin with an hex editor, go to 0x39C offset, then change two bytes to "21 02", then do the same for 0x79C offset. They should be at the same offset in each update.

Asia81's tutorial doesn't cover firmware spoofing.
 

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States
Look at SciresM's post above. You have to open the exheader.bin with an hex editor, go to 0x39C offset, then change two bytes to "21 02", then do the same for 0x79C offset. They should be at the same offset in each update.

Asia81's tutorial doesn't cover firmware spoofing.
But was that the right tutorial?
How would rebuilding work, since the files they have for rebuilding are for Pokemon only correct?
 
Last edited by Xanek,

Xanek

Well-Known Member
OP
Member
Joined
Jul 3, 2015
Messages
170
Trophies
0
Age
31
XP
81
Country
United States

RainThunder

Well-Known Member
Member
Joined
Jun 22, 2012
Messages
212
Trophies
0
Location
Hanoi
XP
351
Country
How would rebuilding work, as the link in that tutorial has files that are meant for that pokemon game is it not?
Just use makerom. Here are the commands I used for rebuild FE: If 1.1 (in Windows)
Code:
makerom -f cxi -target t -rsf RSF.rsf -o update.cxi -exheader exheader_fix.bin -code ExeFS\code.bin -romfs RomFS.bin -icon ExeFS\icon.bin -alignwr
ExInjector.exe -rom update.cxi -exheader exheader_fix.bin -sd
makerom -f cia -target t -content update.cxi:0:0 -minor 2 -micro 0 -o update.cia

RSF file (it's a text file, just copy and paste it to any text editor):
Code:
BasicInfo:
  Title                   : Iron15
  CompanyCode             : 00
  ProductCode             : CTR-U-BFZJ
  ContentType             : Application # Application / SystemUpdate / Manual / Child / Trial
  Logo                    : Nintendo # Nintendo / Licensed / Distributed / iQue / iQueForSystem

TitleInfo:
  UniqueId                : 0x012de
  Category                : Patch # Application / SystemApplication / Applet / Firmware / Base / DlpChild / Demo / Contents / SystemContents / SharedContents / AddOnContents / Patch / AutoUpdateContents

Option:
  UseOnSD                 : true # true if App is to be installed to SD
  EnableCompress          : true # Compresses exefs code
  FreeProductCode         : true # Removes limitations on ProductCode
  EnableCrypt             : false # Enables encryption for NCCH and CIA
  MediaFootPadding        : false # If true CCI files are created with padding

ExeFs: # these are the program segments from the ELF, check your elf for the appropriate segment names
  ReadOnly:
   - .rodata
   - RO
  ReadWrite:
   - .data
   - RO
  Text:
   - .init
   - .text
   - STUP_ENTRY

AccessControlInfo:
  ExtSaveDataId: 0x000000000000012dc
  SystemSaveDataId1: 0x000000000
  SystemSaveDataId2: 0000000000
  OtherUserSaveDataId1: 0x000000
  OtherUserSaveDataId2: 0x000000
  OtherUserSaveDataId3: 0x000000
  FileSystemAccess:
   ##CategorySystemApplication
   ##CategoryHardwareCheck
   ##CategoryFileSystemTool
   ##Debug
   ##TwlCardBackup
   ##TwlNandData
   ##Boss
   ##DirectSdmc
   ##Core
   ##CtrNandRo
   ##CtrNandRw
   ##CtrNandRoWrite
   ##CategorySystemSettings
   ##CardBoard
   ##ExportImportIvs
   ##DirectSdmcWrite
   ##SwitchCleanup
   ##SaveDataMove
   ##Shop
   ##Shell
   ##CategoryHomeMenu
  IdealProcessor                : 0
  AffinityMask                  : 1
  Priority                      : 16
  MaxCpu                        : 0x9E # Default
  DisableDebug                  : false
  EnableForceDebug              : false
  CanWriteSharedPage            : false
  CanUsePrivilegedPriority      : false
  CanUseNonAlphabetAndNumber    : false
  PermitMainFunctionArgument    : false
  CanShareDeviceMemory          : false
  RunnableOnSleep               : false
  SpecialMemoryArrange          : false
  UseOtherVariationSaveData     : false
  CoreVersion                   : 2
  DescVersion                   : 2
  #RleaseKernelMajor            : "002
  #RleaseKernelMinor            : "350
  MemoryType                    : Application # Application / System / Base
  HandleTableSize: 512
  IORegisterMapping:
   - 1ff50000-1ff57fff
   - 1ff70000-1ff77fff
  MemoryMapping:
   - 1f000000-1f5fffff:r
  SystemCallAccess:
   ControlMemory: 1
   QueryMemory: 2
   ExitProcess: 3
   GetProcessAffinityMask: 4
   SetProcessAffinityMask: 5
   SetProcessIdealProcessor: 6
   GetProcessIdealProcessor: 7
   CreateThread: 8
   ExitThread: 9
   SleepThread: 10
   GetThreadPriority: 11
   SetThreadPriority: 12
   GetThreadAffinityMask: 13
   SetThreadAffinityMask: 14
   GetThreadIdealProcessor: 15
   SetThreadIdealProcessor: 16
   GetCurrentProcessorNumber: 17
   Run: 18
   CreateMutex: 19
   ReleaseMutex: 20
   CreateSemaphore: 21
   ReleaseSemaphore: 22
   CreateEvent: 23
   SignalEvent: 24
   ClearEvent: 25
   CreateTimer: 26
   SetTimer: 27
   CancelTimer: 28
   ClearTimer: 29
   CreateMemoryBlock: 30
   MapMemoryBlock: 31
   UnmapMemoryBlock: 32
   CreateAddressArbiter: 33
   ArbitrateAddress: 34
   CloseHandle: 35
   WaitSynchronization1: 36
   WaitSynchronizationN: 37
   SignalAndWait: 38
   DuplicateHandle: 39
   GetSystemTick: 40
   GetHandleInfo: 41
   GetSystemInfo: 42
   GetProcessInfo: 43
   GetThreadInfo: 44
   ConnectToPort: 45
   SendSyncRequest1: 46
   SendSyncRequest2: 47
   SendSyncRequest3: 48
   SendSyncRequest4: 49
   SendSyncRequest: 50
   OpenProcess: 51
   OpenThread: 52
   GetProcessId: 53
   GetProcessIdOfThread: 54
   GetThreadId: 55
   GetResourceLimit: 56
   GetResourceLimitLimitValues: 57
   GetResourceLimitCurrentValues: 58
   GetThreadContext: 59
   Break: 60
   OutputDebugString: 61

  AccessibleSaveDataIds:
   # 0x00000
   # 0x00000
   # 0x00000
   # 0x00000
   # 0x00000
   # 0x00000

  InterruptNumbers:
  ServiceAccessControl:
   - $hioFIO
   - $hostio0
   - $hostio1
   - cfg:u
   - fs:USER
   - gsp::Gpu
   - hid:USER
   - ndm:u
   - pxi:dev
   - APT:A
   - ac:u
   - act:u
   - am:app
   - boss:U
   - cam:u
   - cecd:u
   - dlp:FKCL
   - dlp:SRVR
   - dsp::DSP
   - frd:u
   - http:C
   - ir:USER
   - ldr:ro
   - mic:u
   - news:u
   - nfc:u
   - nim:aoc
   - nwm::UDS
   - ptm:u
   - qtm:u
   - soc:U
   - ssl:C

SystemControlInfo:
  SaveDataSize: 1M
  RemasterVersion: 00001
  StackSize: 0x000040000
  Dependency:
    #a: 0x0004013000002402L
    #a: 0x0004013000003802L
    #a: 0x0004013000001502L
    #a: 0x0004013000003402L
    #a: 0x0004013000001602L
    #a: 0x0004013000002602L
    #a: 0x0004013000001702L
    #a: 0x0004013000001802L
    #a: 0x0004013000002702L
    #a: 0x0004013000002802L
    #a: 0x0004013000001a02L
    #a: 0x0004013000003202L
    #a: 0x0004013000001b02L
    #a: 0x0004013000001c02L
    #a: 0x0004013000001d02L
    #a: 0x0004013000002902L
    #a: 0x0004013000001e02L
    #a: 0x0004013000003302L
    #a: 0x0004013000001f02L
    #a: 0x0004013000002002L
    #a: 0x0004013000002b02L
    #a: 0x0004013000003502L
    #a: 0x0004013000004002L
    #a: 0x0004013000002c02L
    #a: 0x0004013000002d02L
    #a: 0x0004013000002102L
    #a: 0x0004013000003102L
    #a: 0x0004013000002202L
    #a: 0x0004013020004202L
    #a: 0x0004013000003702L
    #a: 0x0004013000002e02L
    #a: 0x0004013000002302L
    #a: 0x0004013000002f02L
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
    ######################
The content in that RSF is not really important though. You only need to edit obvious things like ProductCode, Category, UniqueID, and EnableCompress. Other information in RSF file is already included in exheader, and ExInjector will make sure the rebuilt ROM and the original ROM share the same exheader.

To choose the correct EnableCompress option, just open the exheader in any hex editor. If the hexadecimal number at offset 0xD is 0x01 or 0x03, then EnableCompress should be set to true. Otherwise, set it to false.

The version option in the last makerom command is important. If the rebuilt CIA version number is lower than the latest version number in Nintendo servers, the main game will display an update nag. You can check the version of the unspoofed cia using BigBlueMenu, or use the tmd file if you know how. E.g. The version number of Fire Emblem If v1.1 update is 1.2.0 (major.minor.micro), which means you have to add -minor 2 -micro 0. Major version number is already included in exheader, so you don't need to use -major.

How to use makerom: http://3dbrew.org/wiki/Makerom (not really necessary, above commands should work for every game).
 
Last edited by RainThunder,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended