ROM Hack [Release] FunKeyCIA - make GOOD cias from eshop content, no tickets needed!

BerserkLeon · Apr 15, 2016

So.. we don't know the actual key but we can code to use it?
We could really use a way to convert dectitlekeys.bin to enc.
BUT, they all came from people already, peeps could just redump the enc ones.

I dunno if its been mentioned but if you have a CIA compiled from funky/groovyCIA you can probably grab the encrypted titlekey from the CIA at 0x2BFF to 0x2C0E
Unless its different for each cia, in which case use ctrtool to extract the tik which you can feed directly to the python script.

Oh yeah, stored in little endian, byte reversed.

cearp · Apr 15, 2016

mid-kid said:
So... In this program you're generating a ticket using a template. I suggest modifying this to just generate the tickets, install them through this: https://github.com/yifanlu/3DSSystemTools/tree/master/3DSInstallTickets, and installing the games from the eshop.
We could have an online repository to download the keys from, generate and install the tickets, all on the console. And also have a function to upload them. Cool stuff.

yes but i never got that to work, i have a compiled version someone sent me months and months ago but... yeah i forget... i think it just gave me a black screen.
but yes, we could do that. it's a nice idea.
i was thinking of a homebrew to download the cia on there 3ds, but yeah in reality... the ticket and eshop is enough, eshop ccan handle downloads better than homebrew, 1 downloading and 9 lined up in a queue after that etc.
if someone makes 3dsinstalltickets more friendly, let's do it!

--------------------- MERGED ---------------------------

urherenow said:
Nope. Still needs to be signed, as stated above your own post (I think you were ninjad). But These are not tied to any NNID, so without signatures, this is as close as we can get, I imagine...

FunkyCIA (not this thread) is as close as you can get to legit, everything is intact apart from the console id that needs to be broken so that the cia installs. if this wasnt the case we would have pefect legit backups cias.

--------------------- MERGED ---------------------------

TuxSH said:
It should possible to encrypt the title keys even if you don't have the title I guess...

yes, true.
but nice to dump them from the console from good eshop tickets, then we know they are accurate.

kidcharlemagne · Apr 15, 2016

cearp said:
@d0k3it is technically possible to reencrypt the dumped decrypted keys, but this functionality would also have to be added, and seems a bit backwards, why not just dump the encrypted values straight away.

There is already a huge list of decrypted keys out there, and it can be downloaded as a dectitlekeys.bin file. It would be convenient if that could be easily encrypted and saved as enctitlekeys.bin. Otherwise, all those encrypted keys would have to be collected again.

jejer · Apr 15, 2016

Waiting for some tools can transfer decTitleKeys.bin to encTitleKeys.bin

Ptrk25 · Apr 15, 2016

[nvm] sry

d0k3 · Apr 15, 2016

Okay, @cearp, @Xenon Hacks, check this:
https://up1.ca/#cno9FEKjlHocTudjzpeVqw

Latest commit:
https://github.com/d0k3/Decrypt9WIP/commit/74c692791900f377cfc8f9430964adaf0895fc03

I fully trust you will test this and tell me if it does what you need. You can also encrypt a decrypted decTitleKeys.bin file on console. If you want to help me even further, and that goes to @everyone, also make sure that the decrypted titleKey options still work as they should (just compare with the output of the previous Decrypt9WIP release). Write in my D9WIP thread, I'm not watching this one (too much action in here atm

).

EDIT: And before you call me lazy... my N3DS is currently not available, and it will take some until I have it ready for testing again. So, please help with that new stuff.

Chris_Highwind · Apr 15, 2016

And of course, using FunKeyCIA, I get a permission denied error with make_cdn_cia, and this time there's no option to allow it to run as a program. Something must really not want me playing Ironfall Invasion.

Gray_Jack · Apr 15, 2016

@d0k3 D9 gives me this error when trying to encrypt decTitleKeys.bin

Code:

Too many/few entries specified: -1
Titlekey Encrypt (file): failed!

demon77 · Apr 15, 2016

Gray_Jack said:
@d0k3 D9 gives me this error when trying to encrypt decTitleKeys.bin

Code:

Too many/few entries specified: -1 Titlekey Encrypt (file): failed!

Nope it's working fine , i tested with my own real ones and they work.

When you try the one from the site that is not good , it's not a real decTitleKeys.bin.

TuxSH · Apr 15, 2016

demon77 said:
Nope it's working fine , i tested with my own real ones and they work.

When you try the one from the site that is not good , it's not a real decTitleKeys.bin.

It's real, but misses important info.

But since people use it to pirate games, it doesn't matter anyways... the keyY will be the first 0x3D KeyY. ^^'

urherenow · Apr 15, 2016

cearp said:
FunkyCIA (not this thread) is as close as you can get to legit, everything is intact apart from the console id that needs to be broken so that the cia installs. if this wasnt the case we would have pefect legit backups cias.

No way, bro... this is GOLDEN! This most likely was not your intent, but these things certainly do act *ALMOST* just like legit CIAs. I just downloaded KidIcarus (classics version) and installed on my O3DS. Then I deleted it. When visiting e-shop, the re-downloadable section said there was nothing to re-download. BUT I searched for the title manually, and when selecting it, it had the "to Redownload screen" button instead of a purchase button. And indeed, it let me download it from the eshop. I'm now certain that I have a valid, signed ticket now.

Only problem is... how exactly does FuncyCIA2 handle duplicate tickets? Will it automatically see the original ticket as invalid and use the signed one? If so, you've opened the door to turning anything into a "Legit CIA".

d0k3 · Apr 15, 2016

Gray_Jack said:
@d0k3 D9 gives me this error when trying to encrypt decTitleKeys.bin

Code:

Too many/few entries specified: -1 Titlekey Encrypt (file): failed!

demon77 said:
Nope it's working fine , i tested with my own real ones and they work.

When you try the one from the site that is not good , it's not a real decTitleKeys.bin.

Right on. I will give you a hint on how to fix that file, though...

The first 4 byte of the file need to contain, in big endian, the number of entries to process in this file. D9 can't handle more than 1024 entries, so there's your first problem. (1024 in big endian is 0x00 0x04 0x00 0x00)
Each and every of those titlekey entries (starting at offset 0x10, each 0x20 byte long) has a wrong common key index. For eShop titles, set the first four byte (of each 0x20 big entry) to zero, it will work.

And no, I won't clean up this mess. it is just too messed up. You can ask that guy for a encrypted version or try fixing what you got there.

Ptrk25 · Apr 15, 2016

urherenow said:
Only problem is... how exactly does FuncyCIA2 handle duplicate tickets? Will it automatically see the original ticket as invalid and use the signed one? If so, you've opened the door to turning anything into a "Legit CIA".

We can't validate a ticket (on pc), but if a new ticket was added it is almost at the end of the file (ticket.db).

Xenosaiga · Apr 15, 2016

@d0k3 the D9 you linked to a few posts ago does indeed dump enctitlekey.bin, now all we need is for FunKeyCIA to be able to use this file. Thank you for helping out and listening to my request!

noctis90210 · Apr 15, 2016

Xenosaiga said:
@d0k3 the D9 you linked to a few posts ago does indeed dump enctitlekey.bin, now all we need is for FunKeyCIA to be able to use this file. Thank you for helping out and listening to my request!

the nfshost site includes dectitlekey.bin (that includes hundrends of content)
will this D9 able to produce enctitlekey.bin from dectitlekey.bin on nfshost?

Shadowtrance · Apr 15, 2016

noctis90210 said:
the nfshost site includes dectitlekey.bin (that includes hundrends of content)
will this D9 able to produce enctitlekey.bin from dectitlekey.bin on nfshost?

NO! Do you not read?...
@d0k3 ain't fixing that mess and neither am i tbh (i thought about having a go at it).

demon77 · Apr 15, 2016

noctis90210 said:
the nfshost site includes dectitlekey.bin (that includes hundrends of content)
will this D9 able to produce enctitlekey.bin from dectitlekey.bin on nfshost?

Nope, and read here about that how to fix.

https://gbatemp.net/threads/release...-no-tickets-needed.423025/page-7#post-6261184

Xenosaiga · Apr 15, 2016

Shadowtrance said:
NO! Do you not read?...
@d0k3 ain't fixing that mess and neither am i tbh (i thought about having a go at it).

Well if you do have a crack at it sort out each one by region. Lol

cearp · Apr 15, 2016

urherenow said:
No way, bro... this is GOLDEN! This most likely was not your intent, but these things certainly do act *ALMOST* just like legit CIAs. I just downloaded KidIcarus (classics version) and installed on my O3DS. Then I deleted it. When visiting e-shop, the re-downloadable section said there was nothing to re-download. BUT I searched for the title manually, and when selecting it, it had the "to Redownload screen" button instead of a purchase button. And indeed, it let me download it from the eshop. I'm now certain that I have a valid, signed ticket now.

Only problem is... how exactly does FuncyCIA2 handle duplicate tickets? Will it automatically see the original ticket as invalid and use the signed one? If so, you've opened the door to turning anything into a "Legit CIA".

this functionality has existed since FunkyCIA that i released in jan last year, it's not new

and i write in the op that the cias are redownloadable, not news to me

but glad you like it!

you don't have a valid signed ticket though, that's not how this works.
it's just using the ticket that my tool created for you. eshop will not magically give you a legit one when you redownload! I wish

it's now how FunkyCIA handles dupes, it about how your 3ds handles them. your 3ds can have multiple titckets of the same title id, i guess the most eprecent one is used.
this doesn't create legit cias. this just does what FunkyCIA does, but without needing a ticket. please understand!

urherenow · Apr 15, 2016

How can it be downloaded from the eshop, without a ticket? Doesn't a ticket come in every download? Now I wish I hadn't put a9lh on both of my consoles. I'm willing to bet that (once deleted and re-downloaded from eshop) it will run on stock FW with no hacks. This is the effect I'm referring to, anyway.

And on the subject of overwriting deleted tickets, I used the ticket dumper before and after install. The ticket was NOT tacked on to the end. My (now 2) tickets are on line 73 and 247, with plenty of tickets listed before and afterwards, and not in any kind of alphanumeric order.

ROM Hack [Release] FunKeyCIA - make GOOD cias from eshop content, no tickets needed!

Not-so-new member

瓜老外

Well-Known Member

New Member

Well-Known Member

3DS Homebrew Legend

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

3DS Homebrew Legend

Well-Known Member

Time to switch it up

Well-Known Member

Well-Known Member

Well-Known Member

Time to switch it up

瓜老外

Well-Known Member

Similar threads

Popular threads in this forum