3DS Application Metadata Decoder

Discussion in '3DS - Flashcards & Custom Firmwares' started by HXC, Aug 17, 2012.

Aug 17, 2012

3DS Application Metadata Decoder by HXC at 1:46 AM (3,383 Views / 0 Likes) 16 replies

  1. HXC
    OP

    Newcomer HXC Newbie

    Joined:
    Aug 17, 2012
    Messages:
    4
    Country:
    Canada
    Hello people. i'm currently writing a C++ console APP that will decipher the data inside of application metadata files.
    these are usually located under a path like this: /SDHC_NAME/3ds/Application/8_DIGIT_HEX_CODE/data/.metadata (the files never have a textual name, just an extension)

    some of the information that can be found include:
    Title Name
    SHA256 Key (for the application)
    Issuer
    Boot Contents
    Access Rights
    and loads of other information. i am also working on a rewriter to for these metadata files
    (could prove usefiull ** CHANGE THE APPLICATIONS ACCESS RIGHTS**)

    i'll post up links when completed. i still have to run some testing with it to make sure it works. however there is no guarantee that the information will be very accurate
    as some of the information is limited (Like the chunk info records for instance)
     
  2. Dingoo-fan 32

    Member Dingoo-fan 32 GBAtemp Fan

    Joined:
    Feb 24, 2011
    Messages:
    385
    Country:
    Brazil
    What is this exactly?
     
  3. DeMoN

    Member DeMoN GBAtemp Guru

    Joined:
    May 12, 2004
    Messages:
    7,647
    Country:
    United States
    Does this mean what I think it means?
     
  4. rondoh70

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    I would love to know how this is done unless niemod gave you the public key.
     
  5. HXC
    OP

    Newcomer HXC Newbie

    Joined:
    Aug 17, 2012
    Messages:
    4
    Country:
    Canada
    let me explain. the metadata file is a specially formated file that is used to describe a standalone title (like rhythmic retrobits for example) or channel (like nintendo zone) and all of it's installed contents. the file is only generated once, by either the system or the issuer, and could potentially be edited to contain false data or allow additional features (changing specific bytes would allow the application to go into a debug like mode). however certain applications will crash if the metadata file is missing or changed (rhythmic retrobits won't start on my 3ds when i remove the file) i can post up an example file if people want to view it and what not.
     
  6. 3DSGuy

    Member 3DSGuy No longer in scene

    Joined:
    May 22, 2012
    Messages:
    345
    Country:
    United States
    Umm... :

    1/ that directory structure is completely wrong
    2/ all of the data on the SD card is encrypted
    3/ Access rights are held in the ExHeader of the encrypted CXI, not the title meta data
    4/ There isn't any key in the title meta data
    5/ you can't change anything without re-signing

    Perhaps you should read up on the TMD format, and the SD card filesystem.
     
  7. HXC
    OP

    Newcomer HXC Newbie

    Joined:
    Aug 17, 2012
    Messages:
    4
    Country:
    Canada
    umm....

    according to this: http://3dbrew.org/wiki/Title_metadata

    i have been doing my homework, sir. this file is preliminary and will obviously be changed at some point. this program simply return a log of what the TMD might contain. the rewriter comes later. however since you are so keen on this subject then why not either try to help me, or make your own? or at least something else but complain to me about simplistic inaccuracy?
     
  8. 3DSGuy

    Member 3DSGuy No longer in scene

    Joined:
    May 22, 2012
    Messages:
    345
    Country:
    United States
    Have you seen 3DSExplorer, it's an open source C# program which can read many 3DS file formats including TMD.
     
  9. HXC
    OP

    Newcomer HXC Newbie

    Joined:
    Aug 17, 2012
    Messages:
    4
    Country:
    Canada
    yes, however i run linux. (Fedora 12 to be exact), and that will not run (unless i spend hours installing MONO for C#, or configure WINE to work with dot net, if and IF it would work.)
     
  10. 3DSGuy

    Member 3DSGuy No longer in scene

    Joined:
    May 22, 2012
    Messages:
    345
    Country:
    United States
    Well good luck making a linux version :) we need more linux tools. There is a ctrtool, that's coded in C if that helps(but again that's for windows). But you should know that a TMD is signed, any editing of TMD files, would require re-signing to make the 3DS accept it. And we don't have the RSA keys to re-sign them. Also how do you plan to introduce modified TMD files to the 3DS.

    Also "3/ Access rights are held in the ExHeader of the encrypted CXI, not the title meta data" that is not a simplistic" was not pointing out a simplistic inaccuracy, it's quite important.
     
  11. zerov25

    Newcomer zerov25 Member

    Joined:
    Apr 29, 2010
    Messages:
    12
    Country:
    Portugal
    Well the thread seems legit and he knows what is talking about so prob. he isn't a troll.
     
  12. 3DSGuy

    Member 3DSGuy No longer in scene

    Joined:
    May 22, 2012
    Messages:
    345
    Country:
    United States
    Actually there are quite a lot of inaccuracies in his posts, regarding to the format of TMD. But that doesn't mean someone can't learn, the structure is laid out on 3DBrew and there are two open source programs which can interpret the format.
     
  13. raulpica

    Supervisor raulpica With your drill, thrust to the sky!

    Joined:
    Oct 23, 2007
    Messages:
    10,660
    Location:
    _____________ PowerLevel: 9001
    Country:
    Italy
    No, he isn't a troll - the idea behind this is genuine, so no need to ask for EXEs, call him a troll or anything.

    He's a dev, he's trying to make a program, and we should applaud him for his dedication instead of trying to smite him.

    Thanks.
     
    4 people like this.
  14. aalokishere

    Member aalokishere GBAtemp Regular

    Joined:
    Jun 19, 2012
    Messages:
    160
    Country:
    Nepal
    is this called bruteforce?....u know about trying everything till we get somewhere?still hope this gets us somewhere and what raulpica said is true
     
  15. RupeeClock

    Member RupeeClock Colors 3D Snivy!

    Joined:
    May 15, 2008
    Messages:
    6,307
    Country:
    United Kingdom
    I don't think it's brute-forcing the decryption of something.
    Usually in a brute-force attempt you have an application attempting thousands of sequential (or random) keys over and over on an encrypted bit of data.

    Such attempts are usually in-vain though because data such as this is encrypted with a key of a very considerable length, I think at least 256 characters.
    With current computational power, it would take every computer in the world, longer than the world is thought to have existed, to actually decrypt something of that complexity.
     
  16. SifJar

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    Already done: http://git.daifukkat...f79fc4b;hb=HEAD

    EDIT: Although I can't seem to compile it...may be a Windows issue though.
    EDIT: Got it to compile, just needed an additional .h file to be included and a library linked.
    EDIT: Tested it, seems to work. Using this TMD: http://nus.cdn.c.sho...00000032600/tmd, got this output:

    Warning: Spoilers inside!
    Should compile without any modification on Linux, just run "gcc 3dstmd.c -o 3dstmd" in a terminal (assuming gcc is installed on your system).

    If anyone wants to compile for Windows, make sure you have MinGW installed, then add "#include " (without quotes) after the other #includes in 3dstmd.c and then open a command prompt and run the command "gcc 3dstmd.c -o 3dstmd.exe -l ws2_32". The resultant 3dstmd.exe is then used like this: "3dstmd.exe TMD" (where TMD is the name of the TMD file). There's no real point though, as it's not any real use, and 3DSExplorer can do this anyway, as pointed out earlier in the thread.

    EDIT: Actually, there is a small bug in trap15's code. It will display details of an extra content to what there actually is in the title. (e.g. in the above example, there are two contents, content 0 and content 1, but the output also shows content 2, with a hash of all 00s). To fix, it is very simple. Change this line from the function display_tmd():
    Code:
    for(i = 0; i num_contents; i++) {
    to this
    Code:
    for(i = 0; i < tmd->num_contents; i++) {
     
    1 person likes this.
  17. aalokishere

    Member aalokishere GBAtemp Regular

    Joined:
    Jun 19, 2012
    Messages:
    160
    Country:
    Nepal
    i didn't mean the actual decryption part but rather the which file to be decrypted but thanks for the clarification
     

Share This Page