3DSaveTool v0.1

Discussion in 'User Submitted News' started by lompoc, Apr 2, 2011.

Thread Status:
Not open for further replies.
Apr 2, 2011

3DSaveTool v0.1 by lompoc at 7:21 PM (1,096 Views / 0 Likes) 7 replies

  1. lompoc
    OP

    Banned lompoc Banned

    Joined:
    Mar 4, 2011
    Messages:
    120
    Country:
    United States
    3DSaveTool v0.1
    by Crediar / BroadOn


    Crediar has released a tool that can be used to find the XOR key used for encryption and use it to encrypt/decrypt EEPROM savefiles of 3DS games. So how is this useful? For the moment, very little, but this is a first step in the right direction for 3DS hacking. Who knows? it could be sooner than you think before people are able to dump 3DS cards! Anyway, here's a little bit of info about 3DS Saves posted on the 3DBrew wiki.
     
  2. Sausage Head

    Banned Sausage Head Lord Sausage LXIX

    Joined:
    Oct 28, 2010
    Messages:
    1,677
    Location:
    alanjohn check ur pm
    Country:
    Netherlands
    I don't see any download link/source, and please format your news to the standards.
     
  3. lompoc
    OP

    Banned lompoc Banned

    Joined:
    Mar 4, 2011
    Messages:
    120
    Country:
    United States
  4. injected11

    Member injected11 Crescent Fresh™

    Joined:
    Jul 17, 2009
    Messages:
    1,776
    Country:
    United States
  5. RupeeClock

    Member RupeeClock Colors 3D Snivy!

    Joined:
    May 15, 2008
    Messages:
    6,307
    Country:
    United Kingdom
    I believe there was already discussion about this in the 3DS forum.
    This is far from fruition anyway, I don't think it's significance enough to warrant a news post like this.
     
  6. loco365

    Member loco365 GBAtemp Guru

    Joined:
    Sep 1, 2010
    Messages:
    5,459
    If Twiizlers haven't gotten this as of yet, they'll be all over this to find an exploit. I just know it. Unless they've done this already and won't reveal it like the DSi common key.
     
  7. lompoc
    OP

    Banned lompoc Banned

    Joined:
    Mar 4, 2011
    Messages:
    120
    Country:
    United States
    On the 3DS savegames are stored much like on the DS, that is on an EEPROM in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

    The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

    So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
     
  8. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
Thread Status:
Not open for further replies.

Share This Page