3DSaveTool v0.1

[lompoc]

3DSaveTool v0.1
by Crediar / BroadOn


Crediar has released a tool that can be used to find the XOR key used for encryption and use it to encrypt/decrypt EEPROM savefiles of 3DS games. So how is this useful? For the moment, very little, but this is a first step in the right direction for 3DS hacking. Who knows? it could be sooner than you think before people are able to dump 3DS cards! Anyway, here's a little bit of info about 3DS Saves posted on the 3DBrew wiki.

 

[Sausage Head]

I don't see any download link/source, and please format your news to the standards.

 

[lompoc]

http://3dbrew.org/wiki/3DSaveTool download page

 

[injected11]

http://gbatemp.net/t249271-usn-template-user-submitted-news

Much more visually pleasing and easier to tell what is article or opinion.

 

[RupeeClock]

I believe there was already discussion about this in the 3DS forum.
This is far from fruition anyway, I don't think it's significance enough to warrant a news post like this.

 

[loco365]

If Twiizlers haven't gotten this as of yet, they'll be all over this to find an exploit. I just know it. Unless they've done this already and won't reveal it like the DSi common key.

 

[lompoc]

On the 3DS savegames are stored much like on the DS, that is on an EEPROM in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

 

[Rydian]

While the info in your latest post is welcome, there's no need to make a separate thread in this forum when there's already an on-going discussion thread.

http://gbatemp.net/t286834-crediar-just-released-3dsavetool