Hacking Crediar just Released 3DSaveTool!

[Hyrule2008]

Crediar (aka BroadOn on twitter) releasd 3DSaveTool. You can use it to find the xor key and encrypt/decrypt EEPROM savefiles from 3ds games!
Some 3DSaveTool related Tweets from him:

->@0xabad1dea The EEPROM of 3DS cards is encrypted via an unique per game 512byte xor'key, game roms seem(!) to use that aswell not sure yet!! vor ungefähr 3 Stunden via web als Antwort auf 0xabad1dea

->just released 3DSaveTool you can use it to find the xor key and encrypt/decrypt EEPROM savefiles from 3ds games! http://bit.ly/dJwcoP vor ungefähr 4 Stunden via web

->Ooops looks like the same fail applies to games! http://bit.ly/eQSrkD (No April's Fool!) 2:35 AM Apr 1st via web


->That savefile is from the EEPROM which can freely be written and read! Yes 3DS card games still save to the card! 1:50 AM Apr 1st via web



->Good news everyone! Erant found a slight flaw in the savefile encryption of Ridge Racer! Line 405 is my nick

http://bit.ly/g4SNUR 6:58 AM Mar 31st via web

Source: http://twitter.com/BroadOn

 

[Zerosuit connor]

Good to see we are making progress.

 

[idulkoan]

lol alreadyy!!?? dangg i got my 3ds today, and dont see why ppl r complaining so much..

 

[Fear Zoa]

If its legit its a start........not much....but still a start

 

[Zerosuit connor]

lol alreadyy!!?? dangg i got my 3ds today, and dont see why ppl r complaining so much..

It was bound to happen soon. And they did well to exploit that nintendo 3ds games still saved to the cart. Nintendo was obviously rushed with developement of carts. Oh you should update your sig.

 

[Antoids]

So does this mean I should go out and buy a copy of Ridge Racer today?

 

[Fear Zoa]

So does this mean I should go out and buy a copy of Ridge Racer today?

No....It only has to do with saves.....And I'm pretty sure its not even ridge racer specific at this point

you know....unless you want ridge racer anyway, in that case go for it

 

[mysticwaterfall]

Cool, but not going to matter much unless there's a way to force a buffer overflow and run unsigned code from the SD card (ala, HBC and Twilight Hack).

 

[FAST6191]

Wow I had thought Nintendo would do it right (indeed they just about had done so before) and not just simply XOR it. Oh well their loss.

 

[Bearpowers]

Could this mean a hack in the near future?

 

[nekoakuma]

i ul'ed some save files age ago. you could test it on that

 

[SanGor]

works on all three save files you uploaded

 

[nekoakuma]

works on all three save files you uploaded

awesome. but...now what.

what happens after this. lol.

or do i (read: the general community) just keep on waiting til something more significant comes out of it?

 

[spiritofcat]

Won't run on my computer, complains about not being able to find msvcp100.dll

 

[Cyan]

oh, there's already some documented data on 3dsbrew, like header structure

There's also a link to a 3DS tmd parser on the Title metadata page (for developers only).


I'm also missing the msvcp100.dll, I guess downloading it and placing it in the same folder will solve the problem.

 

[Zorua]

Won't run on my computer, complains about not being able to find msvcp100.dll

Download it from this website and copy it to the same directory as the tool.

 

[xinyyy78]

so it's means i should go to buy a RR?

 

[Cyan]

Won't run on my computer, complains about not being able to find msvcp100.dll

Download it from this website and copy it to the same directory as the tool.

It's not enough :/
I put the .dll in the same folder as the .exe, and now I have another error:

Entry point not found.
??1_NonReentrantPPLLockHolder@details@Concurrency@@QAE@XZ can't be found in the dynamic library MSVCR100.dll

(the MSVCR100.dll is the one provided in Crediar's archive).
I'm on Windows XP SP2, .net 3.5

 

[MaxNuker]

have you tried registering the dll?
http://www.tech-faq.com/how-to-register-a-dll.html

 

[Tagg7]

Hold on... how did they figure out how to extract the XOR cipher? If implemented properly, a XOR key (especially 512(!) byte) should be computationally uncrackable. Sloppy security implementation yet again from Nintendo.

Having said that, 3DS games supposedly have no access to the 32MB of RAM that run on the OS so it probably isn't possible to a buffer overflow or anything using a savefile.