Hacking Datel Powersaves now supports Pokemon X/Y
- Thread starter someonewhodied
- Start date
- Views 712,155
- Replies 4,492
- Status
About what exactly? What do you wanna know.
I hope you didnt buy this for the event Pokemon/items cause they are gone.
Holy crap I missed a lot. From what I read there's this Cheat Engine thing that I don't understand.
I missed a Garchomp code too @[email protected]
Anyone elaborate what's going on for me? and what is that cheat engine thingy
I missed a Garchomp code too @[email protected]
Anyone elaborate what's going on for me? and what is that cheat engine thingy
Cheat engine allows you to edit the values in any given program.
The exploits people were using is pointless at this time now that Datel has completely removed it from their servers.
D
Deleted User
Guest
In time there will be a company that just lets us do whatever client sided, add our own codes, etc; no send to server BS.
I see so they patched up what people were explioting to get codes that were already removed.? Darn..why are they removing all these codes for -_-
I liked the AR days were the consumer had control of what codes they wanted..
I would like to think one day that will be possible but in the mean time there are reasons for Datel taking control like they are now. If they just allowed users to make their own cheats then it would be open to any 3rd party company copying their work and selling it as their own.
However its never been an issue in the past so I dont know why they are doing that now.
They said in an email that it was due to customer complaints but I cant imagine that being the true reason, I mean why would any customer ask for codes to be removed. If the codes bothered someone they could simply choose not to use them.
Another reason I believe the email was simply a coverup to a much bigger problem.
D
Deleted User
Guest
Cheat engine is garbage for putting info together, I make a post on projectpokemon and i'll copy it here:
windbg > cheat engine
windbg is harder to use though, but reading dump files yeilds better results if you dump the process at the right time (eg while decrypting)
edit: put better windbg link
http://ravibayyana.blogspot.com/2011/01/installing-windbg.html
ollydbg is also another amazing tool, cheat engine is considered an infant toy when you match them with these bad boys.
http://www.ollydbg.de/
I still suggest windbg though with dump files, to create a dump file go to task manager, right click process, and create dump
Don't just create the dump at a random time; dump it when the program is performing the process you want to examine.
Then use windbg to analyze the dump, I can help out if needed (note: i don't own a 3ds, pokemon game, or powersave) but i'm willing to do all I can
Kaphotics;182496 said:
windbg > cheat engine
windbg is harder to use though, but reading dump files yeilds better results if you dump the process at the right time (eg while decrypting)
edit: put better windbg link
http://ravibayyana.blogspot.com/2011/01/installing-windbg.html
ollydbg is also another amazing tool, cheat engine is considered an infant toy when you match them with these bad boys.
http://www.ollydbg.de/
I still suggest windbg though with dump files, to create a dump file go to task manager, right click process, and create dump
Don't just create the dump at a random time; dump it when the program is performing the process you want to examine.
Then use windbg to analyze the dump, I can help out if needed (note: i don't own a 3ds, pokemon game, or powersave) but i'm willing to do all I can
There is no reason at all to use windbg/ollydbg/cheat engine, there is nothing inside the program that would lead to a 3DS hack or anything else.
The Powersaves.exe is just a simple hid driver and save / code manager.
Save backup / restore is done like all the other save backup tools, except that powersaves has the ability to read the entire rom and because of that it can backup/restore nand saves like Pokemon X & Y / Animal Crossing, with enough effort we could make Powersaves into a fully working ROM dumper.
The Code Manager is just a simple TCP tool that selects what code id will be send to their server, NO decryption or save modding is done on your PC, all the work is done on their Server, therefor debugging/ram dumping is useless.
Why are people actually doing so difficult? It should be damn easy to change things 
. You make a backup and look afterwards what has changed with a HEX editor and voila?
. You make a backup and look afterwards what has changed with a HEX editor and voila?
i am so pissed off at myself for just tagging this thread and going to bed last night
tried today for a while before clicking through the rest of the thread and realizing the codes are all gone. SADFACE*CRY*MANLY TEARS
tried today for a while before clicking through the rest of the thread and realizing the codes are all gone. SADFACE*CRY*MANLY TEARS
Why are people actually doing so difficult? It should be damn easy to change things
Except it's not that easy, people have said that Datel has special 3DS sets to decrypt/encrypt savegames so that it'll be recognized by our consoles.
If it's not that difficult, why don't you try hex editing?
Why are people actually doing so difficult? It should be damn easy to change things
Said by someone who has absolutely no idea what they are saying.
There are hashes of the savefile; if left uncorrected you will have a 'corrupt savefile'.
D
Deleted User
Guest
What if we send bullshit to their server; eg send a save file that has the same header as the pokemon save and save file size but rest of the information is filles with NOP (00 00 00 00)
edit: there's a chance we'll get back a save that has only certain parts of memory modified. from there we can see what's popping.
first we gotta figure out how to get them to accept our "trojan save file" i like it call it.
I already did that, if you corrupt the save with 0xFF and then start pokemon without saving it creates a save with correct hashs but just 0xFF instead of save files, if you send that save to their server you get a save with just 0x00 but encrypted, so basically you get the decrypt key from their server since the encryption is xor.
But it's impossible to get the correct decrypt key for the hashs since they always change and datels server don't except broken saves.
There are 6 hashs, here a simple compare test, note: all values are encrypted.
Code:
Different between:
First file: "C:\Users\Falo\Powersaves3DS\pokemon backup\languages\EKJA????????_2014-03-20_01-25-47_(Backup German).bin"
Second file: "C:\Users\Falo\Powersaves3DS\pokemon backup\languages\EKJA????????_2014-03-20_01-25-57_(Backup France).bin"
Shift: 0
------------------------------------------------------------------------
00000018 | 68 9A 19 63 | 00000018 | D9 81 1B 9C | <-- powersave checksum
------------------------------------------------------------------------
00000028 | 47 65 72 | 00000028 | 46 72 61 | <-- save name
00000030 | 6D 61 6E | 00000030 | 6E 63 65 |
------------------------------------------------------------------------
00000098 | 49 C5 2B 79 | 00000098 | A2 C6 7C 0C | <-- AES-MAC hash
000000A0 | F7 0F 02 ED 3B 09 F6 8B | 000000A0 | 6E 69 C1 B2 6B 46 9C 67 |
000000A8 | 62 9D 42 F2 | 000000A8 | 3C F1 91 E5 |
------------------------------------------------------------------------
00000208 | E4 45 8B 85 77 2F 2E F5 | 00000208 | 99 10 38 9E E6 29 72 56 | <-- DISA hash
00000210 | B1 BE 5F C4 21 42 34 6A | 00000210 | 06 5E 96 FB 67 7E B8 8E |
00000218 | 4C 3F 8A 82 11 17 07 16 | 00000218 | 72 87 26 6D D8 19 61 A1 |
00000220 | D9 1A 6B B5 2B 26 6D 8D | 00000220 | 4A 52 1A EA 8A 15 A3 5A |
------------------------------------------------------------------------
000004D8 | 47 E3 57 80 72 DE D9 B5 | 000004D8 | 9A B9 B9 22 7D 13 95 12 | <-- DIFI hash
000004E0 | B2 DA B1 8C BF E5 CB AC | 000004E0 | FB A2 F3 4A 74 17 2C 7D |
000004E8 | 73 B9 D4 04 0F AF 20 54 | 000004E8 | BD D0 C6 25 C0 A6 1F 20 |
000004F0 | 3B D5 32 AE 2B 95 A0 D1 | 000004F0 | 26 6A 93 ED 88 33 20 33 |
------------------------------------------------------------------------
00002098 | 8D 16 AA 70 | 00002098 | 8A 19 F8 3D | <-- ??? hash
000020A0 | C1 A1 AB 72 CE 6A B9 A4 | 000020A0 | 0D 6E B3 CC B9 D8 3A B8 |
000020A8 | FD 36 93 D6 49 68 6F 4E | 000020A8 | B9 39 DB 9E 3D CB 7C B8 |
000020B0 | CD FE 81 85 0A 1B 9C 8D | 000020B0 | 65 F9 14 29 B4 8E B0 56 |
000020B8 | 52 DA 5F F2 EB D5 65 E9 | 000020B8 | 33 FA D8 C0 5B 62 61 73 |
000020C0 | 43 71 6A 09 33 83 71 65 | 000020C0 | A2 44 A4 E8 8F 98 B1 60 |
000020C8 | FA 31 AD 54 3D 4D 88 AF | 000020C8 | F5 D5 D9 12 1C 73 47 F9 |
000020D0 | 10 4F 72 88 5C EB 3D 90 | 000020D0 | A5 FB 90 01 83 22 64 10 |
000020D8 | 17 74 38 A3 | 000020D8 | 2E 84 F1 D1 |
------------------------------------------------------------------------
00002398 | 49 33 52 34 | 00002398 | 2A 1A 46 9B | <-- DISA hash
000023A0 | 67 8B F6 DE 84 57 3D 94 | 000023A0 | 72 E1 64 7E 61 56 BA 12 |
000023A8 | FF 79 06 86 01 14 A2 23 | 000023A8 | 6D 30 60 AD 8B F6 95 12 |
000023B0 | 10 9A 1F 97 7F 15 D9 14 | 000023B0 | 90 BC 38 2C 50 DF 89 07 |
000023B8 | 4D 72 73 E9 | 000023B8 | 42 50 50 60 |
------------------------------------------------------------------------
00002DB8 | A3 9A E5 89 | 00002DB8 | CF 72 C7 AB | <-- DIFI hash
00002DC0 | 34 FC 45 47 71 05 95 4A | 00002DC0 | 7D EF 8A EC BA 2D 13 68 |
00002DC8 | E9 9D 84 DB FD 9A D0 2D | 00002DC8 | FB 0C DE 1C 5F AF 0E 28 |
00002DD0 | DF 93 27 AD F2 03 B5 A4 | 00002DD0 | 07 70 DE 38 2D 2E 10 F0 |
00002DD8 | 48 F0 7E EF | 00002DD8 | 4B 2F 45 BF |
------------------------------------------------------------------------
000194C8 | 2E | 000194C8 | 28 | <-- decrypted value changed from 05 to 03 (german to france)
------------------------------------------------------------------------
0006A938 | 85 CE | 0006A938 | 67 D3 | <-- decrypted value changed from 6F 44 to 8D 59 (checksum?)
------------------------------------------------------------------------- Status
Similar threads
