Hacking Datel Powersaves now supports Pokemon X/Y

[Deleted User]

There is no hidden device, it's just a generic hid device with default usb drivers, it shows up with and without a game inserted.

Okay, let's try this out; I've done a lot of digging and found this tool:

Download:
http://www.nirsoft.net/utils/usbdeview.zip (32bit)
http://www.nirsoft.net/utils/usbdeview-x64.zip (64bit)

even if device manager is being gay, it will show you all connected devices (in green) and what file and service it's running.

For example, this USB basic keyboard would say "no drivers needed", but this tool gives me the exact filename it's using (even if it's just using info from default windows drivers); in my case usbccgp.sys
All these files can be found in C:\Windows\System32\drivers

You are able to open the .sys files in IDA (ida32 or 64 depending on your OS) and you'll be able to get a lot more info via this tool + IDA

 

[Falo]

You are able to open the .sys files in IDA (ida32 or 64 depending on your OS) and you'll be able to get a lot more info via this tool + IDA

Well and what information should be there ?


The driver is hidusb.sys, but like i already told you it's the default driver, there is no usefull information about it, this is not telling me what commands i need to send.

 

[Deleted User]

Also another amazing tool:
http://www.hhdsoftware.com/usb-monitor

Check out what it does, every single byte/packet/operation done by selected device will be neatly logged!
http://www.hhdsoftware.com/usb-monitor/screenshots

You get a 14 day trial, but if you need more time it's not rocket science to restart the trial My 30 day kaspersky is reset once a month for like 6 months now

 

[Deleted User]

Well and what information should be there ?


The driver is hidusb.sys, but like i already told you it's the default driver, there is no usefull information about it, this is not telling me what commands i need to send.

http://www.hhdsoftware.com/usb-monitor I think this is a much better solution I wouldn't be bothering you with all of this if I had my own haha. You select the device and then it will show you every single thing that goes in/out/processes/etc

edit: you can open up hidusb.sys in IDA it will be a bit of a clutter on what's going on, but something will be for sure!

 

[Deleted User]

You can see step by step everything the HID device is doing

 

[Falo]

http://www.hhdsoftware.com/usb-monitor I think this is a much better solution I wouldn't be bothering you with all of this if I had my own haha. You select the device and then it will show you every single thing that goes in/out/processes/etc

edit: you can open up hidusb.sys in IDA it will be a bit of a clutter on what's going on, but something will be for sure!

Tried that tool, it only shows my mouse and webcam, not Powersaves.

Found another tool, USB HID Logger from aggsoft, this tool actually works, but it can only log recieved data, not send data.

 

[Deleted User]

Tried that tool, it only shows my mouse and webcam, not Powersaves.

Found another tool, USB HID Logger from aggsoft, this tool actually works, but it can only log recieved data, not send data.

http://www.aggsoft.com/usb-hid-logger/plugins/internet-sharing.htm

I found a plugin for that aggsoft tool that is meant specifically for received data

 

[Deleted User]

also http://sourceforge.net/projects/usbsnoop/ looks somewhat promising

 

[digipokemaster]

I finally got a powersave pro I haven't tried my pokemon games with it yet but I'm about too! It works with my pokemon games

 

[sirilo]

hmmm , i was thinking , we don't have the hash for the save file
what if we do the fallowing :
1- back up the save game
2- try to edit that file with hex editor ( i know when it restore, it will show the file is corrupted )
3- now, restore THAT save to the cart
4- now use any option available in power save , like 999 item , and then apply

i think uploading the save to Datel's servers will fix the chechsum and hashing for the save game

can any one try this ?

I already did that, if you corrupt the save with 0xFF and then start pokemon without saving it creates a save with correct hashs but just 0xFF instead of save files, if you send that save to their server you get a save with just 0x00 but encrypted, so basically you get the decrypt key from their server since the encryption is xor.

But it's impossible to get the correct decrypt key for the hashs since they always change and datels server don't except broken saves.
There are 6 hashs, here a simple compare test, note: all values are encrypted.

Different between:
First file:  "C:\Users\Falo\Powersaves3DS\pokemon backup\languages\EKJA????????_2014-03-20_01-25-47_(Backup German).bin"
Second file: "C:\Users\Falo\Powersaves3DS\pokemon backup\languages\EKJA????????_2014-03-20_01-25-57_(Backup France).bin"
Shift: 0
------------------------------------------------------------------------
00000018 | 68 9A 19 63            | 00000018 | D9 81 1B 9C            | <-- powersave checksum
------------------------------------------------------------------------
00000028 |      47    65    72    | 00000028 |      46    72    61    | <-- save name
00000030 | 6D    61    6E          | 00000030 | 6E    63    65          |
------------------------------------------------------------------------
00000098 |            49 C5 2B 79 | 00000098 |            A2 C6 7C 0C | <-- AES-MAC hash
000000A0 | F7 0F 02 ED 3B 09 F6 8B | 000000A0 | 6E 69 C1 B2 6B 46 9C 67 |
000000A8 | 62 9D 42 F2            | 000000A8 | 3C F1 91 E5            |
------------------------------------------------------------------------
00000208 | E4 45 8B 85 77 2F 2E F5 | 00000208 | 99 10 38 9E E6 29 72 56 | <-- DISA hash
00000210 | B1 BE 5F C4 21 42 34 6A | 00000210 | 06 5E 96 FB 67 7E B8 8E |
00000218 | 4C 3F 8A 82 11 17 07 16 | 00000218 | 72 87 26 6D D8 19 61 A1 |
00000220 | D9 1A 6B B5 2B 26 6D 8D | 00000220 | 4A 52 1A EA 8A 15 A3 5A |
------------------------------------------------------------------------
000004D8 | 47 E3 57 80 72 DE D9 B5 | 000004D8 | 9A B9 B9 22 7D 13 95 12 | <-- DIFI hash
000004E0 | B2 DA B1 8C BF E5 CB AC | 000004E0 | FB A2 F3 4A 74 17 2C 7D |
000004E8 | 73 B9 D4 04 0F AF 20 54 | 000004E8 | BD D0 C6 25 C0 A6 1F 20 |
000004F0 | 3B D5 32 AE 2B 95 A0 D1 | 000004F0 | 26 6A 93 ED 88 33 20 33 |
------------------------------------------------------------------------
00002098 |            8D 16 AA 70 | 00002098 |            8A 19 F8 3D | <-- ??? hash
000020A0 | C1 A1 AB 72 CE 6A B9 A4 | 000020A0 | 0D 6E B3 CC B9 D8 3A B8 |
000020A8 | FD 36 93 D6 49 68 6F 4E | 000020A8 | B9 39 DB 9E 3D CB 7C B8 |
000020B0 | CD FE 81 85 0A 1B 9C 8D | 000020B0 | 65 F9 14 29 B4 8E B0 56 |
000020B8 | 52 DA 5F F2 EB D5 65 E9 | 000020B8 | 33 FA D8 C0 5B 62 61 73 |
000020C0 | 43 71 6A 09 33 83 71 65 | 000020C0 | A2 44 A4 E8 8F 98 B1 60 |
000020C8 | FA 31 AD 54 3D 4D 88 AF | 000020C8 | F5 D5 D9 12 1C 73 47 F9 |
000020D0 | 10 4F 72 88 5C EB 3D 90 | 000020D0 | A5 FB 90 01 83 22 64 10 |
000020D8 | 17 74 38 A3            | 000020D8 | 2E 84 F1 D1            |
------------------------------------------------------------------------
00002398 |            49 33 52 34 | 00002398 |            2A 1A 46 9B | <-- DISA hash
000023A0 | 67 8B F6 DE 84 57 3D 94 | 000023A0 | 72 E1 64 7E 61 56 BA 12 |
000023A8 | FF 79 06 86 01 14 A2 23 | 000023A8 | 6D 30 60 AD 8B F6 95 12 |
000023B0 | 10 9A 1F 97 7F 15 D9 14 | 000023B0 | 90 BC 38 2C 50 DF 89 07 |
000023B8 | 4D 72 73 E9            | 000023B8 | 42 50 50 60            |
------------------------------------------------------------------------
00002DB8 |            A3 9A E5 89 | 00002DB8 |            CF 72 C7 AB | <-- DIFI hash
00002DC0 | 34 FC 45 47 71 05 95 4A | 00002DC0 | 7D EF 8A EC BA 2D 13 68 |
00002DC8 | E9 9D 84 DB FD 9A D0 2D | 00002DC8 | FB 0C DE 1C 5F AF 0E 28 |
00002DD0 | DF 93 27 AD F2 03 B5 A4 | 00002DD0 | 07 70 DE 38 2D 2E 10 F0 |
00002DD8 | 48 F0 7E EF            | 00002DD8 | 4B 2F 45 BF            |
------------------------------------------------------------------------
000194C8 |    2E                  | 000194C8 |    28                  | <-- decrypted value changed from 05 to 03 (german to france)
------------------------------------------------------------------------
0006A938 |                  85 CE | 0006A938 |                  67 D3 | <-- decrypted value changed from 6F 44 to 8D 59 (checksum?)
------------------------------------------------------------------------

any success on mixing those methods ?

 

[lordofthereef]

didnt he make a back aup of it because mine was unreadable bbut i did back up andnothing was wrong after

This isn;t just corrupting the svae. It is making the entire cartridge unreadable.

 

[Duo8]

This isn;t just corrupting the svae. It is making the entire cartridge unreadable.

Might have something to do with this being a CARD2 game.

 

[ZOOT]

This isn;t just corrupting the svae. It is making the entire cartridge unreadable.

Strange

 

[gamesquest1]

Any regulars got their game ruined or is it anti-poke hackers working their magic, I seen one guy saying he broke 3 card......yeah because you would have 3 cards lying around and just keep inserting them

 

[47keyblader]

Can anyone fill me in on what's happening here? What's all this coding mumbo jumbo?

 

[ZOOT]

I think its only a story to make us afraid to use powersaves

First of all if it really is true that person shows pics &vid To proof it
Second of all if its really true. Datel. Would send out mssg to not use it anymore!!!

 

[RemixDeluxe]

I think its only a story to make us afraid to use powersaves

First of all if it really is true that person shows pics &vid To proof it
Second of all if its really true. Datel. Would send out mssg to not use it anymore!!!

What are you talking about? Having a corrupted save is entirely possible when using powersaves. You just have to be smart about using it and remember to always have a backup. Anyone who doesn't backup has all my lolz, all of it.

 

[ZOOT]

What are you talking about? Having a corrupted save is entirely possible when using powersaves. You just have to be smart about using it and remember to always have a backup. Anyone who doesn't backup has all my lolz, all of it.

yes but 3 copy corrupted is pretty lame story

 

[RemixDeluxe]

yes but 3 copy corrupted is pretty lame story

To buy 3 copies of the game and repeat the same mistake 3 times is stupidity at its finest. Thats on them to waste money (and to support Nintendo) but I know how to use components responsibly.

 

[ShadowMario3]

I got my Powersaves Pro in the mail yesterday and it worked fine with my two retail copies of X and one retail copy of Y. Just did backups, though I'll probably try 9999 BP on one of them soon.