Hacking Datel Powersaves now supports Pokemon X/Y

[aftokinito]

True that!


I don't thing you need a modded 3ds to sign a save with the Ase Key because if that be the case Datel would need more 3DS then you can count to resign each save that is sent in to keep up with every thing and they would need to keep adding modded 3DS to that line so i call bull on that they use computers to do it because they have software that does that for them.

I can assure you with an accuracy of 90% that Datel is using a 3DS farm to sign the saves for us.
Keep in mind that Datel is a pretty profitable company so investing in 5-10 3DSs is not a huge deal.

The AES chip can NOT dump the keys (it does not need to) in ANY way so, unless you have a magic way to get a 1:1 schematic of the chip's transistor connections, a 3DS farm is the only way Datel can do what they do.
There's littel room to speculation here, as there are various technological and physical constraints that prevent other methods.

 

[lordofthereef]

So, what's it take to get a "hacked" 3ds? I imagine it is rather difficult since nobody in the thread is doing it...

 

[aftokinito]

So, what's it take to get a "hacked" 3ds? I imagine it is rather difficult since nobody in the thread is doing it...

Currently, it requires hardware modification which is totally out of the scope of this thread.
We're still in the "Geohot" era of the 3DS, give people time to tinker around with those hardware modifications and we'll eventually find a software approach.
No system is secure forever.

 

[lordofthereef]

Currently, it requires hardware modification which is totally out of the scope of this thread.
We're still in the "Geohot" era of the 3DS, give people time to tinker around with those hardware modifications and we'll eventually find a software approach.
No system is secure forever.

out of curiosity, is there a tutorial somewhere?

 

[aftokinito]

out of curiosity, is there a tutorial somewhere?

Not as far as I know but the current process is far from being easily writtable on a tutorial as it requires a lot of self-research and trial and error.

 

[RemixDeluxe]

Did you not ever think that there are others out there trying to re-encrypt saves like me right now (so far not looking to good).

He asked for it now you slacker, get to it.

/sarcasm

There goes another HEX edit h4xor smartie that does not understand THERE IS NO WAY TO DUMP THE AES KEY AND YOU CANNOT RESIGN YOUR SAVE WITHOUT IT.
You clearly do not look like you have a 3DS that can run unsigned code.

It looks like I speak for the wind in this forum...

I thought we knew the secrets to rencrypting the save but keeping it secret from Leowalle for fun.

Opps I hope he didnt read this, I said too much. *Runs*

 

[aftokinito]

Did you not ever think that there are others out there trying to re-encrypt saves like me right now (so far not looking to good).

There goes another HEX edit h4xor smartie that does not understand THERE IS NO WAY TO DUMP THE AES KEY AND YOU CANNOT RESIGN YOUR SAVE WITHOUT IT.
You clearly do not look like you have a 3DS that can run unsigned code.

It looks like I speak for the wind in this forum...

For the slow ones that don't get it: The AES signing is NOT done with software, it is done with a PHYSICAL chip that receives an N number of bytes and either signs or unsigns them with the AES key of the console based on the input 2 of the chip.
The chip can NOT dump the key because the key is NOT a software "key" (hex), the key is basically the electronic (combinatory gates) path the bytes follow inside the chip until they reach the output.

 

[leerpsp]

There goes another HEX edit h4xor smartie that does not understand THERE IS NO WAY TO DUMP THE AES KEY AND YOU CANNOT RESIGN YOUR SAVE WITHOUT IT.
You clearly do not look like you have a 3DS that can run unsigned code.

It looks like I speak for the wind in this forum...

Do you have a 3DS that can run Unsigned code?

He asked for it now you slacker, get to it.

/sarcasm

I know that i can read.

 

[aftokinito]

Do you have a 3DS that can run Unsigned code?

That is not of your business.
I've been in the console modding scene for 10 years and the 3DS is not the first console I tear apart so believe me when I tell you I know what I am I speaking about.

Btw, read my previous edit:

For the slow ones that don't get it: The AES signing is NOT done with software, it is done with a PHYSICAL chip that receives an N number of bytes and either signs or unsigns them with the AES key of the console based on the input 2 of the chip.
The chip can NOT dump the key because the key is NOT a software "key" (hex), the key is basically the electronic (combinatory gates) path the bytes follow inside the chip until they reach the output.

 

[RemixDeluxe]

I was being facetious when people dont realize matters like this take time and doesnt just fly by night out of someone's ass. I would like gamesave restoring with other carts too but you dont see me expecting it to be ready within the hour or some unreasonable time, hell I dont expect it to be done before the end of the 3DS's life (next system).

 

[LordVanitas]

I was being facetious when people dont realize matters like this take time and doesnt just fly by night out of someone's ass. I would like gamesave restoring with other carts too but you dont see me expecting it to be ready within the hour or some unreasonable time, hell I dont expect it to be done before the end of the 3DS's life (next system).

LOL

 

[aftokinito]

I was being facetious when people dont realize matters like this take time and doesnt just fly by night out of someone's ass. I would like gamesave restoring with other carts too but you dont see me expecting it to be ready within the hour or some unreasonable time, hell I dont expect it to be done before the end of the 3DS's life (next system).

Resigning the saves for another ROM is pretty easy once you have access to the AES chip as all you have to do is divide the file in N bytes, where N is the number of bytes the AES chips accepts as input (can't remember right now), send them to the AES chip and collect the output on a file on the SD card for example.
I'm 90% sure this is what Datel does as it is a cheap (for Datel's budget) and fast (the whole process takes around 2 seconds if you automate it with an FPGA or a microcontroller) solution to the problem.

 

[RemixDeluxe]

Resigning the saves for another ROM is pretty easy once you have access to the AES chip as all you have to do is divide the file in N bytes, where N is the number of bytes the AES chips accepts as input (can't remember right now), send them to the AES chip and collect the output on a file on the SD card for example.
I'm 90% sure this is what Datel does as it is a cheap (for Datel's budget) and fast (the whole process takes around 2 seconds if you automate it with an FPGA or a microcontroller) solution to the problem.

Alright, but like you said before (or was it someone else) that all the input and demand is controlled by a 3DS farm, I find this hard to believe that 5-10 3DSes are running at the same time to be serving all us users worldwide? Are you sure it isnt a wireless setup done on PC. I'm not sure I'm just asking for curiosity so forgive me.

 

[leerpsp]

That is not of your business.
I've been in the console modding scene for 10 years and the 3DS is not the first console I tear apart so believe me when I tell you I know what I am I speaking about.

Btw, read my previous edit:

So because of the comment you made i will just say i don't think you do. And as for me i use to make CFW for psp back in the day as well as making hacked pokemon games so i do know what im talking about when i say that i do belive that this thing can be done with out having a modded 3DS. Things can be done with just a computer.

 

[Kaphotics]

So because of the comment you made i will just say i don't think you do. And as for me i use to make CFW for psp back in the day as well as making hacked pokemon games so i do know what im talking about when i say that i do belive that this thing can be done with out having a modded 3DS. Things can be done with just a computer.

You're wrong. Unless you have an AES Engine emulator along with the 3DS Common Key, you'll never be able to not use a hacked 3DS.

 

[Bond697]

So because of the comment you made i will just say i don't think you do. And as for me i use to make CFW for psp back in the day as well as making hacked pokemon games so i do know what im talking about when i say that i do belive that this thing can be done with out having a modded 3DS. Things can be done with just a computer.

again: you can not redo the aes mac without the 3ds hardware.

 

[aftokinito]

So because of the comment you made i will just say i don't think you do. And as for me i use to make CFW for psp back in the day as well as making hacked pokemon games so i do know what im talking about when i say that i do belive that this thing can be done with out having a modded 3DS. Things can be done with just a computer.

The PSP works on a totally different way as everything was software, just like the PS3 and Sony in general (the PS4 also uses a software approach).
They rely on their hypervisor levels which can be bypassed with time and a fortuite vulnerability.

The 3DS, however, is a totally different approach, it uses a hardware chip to sign a byte stream.
Nintendo, for once, has done things correctly security wise as the only approach without a kernel level exploit is hardware modifications to read/write the RAM of the device in real time.

 

[leerpsp]

You're wrong. Unless you have an AES Engine emulator along with the 3DS Common Key, you'll never be able to not use a hacked 3DS.

I do not won't to use a hacked 3DS in any way i'm trying to resign the save files and you can do that with out a AES Engine/ Emulator/Common key do you work for datel do you know how they do it they use more then just your save file to resign your save they take part of the rom file as well each and every game is not the same that is why you can not use one y save with the other y save every thing needed to resign the save is in the pokemon 3ds cart or any other cart you are using that much i will prove.

The PSP works on a totally different way as everything was software, just like the PS3 and Sony in general (the PS4 also uses a software approach).
They rely on their hypervisor levels which can be bypassed with time and a fortuite vulnerability.

The 3DS, however, is a totally different approach, it uses a hardware chip to sign a byte stream.
Nintendo, for once, has done things correctly security wise as the only approach without a kernel level exploit is hardware modifications to read/write the RAM of the device in real time.

The PS3 uses the hard were approach the ps3 super slim cobra ODE read some on that. But you can do the software approach with the 3DS its possable just like it was with the ps3 with 3.55.

 

[aftokinito]

I do not won't to use a hacked 3DS in any way i'm trying to resign the save files and you can do that with out a AES Engine/ Emulator/Common key do you work for datel do you know how they do it they use more then just your save file to resign your save they take part of the rom file as well each and every game is not the same that is why you can not use one y save with the other y save every thing needed to resign the save is in the pokemon 3ds cart or any other cart you are using that much i will prove.

The steps to put your save on another cart are the following:
1) Extract the save
2) Decrypt it using the AES key of the console
3) Apply the patches to the save
4) Fix the hashes so they match the new data
5) Re-encrypt the save
6) Inject the save

You can DECRYPT SOME PARTS of the save by doing comparations between a complete and an empty save as it has been proven before but that's all you will be able to do without a modded console.
You can NOT ENCRYPT the save without the AES key and you cannot DECRYPT the whole save without the AES key as the parts we're missing right now are the parts of the empty save that are not 0x00.

The PS3 uses the hard were approach the ps3 super slim cobra ODE read some on that. But you can do the software approach with the 3DS its possable just like it was with the ps3 with 3.55.

First of all, jesus christ, your English teachers must be proud of you.

Second, the PS3 uses a software approach, it uses asymetric software keys (just go find the keys of 3.55 on google and you will get a long as hell hex string) on the LV0 and LV1 levels of the hypervisor.
The PS3 is nothing but a glorified Virtual Machine running on an insolated environment inside a Hypervisor that provides a custom instruction set to work with the hardware indirectly.

 

[leerpsp]

The steps to put your save on another cart are the following:
1) Extract the save
2) Decrypt it using the AES key of the console
3) Apply the patches to the save
4) Fix the hashes so they match the new data
5) Re-encrypt the save
6) Inject the save

You can DECRYPT SOME PARTS of the save by doing comparations between a complete and an empty save as it has been proven before but that's all you will be able to do without a modded console.
You can NOT ENCRYPT the save without the AES key and you cannot DECRYPT the whole save without the AES key as the parts we're missing right now are the parts of the empty save that are not 0x00.


First of all, jesus christ, you English teachers must be proud of you.

Second, the PS3 uses a software approach, it uses asymetric keys on the LV0 and LV1 levels of the hypervisor.
The PS3 is nothing but a Virtual Machine running on an insolated environment inside a Hypervisor that provides a custom instruction set to work with the hardware indirectly.

ok im understanding what is being is being told to me now.

I see you changed the you in the you english teachers must be proud of you to your good job for seeing that I'm proud of you.