Toggle sidebar

Homebrew Official [Download] Decrypt9 - Open Source Decryption Tools (WIP)

  • Thread starter Thread starter d0k3
  • Start date Start date
  • Views Views 935,156
  • Replies Replies 4,476
  • Likes Likes 71
Apache Thunder said:
I just got done encrypting DevMenu and installing it to NAND. Yep it works! Encryption is indeed important for custom system titles. ;)

I now have a DevMenu that will survive system formats. :D
Click to expand...
How did you do that? Encrypted the NCCH, then build a CIA from it?
 
I took the CXI, encrypted it with your Decrypt9WIP and built a CIA of it with makerom. I built the CXI using a "no crypt" version of 3DS builder (then extracted the CXI using 3DS builder and got rid of the CCI file it made). Though if your encryptor works with zero keyed CXIs, I may just use the normal version instead. :P

Given how I packed the CXI, the exheader has to have the correct settings in the TID data before it will install to NAND. The SD flag should not be set either. ;)

Now that I think about it, in theory I could encrypt the BBM version of DevMenu, repack the CCI and it would work on a Sky3DS if in CFW. :D
 
Last edited by Apache Thunder,
Apache Thunder said:
I took the CXI, encrypted it with your Decrypt9WIP and built a CIA of it with makerom. I built the CXI using a "no crypt" version of 3DS builder (then extracted the CXI using 3DS builder and got rid of the CCI file it made). Though if your encryptor works with zero keyed CXIs, I may just use the normal version instead. :P

Given how I packed the CXI, the exheader has to have the correct settings in the TID data before it will install to NAND. The SD flag should not be set either. ;)

Now that I think about it, in theory I could encrypt the BBM version of DevMenu, repack the CCI and it would work on a Sky3DS if in CFW. :D
Click to expand...
The functionality for encrypting with any parameters is in there (you could even have you're own seed encryption, if you so wish...). And yes, zero-key (encryption and decryption), too. It's just that the encryptor defaults to vanilla-crypto now (the one that was in every ncch before 7.x). If it helps and if someone is willing to test, I'll also put the CIA encryptor (to encrypt the NCCHs inside the CIA + CIA encryption) back in.

And that, about BBM, would make a good I-don't-believe-you Youtube video :D.
 
  • Like
Reactions: Syphurith
I've built a retail encrypted CCI and will see if any Sky3DS users (Sky3DS+ users in perticuler) can get it to boot while in CFW like rxTools/CakesFW/Reinand. Obviously I didn't post it anywhere here. :P

It's in the Sky3DS section of a site of which can not be named. :P

I did confirm that it boots on Gateway Red Card. But retail encrypted DevMenu on Gateway is just a novelty when zero key is a thing with Gateway mode. :P

By the way, I did try to encrypt a zero key'ed CXI. It will just say it's already encrypted and do nothing to it. Perhaps it can decrypt zero key'ed stuff with the decryption menu. Did not try that. But if you intended it to work on zero key encryption. At least when done directly from the NCCH Encryption menu, it will just skip them.

It was able to encrypt a CXI while it was still inside a CCI encryptor as well. But I was not sure if there was any hashes in the CCI container that would need to be fixed or if Decrypt9WIP was correcting them. I don't have any slot-1 flashcart, so it wasn't something I could test so I played it safe and did the CXI instead and built the CCI from it afterwords.
 
Last edited by Apache Thunder,
d0k3 said:
Oh well, not simply... all the strings are hardcoded.

@Shadowtrance I updated the screenshots in the op. Looks like your source on Github is not up to date, though, or is it?
Click to expand...
Not quite up to date no, exactly 34 commits behind atm. Mine is up to here... https://github.com/d0k3/Decrypt9/commit/075258312e3654cbad9016cc363164add21d50e7
As usual i was waiting for you to finish any changes you were making which looked to be a lot. :)

--------------------- MERGED ---------------------------

Apache Thunder said:
I've built a retail encrypted CCI and will see if any Sky3DS users (Sky3DS+ users in perticuler) can get it to boot while in CFW like rxTools/CakesFW/Reinand. Obviously I didn't post it anywhere here. :P

It's in the Sky3DS section of a site of which can not be named. :P

I did confirm that it boots on Gateway Red Card. But retail encrypted DevMenu on Gateway is just a novelty when zero key is a thing with Gateway mode. :P

By the way, I did try to encrypt a zero key'ed CXI. It will just say it's already encrypted and do nothing to it. Perhaps it can decrypt zero key'ed stuff with the decryption menu. Did not try that. But if you intended it to work on zero key encryption. At least when done directly from the NCCH Encryption menu, it will just skip them.

It was able to encrypt a CXI while it was still inside a CCI encryptor as well. But I was not sure if there was any hashes in the CCI container that would need to be fixed or if Decrypt9WIP was correcting them. I don't have any slot-1 flashcart, so it wasn't something I could test so I played it safe and did the CXI instead and built the CCI from it afterwords.
Click to expand...
Totally gonna go get this and test it on my sky3ds, although I'm not sure HOW seeing as you need a template for everything. Unless you know some black magic to get around that. haha
 
Apache Thunder said:
Well the Sky3DS+ is out. Had you gotten one of those your life would have been easier. :P
Click to expand...
If i could FIND one anywhere in australia I'd buy one. :(
But yeah i bought the blue button one ages ago before sky3ds+ even existed. haha

--------------------- MERGED ---------------------------

Seems there's only ONE shop selling them here and they're apparently instock now too. hmm
$120 though... :/
 
Apache Thunder said:
I've built a retail encrypted CCI and will see if any Sky3DS users (Sky3DS+ users in perticuler) can get it to boot while in CFW like rxTools/CakesFW/Reinand. Obviously I didn't post it anywhere here. :P

It's in the Sky3DS section of a site of which can not be named. :P

I did confirm that it boots on Gateway Red Card. But retail encrypted DevMenu on Gateway is just a novelty when zero key is a thing with Gateway mode. :P

By the way, I did try to encrypt a zero key'ed CXI. It will just say it's already encrypted and do nothing to it. Perhaps it can decrypt zero key'ed stuff with the decryption menu. Did not try that. But if you intended it to work on zero key encryption. At least when done directly from the NCCH Encryption menu, it will just skip them.

It was able to encrypt a CXI while it was still inside a CCI encryptor as well. But I was not sure if there was any hashes in the CCI container that would need to be fixed or if Decrypt9WIP was correcting them. I don't have any slot-1 flashcart, so it wasn't something I could test so I played it safe and did the CXI instead and built the CCI from it afterwords.
Click to expand...
You first need to decrypt encrypted NCCH, then you can go on encrypting it. It's a two step operation to go from a (some type crypto) encrypted NCCH to re-encrypted NCCH. Already encrypted content is skipped, correct. And, yup, Decrypt9 takes care of all hashes in the process. That is exactly the reason why cryptofixed .3DS / . CIA from Decrypt9 are known to work on real hardware.

Fun fact: The NCCH encryption option, and the CIA decryptor (CXI only) option are actually there because of GW. GW developers are lazy and haven't implemented proper signature patching yet. Meaning: For .3DS, signatures are only patched for CXI / content 0 - you can't use a decrypted / re-encrypted manual, just try it. For CIA it is worse, cause every content but the CXI needs to be absolutely untouched for it to be installabe with GW. Seed encrypted titles can come with seed-encrypted manuals, so that means no manuals for originally seed-encrypted contents for GW users.
 
d0k3 said:
You first need to decrypt encrypted NCCH, then you can go on encrypting it. It's a two step operation to go from a (some type crypto) encrypted NCCH to re-encrypted NCCH. Already encrypted content is skipped, correct. And, yup, Decrypt9 takes care of all hashes in the process. That is exactly the reason why cryptofixed .3DS / . CIA from Decrypt9 are known to work on real hardware.

Fun fact: The NCCH encryption option, and the CIA decryptor (CXI only) option are actually there because of GW. GW developers are lazy and haven't implemented proper signature patching yet. Meaning: For .3DS, signatures are only patched for CXI / content 0 - you can't use a decrypted / re-encrypted manual, just try it. For CIA it is worse, cause every content but the CXI needs to be absolutely untouched for it to be installabe with GW. Seed encrypted titles can come with seed-encrypted manuals, so that means no manuals for originally seed-encrypted contents for GW users.
Click to expand...
Could you not just inject the complete seeddb?
 
MassExplosion213 said:
Could you not just inject the complete seeddb?
Click to expand...
No. That's because about the "seedsave" there is too little known to be able to succesfully inject seeds. We just have enough knowledge to extract seeds from this file, but not enough on injecting seeds without risking a brick or breaking functionality.
 
d0k3 said:
No. That's because about the "seedsave" there is too little known to be able to succesfully inject seeds. We just have enough knowledge to extract seeds from this file, but not enough on injecting seeds without risking a brick or breaking functionality.
Click to expand...
We have a complete seeddb file generator. It generates it from the NUS. Link: http://tinivi.net/seeddb
 
FWIW, i tested firm0firm1 XORpad generation and it works fine for me.

Loving the added dynamic input, esp. for H&S injection, that would have been the next thing i'd have asked for. I hated having to rename my FMP and FBI injections on the SD card just to switch between them.
 
  • Like
Reactions: klear and d0k3
I did find a probjem with file injection, though, specifically movable.sed.
I'm trying to inject a movable.sed that's smaller than the one currently in NAND, and Decrypt9 won't recognize the smaller file on my SD card.

The one in my NAND is 0x140 bytes, the one i want to inject is missing the last 0x20 bytes from the file that get written during a system transfer / format. See http://3dbrew.org/wiki/Nand/private/movable.sed
 
@d0k3 is the seedsave functionality only usable to recover seeds from N3DS emunand? Or is there a way to get a seedsave (and later a seeddb) from an O3DS 10.3 emunand?

Also, great work!
 
More injection size problems:

I dumped my EmuNAND (formatted with GW back then) via EmuNAND9 to EmuNAND.bin, 1888MB.
I then broke my emunand and wanted to restore the backup with Decrypt9. The EmuNAND Restore option recognized the EmuNAND.bin on my SD, but it complained about an invalid size and aborted.
 
Krude said:
More injection size problems:

I dumped my EmuNAND (formatted with GW back then) via EmuNAND9 to EmuNAND.bin, 1888MB.
I then broke my emunand and wanted to restore the backup with Decrypt9. The EmuNAND Restore option recognized the EmuNAND.bin on my SD, but it complained about an invalid size and aborted.
Click to expand...

I was able to use version 1.01 of the emunand inject tool to inject my emunand when there was size issue. If your emunand is already messed up it might be worth a shot...

See: https://gbatemp.net/threads/emunand-tool-release-and-support-thread.359239/
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance