Edit System CIA?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by gudenau, Nov 25, 2015.

  1. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    How would I edit a system CIA? I have tried but I get garbage.
     
  2. Ericjwg

    Ericjwg Good

    Member
    2,827
    681
    Jul 2, 2015
    Canada
    maybe system APP are encrypted?:blink:....
     
  3. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    I atempted to decrypt it, and got garbage.
     
  4. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,428
    4,747
    Mar 17, 2010
    Norway
    Alola
    Use the CIA decrypter (deep) function in Decrypt9 if you aren't already using that.
     
  5. MassExplosion213

    MassExplosion213 .

    Member
    1,405
    953
    Feb 15, 2015
    United States
    What CIA is it?
     
  6. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    That is new.
    The eshop.
     
  7. MassExplosion213

    MassExplosion213 .

    Member
    1,405
    953
    Feb 15, 2015
    United States
    Ripped from NUS or from the system itself?
     
  8. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    Downloaded from NUs, installed, then dumped.
     
  9. MassExplosion213

    MassExplosion213 .

    Member
    1,405
    953
    Feb 15, 2015
    United States
    You can do it straight from the NUS too. You just need to use the raw files (not packed as cia), decrypt it with the title key (uses AES-CBC), and then decrypt it just like a .3ds. I have most of the title keys if you need it.
     
  10. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    Ok, how do I decrypt it then? How do I get the keys? How would I pack it? Does it need to be encrypted again, or can I change the exheader?
     
  11. MassExplosion213

    MassExplosion213 .

    Member
    1,405
    953
    Feb 15, 2015
    United States
    Title keys come from decrypting the TMD. And the rest is the same as a normal .3ds.
     
  12. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    OK, download title, decrypt tmd, decrypt app files with aes-cbc, make the ctr info file with the app files, generate xorpads, extract app files with ctrtool, xor files, dump xored files with ctrtool?
     
  13. MassExplosion213

    MassExplosion213 .

    Member
    1,405
    953
    Feb 15, 2015
    United States
    Yup. Simpler in practice than in explanation.
     
  14. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    decrypt.(bat/sh) anyone? So, how does one decrypt the tmd? (Sorry for the noobyness)
     
  15. MassExplosion213

    MassExplosion213 .

    Member
    1,405
    953
    Feb 15, 2015
    United States
    ncchinfo.bin? If I remember right?
     
  16. gudenau
    OP

    gudenau Never a unique idea

    Member
    3,237
    1,216
    Jul 7, 2010
    United States
    /dev/random
    Really, just dump the tmd on the ncchinfo script? Did not know that.