Toggle sidebar

Hacking Hacking with 3DS Save DeEncrypter

  • Thread starter Thread starter Immortal_no1
  • Start date Start date
  • Views Views 99,962
  • Replies Replies 243
  • Likes Likes 2
Status
Not open for further replies.
Yeah, i'm not sure how useful that will be. At the moment, if people want to help out, see if you can find the starting locations of the files that you can see using "File Info" from the software's File Menu. once one of those is found, we can see where the locations are and then extraction of the files can begin.
 
CollosalPokemon said:
I found something cool in my Samurai Warriors Chronicals save file (after using this tool) :

swccool.png


Something to do with loading a sound from the ROM (actually, there are around 3 more of these I was just too lazy to screencap them all)
yaynds.gif
I love how this is in plaintext. I doubt it's exploitable though, I'm sure KT is smarter than that simple text, still, it's pretty cool but there's no way for us to tell 100% for sure yet because modifying that means the CRC would change =P But I really doubt an exploit would come this early so I'm not expecting anything.
Click to expand...
I think I know exactly what that is. I think it's referring to a file within the game, like the standard DS file format. So therefore, I have reason to believe that 3DS games run on a file format system like it's predecessors.
 
Team Fail said:
CollosalPokemon said:
I found something cool in my Samurai Warriors Chronicals save file (after using this tool) :

swccool.png


Something to do with loading a sound from the ROM (actually, there are around 3 more of these I was just too lazy to screencap them all)
yaynds.gif
I love how this is in plaintext. I doubt it's exploitable though, I'm sure KT is smarter than that simple text, still, it's pretty cool but there's no way for us to tell 100% for sure yet because modifying that means the CRC would change =P But I really doubt an exploit would come this early so I'm not expecting anything.
Click to expand...
I think I know exactly what that is. I think it's referring to a file within the game, like the standard DS file format. So therefore, I have reason to believe that 3DS games run on a file format system like it's predecessors.
Click to expand...

herp.

It's a sound file. My question: Why is a ROM instruction like that even in the save? (I know it has to instruct the ROM in some ways, so the game knows where you're at in the game, score, etc...)\
Sound should be handled by the ROM already knowing "After battle X, play sound Y." (or anywhere in the game it should know when to play sounds without instructions from the save file) I'm more confused as to why it's even in plaintext. I wonder if replacing it with something like "sd: /.files/xyz.3ds" would work instead of playing the sound =P That would be really funny, but I doubt developers that stupid in today's world.
 
Perhaps in this game you can choose a certain sound for a certain action (e.g. the sound that is played when you win a fight or something...) and this information has to be saved. But i don't know why it's in plain text.
 
hergipotter said:
Perhaps in this game you can choose a certain sound for a certain action (e.g. the sound that is played when you win a fight or something...) and this information has to be saved. But i don't know why it's in plain text.
Click to expand...

There are actually like 3-4 plaintext sound commands, but they're not changeable in-game. I have the game and there's no option for changing the sounds. (there's options for changing volume for bgs and etc but not the actual sounds)
I don't understand why it would reference something like that to the ROM, much less why it's saved in plaintext either, and even lesser why Koei Tecmo didn't catch it. Maybe they assumed everything was OK just because of the XOR encryption put on the saves ?
I've been finding XOR is a really crappy encryption everywhere I go.

EDIT: Other pics like the one I posted previously

3dsrominstr3.png


^ I dunno but it seems this one is encrypted, so why didn't the other 3 end up encrypted? Was KT lazy/assumed the others were encrypted/safe?

3dsrominstr2.png


3dsrominstr.png
 
3DS Save De/Encrypter v1.5a is now available

v1.5a -Checksum data for all checksums found so far, load decrypted save from Experimental menu.

Download
 
CollosalPokemon said:
It's a sound file. My question: Why is a ROM instruction like that even in the save?
Click to expand...

I bet it is some junk leftover that happened to be in the memory area allocated for the savegame before it was written to the SD card. This happens quite often when you allocate memory for a structure but do not clear it.
 
pachura said:
CollosalPokemon said:
It's a sound file. My question: Why is a ROM instruction like that even in the save?
Click to expand...

I bet it is some junk leftover that happened to be in the memory area allocated for the savegame before it was written to the SD card. This happens quite often when you allocate memory for a structure but do not clear it.
Click to expand...


I quite agree.

There is also a possibility that it could be used to determine different sound themes for title sequences, i don't know if there is anything like that on the game, but it's a possibility.
It's most likely though a log file stored to EEPROM of recent actions. I wouldn't be surprised.
 
CollosalPokemon said:
Team Fail said:
CollosalPokemon said:
I found something cool in my Samurai Warriors Chronicals save file (after using this tool) :

swccool.png


Something to do with loading a sound from the ROM (actually, there are around 3 more of these I was just too lazy to screencap them all)
yaynds.gif
I love how this is in plaintext. I doubt it's exploitable though, I'm sure KT is smarter than that simple text, still, it's pretty cool but there's no way for us to tell 100% for sure yet because modifying that means the CRC would change =P But I really doubt an exploit would come this early so I'm not expecting anything.
Click to expand...
I think I know exactly what that is. I think it's referring to a file within the game, like the standard DS file format. So therefore, I have reason to believe that 3DS games run on a file format system like it's predecessors.
Click to expand...

herp.

It's a sound file. My question: Why is a ROM instruction like that even in the save? (I know it has to instruct the ROM in some ways, so the game knows where you're at in the game, score, etc...)\
Sound should be handled by the ROM already knowing "After battle X, play sound Y." (or anywhere in the game it should know when to play sounds without instructions from the save file) I'm more confused as to why it's even in plaintext. I wonder if replacing it with something like "sd: /.files/xyz.3ds" would work instead of playing the sound =P That would be really funny, but I doubt developers that stupid in today's world.
Click to expand...
Someone should test that out.
Although i bet that you would have to patch xyz.3ds with the common key..
 
FireGrey said:
Someone should test that out.
Although i bet that you would have to patch xyz.3ds with the common key..
Click to expand...

I'm not sure if that's neccessary. Just try to figure out what triggers the rom to execute that file from the save and possibly replace that with a simple hello world by standards of the NDS format (or heck, even replace it with all sort of things, pictures, MPO's, music or a similair file to check if it can actually run off SD). We have no idea how the 3DS works in that aspect we still have a lot to figure out and everything is comming in small little steps.

Though with limited coding experience I'm not sure if it works that way either let alone if Nintendo would allow NDS code to run in 3DS mode (or if you can access the SD card at all with that game).

Actually, I'm not sure where to begin, but if I would have a copy of that game I'd try a thing or two.

Maybe I'll look into getting one.
 
CollosalPokemon said:
hergipotter said:
Perhaps in this game you can choose a certain sound for a certain action (e.g. the sound that is played when you win a fight or something...) and this information has to be saved. But i don't know why it's in plain text.
Click to expand...

There are actually like 3-4 plaintext sound commands, but they're not changeable in-game. I have the game and there's no option for changing the sounds. (there's options for changing volume for bgs and etc but not the actual sounds)
I don't understand why it would reference something like that to the ROM, much less why it's saved in plaintext either, and even lesser why Koei Tecmo didn't catch it. Maybe they assumed everything was OK just because of the XOR encryption put on the saves ?
I've been finding XOR is a really crappy encryption everywhere I go.

EDIT: Other pics like the one I posted previously

3dsrominstr3.png


^ I dunno but it seems this one is encrypted, so why didn't the other 3 end up encrypted? Was KT lazy/assumed the others were encrypted/safe?

3dsrominstr2.png


3dsrominstr.png
Click to expand...

this is only what I think what happend I have/can not check if it is true

easy they allocated some memory lets say 100 byte now they write data to this but only to the first 50 bytes and write the 100 byte to the save than the rest of the buffer is uninited so the data that was written to this before it get allocated and in this case someone has written the path to it before it get allocated or they allocated less than they write to the save.
 
One possible reason of the name of a sound file ending up in the save is that the game was playing a certain sfx/music/ambience sound at the time the player saved, and wants to resume said sound when the player resumes their game...
 
Yu-Gi-Oh 100 said:
ok what im i supposed to do with this?
Click to expand...

You extract your gamesave from your cartridge using a NDS ADAPTER PLUS or something similar, then using this application you decrypt the game save so that it can be interrogated.

Hopefully soon we can re-CRC the data and play with modified gamesaves and swap regions of gamesave
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance