I'm going to update my tutorial soon. I think there's still a little more work to do before we can use modified saves.
Hacking Hacking with 3DS Save DeEncrypter
- Thread starter Immortal_no1
- Start date
- Views 99,956
- Replies 243
- Likes 2
- Status
update of the 3dssavesorter http://www.mediafire.com/?dw14ob6x0b4eo4t
new functions are to check the checksum fix the checksum and make a physical file out of a virtual
-r (generate the virtal file out of the raw decrypted)
-b (apply changes in a virtual File to a raw decrypted (checksums are not fixed)) (untested)
-f (fix all checksums that are not in the virtual file) (untested)
new functions are to check the checksum fix the checksum and make a physical file out of a virtual
-r (generate the virtal file out of the raw decrypted)
-b (apply changes in a virtual File to a raw decrypted (checksums are not fixed)) (untested)
-f (fix all checksums that are not in the virtual file) (untested)
Sebiroth said:
Can you backup your retail 3DS cart's save files with NDS XPloader? (I'm not familiar with it)
If you can, yes.
If you can't, then no.
ichichfly, i think i have a hardware challenge to you.
You have a Cyclone II FPGA Starter Development Kit right? it's what you wrote in your topic.
Do you have the ability to create a simple Passthrough for the EEPROM data from a 3DS cart?
I'm starting to have a look at the hardware hopefully i will see a list of requests from the EEPROM lines with locations and data. It's just a thought, but it should work, ibut i thinki i need a faster board than my AVR Minimus. Was only a cheap Fiver, but did what i originally needed it to. Otherwise i;ll look at getting a Atmel Dragon board, lots of pinouts, and i'll make a complete passthrough for it as i think the response time for the 3ds cartridge is a lot faster than that of the DS
I'm thinking that may be the best way to get the locations of the data used in the next CRC's
You have a Cyclone II FPGA Starter Development Kit right? it's what you wrote in your topic.
Do you have the ability to create a simple Passthrough for the EEPROM data from a 3DS cart?
I'm starting to have a look at the hardware hopefully i will see a list of requests from the EEPROM lines with locations and data. It's just a thought, but it should work, ibut i thinki i need a faster board than my AVR Minimus. Was only a cheap Fiver, but did what i originally needed it to. Otherwise i;ll look at getting a Atmel Dragon board, lots of pinouts, and i'll make a complete passthrough for it as i think the response time for the 3ds cartridge is a lot faster than that of the DS
I'm thinking that may be the best way to get the locations of the data used in the next CRC's
Immortal_no1 said:
both SPI(EEPROM) and ROM transfers have a maximal speed of 16.6MHz.
ADD: Do you know if 4 bit wide transmission or only SO/SI is used for SPI (the EEPROM) in the 3ds cards?
lazymarek said:
Currently No we can't make saves which are not corrupted.
Fixing the header data was a must and now can be done.
According to what i can see there's still the CRC in the DISA block and also the CRC at the bottom of the DPFS block.
We know how to create the CRC for the DISA block, however we don't know how the data within the DISA block relates to the data in the Save areas.
As far as i know we don't have a solution for finding the DPFS CRC...
A diff between saves shows that the data in the DISA and DIFI and DPFS blocks is the same it's just the 0x10 bytes at the start of the 0x1000 sized block and the CRC's that differ.
Correct me if i'm wrong ichichfly?
Where would you like to start? the 0x10 byte CRC at the top?
I know that much, but there are 2 hashes in the DISA block, one at the top and one at the bottom. the one at the bottom is a SHA-256 based hash, however the one at the top is only 16 bytes long, which could be a SHA-1 or MD5 but we don't know the data that it hashes to be sure.
Just a simple score change i made generated a corrupted save. Here's some info i've been looking at for a little while now:
Save2-BBBBBBBB.sav
Score - 75060 - 342501
Name: - BBBBBBBB - 0202020202020202
hash at 15000
337F791C9F2B628267754F41A1313540 - Need to find how this is generated
DISA hash at 1516C
251F10AB3C348FD6ED829BAE08D3091B294A26CB6DF57D8F6A26CBC570CE6EEC
DPFS hash at 1543C
0C77000486499699E8D320424CE9800F5DEE1E72EE379428FEBA1A9B646394B2 - DPFS has is the same at 1543C & 1943C
DPFS hash at 1943C
0C77000486499699E8D320424CE9800F5DEE1E72EE379428FEBA1A9B646394B2 - DPFS has is the same at 1543C & 1943C
hash at 1C000
EC6272813A4058555358B8F42F4D1E6BF6B9540BB2EC9D565B0C6FF55DE7EA47 - Need to find how this is generated. (created when data is initialized prior to playing the game)
3F2523978999A708BE6979DB13B83D7EDF6BA357C802FC2DF126EA8AF65E8C93 - Need to find how this is generated. (created when data is initialized prior to playing the game)
B4D67710799DBEE0CEA47D2F2AAF416C662781CD8C5A086E71F2FE2B10A10BD3 - same in all saves
E31D263B9F3F125A1F42DBB142D33191E1120B3F50620E9EBFEC10233D4919D5 - hash of 8000-8FFF
The Hash at the end of DISA is from 6200 - 632B = 0x12C this is a SHA-256
970F122AB7A5CCC791AF2C0772A214D879279C4D22FBC921EF6A7B3F4A890D89
Save3-CCCCCCCC.sav
Score - 75292 - 1C2601
Name: CCCCCCCC - 0303030303030303
hash at 15000
CFD812527BDA7B981D08AEBC59F30E04 - Need to find how this is generated.
DISA hash at 1516C
982F00F30B814149B5A466C8A3D7F93CB52F5AAF515985A15E93456AF1FF918E
DPFS hash at 1543C
A0E90E3BBF299B05544ECFF788EB235377E43A02D84827B744D049B1AB909861 - DPFS has is the same at 1543C & 1943C
DPFS hash at 1943C
A0E90E3BBF299B05544ECFF788EB235377E43A02D84827B744D049B1AB909861 - DPFS has is the same at 1543C & 1943C
hash at 1C000
E17676A07D8B15FE761514D3F400E4421CB8A2A59B3039EB41648EF5DA3623F2 - Need to find how this is generated. (created when data is initialized prior to playing the game)
A5641389F657F4599F59C870EEB60429C0502DDEB21C2FFCA5260132A4DD66AC - Need to find how this is generated. (created when data is initialized prior to playing the game)
B4D67710799DBEE0CEA47D2F2AAF416C662781CD8C5A086E71F2FE2B10A10BD3 - same in all saves
098E0450538E9EDDB618729102712CC0F61C035F2CA48BB4B5BE9F04CE2A4115 - hash of 8000-8FFF
The Hash at the end of DISA is from 6200 - 632B = 0x12C this is a SHA-256
970F122AB7A5CCC791AF2C0772A214D879279C4D22FBC921EF6A7B3F4A890D89
I don't know how useful it will be to the trolls out there but ichichfly you may be able to use it for something. It's nothing that we don't already know though i don't think.
Just a simple score change i made generated a corrupted save. Here's some info i've been looking at for a little while now:
Save2-BBBBBBBB.sav
Score - 75060 - 342501
Name: - BBBBBBBB - 0202020202020202
hash at 15000
337F791C9F2B628267754F41A1313540 - Need to find how this is generated
DISA hash at 1516C
251F10AB3C348FD6ED829BAE08D3091B294A26CB6DF57D8F6A26CBC570CE6EEC
DPFS hash at 1543C
0C77000486499699E8D320424CE9800F5DEE1E72EE379428FEBA1A9B646394B2 - DPFS has is the same at 1543C & 1943C
DPFS hash at 1943C
0C77000486499699E8D320424CE9800F5DEE1E72EE379428FEBA1A9B646394B2 - DPFS has is the same at 1543C & 1943C
hash at 1C000
EC6272813A4058555358B8F42F4D1E6BF6B9540BB2EC9D565B0C6FF55DE7EA47 - Need to find how this is generated. (created when data is initialized prior to playing the game)
3F2523978999A708BE6979DB13B83D7EDF6BA357C802FC2DF126EA8AF65E8C93 - Need to find how this is generated. (created when data is initialized prior to playing the game)
B4D67710799DBEE0CEA47D2F2AAF416C662781CD8C5A086E71F2FE2B10A10BD3 - same in all saves
E31D263B9F3F125A1F42DBB142D33191E1120B3F50620E9EBFEC10233D4919D5 - hash of 8000-8FFF
The Hash at the end of DISA is from 6200 - 632B = 0x12C this is a SHA-256
970F122AB7A5CCC791AF2C0772A214D879279C4D22FBC921EF6A7B3F4A890D89
Save3-CCCCCCCC.sav
Score - 75292 - 1C2601
Name: CCCCCCCC - 0303030303030303
hash at 15000
CFD812527BDA7B981D08AEBC59F30E04 - Need to find how this is generated.
DISA hash at 1516C
982F00F30B814149B5A466C8A3D7F93CB52F5AAF515985A15E93456AF1FF918E
DPFS hash at 1543C
A0E90E3BBF299B05544ECFF788EB235377E43A02D84827B744D049B1AB909861 - DPFS has is the same at 1543C & 1943C
DPFS hash at 1943C
A0E90E3BBF299B05544ECFF788EB235377E43A02D84827B744D049B1AB909861 - DPFS has is the same at 1543C & 1943C
hash at 1C000
E17676A07D8B15FE761514D3F400E4421CB8A2A59B3039EB41648EF5DA3623F2 - Need to find how this is generated. (created when data is initialized prior to playing the game)
A5641389F657F4599F59C870EEB60429C0502DDEB21C2FFCA5260132A4DD66AC - Need to find how this is generated. (created when data is initialized prior to playing the game)
B4D67710799DBEE0CEA47D2F2AAF416C662781CD8C5A086E71F2FE2B10A10BD3 - same in all saves
098E0450538E9EDDB618729102712CC0F61C035F2CA48BB4B5BE9F04CE2A4115 - hash of 8000-8FFF
The Hash at the end of DISA is from 6200 - 632B = 0x12C this is a SHA-256
970F122AB7A5CCC791AF2C0772A214D879279C4D22FBC921EF6A7B3F4A890D89
I don't know how useful it will be to the trolls out there but ichichfly you may be able to use it for something. It's nothing that we don't already know though i don't think.
- Joined
- Dec 5, 2009
- Messages
- 915
- Reaction score
- 2,214
- Trophies
- 3
- Age
- 32
- Location
- center of the Sun
- Website
- kuribo64.net
- XP
- 3,125
- Country
If by 'DPFS CRC' you mean the last 4 bytes in the DIFI blocks, the 3dbrew page says that they are garbage and appear as FF FF FF FF in an encrypted save.
Also there's no CRC in the DISA block, did you mean the hash? Those aren't the same.
Also there's no CRC in the DISA block, did you mean the hash? Those aren't the same.
Mega-Mario said:
That much i do know, in fact i think it may even have been me who put up that information on 3dsbrew.
At the bottom of the DPFS block, there is a large block of data the first 0x20 bytes of that is the CRC, the rest of that is garbage you get from the XOR process to get the decrypted save.
Immortal_no1 said:
in the virtual file I found the following changes
0x0 - 0xF maybe only random data
0x16C sha-256 DISA known
0x43C maybe sha-256 unknown
0x2000 hash tabel first 2 unknown other known
the save data
ADD: update now fix the missing crc that is calculated in some games http://www.mediafire.com/?3zc2o62b8buckzc
I enjoyed the "what the f**k are you doing ???" when you run the common /? help command with your app
"3dssaveresorter.exe /?"
Immortal_no1 said:I enjoyed the "what the f**k are you doing ???" when you run the common /? help command with your app"3dssaveresorter.exe /?"
http://www.mediafire.com/?vw3uc9q9ec0gctb
Now a better message is used.
i'll try and add something in the next couple of days. I'll try to make it as detailed as i can using what we currently know.
I've written about 95% of the tutorial.
Ichichfly is there a way we can use your app to pass in the modified encrypted file only and have it check and output the corrected modified file?
Such as:
3dssaveresorter.exe -F (enc_mod_file.sav output_enc_mod_file.sav)
Where output_enc_mod_file.sav gets created in the process unless the header CRCs all match?
Ichichfly is there a way we can use your app to pass in the modified encrypted file only and have it check and output the corrected modified file?
Such as:
3dssaveresorter.exe -F (enc_mod_file.sav output_enc_mod_file.sav)
Where output_enc_mod_file.sav gets created in the process unless the header CRCs all match?
Yes this is the right thread for the unix/linux question. The plaintext was seen on some ninja game savefile way back when. It was referencing a bgm file inside the rom, probably background files for the save menu or something.
I read this entire thread from page 1, but don't bother looking for it. Stay on track, you're leagues ahead of anything I could figure out.
I read this entire thread from page 1, but don't bother looking for it. Stay on track, you're leagues ahead of anything I could figure out.
Were you referring to the samurai warriors chronicles BGM reference in the save?
That's the only thing i can think of...
That's the only thing i can think of...
- Status
Similar threads
Site & Scene News
New Hot Discussed
-
-
25K views
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
15K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
13K views
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
10K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
9K views
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
9K views
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
7K views
Forza Horizon 6 leaks online after Steam preload data was uploaded without encryption
We are once again here to tell you about a game leaking before its release, but for once, it's not one published by Nintendo. The game files for Microsoft's upcoming... -
7K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
6K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
5K views
Low-level 3DS emulator 3Beans released alongside setup tutorial video
When you talk about 3DS emulation, most people would jump to Citra. As the defacto choice since its first release it's seen tremendous success, and even after its...
-
-
-
169 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
163 replies
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
144 replies
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
102 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
92 replies
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
83 replies
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
73 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
63 replies
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern... -
54 replies
Nintendo shows off mouse controls for the upcoming Star Fox remake
With the latest entry to the Star Fox series being announced earlier this month, Nintendo have today shown off one of the features new to the game in the mouse...
-
