Hacking How to create your own Sky3DS template entries?

[Falo]

So I used the diskwriter to write it somewhat successfully, problem is when it cycles to the game on the 3DS it's a blank icon that won't load. On top of that in diskwriter under EEPROM it says "NO" instead of YES like all the other roms. Weird. :S

Pokemon XY / ORAS is CARD2 -> Nand Saving, it has no EEPROM chip inside.

The Cartridge ID should be "C2 ?? ?? 98" (replace ?? ?? with working values) and EEPROM ID -> Nand Save.

Cartridge ID must match EEPROM ID, xx xx xx 90 -> eeprom, xx xx xx 98 -> nand

 

[ChrisRX]

Pokemon XY / ORAS is CARD2 -> Nand Saving, it has no EEPROM chip inside.

The Cartridge ID should be "C2 ?? ?? 98" (replace ?? ?? with working values) and EEPROM ID -> Nand Save.

Cartridge ID must match EEPROM ID, xx xx xx 90 -> eeprom, xx xx xx 98 -> nand

Just to help you out, I think the second byte in the cartridge ID is the ROM size
There are 4 values:
0xFE 536870912 bytes or less. 512MB
0xFA 1073741824 bytes: 1GB
0xF8 2147483648 bytes: 2GB
0xF0 4294967296 bytes: 4GB

I hope this helps!

The third byte can be 0x00 or 0x02. I haven't got my head around what that value is yet

 

[pandaboii]

hEY gUYS could someone give a omega ruby eu template file

 

[Ralph1611]

Can I get a Tomodachi Life EUR template file?

i think the one say has wont work.. Im using region three and the Japanese one isnt having the same problem as the EUR one.

The EUR writes with diskwriter...but im guessing is the same error as Resident Evil Revelations.. No game card inserted..

 

[Varia]

Ah fair enough, I can get some of those values anyway like the Unknown ID, EEPROM

Any idea what to write in unknown id for monster hunter 4?
eeprom i assume nand save and cartridfe id is C2F00090.
It does copy the game to the memory card with the diskwriter tool, but when I try to play it it won't show up. and follwing that the card won't
work anymore (at all, won't load even the other games) until I delete the game.

 

[lukas_2511]

Any idea what to write in unknown id for monster hunter 4?
eeprom i assume nand save and cartridfe id is C2F00090.
It does copy the game to the memory card with the diskwriter tool, but when I try to play it it won't show up. and follwing that the card won't
work anymore (at all, won't load even the other games) until I delete the game.

Since everything but this "Unknown id" can be calculated from a rom dump, and the sky3ds team seems to be able to generate the template.txt entries from the first 0x4000 bytes of the roms, i have reason to believe that it is some kind of cryptographic hash, used to lock out clones or something, and it will probably be impossible to generate it without knowing the key.

 

[hackotedelaplaqu]

Unknown ID -> i have no idea what this id is, but my guess is it can only be dumped from a real cartridge

It surely is because eshop games won't work and sky3ds needs one real cartridge in hands to publish new template.
Could it be related to the number in the back of retail games ?

 

[Falo]

It surely is because eshop games won't work and sky3ds needs one real cartridge in hands to publish new template.
Could it be related to the number in the back of retail games ?

eShop ".3DS" games are not working because the "NCSD" signature is a fake, sky3DS only allows real signatures and there is no way to generate them.

The Unknown id has something to do with the game's encryption, they request 0x4010 bytes in their header tutorial, 0x4000-0x400F = NCCH(0) KeyY.
So this unknown id is somehow generated from the games's keyY.

 

[thaikhoa]

Is there any clue on what's Unknown ID in the template of Sky3DS yet? Without it, no game will be loaded, leave blank game icon without appropriate Unknown ID. I have Super Smash Bros AXCP-AUS (Australia version). It's completely different from the one in the current template due to SHA-1 checksum is different between the two.

Contacted Sky3DS to ask them for adding SSB AUS dump to their template (sent SHA-1 section and dump's header as well). However, they refused to do that, the reason is that they wouldn't like to add personal dump, even I explained some of Nintendo games here in Australia are different from Europe.

 

[Datalogger]

I have another question.
Is it possible to rename the Game Titles in SKY3DS that show on the 3DS Screen?

Like so I can have 4 or more copies of Cubic Ninja and know which is for which exploit.
#1 - Launch HomeBrew
#2 - Launch NTR CFW
#3 - Launch GW
#4 - Launch whatever comes next (Karl/OSKA/xyzCFW)

I know I can have multiple copies of CN in my SKY (I have three now), but is there a way to change the names so you can see which one you have Blue Buttoned to?

 

[motezazer]

I have another question.
Is it possible to rename the Game Titles in SKY3DS that show on the 3DS Screen?

Like so I can have 4 or more copies of Cubic Ninja and know which is for which exploit.
#1 - Launch HomeBrew
#2 - Launch NTR CFW
#3 - Launch GW
#4 - Launch whatever comes next (Karl/OSKA/xyzCFW)

I know I can have multiple copies of CN in my SKY (I have three now), but is there a way to change the names so you can see which one you have Blue Buttoned to?

No. The name is signed so you can't change it.

 

[Justin20020]

Is there any new method to create an template? Im still thinking about that ._.

 

[motezazer]

Is there any new method to create an template? Im still thinking about that ._.

No, you miss the Sky3DS team secret to make a template valid.

 

[Centrix]

So has any one bothered to look at the settings.ini that comes with the template? it seems like it has some connection to the way the template looks at the games that are added by the sky3ds team? maybe theres something there that will give us a clue as to how they are adding games? maybe its not as hard as we think? im not a programer out side of site design so im not sure if this is anything that will help I just wanted to share my thoughts

 

[Datalogger]

The only person that has even has a rat's ass chance in cracking this is Yifan Lu, and so far SKY3DS is not on his radar.

 

[TarAnTani]

Hi;
Sorry to necro an old thread but I thought it should be posted here:
The unknownID is actually the ENC_SEED.
Since the review of the sky3ds+ (here on gba temp https://gbatemp.net/review/sky3ds.414/) there was a picture with per game settings, which had commentaries what the actuall values are.

Here is the picture (credits go to Foxi4 since he probably took that screenshot):

The ENC_SEED seems to be derived from offset 0x1010 in the rom, but I don't get with what they decrypt it.
The same information can be obtained in the sky3ds+ gamelist.bin file.
Also the ENC_SEED (CTR-P-AMGP) from this screenshot as well as the "gamelist.bin" and the latest sky3ds "template0513.txt" match up completely.
Anyway, the first four byte in each sky3ds game template of the "template0513.txt" seem to correlate with the ENC_TYPE.

Now for the stupidity of mine, I thought to catch the "unknown ID" from sky3ds official gamelist.bin but since they do not update that file either nor the template, we NEED to find out how the value is calculated.
I mean if, the sky3ds+ cart is capable of actually generating that value on its own in the "gamename.cfg" on startup of the rom so why can't we?

 

[gamesquest1]

Hi;
Sorry to necro an old thread but I thought it should be posted here:
The unknownID is actually the ENC_SEED.
Since the review of the sky3ds+ (here on gba temp https://gbatemp.net/review/sky3ds.414/) there was a picture with per game settings, which had commentaries what the actuall values are.

Here is the picture (credits go to Foxi4 since he probably took that screenshot):

The ENC_SEED seems to be derived from offset 0x1010 in the rom, but I don't get with what they decrypt it.
The same information can be obtained in the sky3ds+ gamelist.bin file.
Also the ENC_SEED (CTR-P-AMGP) from this screenshot as well as the "gamelist.bin" and the latest sky3ds "template0513.txt" match up completely.
Anyway, the first four byte in each sky3ds game template of the "template0513.txt" seem to correlate with the ENC_TYPE.

Now for the stupidity of mine, I thought to catch the "unknown ID" from sky3ds official gamelist.bin but since they do not update that file either nor the template, we NEED to find out how the value is calculated.
I mean if, the sky3ds+ cart is capable of actually generating that value on its own in the "gamename.cfg" on startup of the rom so why can't we?

there is already a tool to make your own template files for games that are missing here
https://gbatemp.net/threads/create-template-for-blue-button-sky3ds-ourself.430142/

 

[TarAnTani]

Hi;

Thank you gamesquest1.

Ok than thats that.

Forget my previous post then.