Is there any tutorial on how to Cryptofix a 3DS rom/cia and a game update?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by Xanek, Aug 3, 2015.

  1. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    Been curious on how the process goes to cryptofix a game/game update, as I want to personally try it out as I currently own a N3DS and newer games need to be cryptofixed.

    I know that I could technically wait till someone else creates one, but on the off chance that someone doesn't, I would like to know the process on how to cryptofix either the game itself or an update for the game.

    I primarily want to know how to do it for .3ds files dumped from the physical cart and not from the eshop.

    Any able to help/know what to do?
     
  2. SciresM

    SciresM GBAtemp Advanced Fan

    Member
    596
    1,860
    Mar 21, 2014
    United States
    You will never need to cryptofix ROMs dumped from cart because no cartridge can ever use SeedDB because that's not how that works.
     
  3. hippy dave

    hippy dave Butts Butts Megabutts

    Member
    2,592
    1,805
    Apr 30, 2012
    True. Also you would need a hardmod. There's some descriptions of the process in the Binding of Isaac thread in the cfw forum, don't know how thorough they are.
     
  4. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    Oh okay, so cryptofix only works for eshop versions? So if for some odd reason a game only has a cart and no eshop version you're screwed on cryptofixing it correct?
    Also just wanted to know the process of cryptofixing in general for games.
    How would you go about cryptofixing game updates though?

    Is there any link to when the post actually starts talking about cryptofixing? Currently at work and unable look through the thread.
     
  5. SciresM

    SciresM GBAtemp Advanced Fan

    Member
    596
    1,860
    Mar 21, 2014
    United States
    Cryptofixing "only works" for eShop titles because physical cartridges will NEVER need to be cryptofixed because that's not how SEEDDB works, at all.

    Updates will never need to be cryptofixed either -- or at least, no currently released update on the eShop uses seed crypto...and I have a complete list of all titles and their seeds.

    Cartridges and updates may need their exheaders spoofed to play on lower firmware versions than intended, but that's completely different.
     
    2manyGames2play likes this.
  6. Xenon Hacks

    Xenon Hacks GBAtemp Guru

    Member
    7,115
    3,410
    Nov 13, 2014
    United States
    Wow I rarely see you post anymore, are you working on anything pokemon related?
     
  7. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    How do you spoof exheaders then?
     
  8. Mr. Prince

    Mr. Prince GBAtemp Advanced Fan

    Member
    534
    87
    Oct 29, 2011
    Saudi Arabia
    All Blue
    Fire Emblem IF update 1.1 requires cryptofixing.
     
  9. RainThunder

    RainThunder GBAtemp Regular

    Member
    212
    134
    Jun 22, 2012
    Hanoi
    Cryptofix isn't the right term. That update only need to be firmware spoofed to works on lower firmware versions.
     
  10. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    So is there any guide on how to spoof games and their updates? :v
     
  11. RainThunder

    RainThunder GBAtemp Regular

    Member
    212
    134
    Jun 22, 2012
    Hanoi
    Asia81's tutorial is a good start. According to my experience in creating a firmware spoofed version of Fire Emblem If update, you only need to edit a few bytes (@0x39C and @0x79C) in exheader to make the update works on lower firmware.
     
  12. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    This tutorial? https://gbatemp.net/threads/tutoria...d-3ds-roms-run-xy-oras-without-update.383055/
    or is there another tutorial that you're talking about?
     
    Last edited by Xanek, Aug 4, 2015
  13. SciresM

    SciresM GBAtemp Advanced Fan

    Member
    596
    1,860
    Mar 21, 2014
    United States
    Editing 0x39c and 0x79c to "21 02" is how you do it, yeah (0x221 in little endian)

    Also OR 0xD with 0x2 if it's an sd title.
     
    2manyGames2play and RainThunder like this.
  14. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    I'm looking through a few of the threads that Asia81 created, I don't see where it says to edit bytes, which thread are you looking at @RainThunder ?

    Also how would you know what bytes to alter? Is it kind of trial and error until it eventually works? Or is there like a range that they are usually in so it's not as hard?

    And would the bytes be different each update?
     
    Last edited by Xanek, Aug 4, 2015
  15. RainThunder

    RainThunder GBAtemp Regular

    Member
    212
    134
    Jun 22, 2012
    Hanoi
    Look at SciresM's post above. You have to open the exheader.bin with an hex editor, go to 0x39C offset, then change two bytes to "21 02", then do the same for 0x79C offset. They should be at the same offset in each update.

    Asia81's tutorial doesn't cover firmware spoofing.
     
  16. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    But was that the right tutorial?
    How would rebuilding work, since the files they have for rebuilding are for Pokemon only correct?
     
    Last edited by Xanek, Aug 4, 2015
  17. RainThunder

    RainThunder GBAtemp Regular

    Member
    212
    134
    Jun 22, 2012
    Hanoi
    Last edited by RainThunder, Jan 20, 2016
  18. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    How would rebuilding work, as the link in that tutorial has files that are meant for that pokemon game is it not?
     
  19. RainThunder

    RainThunder GBAtemp Regular

    Member
    212
    134
    Jun 22, 2012
    Hanoi
    Just use makerom. Here are the commands I used for rebuild FE: If 1.1 (in Windows)
    Code:
    makerom -f cxi -target t -rsf RSF.rsf -o update.cxi -exheader exheader_fix.bin -code ExeFS\code.bin -romfs RomFS.bin -icon ExeFS\icon.bin -alignwr
    ExInjector.exe -rom update.cxi -exheader exheader_fix.bin -sd
    makerom -f cia -target t -content update.cxi:0:0 -minor 2 -micro 0 -o update.cia
    
    RSF file (it's a text file, just copy and paste it to any text editor):
    Warning: Spoilers inside!
    The content in that RSF is not really important though. You only need to edit obvious things like ProductCode, Category, UniqueID, and EnableCompress. Other information in RSF file is already included in exheader, and ExInjector will make sure the rebuilt ROM and the original ROM share the same exheader.

    To choose the correct EnableCompress option, just open the exheader in any hex editor. If the hexadecimal number at offset 0xD is 0x01 or 0x03, then EnableCompress should be set to true. Otherwise, set it to false.

    The version option in the last makerom command is important. If the rebuilt CIA version number is lower than the latest version number in Nintendo servers, the main game will display an update nag. You can check the version of the unspoofed cia using BigBlueMenu, or use the tmd file if you know how. E.g. The version number of Fire Emblem If v1.1 update is 1.2.0 (major.minor.micro), which means you have to add -minor 2 -micro 0. Major version number is already included in exheader, so you don't need to use -major.

    How to use makerom: http://3dbrew.org/wiki/Makerom (not really necessary, above commands should work for every game).
     
    Last edited by RainThunder, Jan 26, 2016
  20. Xanek
    OP

    Xanek GBAtemp Regular

    Member
    170
    7
    Jul 3, 2015
    United States
    .
     
    Last edited by Xanek, Aug 10, 2015