Location on the SD card of Metroid

Discussion in '3DS - Flashcards & Custom Firmwares' started by morphius, Sep 2, 2011.

  1. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    I made a backup of my sd card before and after installing Metroid from the ambassador program. I used winmerge to figure out the location of all files relating to Metroid they are as follows:

    Nintendo 3DS\a811f3136911e6492b2b3dc63902fe63\e03400ab4760a5d9534430320002544d\title004000006ee00\content
    09/01/2011 12:52 AM 2,688,512 00000000.app
    09/01/2011 12:52 AM 2,916 00000000.tmd
    09/01/2011 12:52 AM 94,720 00000002.app

    Nintendo 3DS\a811f3136911e6492b2b3dc63902fe63\e03400ab4760a5d9534430320002544d\title004000006ee00\data
    09/01/2011 12:52 AM 1,048,576 00000001.sav

    dates are incorrect. They are the dates I copied the files.
    I hex edited all the files hoping to find a copy of the metroid rom inside (so I could inject my own rom), but I think everything is encrypted.
     
  2. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    Zip em up and post a link to the contents, i'll have a look at it. Add the sav file too
     
  3. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    I will in a bit. Anyone happen to know how the directory names are generated? Are they all the same? ie: is metroid ALWAYS installed to a dir named 0006ee00 or is it different on every system.
     
  4. Cancel

    Cancel Member

    Newcomer
    13
    0
    Jun 21, 2011
    United States
    It's always going to be that directory unless it's different in Japan or Europe.
     
  5. how_do_i_do_that

    how_do_i_do_that Blue Wizard is about to die.

    Member
    4,922
    257
    May 16, 2008
    Antarctica
    You have insufficient posts to view user location.
    likely hardware keys and random number combination based whatever.

    You can only guess at this point since nobody knows how the inner workings of a 3DS and DSi work at this point.





    ---


    I haven't gotten around to comparing the VC saves of zelda I & II to an pc emulator made saves to tell if they encrypt or use a straight emu load and save.

    The US metroid save might be a stub, since the Japanese version has a real save system that is comparable.
     
  6. StapleButter

    StapleButter 'New Member' registered since 2009. Fuck yea.

    Member
    774
    1,474
    Dec 5, 2009
    France
    Contents of the SD card that aren't images or audio files, are encrypted, apparently with a console-specific key. So you're just wasting your time.

    Though, I can't help but wonder what's up with the 32char hexstrings (a811f3136911e6492b2b3dc63902fe63\e03400ab4760a5d9534430320002544d) the directories are named with. They seem to be console-specific, and perhaps they have to do with the encryption, but I don't think they are the keys [​IMG]
     
  7. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    Since it's console specific, i would imagine that it's most likely generated via the MAC address of the 3DS. This method has been used many times over. Of someone wants to investigate this... go ahead.

    Morphius... If you care to post your MAC address of your 3DS then we can try to see how they're generating this. I understand if you don't wish to.
     
  8. koji2009

    koji2009 GBAtemp Maniac

    Member
    1,193
    32
    Mar 13, 2009
    United States
    The MAC address isn't going to be the key itself, and indeed using the MAC address would actually be a bad means to go about it, simply because the MAC addresses ARE public knowledge. Thus one could make up a database of MAC addresses and known files encrypted by the system and thus possibly work out the encryption method, or at least a method for decryption... reencryption would be a lot more complex.
     
  9. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    I believe that .sav file to be closer to a savestate than a game save. If you close the program , then go back it ...it resumes from where you left off
     
  10. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    the same could possibly be said for the game files themselves. You have a known dataset (metroid rom) and a series of peoples dumps of the game.
     
  11. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    Yes the mac address olone would be a bad idea to use as a form of encryption' however usimg the mac address as part of a string of variables in the encryption routine would mean it will be a lot harder for one person alone to crack it with 1 3ds.

    Just because the MAC address is public knowledge to the person who owns the handheld doesn't mean that anyone can get ahold of the MAC address of anyone elses handheld, therefore keeping it a little more secure'

    I would imagine that the big N has learned it's lessons from the other handhelds it's released in the past. It would appear as though perhaps upto 5 different types of encryption / crc methods are currently being used on the 3ds and the cartridges to keep it as secure as possible for as long as possible. They're not stupid.
     
  12. raulpica

    raulpica With your drill, thrust to the sky!

    Supervisor
    11,033
    7,348
    Oct 23, 2007
    Italy
    PowerLevel: 9001
    There's probably a console-specific key, which is salted with the MAC address.
     
  13. how_do_i_do_that

    how_do_i_do_that Blue Wizard is about to die.

    Member
    4,922
    257
    May 16, 2008
    Antarctica
    You have insufficient posts to view user location.
    The sav file doesn't change on mine even after several times of checking and moving around to different areas in the game.

    The save state of the VC might not even be on the SD, it might be on the 3DS instead.
     
  14. CollosalPokemon

    CollosalPokemon ばん。。。かい

    Member
    682
    342
    Oct 18, 2009
    United States
    Umm, isn't encryption like a herp derp?

    [sarcasm]
    Nevermind nintendo is giving it out in the *.CIA format so we can load it and hack in unencrypted using NDS ROM editors and loaders ;D Oh yeah and they're region-free with no AP protection too.
    [/sarcasm]
     
  15. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
  16. Pippin666

    Pippin666 SSF43DE Master

    Member
    1,828
    248
    Mar 30, 2009
    Canada
    Montreal, Qc
    You can always delete it from the system menu option. Check the sd directories, redownload it and compare folders.

    Pip'