Hacking Location on the SD card of Metroid

morphius

morphius

The King of the Cosmos
OP
Member
Level 3
Joined
Nov 21, 2008
Messages
298
Trophies
0
Website
pachimod.blogspot.com
XP
282
Country
United States
I made a backup of my sd card before and after installing Metroid from the ambassador program. I used winmerge to figure out the location of all files relating to Metroid they are as follows:

Nintendo 3DS\a811f3136911e6492b2b3dc63902fe63\e03400ab4760a5d9534430320002544d\title004000006ee00\content
09/01/2011 12:52 AM 2,688,512 00000000.app
09/01/2011 12:52 AM 2,916 00000000.tmd
09/01/2011 12:52 AM 94,720 00000002.app

Nintendo 3DS\a811f3136911e6492b2b3dc63902fe63\e03400ab4760a5d9534430320002544d\title004000006ee00\data
09/01/2011 12:52 AM 1,048,576 00000001.sav

dates are incorrect. They are the dates I copied the files.
I hex edited all the files hoping to find a copy of the metroid rom inside (so I could inject my own rom), but I think everything is encrypted.
 
morphius

morphius

The King of the Cosmos
OP
Member
Level 3
Joined
Nov 21, 2008
Messages
298
Trophies
0
Website
pachimod.blogspot.com
XP
282
Country
United States
I will in a bit. Anyone happen to know how the directory names are generated? Are they all the same? ie: is metroid ALWAYS installed to a dir named 0006ee00 or is it different on every system.
 
C

Cancel

Member
Newcomer
Level 1
Joined
Jun 21, 2011
Messages
13
Trophies
0
XP
10
Country
United States
morphius said:
I will in a bit. Anyone happen to know how the directory names are generated? Are they all the same? ie: is metroid ALWAYS installed to a dir named 0006ee00 or is it different on every system.
Click to expand...

It's always going to be that directory unless it's different in Japan or Europe.
 
how_do_i_do_that

how_do_i_do_that

Blue Wizard is about to die.
Member
Level 12
Joined
May 16, 2008
Messages
5,135
Trophies
1
Location
You have insufficient posts to view user location.
XP
2,955
Country
Antarctica
likely hardware keys and random number combination based whatever.

You can only guess at this point since nobody knows how the inner workings of a 3DS and DSi work at this point.





---


I haven't gotten around to comparing the VC saves of zelda I & II to an pc emulator made saves to tell if they encrypt or use a straight emu load and save.

The US metroid save might be a stub, since the Japanese version has a real save system that is comparable.
 
Arisotura

Arisotura

rise of melonism
Member
Level 11
Joined
Dec 5, 2009
Messages
839
Trophies
1
Age
30
Location
center of the Sun
Website
kuribo64.net
XP
2,498
Country
France
Contents of the SD card that aren't images or audio files, are encrypted, apparently with a console-specific key. So you're just wasting your time.

Though, I can't help but wonder what's up with the 32char hexstrings (a811f3136911e6492b2b3dc63902fe63\e03400ab4760a5d9534430320002544d) the directories are named with. They seem to be console-specific, and perhaps they have to do with the encryption, but I don't think they are the keys
tongue.gif
 
Immortal_no1

Immortal_no1

Well-Known Member
Member
Level 3
Joined
Jul 17, 2003
Messages
266
Trophies
0
XP
292
Country
Since it's console specific, i would imagine that it's most likely generated via the MAC address of the 3DS. This method has been used many times over. Of someone wants to investigate this... go ahead.

Morphius... If you care to post your MAC address of your 3DS then we can try to see how they're generating this. I understand if you don't wish to.
 
K

koji2009

Well-Known Member
Member
Level 2
Joined
Mar 13, 2009
Messages
1,193
Trophies
0
XP
197
Country
United States
The MAC address isn't going to be the key itself, and indeed using the MAC address would actually be a bad means to go about it, simply because the MAC addresses ARE public knowledge. Thus one could make up a database of MAC addresses and known files encrypted by the system and thus possibly work out the encryption method, or at least a method for decryption... reencryption would be a lot more complex.
 
morphius

morphius

The King of the Cosmos
OP
Member
Level 3
Joined
Nov 21, 2008
Messages
298
Trophies
0
Website
pachimod.blogspot.com
XP
282
Country
United States
how_do_i_do_that said:
I haven't gotten around to comparing the VC saves of zelda I & II to an pc emulator made saves to tell if they encrypt or use a straight emu load and save.

The US metroid save might be a stub, since the Japanese version has a real save system that is comparable.
Click to expand...

I believe that .sav file to be closer to a savestate than a game save. If you close the program , then go back it ...it resumes from where you left off
 
morphius

morphius

The King of the Cosmos
OP
Member
Level 3
Joined
Nov 21, 2008
Messages
298
Trophies
0
Website
pachimod.blogspot.com
XP
282
Country
United States
koji2009 said:
The MAC address isn't going to be the key itself, and indeed using the MAC address would actually be a bad means to go about it, simply because the MAC addresses ARE public knowledge. Thus one could make up a database of MAC addresses and known files encrypted by the system and thus possibly work out the encryption method, or at least a method for decryption... reencryption would be a lot more complex.
Click to expand...

the same could possibly be said for the game files themselves. You have a known dataset (metroid rom) and a series of peoples dumps of the game.
 
Immortal_no1

Immortal_no1

Well-Known Member
Member
Level 3
Joined
Jul 17, 2003
Messages
266
Trophies
0
XP
292
Country
koji2009 said:
The MAC address isn't going to be the key itself, and indeed using the MAC address would actually be a bad means to go about it, simply because the MAC addresses ARE public knowledge. Thus one could make up a database of MAC addresses and known files encrypted by the system and thus possibly work out the encryption method, or at least a method for decryption... reencryption would be a lot more complex.
Click to expand...

Yes the mac address olone would be a bad idea to use as a form of encryption' however usimg the mac address as part of a string of variables in the encryption routine would mean it will be a lot harder for one person alone to crack it with 1 3ds.

Just because the MAC address is public knowledge to the person who owns the handheld doesn't mean that anyone can get ahold of the MAC address of anyone elses handheld, therefore keeping it a little more secure'

I would imagine that the big N has learned it's lessons from the other handhelds it's released in the past. It would appear as though perhaps upto 5 different types of encryption / crc methods are currently being used on the 3ds and the cartridges to keep it as secure as possible for as long as possible. They're not stupid.
 
CollosalPokemon

CollosalPokemon

ばん。。。かい
Member
Level 9
Joined
Oct 18, 2009
Messages
682
Trophies
0
XP
1,724
Country
United States
morphius said:
I think everything is encrypted.
Click to expand...

Umm, isn't encryption like a herp derp?

[sarcasm]
Nevermind nintendo is giving it out in the *.CIA format so we can load it and hack in unencrypted using NDS ROM editors and loaders ;D Oh yeah and they're region-free with no AP protection too.
[/sarcasm]
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
  • No one is chatting at the moment.
    BigOnYa @ BigOnYa: Sounds good actually.