I've been trying to extract/decrypt a file from the nand of my o3ds (FW 9.2) for 4 days, searched around on the forums and the rest of internet, tried almost everything but still have no luck.
What i did:
- Create a Nand dump (Gateway).
- Create a Nand xorpad (rxTools).
- Xorred the whole thing and opened it in Win image.
- Extracted the files from the Title dir what i need (1 .app, 1.tmd and 1 .cmd).
- Read up on 3dsbrew what the files are and contain (like the tmd is an archive).
- Readed out the .app and .tmd files with ctrtool and saw result (see images below).
This whole process took me, with reading into it and generating the neccesary files, about 2 hours but then everything got worse. The thing i'm hanging on is if i extract the romfs from the .app ctrtool can read the romfs and neither extract it and it seems like i can't do any thing with the .tmd file except reading the info via ctrtool.
With about 36 hours of searching and trying i've done this:
- repeat the whole process with 2 different set of tools (dump and xor with either rxtools and decrypt9).
- decrypted system titles, CTR titles, title.db for a key but did didn't do the trick either.
- generated a sdinfo.bin for the .app and .tmd file for the xorpads but after xorring them they become unreadable (as if after the extraction the files are good to go).
- used the title.db key to download the files from CDN and generate a .cia file to decrypt that, also didnt work.
EDIT: Found the solution
What i did:
- Create a Nand dump (Gateway).
- Create a Nand xorpad (rxTools).
- Xorred the whole thing and opened it in Win image.
- Extracted the files from the Title dir what i need (1 .app, 1.tmd and 1 .cmd).
- Read up on 3dsbrew what the files are and contain (like the tmd is an archive).
- Readed out the .app and .tmd files with ctrtool and saw result (see images below).
This whole process took me, with reading into it and generating the neccesary files, about 2 hours but then everything got worse. The thing i'm hanging on is if i extract the romfs from the .app ctrtool can read the romfs and neither extract it and it seems like i can't do any thing with the .tmd file except reading the info via ctrtool.
With about 36 hours of searching and trying i've done this:
- repeat the whole process with 2 different set of tools (dump and xor with either rxtools and decrypt9).
- decrypted system titles, CTR titles, title.db for a key but did didn't do the trick either.
- generated a sdinfo.bin for the .app and .tmd file for the xorpads but after xorring them they become unreadable (as if after the extraction the files are good to go).
- used the title.db key to download the files from CDN and generate a .cia file to decrypt that, also didnt work.
EDIT: Found the solution
Last edited by StevenSeegal,
like a 250 dollar kit back when DDR4 was Intel only
