1. kyogre123

    OP kyogre123 Mexican Pride
    Member

    Joined:
    Sep 23, 2013
    Messages:
    2,920
    Country:
    Mexico
    Since Nintendo patched Wondertrade adding an encryption to the transmitted data, people from Project Pokemon have been working on a new way to dump PKX files (the new .pkm format for Pokémon X/Y). As for today (7/03/14) a tool for this has been made public, however there are some prerequisites that must be met:

    If you own Pokémon X/Y in cartridge format:
    • Your 3DS must be on the OFW 6.3 or above
    • You must have a save dumper like PowerSaves 3DS (which is currently the only public way to dump save files from cartridges)

    If you own Pokémon X/Y in digital format, you can simply get your save file from this directory in your SD card (save files made on Gateway 3DS' EmuNAND are compatible):
    For Pokémon X:
    X:\Nintendo 3DS\*random value*\*random value*\title\00040000\00055d00\data

    For Pokémon Y:
    Y:\Nintendo 3DS\*random value*\*random value*\title\00040000\00055e00\data

    KeySAV
    [​IMG]
    KeySAV allows you to obtain an important file to read the data of the boxes of your save file, Blank.ekx.

    To get the Blank.ekx file you must do the following:
    Source: http://www.reddit.com/r/SVExchange/wiki/keysav
    • Clear out boxes 1 & 2 by moving the Pokémon to other boxes.
    • Capture or hatch 6 Pokémon. They have to come from your game.
    • Put those 6 Pokémon on the top row of the first box.
    • Save once, hard reset (switch off/on the 3DS), launch the game and save again.
    • Export your save. Locate your save on your PC. Rename the first save 16.bin or 16.sav, depending on its original extension. If you are using the downloaded copy of the game, remember to copy the save file to another location before renaming. Do not rename the save file on the SD Card.
    • Run the game, and move all 6 Pokémon to the top row of box 2.
    • Save once, hard reset (switch off/on the 3DS), launch the game and save again.
    • Export your save. Locate your save on your PC and rename the second save 26.bin or 26.sav, depending on its original extension.
    • Run KeySav. On the "Box Breaker" tab, click on "Open SAV 1" and load 26.bin or 26.sav. Click on "Open SAV 2" and load 16.bin or 16.sav. Click on "Break".
    • Click on "K1", "K2" and "Blank" to save the files. Store those somewhere safe.


    Mass Dumper
    Massdumper1.png
    Mass Dumper allows you to dump PKX files from your save file by using the Blank.ekx obtained with KeySAV, along with the Key - Box1.bin and Key - Box2.bin files, which work as keys to read the BOX 1 and BOX 2 of your save file respectively.

    Just select the save file you want to be read, the Blank.ekx, one of the keys ("Key - Box1.bin" for BOX 1 or "Key - Box2.bin" for BOX 2) for the Concat Key option, making sure to also select the same number of box for the "Key Starts" option and an choose "Truck" to dump the PKX files.

    You can also dump all of the 30 boxes by following the instructions in this external thread: http://projectpokemon.org/forums/showthread.php?37316-(X-Y)-Mass-Dumper-Enhanced-Box-Data-Viewer

    However, there's a inconvenience with this tool since the output files have .ek6 and .pk6 extensions, instead of the standard .ekx and .pkx extensions, so the extension of the files must be changed in order to be used with PKX viewer/editor tools; this can be done with cmd in Windows.

    cmd.png
    Just go to the path where the .pk6 or .ek6 files are stored and use the "ren" command as it is shown in the image of the above.


    Outdated information:
    EDIT: Since the 1.2 update now encrypts the wondertrade data (and since the update is obligatory for online), this project will be pretty much dead,unless someone figures how to decrypt the information.

    Good news for the pokehacking community! Codemonkey85 from http://projectpokemon.org and Zaneris have released very useful applications to dump and modify your own Pokémon on a PC. This means you can get the data of your Pokémon from the 3DS to a PC.

    PKX Editor
    Sin título.png

    Created by Codemonkey85. The image is self-explanatory, those are the editable values available at the moment.

    You can download the program here:
    PKX Editor.zip

    Instead of PKM, the new extension for these files in Pokémon X and Pokémon Y is called now PKX. Normally, these files are extracted as encrypted data, so they receive the .pkx extension after being decrypted. This program is able to decrypt and encrypt back PKX files: Files with the extension .bin are assumed as encrypted, and .pkx files are assumed as decrypted.

    Automatic PKX Dumper

    Created by Zaneris. This can dump the data of your traded Pokemon to your PC without the need of following tedious steps, however, a proper physical set up is needed for this.

    http://dev9.ca/ZanDump_x64.zip
    http://dev9.ca/ZanDump_x86.zip(Untested)

    IMPORTANT: There is no possible (actually public) way to get a Pokémon back to the 3DS, so this currently only works to copy the data of any Pokémon sent through Wondertrade to the PC but not the other way around.

    Requeriments:

    *Windows 7 or 8

    *Visual C++ Redistributable for Visual Studio 2013
    English version:​

    Spanish version:​


    *3DS Traffic passing through PC
    3DS ) ) Router -> PC -> Modem -> Internet

    Another...​
    3DS ) ) Router -> PC ) ) Router -> Modem -> Internet​

    ... Another ...​
    3DS ) ) Router -> PC ) ) Mobile Device ) ) Internet​


    How to copy the data of a Pokémon (full method)

    If the Automatic PKX Dumper is not working for you and you are willing to get this to work, you can try the next:

    *Use a WLAN-dongle like a USB Wireless Adapter to create a Software Access Point.

    *Use a program to analyse the network traffic in hexadecimal format while doing a Wondertrade. Wireshark works fine for sniffing the data (tutorial for Wireshark). Select your hostpot to capture the packets. After finishing the Wondertrade, you will get a bunch of packets. To identify the packets we are looking for, just sort the data by Length and it's likely that the second and third packets are the correct ones. Save both packets (or only the one sent if you want) selecting the whole packet by clicking on "Frame" and then File -> Export selected packet bytes and save them as .bin files
    Sin título.png
    To identify which was sent and which was received, check the source and destination.

    Note: Ettercap, windivert, winpkfilter (for Windows) may be used to inject the final data back to the 3DS as well as HexInject (for Linux). This has yet to be done because the calculation of the checksums hasn't been successful

    *Find the encrypted Pokemon data inside the packets by opening them on a Hex Editor. It begins with 4 bytes followed by 2 bytes equal to zero, the full data must be 232 bytes.
    Sin título.png (Thanks Zaneris for the hex data)
    The first regular 4 bytes are underlined in green and the pair of bytes equal to zero are underlined in orange. Note that generally there won't be another pair of bytes equal to zero close to the beginning within the Pokemon data.
    The header is inside the blue rectangle so the encrypted Pokemon is at offset 0x0067 and ends at 0x014E. If you didn't capture the header, the Pokemon will be at offset 0x003D and will end at 0x0124. After finding the data, save each Pokemon in a different file with the same extension (.bin).

    The next part is still a work in progress
    *After editing and re-encrypting the Pokemon by saving it as a .bin file, the received packets must be altered to include the new Pokemon. Having the received packets of the last Wondertrade, search for the encrypted Pokemon the same way as before and replace the HEX data.
    *Inject the packets in another Wondertrade.
     

    Attached Files:

    Margen67, Adr990, pokefox87 and 3 others like this.
  2. trigao

    trigao Ninten
    Member

    Joined:
    Nov 21, 2008
    Messages:
    897
    Country:
    Brazil
    how i inject in my game after edit?
     
  3. driverdis

    driverdis I am Justice
    Member

    Joined:
    Sep 21, 2011
    Messages:
    2,754
    Country:
    United States
    you don't. there is no way to inject pokemon into the game yet, I assume a gts spoofer like deal is needed as the saves cannot be edited.
     
    Margen67 likes this.
  4. trigao

    trigao Ninten
    Member

    Joined:
    Nov 21, 2008
    Messages:
    897
    Country:
    Brazil

    aaaahhhh.... got it =)

    thx
     
  5. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08
    Member

    Joined:
    Mar 17, 2010
    Messages:
    20,642
    Country:
    Norway
    I hope they never make one. Hacked pokemon ruin online for me.
    Interesting how quickly he cracked the pokemon data encryption and figured out the format though. Though the tool is still very incomplete and a lot of data is not editable and there are no move names.
     
    DiabloStorm, gamefan5 and MAXLEMPIRA like this.
  6. kyogre123

    OP kyogre123 Mexican Pride
    Member

    Joined:
    Sep 23, 2013
    Messages:
    2,920
    Country:
    Mexico
    Zaneris is making a proof of concept hack (#106) about transfering Pokemon by using Wondertrade. As far as I can understand, he's recording the network packets between the system and the server.
     
  7. frogboy

    frogboy lacking both style and grace
    Member

    Joined:
    Dec 6, 2011
    Messages:
    2,433
    Country:
    United States
    I really hope this doesn't happen/isn't happening.

    Are people really that eager to ruin the game for themselves and for other people? It's only been two weeks.

    EDIT: Read on.
     
    sanderdsz likes this.
  8. kyogre123

    OP kyogre123 Mexican Pride
    Member

    Joined:
    Sep 23, 2013
    Messages:
    2,920
    Country:
    Mexico
    Are you people entitled to ruin every single thread about hacking in Pokemon by whining about it?
     
  9. Eyesenish

    Eyesenish GBAtemp Regular
    Member

    Joined:
    Sep 12, 2009
    Messages:
    154
    Country:
    Canada
    im not whinning hack away my friend but just a question doesnt that take the entire point of playing the game out?

    i mean for your own game not online
     
  10. driverdis

    driverdis I am Justice
    Member

    Joined:
    Sep 21, 2011
    Messages:
    2,754
    Country:
    United States
    Nintendo will fix this same way as they did the Wii Shop Channel user agent spoofing years ago, which is to use SSL. all it will take is a Pokemon X/Y 1.2 update that encrypts Wondertrade communications.
     
    SignZ likes this.
  11. Bond697

    Bond697 Dies, died, will die.
    Member

    Joined:
    Jun 7, 2009
    Messages:
    350
    Country:
    United States
    just because it's not encrypted doesn't mean it's not protected. getting a packet properly.. set up to make it across wonder trade takes more than just swapping in a different pkx. don't start freaking out just yet.
     
  12. UltraMew

    UltraMew GBATemp's Mew PRETENDING TO BE FOXI4 4 A DAY
    Banned

    Joined:
    Aug 7, 2013
    Messages:
    861
    Country:
    United States
    Cool, make some Mews named WonderTradeMe and get people to Wonder Trade him.
     
  13. landmasta

    landmasta Advanced Member
    Newcomer

    Joined:
    Jun 11, 2013
    Messages:
    59
    Country:
    Antigua and Barbuda
    and the whiners come out of the woodwork.

    MUH POKEMON! RUINED BY THESE HACKERS.

    Get over yourselves. Not everyone has the time to sit their ass down and raise a fucking perfect IV EV'd pokemon.
     
    Sonia, wiiluver135, Boy12 and 3 others like this.
  14. UltraMew

    UltraMew GBATemp's Mew PRETENDING TO BE FOXI4 4 A DAY
    Banned

    Joined:
    Aug 7, 2013
    Messages:
    861
    Country:
    United States
    No one wants to.
     
    Sonia and wiiluver135 like this.
  15. DJPlace

    DJPlace the hater of something i can't recall.
    Member

    Joined:
    Apr 16, 2008
    Messages:
    5,260
    Country:
    United States
    after i heard about ev's iv's and shit i said fuck it i'm not going sit down and do that shit. so what people are just been piss ass whiny ass bitches. but there's no such thing has a un-hacked game.
     
    Sonia, wiiluver135 and Boy12 like this.
  16. UltraMew

    UltraMew GBATemp's Mew PRETENDING TO BE FOXI4 4 A DAY
    Banned

    Joined:
    Aug 7, 2013
    Messages:
    861
    Country:
    United States
    New Super Mario Bros. U? Any Wii U game?
     
  17. DJ91990

    DJ91990 Grookey Gang!
    Member

    Joined:
    Feb 9, 2009
    Messages:
    940
    Country:
    United States
    I wanna make a bunch of Level 1 Hoopas so I can troll these jerks posting Yveltals and Xenreas on the GTS for IMPOSSIBLE Pokemon. I did it with Platinum. I released the Pokemon I got in the trade as well, and the mons I traded to the jerks were named LOLHACKED!
     
    tyons and SignZ like this.
  18. king_leo

    king_leo Real Hero
    Member

    Joined:
    Sep 12, 2009
    Messages:
    907
    Country:
    2 Things, you can't have perfect EV's, you can have ideal EV's (You'd have different EV's per moveset/nature). Second, IV's are not compulsory, playing non competitively doesn't require IV's. If you don't want to IV train the pokemon you shouldn't be playing competitively.

    Personally, the hacking doesn't affect me since I actually have friends who play pokemon legitimately, but I can still sympathize with the people who play online competitively then get fucked over by hacked pokemon.
     
    Skelletonike and sanderdsz like this.
  19. Duo8

    Duo8 GBAtemp Psycho!
    Member

    Joined:
    Jul 16, 2013
    Messages:
    3,582
    Country:
    Vietnam
    Have anyone managed to spoof GTS/Wonder Trade?
     
    king_leo likes this.
  20. kyogre123

    OP kyogre123 Mexican Pride
    Member

    Joined:
    Sep 23, 2013
    Messages:
    2,920
    Country:
    Mexico
    Yes, I know two persons who did it, however it has only worked to receive data.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Pokémon, Dumper, Editor