Potential Pokemon save edit?

Discussion in '3DS - Flashcards & Custom Firmwares' started by briman0094, Mar 19, 2014.

  1. briman0094
    OP

    briman0094 Member

    Newcomer
    20
    5
    Mar 19, 2014
    United States
    So I got my 3DS Powersaves today and was disappointed to see that all of the code processing is done on a remote server. I was going to edit one of the current Item x999 codes to give Latiosite/Latiasite since they removed that code from Powersaves, and was able to see what I think was the cheat data cached locally in RAM (using Cheat Engine), but when you hit "Apply" it uploads your save to the server, processes it with the cheat you specified (but using their remote copy), and then downloads it back to your card.

    So.

    I'm determined to get Latiasite in my game now. There are already tools to decrypt save files from 3DS games, as well as tools to edit .PKX files (encrypted or decrypted). My theory is that I could dump and decrypt a PKX file from my game using the normal method, then backup my save and decrypt it as well. Then I should, in theory, be able to search my save file for the PKX file and find it embedded somewhere. I can then replace it with the edited version of the PKX and re-encrypt/restore my save.

    Thoughts? Do you guys think this would work?
     
  2. khalaan

    khalaan Advanced Member

    Newcomer
    64
    16
    Jan 25, 2014
    United States
    Minnesota
    Not sure about the full extent, but I think we could build effectively an open source cheat engine based on the datel client... Sadly I wouldn't even have started digging into the way it works if I could actually use their crappy service. The countless "Web Operation Failed" messages...
     
  3. phanteon

    phanteon GBAtemp Fan

    Member
    456
    154
    Nov 4, 2013
    United States
    i dont know much about the powersaves thing, but as afaik the cheats are supplied by some kind of server or thing from the device developer to any kind of software, and now the cheats for legendary pokemon were removed, right?

    have you tried a protocol sniffer such as HTTP Analyzer Or Charles ???

    with that you could see what is being transfered from the server and store the data to use it later if removed
     
  4. khalaan

    khalaan Advanced Member

    Newcomer
    64
    16
    Jan 25, 2014
    United States
    Minnesota
    Actually it is talking over HTTPS/TLS for initial handshake and what is likely some transactional data, then it is moving to a custom tcp protocol which also uses TLS.
     
  5. Huntereb

    Huntereb GBAtemp Addict

    Member
    2,748
    948
    Sep 1, 2013
    United States
    Kinda worthless now that they've removed the codes. I doubt something like that would work for sniffing out specific edits to a Save File if they're modified by their computers away from the server.
     
  6. Patxinco

    Patxinco Riding a Shooting Star

    Member
    652
    241
    Apr 18, 2011
    Can you re-encript a savefile and the system accept it?
    The cheats, the way i think they work, they just modify the data it's being processed by the ram and returned to the game itself, i think that right now there's no posibility to extract, modify, and re-encript the save file in the game, if that was possible, someone could had used it to get an exploit working in the system, not?

    It's what i know, maybe i'm wrong, but i'll be glad if someone, clarifies me my error ^^
     
  7. ernilos

    ernilos GBAtemp Regular

    Member
    152
    140
    Aug 28, 2013
    Try a TCP sniffer like WPE or HTTP sniffer like Fiddler2
     
  8. YoshiInAVoid

    YoshiInAVoid GBAtemp Advanced Fan

    Banned
    560
    336
    Jan 10, 2011
    There are public methods for saves to be decrypted and encrypted. Your problem lies in being able to generate a valid checksum, otherwise your 3DS will just say that the data is corrupt.
     
    Patxinco likes this.
  9. briman0094
    OP

    briman0094 Member

    Newcomer
    20
    5
    Mar 19, 2014
    United States

    The Powersaves device actually extracts your save from the cartridge, sends it to the server, the server applies the cheat (which actually edits the savefile), then downloads it back from the server and writes it to your card. This means that, in theory, one should be able to do the same locally if we can figure out exactly what Datel's server does.
     
    DiabloStorm and Patxinco like this.
  10. briman0094
    OP

    briman0094 Member

    Newcomer
    20
    5
    Mar 19, 2014
    United States
    Right now I'm going to go duplicate a cartridge full of Pokemon using bank.
     
  11. khalaan

    khalaan Advanced Member

    Newcomer
    64
    16
    Jan 25, 2014
    United States
    Minnesota

    Encryption 101 - TLS is not considered trivial to break, you are far better off playing proxy server and man in the middle assuming the client isn't doing server certificate verification.

    [​IMG]
     
  12. DRWS

    DRWS Advanced Member

    Newcomer
    58
    11
    Sep 19, 2010
    United States

    Patxinco has it right.

    If you try to edit any part of the save without fixing the hashes, the game will see it as corrupted. If the save is corrupted, Datel's server - which most likely uses RAM hacks on a modded 3DS to apply cheats - won't be able to edit it. I know this because I've used Cheat Engine before to inject PKXes into a save file, or even apply minor changes to the items. Gave me the "web operation failed" message every time, but worked fine with the unedited saves.
     
  13. khalaan

    khalaan Advanced Member

    Newcomer
    64
    16
    Jan 25, 2014
    United States
    Minnesota
    Though my web operation failed messages were on a clean save backup taken from the datel utility
     
  14. Kaphotics

    Kaphotics badc0ded

    Member
    610
    460
    Sep 10, 2010
    United States
    Datel likely has hacked 3DSes which require unedited valid save files (aka, the signatures are verified); once they decrypt it they apply their edits, encrypt it, and send it back to you.

    Datel will not fix the signatures, and they will not accept your edits.
     
  15. khalaan

    khalaan Advanced Member

    Newcomer
    64
    16
    Jan 25, 2014
    United States
    Minnesota
    This, for me, isn't about practicality, this is academic, that's what's great about my position is I can help to the extent I can be bothered dump a bunch of code into github and say "good luck" *shrugs* I want my powersaves to work as expected when I purchased it but at least I can learn about this device and the 3ds by extension along the way
     
  16. briman0094
    OP

    briman0094 Member

    Newcomer
    20
    5
    Mar 19, 2014
    United States
    This is partially academic for me too. I don't want to cheat online, just offline, and I think it's stupid that Nintendo makes it so impossible to do that. If I'm just modifying the single player game, no harm is done to anybody. So my goal is to figure out how to make these hacks work on singleplayer/story mode for learning purposes.
     
    IronClouds and infinete like this.