Hacking Potential Pokemon save edit?

[briman0094]

So I got my 3DS Powersaves today and was disappointed to see that all of the code processing is done on a remote server. I was going to edit one of the current Item x999 codes to give Latiosite/Latiasite since they removed that code from Powersaves, and was able to see what I think was the cheat data cached locally in RAM (using Cheat Engine), but when you hit "Apply" it uploads your save to the server, processes it with the cheat you specified (but using their remote copy), and then downloads it back to your card.

So.

I'm determined to get Latiasite in my game now. There are already tools to decrypt save files from 3DS games, as well as tools to edit .PKX files (encrypted or decrypted). My theory is that I could dump and decrypt a PKX file from my game using the normal method, then backup my save and decrypt it as well. Then I should, in theory, be able to search my save file for the PKX file and find it embedded somewhere. I can then replace it with the edited version of the PKX and re-encrypt/restore my save.

Thoughts? Do you guys think this would work?

 

[khalaan]

Not sure about the full extent, but I think we could build effectively an open source cheat engine based on the datel client... Sadly I wouldn't even have started digging into the way it works if I could actually use their crappy service. The countless "Web Operation Failed" messages...

 

[phanteon]

i dont know much about the powersaves thing, but as afaik the cheats are supplied by some kind of server or thing from the device developer to any kind of software, and now the cheats for legendary pokemon were removed, right?

have you tried a protocol sniffer such as HTTP Analyzer Or Charles ???

with that you could see what is being transfered from the server and store the data to use it later if removed

 

[khalaan]

Actually it is talking over HTTPS/TLS for initial handshake and what is likely some transactional data, then it is moving to a custom tcp protocol which also uses TLS.

 

[Huntereb]

have you tried a protocol sniffer such as HTTP Analyzer Or Charles ???

with that you could see what is being transfered from the server and store the data to use it later if removed

Kinda worthless now that they've removed the codes. I doubt something like that would work for sniffing out specific edits to a Save File if they're modified by their computers away from the server.

 

[Patxinco]

Can you re-encript a savefile and the system accept it?
The cheats, the way i think they work, they just modify the data it's being processed by the ram and returned to the game itself, i think that right now there's no posibility to extract, modify, and re-encript the save file in the game, if that was possible, someone could had used it to get an exploit working in the system, not?

It's what i know, maybe i'm wrong, but i'll be glad if someone, clarifies me my error ^^

 

[ernilos]

Try a TCP sniffer like WPE or HTTP sniffer like Fiddler2

 

[YoshiInAVoid]

There are public methods for saves to be decrypted and encrypted. Your problem lies in being able to generate a valid checksum, otherwise your 3DS will just say that the data is corrupt.

 

[briman0094]

Can you re-encript a savefile and the system accept it?
The cheats, the way i think they work, they just modify the data it's being processed by the ram and returned to the game itself, i think that right now there's no posibility to extract, modify, and re-encript the save file in the game, if that was possible, someone could had used it to get an exploit working in the system, not?

It's what i know, maybe i'm wrong, but i'll be glad if someone, clarifies me my error ^^

The Powersaves device actually extracts your save from the cartridge, sends it to the server, the server applies the cheat (which actually edits the savefile), then downloads it back from the server and writes it to your card. This means that, in theory, one should be able to do the same locally if we can figure out exactly what Datel's server does.

 

[briman0094]

Right now I'm going to go duplicate a cartridge full of Pokemon using bank.

 

[khalaan]

Try a TCP sniffer like WPE or HTTP sniffer like Fiddler2

Encryption 101 - TLS is not considered trivial to break, you are far better off playing proxy server and man in the middle assuming the client isn't doing server certificate verification.

 

[DRWS]

Can you re-encript a savefile and the system accept it?
The cheats, the way i think they work, they just modify the data it's being processed by the ram and returned to the game itself, i think that right now there's no posibility to extract, modify, and re-encript the save file in the game, if that was possible, someone could had used it to get an exploit working in the system, not?

It's what i know, maybe i'm wrong, but i'll be glad if someone, clarifies me my error ^^

Patxinco has it right.

If you try to edit any part of the save without fixing the hashes, the game will see it as corrupted. If the save is corrupted, Datel's server - which most likely uses RAM hacks on a modded 3DS to apply cheats - won't be able to edit it. I know this because I've used Cheat Engine before to inject PKXes into a save file, or even apply minor changes to the items. Gave me the "web operation failed" message every time, but worked fine with the unedited saves.

 

[khalaan]

Though my web operation failed messages were on a clean save backup taken from the datel utility

 

[Kaphotics]

Datel likely has hacked 3DSes which require unedited valid save files (aka, the signatures are verified); once they decrypt it they apply their edits, encrypt it, and send it back to you.

Datel will not fix the signatures, and they will not accept your edits.

 

[khalaan]

This, for me, isn't about practicality, this is academic, that's what's great about my position is I can help to the extent I can be bothered dump a bunch of code into github and say "good luck" *shrugs* I want my powersaves to work as expected when I purchased it but at least I can learn about this device and the 3ds by extension along the way

 

[briman0094]

This is partially academic for me too. I don't want to cheat online, just offline, and I think it's stupid that Nintendo makes it so impossible to do that. If I'm just modifying the single player game, no harm is done to anybody. So my goal is to figure out how to make these hacks work on singleplayer/story mode for learning purposes.