ROM Hack [Question]Possible to determine game title ID from 00000001.sav file?

[Nutez]

I goofed by not backing up regularly enough and now have a corrupted sd card... The tool I'm using to recover the files does so in a flat style that doesn't preserve the folder with the title ID that each 00000001.sav is from. So I have a bunch of sav files for unknown games. Is there like a header or a standard in the sav file format that I could manually read the title id/game name from in a hex editor? I've searched around but I'm not sure I'm using the right terminology to find the answer. Any advice or other ideas would be much appreciated, thanks.

 

[Dioq_Boom]

Did you ever find out how to do this?
(I made an account just to ask you this as I would love to play with the Pokémon I played with growing up again)

 

[Nutez]

Did you ever find out how to do this?
(I made an account just to ask you this as I would love to play with the Pokémon I played with growing up again)

No, sadly I never did... My very primitive (and possibly incorrect) understanding is that the save files are encrypted with a key that I will have lost when reformatting the console. So I couldn't open any of them in save utility tools.

 

[Dioq_Boom]

No, sadly I never did... My very primitive (and possibly incorrect) understanding is that the save files are encrypted with a key that I will have lost when reformatting the console. So I couldn't open any of them in save utility tools.

Oh well, I appreciate your response, and if I can ever determine what to do I'll let you know as well .

 

[AleronIves]

If you open the game on a working console and save/export, you can at least see how large the save file is in bytes and narrow down which encrypted 0001.sav might be from the correct game.

 

[ihaveahax]

It could probably be determined by bruteforcing the IV with every title ID that has been used with the console. You'd still need the original movable.sed KeyY though, and if the console was formatted since then (with no backups), there is no guarantee it could be found.

 

[KleinesSinchen]

No, sadly I never did... My very primitive (and possibly incorrect) understanding is that the save files are encrypted with a key that I will have lost when reformatting the console. So I couldn't open any of them in save utility tools.

Formatting the console makes this more problematic.
It may be possible to retrieve a previous KeyY with "CTRTransfer Type D9" script, but I think it requires the full old SD:/Nintendo 3DS/<ID0>/<ID1> folder. Another option may be the embedded essential backup on NAND. I don't think GodMode9 updates this automatically so the old movable.sed might be still in there (or in an old NAND backup) if you didn't update it manually.


Extracting the saves with https://github.com/wwylele/3ds-save-tool should work with the key. The decrypted and extracted files might have an indication to which game they belong (just speculation). Maybe comparison with Checkpoint extracted files in a hexeditor. Sounds like tedious work.


Good luck!

 

[Kwyjor]

The trouble is that if the data is encrypted, then you will need the title ID to decrypt it. As noted in the page that KleinesSinchen linked to, 3ds-save-tool can extract save data directly from an encrypted .sav file, but the syntax is strange:

Some requirement and notes of this command:

You need to create secrets.py from secrets.py.template and fill in the keys.
The parameter -id XXXXXXXXXXXXXXXX is the game title ID in 16-digit hex and must match the game.
An additional library Cryptodome is needed.
If the script outputs "Error: CMAC mismatch.", it means that some of the keys or the title ID is incorrect.

Specifically, I never figured out how exactly you're supposed to fill out secrets.py. It's related to the movable.sed, but I'm not sure exactly how.

The good news is that since it's a Python program, you could just make a big list of the possible title IDs and write a script that will run through them all automatically.

 

[KleinesSinchen]

The trouble is that if the data is encrypted, then you will need the title ID to decrypt it. As noted in the page that KleinesSinchen linked to, 3ds-save-tool can extract save data directly from an encrypted .sav file, but the syntax is strange:



Specifically, I never figured out how exactly you're supposed to fill out secrets.py. It's related to the movable.sed, but I'm not sure exactly how.

The good news is that since it's a Python program, you could just make a big list of the possible title IDs and write a script that will run through them all automatically.

Yes, I totally forgot this. You need the title ID for extracting. But – given the movable.sed KeyY is correct – an automatic bruteforce with all known title IDs is likely the solution as well: Extracting will only work with the correct title ID, so a bruteforce should deliver the correct title.

The secrets file needs some keys that – to my knowledge – must not be shared. The secrets file wiht dummy values:

self.keyConst = 0x0123456789ABCDEF0123456789ABCDEF # the key scrambler constant
self.key0x30X = 0x0123456789ABCDEF0123456789ABCDEF # from bootrom
self.key0x34X = 0x0123456789ABCDEF0123456789ABCDEF # from bootrom
self.keyMovable = 0x0123456789ABCDEF0123456789ABCDEF # Bytes 0x110~0x11F of movable.sed

I have no idea how to derive the first three values them from… boot9.bin I guess.