so im a complete idiot, i decrypted pokemon x fine, but when i edited the keyx file, i edited the one on my sd card, not the one in my work directory, so when i wiped my card and recopied to do oras, it was blank, making bad xorpads
I managed to convert my modified Pokemon Y to cia
That's pretty nice... I'm triying to do the same but I have some problems...
Once I edit the decrypted romfs.bin (using GARC Unpacker, XYText & XYEWE)... I use Makerom to get a new Romfs.bin, then I use this command:
makerom -f cia -rsf exefs\cia.rsf -target d -desc app:4 -o Pokemon_X.cia -icon exefs\icon.bin -banner exefs\banner.bin -exefslogo -code exefs\code.bin -exheader exefs\exheader.bin -romfs romfs.bin
And everything looks to go ok, but I cannot install the generated Pokemon_X.cia from DevMenu since I get this problem:
Import failed. File: Sdmc:/cia/Pokemon_X
Level: LEVEL_PERMANENT (-5)
Summary: SUMMARY_INVALID_ARGUMENT(7)
Module: MODULE_NN_AM(32)
Desc: <Unknown> <106>
On the other hand if I change -target d for -target -t I get these errors:
[NCCH WARNING] NCCH AES Key could not be loaded. NCCH will not be encrypted.
[CIA WARNING] Common key could not be loaded, CIA will not be encrypted
But I get the Pokemon_X.cia anyway and I can install it, the problem here is that nothing is modified.
I hope you or somedoby else can help me, I suck with this stuff but I'm triying to install my modified game
I'm probably going to feel pretty dumb when I get the answer to this, but...I'm using the smash-stuff link from the OP here and its dt/ls extractor seems to be missing some files (like the ones that contain hitbox data for item/enemy projectiles). I'd like to report this problem to whoever originally wrote the scripts. Does anyone know where I can do so?
The legendary comex wrote those scripts, but I wouldn't waste your time bugging him if I were you since he is busy with other things.
Best person to ask would be the guy who's actively doing research:
https://twitter.com/dantarion
Or you could fix it yourself and submit a pull request.
Makerom's romfs generation is broken. You must rebuild the romfs with CTR SDK's ctr_makerom32
New update with NAND and Title Key decryption. Check OP for details: http://gbatemp.net/threads/release-3ds_ctr_decryptor-void.370684/
What a coincidence! I was actually going to ask you today if NAND decryption was possible with some of your code!
Does this also work with emuNAND backups, and if so, do they need to be extracted with emuNAND Tool first, or can it be decrypted directly from the partition on the SD card?
These work with emuNAND backups, but only if you haven't gone on to do a system transfer or system format while on emunand. You need to extract the emuNAND with the emuNAND Tool.
I did a system transfer to the emuNAND a while ago. Are you referring to transferring to the emuNAND, or from the emuNAND?These work with emuNAND backups, but only if you haven't gone on to do a system transfer or system format while on emunand. You need to extract the emuNAND with the emuNAND Tool.
To the emuNAND. If you do a system transfer or do a system format (from the System Settings menu) of your emuNAND the moveable.sed keys will change and you will be unable to use the xorpad generated on <4.5 sysnand. To decrypt you would have to format your emuNAND with Gateway and start over.
Oh well, I guess I can still update my pre-transfer backup and decrypt it.
Also, what does Title Key decryption do? Is that for decrypting NAND titles from decrypted NAND backups, or is it for something else? Could we also edit some titles (such as StreetPass Mii Plaza games, AR Games, or Face Raiders)? If so, could they be converted to ROMs or .cia files for Gateway?
(I am guessing that the mods could not be reinstalled directly to the NAND backups due to signature checks)
It's for decrypting titles directly from the CDN (this includes system titles). You could repack the NCCH as a CCI/CIA if you wanted to.
So it is essentially like the NUS Downloader, but it runs an a 3DS and works for 3DS titles? Excellent! Are firmware updates also available on the CDN, or just titles?
I guess it is time for me to make some custom StreetPass hats/outfits!
System title==firmware updates.
Yes, it is like NUS Downloader. What it does is takes all of the encrypted AES-CBC-128 keys which are used to decrypt cdn content from your ticket.db and decrypts them with the 3DSs AES engine. Once you have the decrypted keys you can use openssl on your PC to decrypt the content downloaded from the CDN directly (with no need for a 3DS anymore). All versions of a title share the same title key.
Hopefully people will use this to look deeper into the system titles to find vulnerabilities.
Hopefully this could lead to a higher chance of possible exploits being discovered in newer firmwares!
Exactly! The system is fully open now.
Dude that's awesome! Thank you so much for all your hard work
