ROM Hack [Release] 3DS_CTR_Decryptor-VOiD

[SonyUSA]

anyone with a 4.5 DS/XL and not the final step to hacking the 3DS but to encrypting the ROMS, meaning, that fans can do translations
however, there hasn`t been a statement yet on ENCRYPTING them again, so we can actually use the changed roms


edit:



that was not my question, re-read it again

I did read it. Smea's work provides userland. Smea's work is not enough to run the decryption. Therefore Userland is not enough to decrypt roms.

 

[Relys]

Just curious, why did you make a scene release nfo for this?

Whatever the reasons, thanks for the release.

Just for fun. We like creating ASCII art.

You have to run this on ARM9 as you can't use the PS services on ARM11 to decrypt ctr.

This will lead to fan translations, game modding and VC injection on <=4.5.

Actually VC injection is already possible since BBBs pokemon are decrypted. You can extract the GB ROM from romfs using ctrtool and play it in a GB emulator. I haven't looked into injecting a ROM and rebuilding but from what I understand 3dsguys makerom doesn't build romfs properly. Applestash just started working on makerom so hopefully that will be fixed.

 

[elmoemo]

You are correct. We made this since no one else would share. All of our source is included. We made this because we wanted to rip music, create level editors for SM3DL and mod like Project M for SSB (although we will need 7.x decryption for that I believe).

Possible to make new levels for Mario? This is all I want the gateway for, loved all the ones on the ds

 

[GorTesK]

I did read it. Smea's work provides userland. Smea's work is not enough to run the decryption. Therefore Userland is not enough to decrypt roms.

I know, that it only provides userland access and I stated that already before your post, guess I misunderstood your statement then

 

[windwakr]

...
There even a MsetForBoss.dat
Snailface gave the trick to use that name instead of launcher.dat

I looked at that file, it look like something completely different. Must be leftovers from their earlier attempts. But I think msetforboss.dat is just an unencrypted launcher.dat? Try renaming Launcher_nogw.dat to MsetForBoss.dat.

 

[Cyan]

yes, it's just a renaming.
You can edit the MSET exploit alternative installer from Drenn so that it load this name instead of launcher.dat (preventing you to delete Gateway's Launcher.dat, and you can have homebrew+GW at the same time on your SD card without using a computer to replace the file, depending on the nds file you use to install the ROP chain).

There are already homebrew launchers (listing and launching .bin files), so you could have that launcher as MsetForBoss.dat and launch any homebrew in .bin format from there.
- Homebrew Loader (by kalimero) <-- I guess that's the one to use.
- a Proof of Concept (by Kane49)
- an unreleased one (by Fierce waffle)

 

[bobmcjr]

Is there a way to extract RomFS.bin without using 3DSExplorer? For whatever reason it loads the entire file into RAM instead of buffering it so it overloads my pagefile.

Edit: Or does extracting the RomFS with ctrtool work as well?

 

[Relys]

Is there a way to extract RomFS.bin without using 3DSExplorer? For whatever reason it loads the entire file into RAM instead of buffering it so it overloads my pagefile.

Edit: Or does extracting the RomFS with ctrtool work as well?

Use ctrtool

 

[Mikecrowfone]

Just for fun. We like creating ASCII art.

You have to run this on ARM9 as you can't use the PS services on ARM11 to decrypt ctr.

This will lead to fan translations, game modding and VC injection on <=4.5.

Actually VC injection is already possible since BBBs pokemon are decrypted. You can extract the GB ROM from romfs using ctrtool and play it in a GB emulator. I haven't looked into injecting a ROM and rebuilding but from what I understand 3dsguys makerom doesn't build romfs properly. Applestash just started working on makerom so hopefully that will be fixed.

The thing is, we need a way to run CIA files. The VC Card 1 games are essentially ~5-6mb yet with the 3DS format they can only be trimmed to 64mb minimum.

As for fan translations, now that this tool has been released, I'm convinced that the method of running translated roms is due to the fact it is re-encrypted with 0-keys. This is why people were reporting that the AAD translation not working on MT-cards whereas it works on GW2.2. This is likely due to GW having HB support.

 

[Snailface]

I looked at that file, it look like something completely different. Must be leftovers from their earlier attempts. But I think msetforboss.dat is just an unencrypted launcher.dat? Try renaming Launcher_nogw.dat to MsetForBoss.dat.

Msetforboss.dat is unencrypted homebrew, right. the only difference is a single byte in the the rop chain, which causes the 3ds to use a different filename to load.

Here is the menu-based loader to switch between msetbforboss.dat and launcher.dat (both GW and homebrew versions).
http://filetrip.net/3ds-downloads/homebrew/download-rop-multi-loader-1-2-f32915.html
It's not necessary by any means, but it sure is convenient and a hell of a lot faster that GW's loader.

 

[Relys]

That's what I use Snailface.

 

[FAST6191]

Interesting things keep happening for the 3ds, I am not sure I approve.

However from what smea and others have said there are some half interesting formats on the 3ds (it being a kind of halfway house between old style computing and newer concepts) so that could be fun.

Hopefully this will amount to more than the time the DSi keys got leaked/recovered/shared.

 

[Cyan]

I didn't know there were a ROP and 1 homebrew for 6.x
I thought the MSET exploit was only fixed in 7.x so not needed to be updated. (just kernel access wasn't possible since they fixed it in 5.x).
homebrew without kernel access can be launch up to 6.x then? I'll have to read more about it.

 

[Celice]

I only hope that these recent developments will make it easier to mod, translate, and datamine into our favorite games, and also help us understand the system better in regards to developing better emulation. I'd love to see my brother get to play the 3DS before he dies, and an emulator is the only way at this point.

 

[Rizzorules]

Good job I would really like to see new super mario land levels Pokemon x Mods and Mario kart 7 custom tracks.
I read that if we decrypt a rom and then we encrypt it as hombrew it should work in sspwn, is this true?

 

[Snailface]

I didn't know there were a ROP and 1 homebrew for 6.x
I thought the MSET exploit was only fixed in 7.x so not needed to be updated. (just kernel access wasn't possible since they fixed it in 5.x).
homebrew without kernel access can be launch up to 6.x then? I'll have to read more about it.

There's just rop execution on 6.x right now, no code. the only homebrew is a userland ram dumper i believe.

 

[Cyan]

ah, I see. too hard for me then
But thanks, I understand it now.

 

[Kakkoii]

Could someone explain why we need to launch it on the 3DS to decrypt it? Couldn't someone with a 4.5 3DS just extract the key or replicate the operation going on in the 3DS that generates the xor pads? If our goal is simply to extract the contents of the ROM file?

 

[Apache Thunder]

Someone needs to get around to figuring out how to launch zero key re-encrypted roms without the gateway card. It would pretty much make running said roms free. Especially helpful for rom translators and rom hackers who want people to play them without buying a $70 device.

 

[kyogre123]

Wow, the process is really slow. Let's see what I can do with this. Seems cool nonetheless.