Toggle sidebar

ROM Hack [Release] 3DS_CTR_Decryptor-VOiD

  • Thread starter Thread starter Relys
  • Start date Start date
  • Views Views 649,176
  • Replies Replies 2,226
  • Likes Likes 30
cearp said:
hacked to what extent? (rhetorical)
most probably, try it out.
Click to expand...
I am more referring to the poc rom hack demoed on page 37. If someone could change the first battle to be against hoopa, I assume someone could change the wild pokemon to whatever. I am excited to see rom hacks that can be used for effective pkx injection, as well as the traditional pokemon rom hacks with like custom stories, and such.
 
quantumboy said:
I am more referring to the poc rom hack demoed on page 37. If someone could change the first battle to be against hoopa, I assume someone could change the wild pokemon to whatever. I am excited to see rom hacks that can be used for effective pkx injection, as well as the traditional pokemon rom hacks with like custom stories, and such.
Click to expand...

yeah and i'm sure it would work, but i was meaning like, you could hack it to be so vastly different, using different data areas, different game ids etc etc, to the point where it would not be compatible.
ooh i see where you are going, until gateway or someone else give us save game decryption (apart from cyber gadget) - we could do something like replace the pokemon npcs give you with specific pokemon, pkx files...
although there is not much need for that, we will be able to edit save games soon enough i guess
 
cearp said:
yeah and i'm sure it would work, but i was meaning like, you could hack it to be so vastly different, using different data areas, different game ids etc etc, to the point where it would not be compatible.
ooh i see where you are going, until gateway or someone else give us save game decryption (apart from cyber gadget) - we could do something like replace the pokemon npcs give you with specific pokemon, pkx files...
although there is not much need for that, we will be able to edit save games soon enough i guess
Click to expand...


Exactly!!!!!
 
  • Like
Reactions: cearp
:(

My 3ds is totally up to date and no gateway...

Is there any other way to get the xorpads or decrypt the games?

I really need the pokemon x 3d models.

Or would anyone be generous enough to upload a xorpad or send me the models?
 
Forgive the glare.

Today, managed to do a more complicated edit on the encounter tables (actually changed filesize of compressed data instead of just straight editing.)

O3biYhT.jpg
 
  • Like
Reactions: cearp, Vappy and windwakr
This is probably an extremely wild hunch, since we can encrypt and decrypt roms using the 3DS's hardware AES engine. Would it be impossible for it to encrypt and decrypt NAND using a similar process?

I'm thinking about this because IIRC, nand backups are encrypted to the device and there was this as well https://twitter.com/smealum/status/416876395500154880

Apparently the barriers to a downgrade was because of no means of decrypting AES. But recently we were able to decrypt roms using the 3DS's AES engine. It doesn't seem too far fetched to me that this process can be extended to decryption and re-encryption of nand and subsequently forced downgrade on >4.5 3ds w/o prior nand backup. Seems to me we have the nand pinouts, a means to access the AES engine on a 4.5 3ds, all's that's left is to put the pieces together. This would then turn out to be similar to the PSP whereby you will need a CFW capable device to make another device CFW capable.


Can someone more knowledgeable comment on my thoughts? Please none of the elitist/AP comments. This will enable homebrew on an unlimited scale with kernel privileges and all.
 
I think NAND decryption/re-encryption is very much possible for a while now. The main barrier could be to get the encryption keys from a 3DS past v4.5. That would probably require a kernel exploit... and if someone already has kernel access at a higher version, why downgrade?
 
piratesephiroth said:
I think NAND decryption/re-encryption is very much possible now. The main barrier is to get the encryption keys from a 3DS past v4.5. That would probably require a kernel exploit... and if someone already has kernel access, why downgrade?
Click to expand...

That's not really my point. I was thinking about the possibility of creating NAND downgrades for a >4.X device via the use of AES engine on a 4.X device. Obviously this will only be feasible for owners of a 4.x device that simultaneously also have a non 4.x device. Kinda like a software only pandora battery.
 
Mikecrowfone said:
That's not really my point. I was thinking about the possibility of creating NAND downgrades for a >4.X device via the use of AES engine on a 4.X device.
Click to expand...
Yeah, now remember that just like in the Wii, every 3DS console has its unique keys used to encrypt its NAND.
Remember you can recover bricked Wiis if you have the keys, by re-encrypting a working console's NAND and flashing it to the bricked one's memory.

The same process could apply to the 3DS.
But if there was a way to extract the keys from any console, I bet Gateway team sure would be selling downgrade kits already.
 
piratesephiroth said:
Yeah, now remember that just like in the Wii, every 3DS console has it unique keys used to encrypt its NAND.
Remember you can recover bricked Wiis if you have the keys, by re-encrypting a working console's NAND and flashing it to the bricked one.

The same process could apply to the 3DS.
But if there was a way to extract the keys from any console, I bet Gateway team sure would be selling downgrade kits already.
Click to expand...

That's a small bit of good news. AFAIK, the console specific keys are encrypted with AES right? Should shouldn't it be possible to use this rom decryption method to decrypt nand to obtain the keys?
 
Mikecrowfone said:
That's a small bit of good news. AFAIK, the console specific keys are encrypted with AES right? Should shouldn't it be possible to use this rom decryption method to decrypt nand to obtain the keys?
Click to expand...

Well, you can decrypt NAND now that we can interact with the aes engine AFAIK.
However, the keys might be stored in an area that cannot be read normally, not even with kernel access. If such is the case then a decap would be needed.
 
Mikecrowfone said:
Well. How does this CTR tool work then? All I know is that it generates a xorpad file to be decrypted by the 3DS's AES engine.
Click to expand...

Not exactly. First you generate (on a PC) a key in ncchinfo.bin. Then, CTR decryptor uses it AND the 3DS's AES engine to generate a xorpad.
So, without a key, you won't be able to do anything with CTR tool.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?