Hacking ROM Headers Question

[Cyan]

Why using a public header which risk of being banned the first time you connect to get a RAM dump, when you can just use Gateway launcher.dat without the need of a Gateway flashcart to dump your cartridge?

Of course, it will work only up to 9.2
If you are on 9.2 or lower, only use this method:

1. put gateway's Launcher.dat on your SD
2. visit http://go.gateway.com to launch the exploit
3. once in the Gateway menu, select "Dump ROM". It will dump your cartridge to ROM with the uniqueID already included.
4. use a tool to see/extract your UniqueID (example : Gateway ROM Patcher)
5. use a tool to edit your Sky3DS template to inject the UniqueID to your games (example : No ban no sky)


If you are on 9.3 or newer, then memory dump is the only method and ban has more chance to happen (because we still don't know 100% what nintendo is checking to ban users).

 

[CyrilCommando]

If you are on 9.3 or newer, then memory dump is the only method and ban has more chance to happen (because we still don't know 100% what nintendo is checking to ban users).

How do you do the memory dump exactly?

 

[TheGinko]

I'm too busy with some other RE to type up a full guide at the moment, but the gist is:
1) Use a public header on your rom of the game you own. Note the cartridge (unique) ID of that rom. (0x1240, 16 bytes, or 0x40 in sky3ds template)
2) Start the backup of that game up, try to connect to its online functions, then hit home as it's trying to connect and dump memory.

3) Do that again, but with your real cart.
4) Find your unique ID from your public header in your dump from that. Flip byte order if you can't find it.
5) Search for the same region in your genuine dump. Do this by either jumping to the same address in your first dump (unlikely) or searching for data that was close to your ID in the first dump (do this).
6) When you've found your legit unique ID, add it to your template with sky template maker (or manually if you hate yourself)
EDIT: Oh and here's the dumper I use for my 9.x hax, use it if you don't have your own already.

WulfyStylez (or anyone in the know),
I wonder if you might help me figure out what I'm doing wrong.
I wanted to make sure I could get the dumper working, so I started with my retail cart. I downloaded the dumper you linked, put it on the root of the SD, reinstalled the SD, turned on the 3ds, booted the cart, started the game, then went to the browser, cleared cookies/cache and initialized the settings (just in case, having read projectpokemon's advice regarding the loadcode)... The page loads, but after the browser crashes, I power off the 3ds, and check the SD card... There does not seem to be anything new.
Aside from starting with the retail cart first, I think I'm following your directions. In addition I've tried looking through projectpokemon's loadcode documentation, but it has not helped thus far.
I'm on ver. 9.4.0-21U , so I think I should be good to use this method ; and excluded from using the seemingly easier GW method.
Any help or advice would be appreciated.

 

[Cyan]

the steps you did seems right.
try dumping the memory without launching the game first, to be sure the dumper works fine (maybe the version is not good for your 3DS version?). when you know it works, try with the game running.

 

[TheGinko]

the steps you did seems right.
try dumping the memory without launching the game first, to be sure the dumper works fine (maybe the version is not good for your 3DS version?). when you know it works, try with the game running.

Thanks for your help.
I tried with no game running, browsered over to loadcode and then after the crash, powered off the 3ds and checked the SD card... And still no new files, nothing to suggest the dump worked.
If there is a compatibility issue, do you have any suggestions where I might find an alternative?

 

[Cyan]

maybe the link you use for browser hack doesn't load the correct file on your SD.
try this URL for your hacks : https://gbatemp.net/threads/release-custom-rop-loader-html.379531/

direct link for using code.bin on 9.x :
http://dukesrg.no-ip.org/3ds/rop?MemoryDump.dat Loads memory.bin file on SD.
http://dukesrg.no-ip.org/3ds/rop?MemoryDump.dat&code.bin loads code.bin instead

I don't have 9.x 3DS to test, let me know if it works.
(I don't know why there are specific ROP for memory dump and specific for loading other homebrew)

 

[fantom327]

Does not work on 9.5.

 

[askara]

for the header. can you take it from any game? for example ocarina of time have no online support but can i use that header? and whars card1 and card2?

 

[Cyan]

1. yes, even offline games. But there's no proof that it can't be detected as we don't know how the ID are generated. It could contain hints that it's a borrowed header and nintendo can ban it.
2. I added description to glossary. You can use the same header in any Card type.

 

[djon]

maybe the link you use for browser hack doesn't load the correct file on your SD.
try this URL for your hacks : https://gbatemp.net/threads/release-custom-rop-loader-html.379531/

direct link for using code.bin on 9.x :
http://dukesrg.no-ip.org/3ds/rop?MemoryDump.dat Loads memory.bin file on SD.
http://dukesrg.no-ip.org/3ds/rop?MemoryDump.dat&code.bin loads code.bin instead

I don't have 9.x 3DS to test, let me know if it works.
(I don't know why there are specific ROP for memory dump and specific for loading other homebrew)

it says
Downloading ROP File MemoryDump.dat: OK
Setting Filename parameter to dump.bin: OK
Executing..._______________
Then internet explorer gives me "a error has occurred."
is it supposed to make a new file? because it didn't.
Only Difference i see is the code.bin wulfystylez linked went from 544 Bytes to 3MB.

 

[Cyan]

ahhh, so it worked.
I didn't know it worked like that.
It seems you don't need code.bin on your SD card.

delete it, and visit this link:
http://dukesrg.no-ip.org/3ds/rop?MemoryDump.dat

it will create a memory.bin file on your SD card. that's your RAM dump
I also didn't know it was 3MB in size.

from there, you can continue the step by step guide you were following :
play the game and make a dump, search in this dump your Cartridge header you were using (like said, it can be byte swapped), note the address where you find it.

Play a cartridge and make another dump, look at the same address to find your cartridge header.

 

[phazonknight]

So ive decided to apply a private header to a .3dz game that is using a public header, is this possible to do and still have my save file work?

 

[Cyan]

if you change the format (.3ds <-> .3dz) or change the Header Id, the save encryption will change and your save will be seen as corrupted.
You need to use Savedata filer to extract/inject the save in ROMs with two different encryption key.


djon :
There's a report (maybe fake) where the user used a public header once, then switched to private header and just get banned with the private header.
Connecting online with Sky3DS to dump the memory using a public header is not recommended (if nintendo is detecting this and keeping a log).

In all case, it seems they are banning pokémons players.
Don't use Pokémon (or a first party game) when using this method to extract the header from your cartridge.

 

[Ra1d]

if you change the format (.3ds <-> .3dz) or change the Header Id, the save encryption will change and your save will be seen as corrupted.
You need to use Savedata filer to extract/inject the save in ROMs with two different encryption key.

Is this true for every game ?Because I changed my rom from .3ds to .3dz and changed my header at least fifteen times, before I found the one that connects online and I never lost my save file. I did this to my ORAS ROM.

 

[Cyan]

What is ORAS?
maybe it's an old game, and it's not using 2.x save encryption method, but still using the unencrypted repeat-fail one.

 

[Ra1d]

What is ORAS?
maybe it's an old game, and it's not using 2.x save encryption method, but still using the unencrypted repeat-fail one.

Omega Ruby/Alpha Sapphire....

 

[Cyan]

ok, so it's a newer game. It should be affected by the header.
Maybe it's not using it for Card2 games as the save is inside the ROM, not as an external EEPROM.

(Ruby is Card2, right?)

 

[phazonknight]

if you change the format (.3ds <-> .3dz) or change the Header Id, the save encryption will change and your save will be seen as corrupted.
You need to use Savedata filer to extract/inject the save in ROMs with two different encryption key.

NOOOOO not the dreaded savedata again....i've lost more save files with that thing then I dare admit...maybe ill rough it out since i'm still on emunand 9.2

 

[djon]

if you change the format (.3ds <-> .3dz) or change the Header Id, the save encryption will change and your save will be seen as corrupted.
You need to use Savedata filer to extract/inject the save in ROMs with two different encryption key.


djon :
There's a report (maybe fake) where the user used a public header once, then switched to private header and just get banned with the private header.
Connecting online with Sky3DS to dump the memory using a public header is not recommended (if nintendo is detecting this and keeping a log).

In all case, it seems they are banning pokémons players.
Don't use Pokémon (or a first party game) when using this method to extract the header from your cartridge.

hmm well, i got the memory.bin and the next few bits seem the hardest, i don't even know how to byte swap, or do non of dat c++ .
You lost me there Lol.

 

[Cilerba]

I'd rather not make a new thread to ask this question but... wouldn't converting a .3dz to a .cia allow online perfectly fine seeing as .cia's don't use headers? Or are headers essential for online play?