[Tutorial] How to Decrypt, Extract & Rebuild a CIA

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by Asia81, May 12, 2015.

Thread Status:
Not open for further replies.
  1. Asia81
    OP

    Asia81 In my Ecchi World <3

    Member
    5,042
    2,488
    Nov 15, 2014
    France
    Albi
    PLEASE FORGOT THIS THREAD.
    I WILL ASK FOR A LOCK.
    IF YOU'RE SEARCHING ON HOW TO EXTRACT A CIA FILE,
    THEN GO HERE, I MERGED THE TUTORIAL THERE:
    https://gbatemp.net/threads/383055/

    THANKS!
     
    Last edited by Asia81, Jan 12, 2017


  2. medoli900

    medoli900 Open the Benzenes Gates

    Member
    GBAtemp Patron
    medoli900 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    725
    246
    Jan 7, 2013
    Lavender Town
    If I follow your tutorial, you need a 4.5 FW, since it uses the DS profile hack. I tried booting your launcher.dat by the roploader website, but it failed.
     
  3. soneek

    soneek GBAtemp Regular

    Member
    179
    200
    Jun 27, 2012
    United States
    Glad you're doing a tutorial! I'm finished within exams and every on Friday, so I'll help out with the rebuilding part by then if necessary.
     
    Margen67 likes this.
  4. Asia81
    OP

    Asia81 In my Ecchi World <3

    Member
    5,042
    2,488
    Nov 15, 2014
    France
    Albi
    Thanks, i need again some help :')
     
  5. BryanPereza

    BryanPereza Newbie

    Newcomer
    7
    0
    Feb 16, 2015
    Mexico
    And if you want to rebuild the cia again? Did I missed something? Sorry for bothering and thanks for taking the time to make this possible
     
  6. Asia81
    OP

    Asia81 In my Ecchi World <3

    Member
    5,042
    2,488
    Nov 15, 2014
    France
    Albi
    You are speaking about what ?
     
  7. soneek

    soneek GBAtemp Regular

    Member
    179
    200
    Jun 27, 2012
    United States

    The rebuilding part should be coming soon.
     
    BryanPereza likes this.
  8. cearp

    cearp the ticket master

    Member
    7,513
    4,746
    May 26, 2008
    Tuvalu
    I can make a python tool to extract the contents from a CIA file if you want, so you do not need to install it... :)
    but, you will have to generate the decrypted title key, on the 3ds, to decrypt it
     
  9. Asia81
    OP

    Asia81 In my Ecchi World <3

    Member
    5,042
    2,488
    Nov 15, 2014
    France
    Albi
    But the cia need always to be decrypted, right ?
    I can't see what your python script can do.
     
  10. cearp

    cearp the ticket master

    Member
    7,513
    4,746
    May 26, 2008
    Tuvalu
    the CIA file contain the contents.
    you install the CIA because you want to access the contents.

    if you want to decrypt a 2gb CIA, you will have to install it. it is very slow.
    but, you can use the contents from the CIA without installing it.
    but you will need to decrypt them.
    when you install a CIA, the contents become decrypted (partially)

    if you generate the title key (option 3 in ctr decryptor multi tool) - you can decrypt the contents without having to install the CIA


    -- if you get the movable.sed file from nand, and put it on the sd card root, it does not matter if the nand is linked/unlinked, etc :)
     
    liomajor likes this.
  11. liomajor

    liomajor GBAtemp Maniac

    Member
    1,463
    1,065
    Jun 10, 2008
    United States
    Depending on the content you have decrypted, it's not a must to have romfs or exefs inside DLC or Updates.

    As example Shin Megami Tensei Record Breaker's DLC has multiple .app files, the first is only exheader and romfs,
    the others only romfs with a txt file (same name, different content). Update 1.1 stores all Details in code.bin.
     
    cearp likes this.
  12. Asia81
    OP

    Asia81 In my Ecchi World <3

    Member
    5,042
    2,488
    Nov 15, 2014
    France
    Albi
    Oh nice, thanks if you can do it :)
     
  13. soneek

    soneek GBAtemp Regular

    Member
    179
    200
    Jun 27, 2012
    United States
    That would be cool. This method is still good though for any updates we install ourselves via the eShop.

    I'm guessing the method would be similar to Wii U stuff? Decrypt the title key, then AES-128-CBC decrypt the CIA partitions with that decrypted key?
     
  14. Asia81
    OP

    Asia81 In my Ecchi World <3

    Member
    5,042
    2,488
    Nov 15, 2014
    France
    Albi
    soneek

    I added you if you want edit the first post for try to make the rebuild part or other
     
  15. liomajor

    liomajor GBAtemp Maniac

    Member
    1,463
    1,065
    Jun 10, 2008
    United States
    Example to extract CIA without installing:
    Code:
    ctrtool -x -t cia <name of your cia> --contents=<name of content> --meta=<name of meta(same as content> --tmd=<name of tmd file> --tik=<name of tik file> --certs=<name of cert file>
    
    For Games:

    #0000 = Similar to .3ds with different Header
    #0001 = Manual.cfa
    #0002 = DLP.cfa

    Code:
    ctrtool -p --exheader="exheaderEncrypted.bin" --romfs="romfsEncrypted.bin" --exefs="exefsEncrypted.bin" --logo="logo.bin" "<name of #0000>"
    
    What is left, is to fetch the xorpad for #0000 to decrypt the files.
     
    cearp likes this.
  16. cearp

    cearp the ticket master

    Member
    7,513
    4,746
    May 26, 2008
    Tuvalu
    oh cool, i don't need to make that tool now! thanks :)
     
  17. liomajor

    liomajor GBAtemp Maniac

    Member
    1,463
    1,065
    Jun 10, 2008
    United States
    Yes, it didn't need titlekey to get the encrypted files. Would be nice if there is a way without xorpads ^^
     
  18. cearp

    cearp the ticket master

    Member
    7,513
    4,746
    May 26, 2008
    Tuvalu
    yes sure, we don't need the title key to extract the cia, but if you want to decrypt the contents, then we need the title key.
    for most people, having the encrypted contents is not very important :)

    like powersaves allegedly has an online 3ds farm to decrypt saves (funny but i guess true) - imagine a website connected to a 3ds where you type in the title key and it decrypts it for you... :)
    it would not be impossible with homebrew... correct.

    a 3ds that is always plugged in, and connected to wifi. running a homebrew that connects and replies to a server to get the latest title key to encrypt, first in first out.
    do i sense a personal summer project coming? (maybe, maybe not) :)
     
    liomajor likes this.
  19. liomajor

    liomajor GBAtemp Maniac

    Member
    1,463
    1,065
    Jun 10, 2008
    United States
    How to decrypt with titlekey?
     
  20. cearp

    cearp the ticket master

    Member
    7,513
    4,746
    May 26, 2008
    Tuvalu
    aescbc.
    but that gets removes the 'eshop encryption'.
    then there is the sd card encryption... which we still need xorpads for lol.
    so, yeah maybe not much of a project if it only saves 1 boot cycle, 1 sd card eject, etc
     
    liomajor likes this.
Thread Status:
Not open for further replies.