ROM Hack XORPADS question

  • Thread starter Thread starter Cindakil
  • Start date Start date
  • Views Views 4,370
  • Replies Replies 10

Cindakil

Well-Known Member
Newcomer
Joined
Apr 14, 2014
Messages
92
Reaction score
11
Trophies
0
XP
160
Country
Serbia, Republic of
Hi!!

I have a question that I hope that someone can help me :)

If I make the xorpads for Pokemon Omega Ruby can I use the same Xorpads for Pokemon Alpha Sapphire for example? Or each game has diferents xorpads?

THANKS!
 
Hi!!

I have a question that I hope that someone can help me :)

If I make the xorpads for Pokemon Omega Ruby can I use the same Xorpads for Pokemon Alpha Sapphire for example? Or each game has diferents xorpads?

THANKS!

No, because here's an example. Lets say I want a cia for AS but I have the xorpads for Tomodachi Life, if I make the cia, the cia would be incorrect and some features of the game would be corrupt and the manual would be different.
 
How do the XORpads work?

Basically on normal 3DS hardware the ROMs are decrypted on the fly using a part of the SoC dedicated to crypto. What xorpads do is it allows us to generate the values we need to XOR the original ROM's different sections against in order to get a fully decrypted ROM. If we had the full functionality as to how the crypto was done console-side (and I believe some other keys which we don't have), we could just do it on PC, but for now this two-step method is required.
 
Basically on normal 3DS hardware the ROMs are decrypted on the fly using a part of the SoC dedicated to crypto. What xorpads do is it allows us to generate the values we need to XOR the original ROM's different sections against in order to get a fully decrypted ROM. If we had the full functionality as to how the crypto was done console-side (and I believe some other keys which we don't have), we could just do it on PC, but for now this two-step method is required.

I know that much, I want to know how the generation works so I could know why the output just happens to decrypt the games with the XOR boolean operation.
 
I know that much, I want to know how the generation works so I could know why the output just happens to decrypt the games with the XOR boolean operation.

Decryption uses AES in counter mode. See the diagram here:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_.28CTR.29

The output of the AES operation on the counter is XORed with the ciphertext to get the decrypted plaintext. If you pass in 0x00 as the ciphertext, you'll get the output of the AES operation on the counter back(Y XOR 0 = Y), you can save that and then perform the final step(XORing with the ciphertext) on your PC.
 
Decryption uses AES in counter mode. See the diagram here:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_.28CTR.29

The output of the AES operation on the counter is XORed with the ciphertext to get the decrypted plaintext. If you pass in 0x00 as the ciphertext, you'll get the output of the AES operation on the counter back(Y XOR 0 = Y), you can save that and then perform the final step(XORing with the ciphertext) on your PC.


Why could we not make a large xorpad and just use segments of that?
 

Site & Scene News

Popular threads in this forum