Jump to content

Side-discussion on 3DS save encryption


XXASHXX
 Share

Recommended Posts

Pokémon X/Y won't allow for savegame backups, just like any game that is about multiplayer.

And yes, with newer games you can no longer backup and restore an eShop game's savegame file. A hidden value is stored in NAND everytime you save, so the game will know if it's the same savegame file you used last time. If that check failes, the game would delete your savegame competely. I tested this with Animal Crossing New Leaf.

With cartridges, it works the same way, but the key is on the cartridge.

We may need to wait until we have homebrew before editing can be done.

Ah. I did not know this. Okay, thank you for clearing that up for me.

Link to comment
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

This means if I were to download an eshop game it will be virtually impossible to crack the security key. Would Wi-Fi work if it is a Wi-Fi game or would I need to buy the game retail for Wi-Fi to work? Anyhow if it is going to be hard just buy it retail xD.:)

Link to comment
Share on other sites

You cannot figure out a decryption method for the save file unless you can dump and decrypt 3DS ROMs from YOUR game card. It MUST be the same game card your save file is on.

Link to comment
Share on other sites

I would think retail also. What happens if your system breaks or dies? If that happens all your downloaded stuff is gone unless your SD card is safe. For better performance I would buy the games reail. If you guysbarebgoing to extractbfiles like you are planning buy them retail. You migh5 not be ablebto hack the eshop games. Pretty much the same price anyway xD.:)

Link to comment
Share on other sites

How are you guys going to be able to obtain the keys? Are guys going to make a program specifically for that purpose?:)

[edit] Savegame keyY

All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame keyslot keyY is unique for every region of each game. The NCSD partition flags determine the method used to generate this keyY. When the save NCSD flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used. When all of the flags checked by the running NATIVE_FIRM are clear, the keyY is a 8-byte block decrypted from the main CXI + two u32 IDs read from gamecard commands.

[edit] Hashed keyY and 2.2.0-4 Savegame Encryption

When certain NCSD partition flags are set, a SHA-256 hash is calculated over the data from the CXI(same data used with the original plain keyY), and the 0x40-bytes read from a gamecard command(this 0x40-byte data is also read by GetRomId). The first 0x10-bytes from this hash is used for the keyY. When flag[7] is set, the CTR will never repeat within the save image, unlike the original CTR-method. All games which had the retail NCSD image finalized after the 2.2.0-4 update(and contain 2.2.0-4+ in the System update partition), use this encryption method.

This keyY generation method was implemented with 2.0.0-2 via NCSD partition flag[3], however the proper CTR wasn't implemented for flag[7] until 2.2.0-4. The hashed keyY flag[3] implemented with 2.0.0-2 was likely never used with retail gamecards.

[edit] 6.0.0-11 Savegame keyY

6.0.0-11 implemented support for generating the savegame keyY with a new method, this method is much more complex than previous keyY methods. This is enabled via new NCSD partition flags, all retail games which have the NCSD image finalized after the 6.0.0-11 release(and 6.0.0-11+ in the system update partition) will have these flags set for using this new method.

A SHA-256 hash is calculated over the data used with the above hashed keyY method, other data is hashed here as well. An AES MAC is then calculated over this hash, the output MAC is used for the savegame keyY.

The keyY used for calculating this AES MAC is initialized while NATIVE_FIRM is loading, this keyY is generated via the RSA engine. The RSA slot used here is slot0(key-data for slot0 is initialized by bootrom), this RSA slot0 key-data is overwritten once the system boots any CXIs from NAND like NS.

I think I'm going to switch to downloadable

Link to comment
Share on other sites

Ok you you are going to try tne downloaded versions? I thought you guys said game cards were easiwr and downloaded ones from the eshop were much harder? Did I get that backwards or am I correct? Thanks xD.:)

well you don't have to buy any equipment, every thing can be accessed on the sd card(if you save it on your sd card that is)

I'd say it's about equally hard to break. Both methods need full homebrew hardware access on the 3DS.

save it on the sd card, requires no homebrew

Link to comment
Share on other sites

You can't put your SD cards in another 3DS? What if you put it in a computer? Can you transfer all save data to your computer or even say an I pad or other device? If it can be done can you use devices made for the computer to get the file keys etc?:)

Link to comment
Share on other sites

You can't put your SD cards in another 3DS? What if you put it in a computer? Can you transfer all save data to your computer or even say an I pad or other device? If it can be done can you use devices made for the computer to get the file keys etc?:)

Afaik, one could back up eshop games and stuff from sd to computer,

But those files will only work with your 3ds as it is signed by that 3ds.

(if you factory reset your 3ds Or insert those files into another 3ds,

It becomes unreadable )

I'm still on 4.5, and I can backup my dream radar sav and redistribute those Pokemon,

but that's as far as it goes.

newer firmwares prevents loading older saves when you made a made save.

Edit: in regards to the file keys, I think trying to crack thr saves and roms, is something they could have done through very beginning,

Except that it is so tedious, it was described as searching for a needle in a haystack made of iron.

Edited by theSLAYER
file keysc
Link to comment
Share on other sites

I was thinking if you could get to the keys on the computer since there are a whole lot more hacking devices out there for the computer than there is for the 3DS.So if I were to put my SD card in anotner 3DS the files would not be playable? If that is true why xD? What about transferring photos from my 3DS to computer? Would they be transferrable along with the videos? Is there a way to take videos more than 10 minutes long and transfer those to the computer? If that can't be done does it have to do with the encryption too? Thanks xD.:)

Link to comment
Share on other sites

Photos and videos are transferable. Just not 3DS game data and such.

Oh good. Can videos be made to play longer than 10 minutes? If I transfer them to the computer will it transfer any 3DS encryption? I don't want that to happen since the SD card is for the 3DS xD.:)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...