Jump to content

X / Y Save File Research


Kaphotics

Recommended Posts

That's not entirely true. The more people that have a decrypted save, the more likely it is one of those people finds a way to reencrypt, and therefore (literally?) crack the code.

Anyways, I'd love to do a video on decrypting your X/Y save but for the fact I've never done any tutorial ever.

Link to comment
Share on other sites

  • Replies 213
  • Created
  • Last Reply

Top Posters In This Topic

That's not entirely true. The more people that have a decrypted save, the more likely it is one of those people finds a way to reencrypt, and therefore (literally?) crack the code.

Anyways, I'd love to do a video on decrypting your X/Y save but for the fact I've never done any tutorial ever.

Actually I meant to say I would do the video haha. I've done quite a few tutorial video's in the past. Though non are all that big or anything.

Link to comment
Share on other sites

That's not entirely true. The more people that have a decrypted save, the more likely it is one of those people finds a way to reencrypt, and therefore (literally?) crack the code.

Anyways, I'd love to do a video on decrypting your X/Y save but for the fact I've never done any tutorial ever.

So why not make a video showing that you have re-encrypted the game on your modded 3ds. Or write steps to modding the 3ds (way you did it) and being able to reencrypt a save

Link to comment
Share on other sites

I know, a few friends and I are working with a modded 3DS and have successfully reencrypted the save into a legit NA cartridge. Now we are trying to figure out how to reencrypt for a non-modded 3DS manually.

Good luck and I hope you can, this will be great news for people that don't want to fork out on a JP 3DS. Also if you manage to create a piece of software that can re encrypt saves on an unmodded 3DS will they be in a .bin format to insert them with Powersaves?

Link to comment
Share on other sites

Good luck and I hope you can, this will be great news for people that don't want to fork out on a JP 3DS. Also if you manage to create a piece of software that can re encrypt saves on an unmodded 3DS will they be in a .bin format to insert them with Powersaves?

Powersaves will never be able to do that because it's designed to work the way it does i.e. server side. No Datel server, and it's pretty much useless.

Link to comment
Share on other sites

  • 4 weeks later...

Hello everyone, I'm pretty new here and I've been searching around all morning and can't find a straight answer. I am using Gateway and using a .3dz file and I was wondering if anyone know how to edit my save data. It is exporting with Gateway rom patcher as a .bin file and PKHeX won't let me open it to edit it. I'm guessing because it is encrypted. I was wondering if anyone knew any information about what I need to do, or if anyone can point me in the direction of the right thread. Thank you for any help you have to offer.

Link to comment
Share on other sites

Hello everyone, I'm pretty new here and I've been searching around all morning and can't find a straight answer. I am using Gateway and using a .3dz file and I was wondering if anyone know how to edit my save data. It is exporting with Gateway rom patcher as a .bin file and PKHeX won't let me open it to edit it. I'm guessing because it is encrypted. I was wondering if anyone knew any information about what I need to do, or if anyone can point me in the direction of the right thread. Thank you for any help you have to offer.

The first post on this thread should answer your questions.

Link to comment
Share on other sites

  • 2 weeks later...

Hi all, I would like to know if there is a way for partially decrypting save1 in ORAS like in XY using powersaves and the XOR method. I am having difficulties doing it with my Omega ruby when I followed the same steps. I should be doing it right as I did it the same way for my X cartridge and I am able to get a proper keystream.

Thanks for your help!

Link to comment
Share on other sites

Hi all, I would like to know if there is a way for partially decrypting save1 in ORAS like in XY using powersaves and the XOR method. I am having difficulties doing it with my Omega ruby when I followed the same steps. I should be doing it right as I did it the same way for my X cartridge and I am able to get a proper keystream.

Thanks for your help!

I've actually been silently wondering the same. Looking forward to the answer.

Link to comment
Share on other sites

Guide to getting your save file open in PKHeX:

Make a backup with Powersaves.

Make a copy of that backup, and replace all of the bytes in the copy past 0x9C with FF: http://i.snag.gy/lem0O.jpg

Next, download my Datel checksum corrector ( http://www.mediafire.com/download/kn2am0u4ae66s21/Datel_Checksum_Fixer.zip ). Open it up and open the edited copy, then hit save. (Remove the " - [fixed]" from the savename so that powersaves will see it.).

Now, open powersaves, and restore the edited FF save file. (You should see two saves with identical names, it's the second one.).

Put your cartridge into your 3ds, and go to the main menu. Then, close the game and put the cartridge back in the powersaves dongle.

In powersaves, apply the "Slot 1 x999 modifier code." After doing that, remove your cart from the powersaves dongle, then stick it back in. Now make a backup of your cartridge's save file.

At this point, you can restore your original save file backup.

The backup you just made after applying the code, removing the cart, and putting it back in has garbage default data in SAVE2, but a completely blank SAVE1 -- this means it is just your xorpad for save1.

At this point, make a copy of the backup you just made and rename it save1keystream.bin for easy remembering ability.

You can now use this to open a save in PKHeX! If you want to open a save, XOR save1keystream.bin with the powersaves backup of whatever save you want to check out (I recommend http://www.nirsoft.net/utils/xorfiles.html ), and then delete the first 0x9C bytes in a hex editor (I use HxD). Save the file with the 0x9C header removed, and you can open it in PKHeX totally fine: http://i.snag.gy/x2jJ8.jpg

i was fine until the xor part.. once i open xor..it asks for 3 files. one is save1keystream, one is any save file that i want to open..what file should be the destination file?

a few other questions: you wrote "Put your cartridge into your 3ds, and go to the main menu. Then, close the game" so i put the cartrdge into the system after i edited the original backup with FF.. i turn the game on. and what do you mean by main menu? u mean once i am in the game and press x..so i see bag, save, pokemon, options etc?

you wrote "In powersaves, apply the "Slot 1 x999 modifier code." After doing that, remove your cart from the powersaves dongle, then stick it back in. Now make a backup of your cartridge's save file." so after i apply the slot 1x999 master ball cheats..i dont put the game back into the console..i just make a backup..correct?

you wrote " and then delete the first 0x9C bytes in a hex editor".. well because i didnt know what to put in the "destination" column because everytime i selected a save file it would save it already exists..so i chose a save file and renamed it..and it worked...but when i opened it with hex edit..and tried to delete all the numbers from there..it would say i dont have the permission to do so. i highlighted everything before 0x9c and pressed delete..and every time same thing. i may be deleting what i am not supposed to.. so if you can..could you highlight the area i need to delete please?

I am very very very very new to this hex editing..i have no idea about all this..i am sorry for asking so many questions.. :/

Link to comment
Share on other sites

I dont get this part... could anyone help me out here? what exactly should I delete?

follow this, the tutorial is by: swarzesherz

Hi:

Try help make your partial decrypt save:

1.- Download: OSX: http://x.co/4JBf0 OR Windows: http://x.co/4JBgp

2.- Create a backup with PowerSaves

3.- Open backup with "Open SAV1" in app

4.- Press "Clean SAV1"

5.- Copy new file to your PowerSaves directory and remove "-Fixed"

6.- Restore fixed save

8.- Run game, go to selection language, and exit from the game

9.- Put your game in power saves and apply "Slot 1 x999 modifier code."

10.- Remove yor game and put again in PowerSaves and create new backup and named Keystream

11.- Open Keystram whit "Open SAV1" in app an open other save in "Open SAV2"

12.- Press "XOR ..." and the result can view with PKHeX

NOTE: Mono requrired in OSX and .Net 3.5 in Windows

Link to comment
Share on other sites

Guide to completely decrypting Save1:

Download my brute forcer: http://www.mediafire.com/download/sk2o1qt9t161j6q/Pokemon_XY_Save_File_Brute_Forcer.exe

Complete the steps listed in my earlier post on getting saves open with PKHeX: http://projectpokemon.org/forums/showthread.php?37269-X-Y-Save-File-Research&p=183148

In the first brute forcer box, select + open save1keystream.bin.

Now (make sure you have a backup of your current save file before doing this), Delete your save file from the in-game menu (hit up+x+b at title screen) and start a new game. Save once. ONLY SAVE ONCE. THIS IS IMPORTANT.

Backup your save using powersaves. In the second brute forcer box, select this backup.

Now, apply the "Master Ballsx999" cheat over your new game in powersaves. Remove your cart from the dongle. Re-insert your cart into the dongle. (Doing that is ALSO important.)

Backup your save with the cheat applied using powersaves. In the third brute forcer box, select this backup.

Now, hit the "Brute force saves" box. If all goes well (And it should), you should get a success message and the ability to save Save1Key.bin.

Save Save1Key.bin wherever you want. You can now use it the way you used save1keystream.bin before now, but it completely 100% decrypts all of save1. (50% of your saves will open with no "hash verification failed" messages in PKHeX". Before Datel patched my exploit, this allowed you to inject things into the game. You can no longer use this to inject new things.)

Hey SciresM,

sorry to bump on this old post.

I've managed to create save1keystream.bin, and successfully open the save on pkhex.

Problem is I can't seem to get bruteforcing done.

It pings back

Failed to brute force. Contact SciresM @ProjectPokemon.org IRC for help.
9216

I've done the steps twice (to ensure that I only saved once, ensured I chosen masterball999 at slot 1, plugged out and back in to create backup for third brute forcer.)

and the error still shows.

Any idea what is wrong?

(could it be my save1keystream? I could open all saves except for select one or two, where they show up corrupted on pkhex)

Link to comment
Share on other sites

Hey SciresM,

sorry to bump on this old post.

I've managed to create save1keystream.bin, and successfully open the save on pkhex.

Problem is I can't seem to get bruteforcing done.

It pings back

Failed to brute force. Contact SciresM @ProjectPokemon.org IRC for help.
9216

I've done the steps twice (to ensure that I only saved once, ensured I chosen masterball999 at slot 1, plugged out and back in to create backup for third brute forcer.)

and the error still shows.

Any idea what is wrong?

(could it be my save1keystream? I could open all saves except for select one or two, where they show up corrupted on pkhex)

Thank god I ain't the only one. Maybe SciresM is already working on it, but I'll send an e-mail too. I tried it twice, maybe something when wrong twice, but that chance is small. I hope we'll get answer soon.

Link to comment
Share on other sites

Hi all, I would like to know if there is a way for partially decrypting save1 in ORAS like in XY using powersaves and the XOR method. I am having difficulties doing it with my Omega ruby when I followed the same steps. I should be doing it right as I did it the same way for my X cartridge and I am able to get a proper keystream.

Thanks for your help!

Well, you have a proper keystream. There was a bug in PKHeX, but it should work with the newest version (28th December).

Link to comment
Share on other sites

Guide to getting your save file open in PKHeX:

Make a backup with Powersaves.

Make a copy of that backup, and replace all of the bytes in the copy past 0x9C with FF: http://i.snag.gy/lem0O.jpg

Next, download my Datel checksum corrector ( http://www.mediafire.com/download/kn2am0u4ae66s21/Datel_Checksum_Fixer.zip ). Open it up and open the edited copy, then hit save. (Remove the " - [fixed]" from the savename so that powersaves will see it.).

Now, open powersaves, and restore the edited FF save file. (You should see two saves with identical names, it's the second one.).

Put your cartridge into your 3ds, and go to the main menu. Then, close the game and put the cartridge back in the powersaves dongle.

In powersaves, apply the "Slot 1 x999 modifier code." After doing that, remove your cart from the powersaves dongle, then stick it back in. Now make a backup of your cartridge's save file.

At this point, you can restore your original save file backup.

The backup you just made after applying the code, removing the cart, and putting it back in has garbage default data in SAVE2, but a completely blank SAVE1 -- this means it is just your xorpad for save1.

At this point, make a copy of the backup you just made and rename it save1keystream.bin for easy remembering ability.

You can now use this to open a save in PKHeX! If you want to open a save, XOR save1keystream.bin with the powersaves backup of whatever save you want to check out (I recommend http://www.nirsoft.net/utils/xorfiles.html ), and then delete the first 0x9C bytes in a hex editor (I use HxD). Save the file with the 0x9C header removed, and you can open it in PKHeX totally fine: http://i.snag.gy/x2jJ8.jpg

Hi, I would like to know if when you try to use this method, do you run the risk of bricking your 3DS cartridge?

Link to comment
Share on other sites

Guide to getting your save file open in PKHeX:

Make a backup with Powersaves.

Make a copy of that backup, and replace all of the bytes in the copy past 0x9C with FF: http://i.snag.gy/lem0O.jpg

Next, download my Datel checksum corrector ( http://www.mediafire.com/download/kn2am0u4ae66s21/Datel_Checksum_Fixer.zip ). Open it up and open the edited copy, then hit save. (Remove the " - [fixed]" from the savename so that powersaves will see it.).

Now, open powersaves, and restore the edited FF save file. (You should see two saves with identical names, it's the second one.).

Put your cartridge into your 3ds, and go to the main menu. Then, close the game and put the cartridge back in the powersaves dongle.

In powersaves, apply the "Slot 1 x999 modifier code." After doing that, remove your cart from the powersaves dongle, then stick it back in. Now make a backup of your cartridge's save file.

At this point, you can restore your original save file backup.

The backup you just made after applying the code, removing the cart, and putting it back in has garbage default data in SAVE2, but a completely blank SAVE1 -- this means it is just your xorpad for save1.

At this point, make a copy of the backup you just made and rename it save1keystream.bin for easy remembering ability.

You can now use this to open a save in PKHeX! If you want to open a save, XOR save1keystream.bin with the powersaves backup of whatever save you want to check out (I recommend http://www.nirsoft.net/utils/xorfiles.html ), and then delete the first 0x9C bytes in a hex editor (I use HxD). Save the file with the 0x9C header removed, and you can open it in PKHeX totally fine: http://i.snag.gy/x2jJ8.jpg

Can i use with pokemon ORAS?

Link to comment
Share on other sites

  • 4 weeks later...
Guide to getting your save file open in PKHeX:

Make a backup with Powersaves.

Make a copy of that backup, and replace all of the bytes in the copy past 0x9C with FF: http://i.snag.gy/lem0O.jpg

Next, download my Datel checksum corrector ( http://www.mediafire.com/download/kn2am0u4ae66s21/Datel_Checksum_Fixer.zip ). Open it up and open the edited copy, then hit save. (Remove the " - [fixed]" from the savename so that powersaves will see it.).

Now, open powersaves, and restore the edited FF save file. (You should see two saves with identical names, it's the second one.).

Put your cartridge into your 3ds, and go to the main menu. Then, close the game and put the cartridge back in the powersaves dongle.

In powersaves, apply the "Slot 1 x999 modifier code." After doing that, remove your cart from the powersaves dongle, then stick it back in. Now make a backup of your cartridge's save file.

At this point, you can restore your original save file backup.

The backup you just made after applying the code, removing the cart, and putting it back in has garbage default data in SAVE2, but a completely blank SAVE1 -- this means it is just your xorpad for save1.

At this point, make a copy of the backup you just made and rename it save1keystream.bin for easy remembering ability.

You can now use this to open a save in PKHeX! If you want to open a save, XOR save1keystream.bin with the powersaves backup of whatever save you want to check out (I recommend http://www.nirsoft.net/utils/xorfiles.html ), and then delete the first 0x9C bytes in a hex editor (I use HxD). Save the file with the 0x9C header removed, and you can open it in PKHeX totally fine: http://i.snag.gy/x2jJ8.jpg

how do I replace all of the bytes in the copy past 0x9C with FF the fastest way?
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...