Kaphotics

X / Y Save File Research

214 posts in this topic

Recommended Posts

Kaphotics    316
Do you mean we can resign then without Cyber Gadget?
Wait for a week or so and there might be more information about it.

... wait. Probably need the Cyber Gadget, but we don't know for sure.

Share this post


Link to post
Share on other sites
Deoxyz    135
... wait. Probably need the Cyber Gadget, but we don't know for sure.

From what I understand, it only works with a Japanese copy of the game, and with a Japanese 3DS. Along with that I think the 3DS has to be completely modified/unlocked.

Share this post


Link to post
Share on other sites
From what I understand, it only works with a Japanese copy of the game, and with a Japanese 3DS. Along with that I think the 3DS has to be completely modified/unlocked.

First sentence is correct. Second one is not.

If a miracle happens, someone will figure out how to get it to read non-JP carts. Barring that, we would be stuck yet again waiting for a solution for non-Japanese carts.

Share this post


Link to post
Share on other sites
King XyZ    10

guys, just buy a JP cart, and although the game is region locked, bank isn't, bank your pokemon you hacked in and put in your US copy and use bank, get the pokes, and act like it never happened!

Share this post


Link to post
Share on other sites
King XyZ    10
If i would upload my Powersave save here, can someone with a hacked 3ds decrypt it ,add Hoopa and Volcanion, recrypt it and send it back to me?

NOT possible, the keys are too different, if the KEY from the cartidge don't match the save, CONGRATS, still not gonna get those legends, and if you're too lazy to get them your self, you don't deserve them and should wait in line for the event like a kiddie boy :P no offense but its my opinion and more or less I'm sure other people can agree wit' me! and its not "recrypt' its signing the save the save file so it works! if you were to re-encypt it, it would be for his game cartridge only, so it still wouldn't help.

Share this post


Link to post
Share on other sites
King XyZ    10
Man, I just wish I could insert Hoopa/Volcanion into my save file. Is it still impossible without a hacked 3DS (as of July 2014)? Or, would it be possible for someone else to inject Pokemon into my save file, as long as I send them the right files?

It just frustrates me that I can't edit my save file with PKHeX and re-insert it back on my cartridge. What would I have to do to be able to export the SAV in PKHeX?

it all depends how you save the file and edit it it through, i got mine to work with out a Cybersave gadget, you just need to sign the save, correct the checksums and a whole butt load of other stuff, its not really worth it though, you should just wait till the event comes out, its just easier that way! and makes it more pleasurable getting them!

Share this post


Link to post
Share on other sites
SciresM    30
i got mine to work with out a Cybersave gadget, you just need to sign the save, correct the checksums and a whole butt load of other stuff, its not really worth it though

No you didn't. If you could not shit up this forum with lies that would be fantastic.

Share this post


Link to post
Share on other sites
AlejaKaiser    10

I have a question. Gateway do my 3DS Region-Free, but the save are encrypted with the 4.5 key. Can I use a JAP game in my 3DS and edit later? Or if I use it on my 3DS I cant use CyberGadget?

Share this post


Link to post
Share on other sites
Kaphotics    316
I have a question. Gateway do my 3DS Region-Free, but the save are encrypted with the 4.5 key. Can I use a JAP game in my 3DS and edit later? Or if I use it on my 3DS I cant use CyberGadget?

Wrongly encrypted saves from gateway cannot be used with Powersaves or Cyber Save Editor, as they only work on proper retail copies.

Share this post


Link to post
Share on other sites
YoshiOG1    13

Okay, so the PowerSaves has this code that gives you the Shiny Charm via a hacked Wonder Card. So one day, I wondered what the effects would be of having more than one Shiny Charm on my file, and I managed to get 3 charms by using the PowerSaves code more than once. Now, I'm starting to have regrets about it, because I'm noticing that I'm finding fewer shiny Pokemon than I was when I had only one Shiny Charm.

How would I go about fixing this issue of having 3 Shiny Charms? I've tried decrypting with the save1keystream.bin, changing the values in SAVE1 & SAVE2 from 0x03 to 0x01, and then re-encrypting, and even using the Datel Checksum Fixer to restore the edited backup, but it just says that the save data is corrupted. And from what I've read here, I'm assuming that the save wasn't re-signed correctly or something.

If anyone can help me with this, let me know.

Share this post


Link to post
Share on other sites
Kaphotics    316

You cannot edit the save file with Powersaves, because they do not re-sign for you.

There isn't a stacking effect for multiple shiny charms. You're going to have to restore a backup if you want to revert those changes.

Share this post


Link to post
Share on other sites
golpebaixo    10

Now that roms can be easilly decrypted, I wonder how hasn't anybody reversed the saving code and made a 3ds homebrew to generate xorpads for encrypting/decrypting and sign saves or (if one can repack a rom) even hacked X/Y to bypass encryption/decryption and save and load plain data.

Edited by golpebaixo

Share this post


Link to post
Share on other sites
Guide to getting your save file open in PKHeX:

Make a backup with Powersaves.

Make a copy of that backup, and replace all of the bytes in the copy past 0x9C with FF: http://i.snag.gy/lem0O.jpg

Next, download my Datel checksum corrector ( http://www.mediafire.com/download/kn2am0u4ae66s21/Datel_Checksum_Fixer.zip ). Open it up and open the edited copy, then hit save. (Remove the " - [fixed]" from the savename so that powersaves will see it.).

Now, open powersaves, and restore the edited FF save file. (You should see two saves with identical names, it's the second one.).

Put your cartridge into your 3ds, and go to the main menu. Then, close the game and put the cartridge back in the powersaves dongle.

In powersaves, apply the "Slot 1 x999 modifier code." After doing that, remove your cart from the powersaves dongle, then stick it back in. Now make a backup of your cartridge's save file.

At this point, you can restore your original save file backup.

The backup you just made after applying the code, removing the cart, and putting it back in has garbage default data in SAVE2, but a completely blank SAVE1 -- this means it is just your xorpad for save1.

At this point, make a copy of the backup you just made and rename it save1keystream.bin for easy remembering ability.

You can now use this to open a save in PKHeX! If you want to open a save, XOR save1keystream.bin with the powersaves backup of whatever save you want to check out (I recommend http://www.nirsoft.net/utils/xorfiles.html ), and then delete the first 0x9C bytes in a hex editor (I use HxD). Save the file with the 0x9C header removed, and you can open it in PKHeX totally fine: http://i.snag.gy/x2jJ8.jpg

Hello, I apologize in advance if I'm asking in the wrong area. I'm attempting to partially decypt my X version save game so that I can view pokemon, specifically gen 5 pokemon, using PKHeX. I want to find out what my PID is so that I can RNG shiny pokemon in my gen 5 games.

I have followed the quoted instructions to the best of my ability, however when I attempt to view the "decrypted" file that is the result of the XOR operation (with the header removed, as per instructions), PKHeX gives me a warning that the file has not been decrypted. I can press "yes" to ignore the warning, and a second prompt appears asking if I want to load the sav at 0x3000 or the one at 0x82000. I have attempted opening both, and a final error message appears "Unrecognized Save File loaded."

Is there a troubleshooting guide of common mistakes new users make while attempting this? Any help is appreciated. Thanks! :)

Share this post


Link to post
Share on other sites
Kaphotics    316

Try using KeySAV2 to dump out individual Pokemon, whether it be via Battle Videos or via Save Files. By doing that you can view your TID/SID to RNG shiny stuff. Or you can just trade a Pokémon to someone who can dump (nobody here, there's dedicated boards elsewhere).

Share this post


Link to post
Share on other sites
Try using KeySAV2 to dump out individual Pokemon, whether it be via Battle Videos or via Save Files. By doing that you can view your TID/SID to RNG shiny stuff. Or you can just trade a Pokémon to someone who can dump (nobody here, there's dedicated boards elsewhere).

Thank you! KeySAV2 was able to do what I needed it to do. I've been using KeySAV and Mass Dumper for a while now, and just didn't realize it had been updated.

Share this post


Link to post
Share on other sites
Reisyukaku    10

Has anyone done much research into powersaves and cyber gadget as far as how they work? cuz I feel like i'm probably reinventing the wheel ._.

FxNzxs0.jpg

I got the CG servers figured out for the most part, but there are still some questions about the parsed data and what not. I've been using both CG and powersaves in conjunction to find answers, but..

here's some questions:

1. How is Header CRC derived? I've tried using CRC16 CCITT on a bunch of variations of the NCCH to no avail. It was my best guess at what Ninty might have used

2. Where is the Card ID parsed from exactly? I didnt see it in any of the data pulled from PS or CG.

3. For powersaves, has anyone figured out the card2 read/write calls? what I've observed is that there are several different calls that dump chunks of data that could possibly be related to the save but they definitively dont look like the save.. so my guess is either they encrypt that data over usb and the program decrypts it or its not related to the save at all lol.

Share this post


Link to post
Share on other sites
Kaphotics    316

Cart commands are serialized; best to look at cyber's source code (decompile) and you'll get a better idea of how they work.

Cart ID is returned from one of the specialized cart commands. It's a 0x7E or whatever byte array.

Header CRC is one of the returned values from the cart. It's how they can look up the cart NCCH data for the proper game, and reject you if they don't have it.

Share this post


Link to post
Share on other sites
Reisyukaku    10
Cart commands are serialized; best to look at cyber's source code (decompile) and you'll get a better idea of how they work.

Cart ID is returned from one of the specialized cart commands. It's a 0x7E or whatever byte array.

Header CRC is one of the returned values from the cart. It's how they can look up the cart NCCH data for the proper game, and reject you if they don't have it.

Getting the data through CG is trivial.. i just grab it from wireshark, but my main goal is to find that same data from powersaves too.. and theres no way in hell im decompiling the 7MB of C++ that is the powersaves software lol.. I'd be better off reading assembler.

Share this post


Link to post
Share on other sites
SciresM    30
Has anyone done much research into powersaves and cyber gadget as far as how they work?

Yes, I have a decompiled C# project version of CGSE that I can edit and recompile at will. I know exactly how CGSE works :P

Share this post


Link to post
Share on other sites
Timeboy    10
So, do you think we can ever use Powersave 3ds like CGSE or somethimes use a european Pokemon Y on CGSE?

Even though the devices look similar, they're fundamentally different pieces of hardware. A Powersaves exploit was found months back that allowed a few people to inject Pokémon, but Datel patched it straight away. As for using a non-JP copy of the game with the CGSE hardware, if it was as easy as tricking the software or the server then it'd be posted on here. As it stands there really is no way around it.

Share this post


Link to post
Share on other sites
Timeboy    10

A few months back I saw that somebody had discovered a 'secret' character customisation option - a 3DS. Like, your character has one in their hand. Anyone know where this would be, and what bits to edit (and to what)?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.