Kaphotics

X / Y Save File Research

214 posts in this topic

Recommended Posts

Kaphotics    298

It's an event bitflag and only for female characters. I do think I added it to the Event Flag editor, not sure if it's there or not.

Share this post


Link to post
Share on other sites
Timeboy    10

Ah, makes sense - I had no idea female characters woke up holding a 3DS for the few minutes until they get dressed! There's not much point of it since it doesn't show up on your trainer card or in battle. If anyone wants to do it, clear 14D21 and 14E47:

2d1n41i.jpg

Share this post


Link to post
Share on other sites
Kaphotics    298
[@Kaphotics]

How much further till the NTSC-U Version of X/Y will we be able to decrypt easy for editing ?

Decrypting is one thing, re-signing is another. We can decrypt save files, however, the 3DS is required for re-signing and only the Cyber Save Editor dongle offers this service for Japanese Cartridges.

3DS encryption (for 6.0+ firmware games) uses parts of the ROM data, and the necessary part for encryption differs between Japanese/International copies, and even for different version revisions (which is why prepatched games have had problems with Cyber Save Editor support).

Share this post


Link to post
Share on other sites
XD4rkCha0sX    10
Decrypting is one thing, re-signing is another. We can decrypt save files, however, the 3DS is required for re-signing and only the Cyber Save Editor dongle offers this service for Japanese Cartridges.

3DS encryption (for 6.0+ firmware games) uses parts of the ROM data, and the necessary part for encryption differs between Japanese/International copies, and even for different version revisions (which is why prepatched games have had problems with Cyber Save Editor support).

So has anyone in the community found a way to re-sign a U.S. game cartridge yet using a 3rd party software/or hardware ?

What about the digital saves from the eshop versions ?

Share this post


Link to post
Share on other sites
Kaphotics    298
So has anyone in the community found a way to re-sign a U.S. game cartridge yet using a 3rd party software/or hardware ?

What about the digital saves from the eshop versions ?

If it were possible at the moment, it would have been mentioned somewhere.

Digital save editing will never happen, Powersaves now blocks any edited saves, and Cyber Save Editor only accepts Japanese ROM data (because the ROM data is different between regions). You'd have to wait until a public re-signing solution happens, and this would be via homebrew on hacked firmware consoles. There is no ETA.

Share this post


Link to post
Share on other sites
Devreese    10
Has anyone done much research into powersaves and cyber gadget as far as how they work? cuz I feel like i'm probably reinventing the wheel ._.

FxNzxs0.jpg

I got the CG servers figured out for the most part, but there are still some questions about the parsed data and what not. I've been using both CG and powersaves in conjunction to find answers, but..

here's some questions:

1. How is Header CRC derived? I've tried using CRC16 CCITT on a bunch of variations of the NCCH to no avail. It was my best guess at what Ninty might have used

2. Where is the Card ID parsed from exactly? I didnt see it in any of the data pulled from PS or CG.

3. For powersaves, has anyone figured out the card2 read/write calls? what I've observed is that there are several different calls that dump chunks of data that could possibly be related to the save but they definitively dont look like the save.. so my guess is either they encrypt that data over usb and the program decrypts it or its not related to the save at all lol.

what is this site

Share this post


Link to post
Share on other sites
Kaphotics    298
what is this site

It's Cyber Gadget's web upload form they use within their program. Nothing you can abuse.

Share this post


Link to post
Share on other sites
Favna    12

So I've been wondering for the past day here. With all the data dumped of both X/Y and ORAS, was there ever any info found on which programming language was used to create both mentioned games? I've been trying to find it on google but the only thing I can find is that R/B/Y were made in Assembly. Nothing related to X/Y/OR/AS.

Share this post


Link to post
Share on other sites
Pokehexlover    10

I have a friend who is willing to help us if we can give him the details to build a re-signing program. Also, would it be too much to ask if a tutorial video can be made to show us how to decrypt a backed up save file from powersave?

Share this post


Link to post
Share on other sites
Favna    12
I have a friend who is willing to help us if we can give him the details to build a re-signing program. Also, would it be too much to ask if a tutorial video can be made to show us how to decrypt a backed up save file from powersave?

Uh I could perhaps work on that video tutorial but I'm on vacation at the moment so it'll be a while until I can get started

Share this post


Link to post
Share on other sites
Favna    12

If that truly means so much to you. I only wanted to show off what other people consider my awesome voice again... #TooBrag4Me

I kid. People have actually said my voice is good for tuto's but I never felt special about it.

Share this post


Link to post
Share on other sites
Timeboy    10
I have a friend who is willing to help us if we can give him the details to build a re-signing program. Also, would it be too much to ask if a tutorial video can be made to show us how to decrypt a backed up save file from powersave?

I don't think it's possible for someone to simply "build a re-signing program", and if it were, it'd be posted on here. There's a tool for every current possible task imaginable, including a re-signing program that only works with the Cyber Gadget Save Editor dongle. Which piece of hardware is your friend hoping to utilise? The Powersaves and Cyber Gadget work server-side, and the R4i dongle can only decrypt older 3DS games, not games with X/Y's encryption. For about 24 hours (probably less) you could abuse the Powersaves dongle and brute force Pokemon in, but they patched that immediately.

Either way, there's a (written) tutorial on here that is pretty easy to follow. http://projectpokemon.org/forums/showthread.php?37269-X-Y-Save-File-Research&p=183148&viewfull=1#post183148

You can only partially decrypt, through.

Share this post


Link to post
Share on other sites
Google --3DS "Save Bank"-- (without dashes)

Then tell me it's 'impossible'. :biggrin:

Is it possible to use the save bank dongle with the cyber save editor software? Has anyone tried this?

Share this post


Link to post
Share on other sites
Favna    12
I don't think it's possible for someone to simply "build a re-signing program", and if it were, it'd be posted on here. There's a tool for every current possible task imaginable, including a re-signing program that only works with the Cyber Gadget Save Editor dongle. Which piece of hardware is your friend hoping to utilise? The Powersaves and Cyber Gadget work server-side, and the R4i dongle can only decrypt older 3DS games, not games with X/Y's encryption. For about 24 hours (probably less) you could abuse the Powersaves dongle and brute force Pokemon in, but they patched that immediately.

Either way, there's a (written) tutorial on here that is pretty easy to follow. http://projectpokemon.org/forums/showthread.php?37269-X-Y-Save-File-Research&p=183148&viewfull=1#post183148

You can only partially decrypt, through.

Actually SciresM continues the tutorial towards a fully decrypted save1 file here: Full Decryption. Not that powersaves, as you say, does re-signing however so having it is one thing, being able to do something with it is .. something else.

Share this post


Link to post
Share on other sites
Gamertron300    10
Guide to completely decrypting Save1:

Download my brute forcer: http://www.mediafire.com/download/sk2o1qt9t161j6q/Pokemon_XY_Save_File_Brute_Forcer.exe

Complete the steps listed in my earlier post on getting saves open with PKHeX: http://projectpokemon.org/forums/showthread.php?37269-X-Y-Save-File-Research&p=183148

In the first brute forcer box, select + open save1keystream.bin.

Now (make sure you have a backup of your current save file before doing this), Delete your save file from the in-game menu (hit up+x+b at title screen) and start a new game. Save once. ONLY SAVE ONCE. THIS IS IMPORTANT.

Backup your save using powersaves. In the second brute forcer box, select this backup.

Now, apply the "Master Ballsx999" cheat over your new game in powersaves. Remove your cart from the dongle. Re-insert your cart into the dongle. (Doing that is ALSO important.)

Backup your save with the cheat applied using powersaves. In the third brute forcer box, select this backup.

Now, hit the "Brute force saves" box. If all goes well (And it should), you should get a success message and the ability to save Save1Key.bin.

Save Save1Key.bin wherever you want. You can now use it the way you used save1keystream.bin before now, but it completely 100% decrypts all of save1. (50% of your saves will open with no "hash verification failed" messages in PKHeX". Before Datel patched my exploit, this allowed you to inject things into the game. You can no longer use this to inject new things.)

Does this brute forcer still work regardless?

Share this post


Link to post
Share on other sites
Kaphotics    298

It works if you use it properly, however the only benefit of having a fully decrypted save is having it fully decrypted; there's no method to get it re-signed.

Share this post


Link to post
Share on other sites
Gamertron300    10

I know, a few friends and I are working with a modded 3DS and have successfully reencrypted the save into a legit NA cartridge. Now we are trying to figure out how to reencrypt for a non-modded 3DS manually.

Share this post


Link to post
Share on other sites
Favna    12
I know, a few friends and I are working with a modded 3DS and have successfully reencrypted the save into a legit NA cartridge. Now we are trying to figure out how to reencrypt for a non-modded 3DS manually.

All I can say is .. Keep us updated and mainly keep up the work. Would be awesome if it works out.

Share this post


Link to post
Share on other sites
Favna    12

So uhm someone was requesting a video tutorial for full decryption of a US / Europe (in my case the latter) save before. If there are others that would be interested in this I could make it one of these days but I kinda do want appeal up front because of the fact that having a fully decrypted save file, as said many times, is pretty pointless at the current stage of research.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.