OmegaDonut

Would it be worthwhile for someone (or the community as a whole) to try to set up their own 3DS farm (or perhaps just 1 3DS with a queue system) and open it up to the public? It could be a reasonably priced paid service at least until the initial cost of a 3DS and whatever specialized hardware/software necessary is recouped. There's not some other magical solution to the save encryption problem "just around the corner" is there?

I have a 4.5 3DS I've been setting aside for this very reason.

They have to be. They're encrypted differently (to the point of incompatibility). I assume that the save from a legit cart used on a Gateway EMUnand will be no different from the save generated by a ROM used on the actual flashcard, but both of these, while equal among themselves, are at least encrypted differently from a normal save.

Let me rephrase - they are no different from regular saves, format-wise. They are encrypted with by XORing with a constant keystream, and the keystreams are generated by the same procedure. The only difference is the data that goes into generating the keystream; emuNAND does not initialize part of the data properly. But that makes no difference to KeySAV.

will the save used by gateway, now that it supports pokemon, be looked at/supported, is it planned?

They are no different from the saves ripped with Powersaves. And this tool could've been used with old Gateway Pokemon saves all along.

Hmmm

Is pokesave good for gen 4 instead?

Nope. It is also just as likely to give you an impossible ID\SID combo for Gen 4.

nintendo let's us move our physical cart save to a digital version. do they let this happen with pokemon?

so that is a way people with physical saves could convert to a digital save, to use tools right?

Nintendo created the Save Data Transfer tool that lets you copy a save from a physical cart to a digital save, if you own the corresponding eShop game. Look for it in the eShop. But it deletes the data of the cart afterwards.

Yes, I know about that, I wasn't suggesting dumping the keys. I take it to mean that even the old encryption is uncrackable, then?

It's not actually the old encryption. It's the new encryption done wrong, because emuNAND does not boot the new firmware properly (it skips initializing one of the necessary encryption keyslots). Which likely actually makes it easier to decrypt, but there are still some unknowns we have to figure out first.

I like to keep record of my TID and SID's for my games, because I have been known to RNG for matching ones in gen 4. However, I noticed that Bank'ed pokemon from my gen 4 games have matching TID's but the SID is completely different for them (in Y it is 2446 and in gen 4 it was 00468) Other than the obvious change of all SID's becoming 4 digits, does anyone know how this works?

It seems you are confusing the SID with the SV, or shiny value (the clue was when you said SIDs became 4 digits; they are still ranging from 0-65535). If you got your information from KeyBV and KeySAV, those programs do not display the SID directly.

Nothing short of hacking changes the SID of a Pokemon.

datel has enough resources to break any encryption/private keys (they did prove this with the PSP AR)

I don't know much about the history of the PSP AR, but from what I can tell the AR was broken several times by firmware updates, which indicates that Datel found ways to fool the PSP into loading unsigned code that were patched, not that they were able to break encryption keys. And by the end of the PSP's lifetime, the security had more holes than Swiss cheese anyway.

their setup modifies values where a real 3DS just writes 0xFF, this proves they calculate more than a real 3DS would do and it makes more sense then a 3DS farm.

Actually, it doesn't. I have a 3DS that can run unsigned code, and I can have it use its internal AES engine to encrypt\decrypt any data I want. I can even instruct it to use the same keys used in savefile encryption\decryption. But I can't ask it to tell me what the keys are, as they are in write-only registers, and initialized by the firmware at boot.

The most realistic possibility is Datel does not know the keys, and have to use the same AES engine to encrypt\decrypt savefiles. The fact that Datel chooses to encrypt regions never edited by the game is sloppiness on their part, not an indication of superior knowledge.

So there's no way to restore a save file through Datel software ? Too bad...

There are a few barriers --

a) there is a checksum in the header that Datel adds to the save file. If the checksum fails to match the data, Powersaves will not recognize it. I haven't gotten around to figuring out how the checksum is calculated, but I've been able to get around it by using Cheat Engine to edit the loaded save file in RAM, and having Powersaves write the "backup" to a file with the correct checksum.

b) data in the save file is hashed with SHA-256, if the hash doesn't match the data the game will not load it. If the game can't load it, Datel's servers can't edit it. If we had a completely decrypted save file, we *might* be able to figure it out, but we don't. We only have partially decrypted data - but not the constants in the save file.

c) Save files are signed with an AES-256 MAC at the very start of the save file, using a key hidden in the 3DS (in a write-only register, cannot be read). Datel's servers uses modded 3DSes to sign save files. The good news here is that if you have a save file that isn't signed properly and ask Datel's servers to apply cheats, they will send you a save file with a fixed signature - but ONLY if the hashes in b) are correct. They need to be able to load the save files to apply the RAM edits for cheats.

d) Without having a fully decrypted save file, we don't have the encryption keystream on top of the hashes and the AES MAC.

Isn't it from Colosseum?

http://www.reddit.com/r/TruePokemon/comments/20kxt6/getting_a_dive_ball_onto_a_pokemon/cg4cluu

Only the 2nd stage forms could be caught in different balls. The Chikorita\Totodile\Cyndaquil only came in Poké Balls. So the OP's observation is correct.

But stuff like this should be reported in this thread.

i wish it worked for mac </3 :'(

It does work for Mac, using either Wine or Mono.

Do (other languages) work?

yes

Actually, no. A friend has a Japanese Y but Powersaves says it is an "unsupported game". Even using the Japanese version of the software.

Unsure if this is the proper spot to ask, but is there any way to differentiate a forced Kalos shiny from a legit one? I've stayed out of trading shiny Pokemon lately due to the risk of receiving a forced shiny. I've been told trash bytes get changed, but no one I asked could actually provide any proof/confirmation from an expert.

Aside from obvious hacks (Xerneas, Yveltal, Celebi etc. are all shiny-locked), there is no way to differentiate them. Trash bytes are not involved.

There's a chance to retrieve the codes, everything is stored in a local folder within your PC. -Perhaps- if somebody has not updated his/her XML code list (i.e. has not run the app since the codes were acquired) this person could save them and put 'em to use.

Still, taking such codes down is really low; the use of your property shouldn't be limited just like this.

Powersaves doesn't actually use codes in the sense that Action Replay did. The program simply gives you a list of cheats that their servers can apply by editing their save file, using specialized equipment (a farm of modded RAM-hacking 3DSes). If their servers don't offer the cheats, they won't apply them.

As for your property, all you own is a device that can send and receive data to the cartridge. It is Datel and their servers that do all the work, and they are well within their rights to decide what work they want to do with them.

Sorry for the misunderstanding.

Anyway, my point being, if we know how Powersaves works, we can use that in an attempt to poke into the game's data!

(Also, in case you're wondering, The Eternal Flower Floette has a slightly different moveset by level up - it learns Light of Ruin at level 50.)

Way ahead of you.

Okay, so here's my story.

A couple years ago I got some mystery gift pokemon at an anime convention. one of the events was for shiny eevees run by a random guy, the other was run by the site Halolz and they gave out shiny mudkips.

both of these are equally fair you would say, yeah? well the halolz ones went through fine, but the eevees won't transfer over. These things are some of my most cherished pokemon, so I've been desperately trying to find some kind of workaround for them...

Those are custom (read: not legit or legal) event Pokémon, no surprise some didn't make it through. Afraid there really isn't a workaround for you.

I have been wondering, can I find my SID using this program, or not? Could you please confirm this?

- Hide

Not as-is. We decided to leave Pokemon exporting out of the public product for various reasons.

Is there any documentation on the decryption process?

Nope. We can get the encryption keys used for a single cartridge, but we do not know how the keys are generated.

While my Powersaves seem to reject the existing of my pokemon y cart (which I want it to work; is it server issue?),

when I inserted my gateway, it allowed me to backup.

Since the last game I played on it was a mario game, I titled it "Mario?"

When you open this save, at first glance, it's a blank save.

But the information in it is interesting...

I mean, what's with the increasing order of bytes?

https://www.dropbox.com/s/mgzrs06f7g8ijaq/KJA383f5c06_2014-02-22_18-14-54_%28mario%29.bin

It's a (mostly) blank save because the actual save files are stored on the SD card of the 3DS, not in the Gateway cart.

I've watched your video about trading the Latiosite, I guess the trading failure maybe due to the HM(cut) on the Espeon but not the mega stone..?Maybe you can give it one more try and see if it still doesn't work? If it success I wish I could the mega stone of Latios and Latias, they are just incredible!

Espeon knew Psychic, Dazzling Gleam, Grass Knot and Shadow Ball. No Cut.

I meant legally downloaded, like eShop. Sorry for the confusion.

That's what he meant. You can use this with the save files from the eShop version.

Amazing stuff as usually Kaphotics.

You're welcome.

I saw you try to trade the Latios or Latias as the only Pokemon and from your party. Try putting more than one Pokemon in your party and see if it works that way? Cause I'm sure the game won't let you trade if it's the only Pokemon in your party. GTS is understandable though.

You weren't watching very closely. The Latios was in a box, not the party.

Also I should point out the games also blocks the trading of Pokemon in hacked Pokeballs the same way, like a 5th gen Pokemon in a Heavy Ball.

I've been aware of this - Chatot has exactly 2 evenly-distributed poses, which makes it ideal and possible to determine the RNG state from its poses alone.

However, a brute-force search using this information would take months, so I've been looking into mathematical shortcuts.

Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release.

Sorry, but it doesn't reveal anything special about XY. What they are describing how to RNG a game on BW2 so it has an ID that matches the one in the XY lottery for that day. Then they use Pokémon Bank to transfer a Pokémon caught on that game to their XY cart and win the lottery.

Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website.

Only doable because the RNG seed generation was known and could be manipulated by changing the time and date. Not possible on XY. Same goes for all the other methods you mentioned.