Kaphotics

Gamesaves use a static XORpad which does not change after saving. Starting a new game on digital forces a new XORpad to be used.

The easiest way to "decrypt" a vast majority of your savefile is by using Powersaves.

• Back up your save file.
  
• Delete the save ingame, and start a new game. Save once early as possible. The new game's backup save will be essentially zeroed out (sans slots that store EKX files), then the game will apply the XOR. The result is (essentially) the XORpad.
  
• Back up the new game.
  
• By XORing these two savefiles together, a lot of plaintext and data will be revealed.
  

By using the Wiki's offsets, you can easily find the data for Wondercards, items, etc. We've mapped the offsets for pretty much everything! Since there is no way to recover hashes or offset tables (due to the XOR only abusing 00^XP), there's no way to alter your save file.

If you have a Digital Save File, you can extract a WonderCard's contents as follows:

• Have a desired wondercard in the highest slot possible (not 1).
  
• Backup save file 1.
  
• Delete wondercard. The data is replaced by zeros.
  
• Backup save file 2.
  
• XOR the two together; the wondercard should be revealed in plaintext shortly after the wondercard offset in the save file.
  

Can also do a Before & After Receiving.

Save files have a main and backup, just like previous generation games. As previously mentioned, they just have a static pad that is XOR'd over top of the data.

The way the trick works is by knowing/guessing the contents of an Empty Box Slot.

Usually it's a PKX full of zeroes [0000000....0000] that are stored encrypted ("encrypted zeroes"). However, there is a problem. The game sometimes stores a "blank" egg - which is basically encrypted zeroes with the name "Egg" and Origin Data (E0-E4). With some clever manipulation, the Nickname and Origin Data can be obtained by using ingame mons.

• (Empty Row^XORpad) ^ (Full Row^XORpad) = (Empty Row ^ Full Row). Easy canceling of the XORpad. But we need the empty slot's data!
  
• To find the Origin Data, we must submit observe an EKX with the Origin Data obtained ingame. By feeding 6 (Full Row), we can obtain it.
  
• Since the Origin Data for Empty Zeroes is stored in the 4th Block (00000000 shift value = 0 -> ABCD), we need one of our 6 to have the D block not in the 4th slot.
  
• (1/4)^6 = 1:4096, should succeed. Encryption Constant for zeroes & blank is 0, so....
  
• Due to the blank and encryptedzeroes not having any data at (0xE0-0xE4)-(n*56), we can XOR (Empty ^ Full) with EncryptedZeroes to obtain a "Polluted" EKX.
  
• Decrypt the polluted EKX and see what the Origin Data is. Bingo, now we have our origin (and language) Data.
  
• Create a blank EKX with Nickname = Egg(language), and the Origin Data obtained. Encrypt it!
  
• With a given Empty Box, just XOR the entire box with the encrypted zeroes and you have your keystream.
  
• When dumping data out, check the checksum. If it doesn't match, just XOR it with the obtained blank egg EKX and it should be fixed.
  

Battle Videos are stored on the SD card; for a given battle video "slot" (the internal filename is stored as an 8 digit hex index number) they use different XORpads.

The downfall of using different XORpads is that the same slot will always have the same XORpad. By deleting videos and making the game save to that slot, we can force it to use the same XORpad.

Battle Videos for Singles store the entire EKX data in Party Format. The trick for "decryption" is as follows:

• Create a battle video by participating with only 1 Pokemon. Slots 2-6 are empty.
  
• Delete battle video so that the next one saves to the same slot.
  
• Create a battle video by participating with 2 Pokemon, the 2nd being the one from the first (this is important).
  
• At the party EKX offset, we know slots 2-6 are empty from video 1.
  
• ((xorpad^emptyslot) ^ encryptedzeros) = xorpad, as the empty slot is just encrypted zeros!
  
• This doesn't give us our slot 1 xorpad, so we need to obtain the slot's data from slot 2 of the other battle video.
  
• Since we obtained our slot2 xorpad, ((xorpad2 ^ video2slot2) ^ xorpad2) = video2slot2 = video1slot1.
  
• Now we just ((xorpad1 ^ video1slot1) ^ video1slot1) = xorpad1.
  
• All 6 xorpads have been obtained; concatenate and export.
  
• This xorpad can be applied to any future battle video in that slot to reveal its contents.
  
• Verify the checksum, if it doesn't match then just xor by encryptedzeros (slot 6 can be uninitialized sometimes == 00000...).
  
• Obtain data
  

By abusing the Force Save = Off, you can check shiny values by saving->hatching->battling->resetting.

Battle Videos are stored in:

• \Nintendo 3DS\*\*\extdata\00000000\0000055(d/e)\00000000
  

Initial Setup:

• Ensure you have space for battle videos to be stored (Max 100)
  
• Options -> turn off Forced Save.
  
• Single Battle with only 1 Pokemon in your party.
  
• Save the battle video ingame.
  
• Open up your SD card on your computer - the latest battle video should be the the most recent created -- take note of what battle video slot it is.
  
• Copy the battle video from your SD card to your computer. Append the filename with "-1".
  
• Delete the battle video from your SD card (leaving your computer copy intact).
  
• Add another Pokemon to your party; make sure the 2nd party member is the same as Battle Video 1.
  
• Single Battle with only 2 Pokemon in your party.
  
• Save, Copy, append "-2"; delete from SD.
  

Tab 1: Cracking your Video Keystream

• Open Video 1 = (First Video ~ "-1")
  
• Open Video 2 = (First Video ~ "-2")
  
• Click [break].
  
• --
  
• Save KS with the suggested filename.
  

Tab 2: Data Export

• Ensure that the battle video slot you want to check is deleted and is the lowest open slot.
  
• Single Battle with any <6 mons you wish to check and save the battle video -- battle video will be saved to the lowest open slot.
  
• Copy to your computer, delete it from SD.
  
• Open the Video file you wish to check.
  
• Open the keystream.
  
• Select the Data Mode you wish to Dump for: TSV outputs TSVs, Default&Reddit output ESVs, CSV outputs everything, Files outputs .pk6/.ek6 files.
  
• Click Dump x. Results will be exported to the lower window.
  
• Eggs: If any of the hatches end up having all 5 be not useful, you can just save and release since they're already hatched.
  

tl;dr for checking eggs:

If you save battle videos afterwards, delete em. The keystream you dump is exclusive to the battle video's file-number!