Kaphotics
-
Posts
7839 -
Joined
-
Last visited
-
Days Won
450
Content Type
Profiles
Pokédex
Portal
Technical Documentation
Pages
Tutorials
Forums
Events
Downloads
Gallery
Blogs
Everything posted by Kaphotics
-
He did it on a retail cart on current firmware. He's already given you instructions to decrypt the entire first save block... plus, proof of concept is better than nothing. I don't blame him for not wanting to share; he doesn't want to be the one who opens the floodgates.
-
There isn't even an AR that works on 3DS games.
-
PKHeX can convert Gen 5 PKM files to the new PKX format, but there is currently no way to inject .pkx files to Gen 6.
-
4/13/14 - New Update Added: Quicksave DragOut Indicators and Tooltips (Hover over the left side corners) Added: Control+Click a Pokemon slot to quick-load the data. Added: Shift+Click a Pokemon slot to quick-set the data. Added: SAV Tab (contents of old Tools Tab) Added: Tools Tab - Export PGL JPEG, List Passerby, List Hall of Fame Entries Added: Remaining Moves, Abilities, and Items Added: Verbose printout of Wonder cards. Changed: Resizable Pokepuff/Inventory windows for better display. Changed: Trainer Info Editing has more options. Changed: PID and EK fields now display Hex instead of decimal (and autofill to 8 characters). Editing is discouraged (legality's sake). Removed: Visibility of Unused Ribbon Bits Removed: Visibility of Characteristic. Might be a new correlation, so more research is needed. Let me know if there are still any issues, x66x66. I have the program set to hide the SAV editing interface until a SAV is loaded, which requires me to resize the window on form load. I added some autoscale detection; idk if it works.
-
Just upload it to imgur.
-
Nope!
-
No.
-
You don't.
-
0x9C - 0x10009C should all be FF'd out, the only thing unchanged is the 0x00-0x9C header (which will be fixed by the program). In the end, make sure your file is 0x10009C bytes long -- ctrl+A to select everything in HxD, length is at the bottom. Can't really tell what is wrong with just the error messages...
-
No, because that's only a partially decrypted save. Plus the whole AES MAC re-signing isn't a thing yet. Still no 'true' save editing for those without a hacked console+cfw.
-
04/09/14 - New Update Fixed: EK6 encryption should no longer save undecryptable files. Moved: Dragouts moved to the left side. Added: Save File Editing Box Editing Party/BattleBox/Daycare/GTS/Fused/Extra Viewing Pokepuff Editing Inventory Editing Trainer Info Editing Box Layout (Name/Background) editing Wondercard Adding/Exporting Berry Field Viewing (basic) Added: Integrity Checking for Checksums and SHA256 Hashes of save files. Added: Save file hash correction export to re-sign everything but the AES MAC (needs a hacked 3DS). Added: Bypass for partially decrypted saves (exporting disabled). Saving (properly) is only available if you can dump your own XORpad and have a 100% decrypted save. DO NOT ASK "HOW DO I DECRYPT SAVE FILE". Methods how to partially decrypt are in the X/Y Save File Research Thread.
-
How to edit pokemon back sprites in BW2
Kaphotics replied to valdios1995's topic in ROM - NDS Discussion & Help
Use Tinke. -
How to edit the items on the floor in BW2
Kaphotics replied to AC_Zepp's topic in ROM - NDS Discussion & Help
Correct. -
X/Y Save files are comprised of 4 sections, the latter two storing the contents of the two savegames. The game alternates between the two game saves similar to Generations 3 & 4. Save files are 0x100000 (1MB). The area between sections is either FF or 00, for Cartridges and Digital saves respectively. Single Partition Save File http://3dbrew.org/wiki/Savegames Image Header (0x00000-0x00460) Offset Length Hash Details Description 00000 0x10 0x0: Uses the AES Engine & KeyY AES MAC Header 00100 0x100 0x16C: (SHA256) 0x000-0x12C of active DIFI DISA 00200 0x12C 0x30C: (SHA256) 1st IVFC Hash copied to 0x200 zero array DIFI Blob 1 00330 0x12C 0x43C: (SHA256) 1st IVFC Hash copied to 0x200 zero array DIFI Blob 2 First Partition (0x01000-0x01107) Offset Description 01000 DPFS Partition Save File 1 (0x02000 - 0x6AFFF) (420 KB) Offset Description 02000 IVFC Hash Region 03000 SAVE Header (0x3F0 medias, 0x200 length) = 0x7E000 total 03100 SAVE Data ID Start Length CHK Description 0000 05400 000002C8 6A81A 05400 - Pokepuff Inventory (Index * 100ct) 05464 - u32 Received Counter 0001 05800 00000B88 6A822 05800 - Items Pocket 05E40 - Key Items Pocket 05FC0 - TM Pocket 06168 - Medicine Pocket 06268 - Berry Pocket 0002 06400 0000002C 6A82A Select Bound Items 0003 06600 00000038 6A832 ???? 0004 06800 00000150 6A83A Trainer Stat Tracking 0x06802 - Map ID 0x06810 - X Coordinate (<>) 0x06814 - Y Coordinate (Height) 0x06818 - Z Coordinate (^v) 0x068F4 - Map ID 0x06904 - X Coordinate (<>) 0x06808 - Y Coordinate (Height) 0x0680C - Z Coordinate (^v) 0005 06A00 00000004 6A842 ???? 0006 06C00 00000008 6A84A u32 Time Played + u32 Adventure Started 0007 06E00 000001C0 6A852 Wardrobe (Bitflags) & Saved Outfits (Index #s) 0008 07000 000000BE 6A85A u16/u8 storage 0009 07200 00000024 6A862 FFFFFFFF 000A 07400 00002100 6A86A Overworld Data 0x108 per Overworld Entity 000B 09600 00000140 6A872 Trainer Information ($) 000C 09800 00000440 6A87A Box Names [0x22] Box Name (* 31) [0x01] Box Background *31 [0x03] Background Unlock Flags 000D 09E00 00000574 6A882 Battle Box 000E 0A400 00004E28 6A88A PSS Data - Friends 000F 0F400 00004E28 6A892 PSS Data - Acquaintances 0010 14400 00004E28 6A89A PSS Data - Passerby 0011 19400 00000170 6A8A2 Trainer Card (ID/SID/OT/Greeting) 0012 19600 0000061C 6A8AA Party Members 0013 19E00 00000504 6A8B2 Constant & Event Flags 0x1A0FC-0x1A27B - Event Bitflags (0x180 * 8) 0014 1A400 000006A0 6A8BA Pokedex 0x1A400 - Constant? 0x2F120F17 0x1A004 - u32 counter (?) 0x1A408 - 0x60 Region 1 - Owned Native 0x1A468 - 0x60 Region 2 - Encountered Male 0x1A4C8 - 0x60 Region 3 - Encountered Female 0x1A528 - 0x60 Region 4 - Encountered Male * 0x1A588 - 0x60 Region 5 - Encountered Female * 0x1A5E8 - 0x60 Region 6 - Displayed Male 0x1A648 - 0x60 Region 7 - Displayed Female 0x1A6A8 - 0x60 Region 8 - Displayed Male * 0x1A708 - 0x60 Region 9 - Displayed Female * 0x1A768 - 0x18 Form Bitflag Region 1 - Encountered form 0x1A780 - 0x18 Form Bitflag Region 2 - Encountered form * 0x1A798 - 0x18 Form Bitflag Region 3 - Displayed form 0x1A7B0 - 0x18 Form Bitflag Region 4 - Displayed form * 0x1A7C8 - 0x278 7bit/entry flags (Language) 0x1AA40 - u32 ??? 0? 0x1AA44 - Spinda Spot Pattern (First EC encountered) 0x1AA48 - u32 ??? 0x1AA4C - 0x54 Bitflags - Obtained specimen from Previous Console Era (pre Kalos Game Origin, 1-649) 0015 1AC00 00000644 6A8C2 Sorted Variables 0016 1B400 00000104 6A8CA Fused Zekrom/Reshiram Storage 0017 1B600 00000004 6A8D2 ???? 0018 1B800 00000420 6A8DA ???? 0019 1BE00 00000064 6A8E2 O-Power Flags 001A 1C000 000003F0 6A8EA ???? 001B 1C400 0000070C 6A8F2 User Metadata 1C538 - PSS Outfit 1C548 - Trainer Name 1C564 - Favorite Pokemon 1C567 - Pokemon's Gender 1C56C - Encryption Constant 1C57C - Pokemon's Nickname 001C 1CC00 00000180 6A8FA GTS Upload & Match Criteria 001D 1CE00 00000004 6A902 87B1A23F const 001E 1D000 0000000C 6A90A ???? 001F 1D200 00000048 6A912 Repel Info, (Swarm?) and other overworld info 0020 1D400 00000054 6A91A ???? 0021 1D600 00000644 6A922 WiFi Tournament Data 0022 1DE00 000005C8 6A92A Live Tournament Data 0023 1E400 000002F8 6A932 MAC Address & Network Connection Logging (0x98 per entry) 0024 1E800 00001B40 6A93A Hall of Fame Data (First Game Clear + 15 Latest) 0x48 per Pokemon Slot; capped with 4 bytes at end (total 0x1B4) 0x00 - Species 0x02 - Held Item 0x04 - Move 1 0x06 - Move 2 0x08 - Move 3 0x0A - Move 4 0x0C - Encryption Key 0x10 - TID 0x12 - SID 0x14 - [Nicknamed,1][Shiny,1][Level,7][Gender,2][Form,5] bits 0x16 - Unused 0x18 - Nickname (0x16) + 0x3F80 end 0x30 - Trainer Name (0x16) + 0x3F80 end Last 4 bytes: 0x00 - # of Hall of Fame Victory 0x01 - [Unk,1][Day of Month,5][Month,4][Year,8] bits 0025 20400 000001F4 6A942 Maison Data 205C0 - u16 Current Singles Streak 205C2 - u16 Current Super Singles Streak 205C4 - u16 Best Singles Streak 205C6 - u16 Best Super Singles Streak 205C8 - u16 Current Doubles Streak 205CA - u16 Current Super Doubles Streak 205CC - u16 Best Doubles Streak 205CE - u16 Best Super Doubles Streak 205D0 - u16 Current Triples Streak 205D2 - u16 Current Super Triples Streak 205D4 - u16 Best Triples Streak 205D6 - u16 Best Super Triples Streak 205D8 - u16 Current Rotation Streak 205DA - u16 Current Super Rotation Streak 205DC - u16 Best Rotation Streak 205DE - u16 Best Super Multi Streak 205E0 - u16 Current Multi Streak 205E2 - u16 Current Super Multi Streak 205E4 - u16 Best Multi Streaks 205E6 - u16 Best Super Multi Streak 0026 20600 000001F0 6A94A Daycare Data u32 (Slot 1) Occupied Flag u32 (Slot 1) Steps Taken Since Depositing xE8 (Slot 1) Box EK6 1 u32 (Slot 2) Occupied Flag u32 (Slot 2) Steps Taken Since Depositing2 xE8 (Slot 2) Box EK6 2 u64 Flag (egg available) u64 RNG Seed 0027 20800 00000216 6A952 Index Number Related Data 0028 20C00 00000390 6A95A Berry Field Data (0x18 per tree, 36 trees) 0029 21000 00001A90 6A962 Wondercard Data 0x100 bitflag-card received storage Wondercard slots (0x108 between) 002A 22C00 00000308 6A96A Old Man (Anistar) Pokemon Storage 002B 23000 00000618 6A972 Friend Safari Data 002C 23800 0000025C 6A97A PSS Data 23970 (0x20) - Pokémon Bank (application?) data 002D 23C00 00000834 6A982 PSS Friend Data [0x15]*100 entries 002E 24600 00000318 6A98A Super Training Data 24610 - Mission Best Times (seconds as 4 byte floats)*30 24788 - u32 Species That Scored Best Time*30 24908 - Bag Inventory (12 bags) 002F 24A00 000007D0 6A992 ???? 0030 25200 00000C48 6A99A Pokemon Link Gifts 0x25E44 - u16 checksum (ccitt16, 0xFFFF initial) of 0x25400-0x25E43 0031 26000 00000078 6A9A2 Index Number Related Data 0032 26200 00000200 6A9AA PGL Promotion Gifts 0033 26400 00000C84 6A9B2 ???? 0034 27200 00000628 6A9BA Data Block (Purpose Unknown) u64 Length byte[Length] data 0035 27A00 00034AD0 6A9C2 Box Data (31 Boxes, 30 Slots, 232 bytes each) 0036 5C600 0000E058 6A9CA Picture Data (JPEG Exif Ver 2.2) ~ 5C654 starts the JPEG (FF D8 marker) - Sent to PGL ---- 6A800 00000800 ----- Checksum Storage [0x14] Header: u64 savetime1 & u64 savetime2 (First five bytes Anti-Savegame Restore Secure Value),u16 BEEF magic [0x10] Checksum Entries: u32 len, u16 ID, u16 checksum (ccitt16, 0xFFFF initial) Save File 2 (0x81000 - 0xE9FFF) (420 KB) Same as Game Save 1's offsets; add 0x7F000. IVFC Hash Region SHA256 Hash over a 0x1000 large block (4096 bytes). Start End Hash Location 2020 203F 2000 - First Hash: Copied to 0x200 zero array. 2040 2FFF 2020 - Second Hash: Copied to 0x1000 zero array. 3000 3FFF 2040 4000 4FFF 2060 5000 5FFF 2080 6000 6FFF 20A0 7000 7FFF 20C0 8000 8FFF 20E0 9000 9FFF 2100 A000 AFFF 2120 B000 BFFF 2140 C000 CFFF 2160 D000 DFFF 2180 E000 EFFF 21A0 F000 FFFF 21C0 10000 10FFF 21E0 11000 11FFF 2200 12000 12FFF 2220 13000 13FFF 2240 14000 14FFF 2260 15000 15FFF 2280 16000 16FFF 22A0 17000 17FFF 22C0 18000 18FFF 22E0 19000 19FFF 2300 1A000 1AFFF 2320 1B000 1BFFF 2340 1C000 1CFFF 2360 1D000 1DFFF 2380 1E000 1EFFF 23A0 1F000 1FFFF 23C0 20000 20FFF 23E0 21000 21FFF 2400 22000 22FFF 2420 23000 23FFF 2440 24000 24FFF 2460 25000 25FFF 2480 26000 26FFF 24A0 27000 27FFF 24C0 28000 28FFF 24E0 29000 29FFF 2500 2A000 2AFFF 2520 2B000 2BFFF 2540 2C000 2CFFF 2560 2D000 2DFFF 2580 2E000 2EFFF 25A0 2F000 2FFFF 25C0 30000 30FFF 25E0 31000 31FFF 2600 32000 32FFF 2620 33000 33FFF 2640 34000 34FFF 2660 35000 35FFF 2680 36000 36FFF 26A0 37000 37FFF 26C0 38000 38FFF 26E0 39000 39FFF 2700 3A000 3AFFF 2720 3B000 3BFFF 2740 3C000 3CFFF 2760 3D000 3DFFF 2780 3E000 3EFFF 27A0 3F000 3FFFF 27C0 40000 40FFF 27E0 41000 41FFF 2800 42000 42FFF 2820 43000 43FFF 2840 44000 44FFF 2860 45000 45FFF 2880 46000 46FFF 28A0 47000 47FFF 28C0 48000 48FFF 28E0 49000 49FFF 2900 4A000 4AFFF 2920 4B000 4BFFF 2940 4C000 4CFFF 2960 4D000 4DFFF 2980 4E000 4EFFF 29A0 4F000 4FFFF 29C0 50000 50FFF 29E0 51000 51FFF 2A00 52000 52FFF 2A20 53000 53FFF 2A40 54000 54FFF 2A60 55000 55FFF 2A80 56000 56FFF 2AA0 57000 57FFF 2AC0 58000 58FFF 2AE0 59000 59FFF 2B00 5A000 5AFFF 2B20 5B000 5BFFF 2B40 5C000 5CFFF 2B60 5D000 5DFFF 2B80 5E000 5EFFF 2BA0 5F000 5FFFF 2BC0 60000 60FFF 2BE0 61000 61FFF 2C00 62000 62FFF 2C20 63000 63FFF 2C40 64000 64FFF 2C60 65000 65FFF 2C80 66000 66FFF 2CA0 67000 67FFF 2CC0 68000 68FFF 2CE0 69000 69FFF 2D00 6A000 6AFFF 2D20 Pokepuff Index Numbers Index Name 00 Empty 01 Sweet Basic Pokepuff 02 Mint Basic Pokepuff 03 Citrus Basic Pokepuff 04 Mocha Basic Pokepuff 05 Spice Basic Pokepuff 06 Sweet Frosted Pokepuff 07 Mint Frosted Pokepuff 08 Citrus Frosted Pokepuff 09 Mocha Frosted Pokepuff 0A Spice Frosted Pokepuff 0B Sweet Fancy Pokepuff 0C Mint Fancy Pokepuff 0D Citrus Fancy Pokepuff 0E Mocha Fancy Pokepuff 0F Spice Fancy Pokepuff 10 Sweet Deluxe Pokepuff 11 Mint Deluxe Pokepuff 12 Citrus Deluxe Pokepuff 13 Mocha Deluxe Pokepuff 14 Spice Deluxe Pokepuff 15 Wish Supreme Pokepuff 16 Honor Supreme Pokepuff 17 Spring Supreme Pokepuff 18 Summer Supreme Pokepuff 19 Fall Supreme Pokepuff 1A Winter Supreme Pokepuff Super Training Bag Index Numbers Index Name 00 Empty 01 HP Bag S 02 HP Bag M 03 HP Bag L 04 ATK Bag S 05 ATK Bag M 06 ATK Bag L 07 Def Bag S 08 Def Bag M 09 Def Bag L 0A Sp.A Bag S 0B Sp.A Bag M 0C Sp.A Bag L 0D Sp.D Bag S 0E Sp.D Bag M 0F Sp.D Bag L 10 Speed Bag S 11 Speed Bag M 12 Speed Bag L 13 Strength Bag 14 Toughen Up Bag 15 Swiftness Bag 16 Big-Shot Bag 17 Double-Up Bag 18 Team Flare Bag 19 Reset Bag 1A Soothing Bag Form Dex Index Forms follow the same index as used in the pokémon data structure (i.e. first unown form is "A"...) Mega Pokémon have a flag for non-mega form (regardless of gender) and for mega form. Parenthesis indicates how many form flags there are. Unown (28) Deoxys (4) Shaymin (2) Giratina (2) Rotom (6) Shellos (2) Gastrodon (2) Burmy (3) Wormadan (3) Castform (4) Cherrim (2) Deerling (4) Sawsbuck (4) Meloetta (2) Darmanitan (2) Basculin (2) Kyurem (3) Keldeo (2) Thundurus (2) Tornadus (2) Landorus (2) Vivillion (20) Flabebé (5) Floette (6) Florges (5) Pumkaboo (4) Gourgeist (4) Aegislash (2) Xerneas (2) Venusaur (2) Charizard (3) Blastoise (2) Alakazam (2) Gengar (2) Kangaskhan (2) Pinsir (2) Gyarados (2) Aerodactyl (2) Mewtwo (3) Ampharos (2) Scizor (2) Heracross (2) Houndoom (2) Tyranitar (2) Blaziken (2) Gardevoir (2) Mawile (2) Aggron (2) Medicham (2) Manectric (2) Banette (2) Absol (2) Latias (2) Latios (2) Garchomp (2) Lucario (2) Abomasnow (2) Pokémon Bank (application?) data This region is written every time Pokemon Bank saves. It is a copy of first 0x20 bytes of Pokemon Bank savefile (turtle). Maybe this is used to store information of the last application used with the game, but currently no other application that interacts with XY savegame is known. Offset Description 0x00-0x04 Pokemon Bank unique ID? (seems linked to nnid) 0x05-0x08 Unknown (0x00) 0x09-0x0F Unknown, only present in turtle file (0x00 on game's savegame) 0x10-0x14 Bank usage counter backup (previous counter) 0x15-0x18 Bank usage counter 0x19-0x1F Pokemon Bank signature? (always 48CA0A0002000000)
-
You'd need the entire bootrom to see how the keys are initialized, so yeah. The AES key registers are write only, so once they're put in by the bootrom there's no reading them out.
-
fake
-
Nice work! The AES MAC requires the keyscrambler and the AES Engine, which haven't been translated to code (because they rely on hardware not software). XORpad too. You'd need to have a hacked 3DS re-sign it for you.
-
How to edit pokemon back sprites in BW2
Kaphotics replied to valdios1995's topic in ROM - NDS Discussion & Help
http://projectpokemon.org/forums/showthread.php?24589-B2W2-General-ROM-Info /a/0/0/4 ********* sprites (pokegra) replace the sprite and animation files. -
http://destinyknot.tk/
-
There's way too many XORpads due to how the keyY and everything else is made. How the XORpad is created is already known (it uses keys which are currently unobtainable, so they just make the 3DS do it with cfw) - Read more at 3dbrew.
-
(X/Y) Mass Dumper - Enhanced Box Data Viewer
Kaphotics replied to Kaphotics's topic in Saves - Research
To fix it just download & use the private versions instead. (KeySAV) (Mass Dumper) this problem only exists because I hid one textbox in the public version (not because my method was wrong ) So for when you use these two, just enter your language Egg name and dump your blank & keys; from then on, just use the private versions that are linked. -
You are correct, thanks for pointing out these errors! But 1DD00 == 1DE00, since everything has to be a multiple of 0x200
-
The solution is to record another video.
-
Updated the Wiki with checksum notes and a full block map of the save. All that's left to figure out is the hashing regions (which is much harder).
-
Unreleased = unreleased.