Fenor

ok, assuming you didn't mess with your 3ds clock recently you could look at the creation time of the file and see the difference in minutes between the 3ds and the pc and it's done. if we are lucky they use date/hours/minutes. if unlucky millisecond or worse. (i'm not saing to do it now, but when back from the trip) i might have a couple of idea to break the code (0,001% chance but still more than a pure 0)

wich mean it use the timestamp or a random value encrypt the data, i'm more for the timestamp. we then need to know at wich precision it is used (second? millisecond? worse?) do you have a timestamp of when you dumped these xerneas?

have you already tried with a packet injection system? so far we know the pkx format and how the packet is structured to extract the pkx. wich mean that the packe have a structure like [validation not yet breaked][pkx file][end packet] or similar (i didn't really had the time to dig it). my basic idea is that the part that we still have to break might be somthing generated using the other trainer info or server generated info. by using a man in the middle kind of attack we can use a structure like this: pc with both eth (or other network card) and a wireless card in master mode. with the pc routing the traffic we should be able to inject in the packet on the fly our pkm replacing the old pkx. (this might sound confusing and i'm not a native english speaker so if you need some kind of clarification please tell me)