can you explain how to do with the keyPretty sure one of these two here are the decryption keys
2f5cc655-8aab-4254-be0e-5c60c33e20cc
82ba9091-515f-4f56-aa05-8e7af5dfbfbc
Test em and try
can you explain how to do with the keyPretty sure one of these two here are the decryption keys
2f5cc655-8aab-4254-be0e-5c60c33e20cc
82ba9091-515f-4f56-aa05-8e7af5dfbfbc
Test em and try
Would like to see some progress here
Considering how fast Pokemon Shuffle was "hacked" lolSame. But I really don't think it will take much time given its Free-to-Play and also Pokemon.
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace PqCrypt
{
public static class Program
{
public static readonly byte[] Key = Encoding.UTF8.GetBytes("C7PxX4jPfPQ2SmzB");
public static readonly byte[] Iv = Encoding.UTF8.GetBytes("nSdhdc3ecDDEM7fA");
public static readonly byte[] ChecksumKey = Encoding.UTF8.GetBytes("chikuwa-hanpen");
public static readonly int SaveLength = 0x80000;
static void Main(string[] args)
{
if (args.Length != 3)
{
PrintUsage();
return;
}
switch (args[0])
{
case "d":
var encSave = File.ReadAllBytes(args[1]);
File.WriteAllBytes(args[2], DecryptSave(encSave));
break;
case "e":
var decSave = File.ReadAllBytes(args[1]);
File.WriteAllBytes(args[2], EncryptSave(decSave));
break;
default:
PrintUsage();
return;
}
}
private static void PrintUsage()
{
Console.WriteLine("Usage: pqdecrypt d <enc_save_in> <dec_save_out>");
Console.WriteLine(" pqdecrypt e <dec_save_in> <enc_save_out>");
}
private static byte[] EncryptSave(byte[] save)
{
// Recalculate hash
var hash = new HMACSHA256(ChecksumKey);
var checksum = hash.ComputeHash(save, 0x38, save.Length - 0x38);
Array.Copy(checksum, 0, save, 0x14, 0x20);
// Encrypte head and body chunks
var encryptedLength = save.Length + 15 & ~0xF;
var head = Encrypt(BitConverter.GetBytes(encryptedLength), 0, 4);
var body = Encrypt(save, 0, save.Length);
// Concat the 2 chunks
var encrypted = new byte[SaveLength];
Array.Copy(head, encrypted, 16);
Array.Copy(body, 0, encrypted, 16, body.Length);
return encrypted;
}
private static byte[] DecryptSave(byte[] saveEnc)
{
var length = BitConverter.ToInt32(Decrypt(saveEnc, 0, 16), 0);
return Decrypt(saveEnc, 16, length);
}
private static byte[] Encrypt(byte[] data, int index, int length)
{
using (var aes = Aes.Create())
using (var encryptor = aes.CreateEncryptor(Key, Iv))
return Transform(data, index, length, encryptor);
}
private static byte[] Decrypt(byte[] data, int index, int length)
{
using (var aes = Aes.Create())
using (var decryptor = aes.CreateDecryptor(Key, Iv))
return Transform(data, index, length, decryptor);
}
private static byte[] Transform(byte[] data, int index, int length, ICryptoTransform decryptor)
{
using (var ms = new MemoryStream())
using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
{
cs.Write(data, index, length);
cs.FlushFinalBlock();
return ms.ToArray();
}
}
}
}
This was shared in the Reswitched Discord
https://gist.github.com/Thealexbarney/b3f39f546f80a6f5317478ebcf3d4a5d
PqCrypt.exe d <path to your encrypted save file> <output path for the decrypted file>
Example: PqCrypt.exe d C:\Users\xxxxx\Desktop\folder\user C:\Users\xxxxx\Desktop\folder\decrypteduser
PqCrypt.exe e <path to your edited decrypted save file> <output path for the edited encrypted file>
Example: PqCrypt.exe e C:\Users\xxxxx\Desktop\folder\decrypteduser C:\Users\xxxxx\Desktop\folder\user
I compiled it a couple of hours ago and it seems to be working. I was trying to figure out the hex structure.
I can see my Pokémon names in the hex file. Unfortunately I have no idea of what to edit yet. Is there any template for 010 Editor?
I dumped my save via Checkpoint too. I would share it, but since I shilled out for all of the dlc, I'm not sure what would occur if someone that doesn't have dlc were to inject the save file onto their system...Unfortunately, right now I only have Ubuntu on my system. Installing a Virtual Win7 system now. In the meantime, here are a couple dumped saves using Checkpoint. 1 has 140 Tickets, 2 has 90, taken 2 minutes apart. Should be minimal changes between the two.
I dumped my save via Checkpoint too. I would share it, but since I shilled out for all of the dlc, I'm not sure what would occur if someone that doesn't have dlc were to inject the save file onto their system...
Unfortunately, right now I only have Ubuntu on my system. Installing a Virtual Win7 system now. In the meantime, here are a couple dumped saves using Checkpoint. 1 has 140 Tickets, 2 has 90, taken 2 minutes apart. Should be minimal changes between the two.
I don't have that address on my old file backup, uhm...
Maybe the value is moved down by the number of Pokémon and items you have stored, so it's not a fixed address.
Perfect! I think I found the place where tickets are stored.
140 Decimal = 8C Hexadecimal
90 Decimal = 5A Hexadecimal
EDIT: Seems like your save file is very different from mine. What region is your game?
Just tried it with mono on macOS, unfortunately, while the app compiles and runs, it doesn't provide proper output. The decrypted files are cut off at about 11KB.Thank you for the info! Here's the compiled version and a tutorial. (only for Windows atm)
1. Download this file.
2. Put the PqCrypt.exe in a folder with your save file.
3. Shift and Right-Click on an empty space in the folder.
4. Click open command prompt here.
5. Write this in the command line:
6. Edit the decrypted file with a Hex editor.
7. Encrypt it like this:
8. Inject it with any save file manager
9. Done!