ROM Hack [Release] 3DS_CTR_Decryptor-VOiD

[Ryanrocks462]

http://gbatemp.net/threads/3ds-decryption-key-generator.370630/
this is Team Fail`s release, that gets you the keys
apparently this new release in this thread here gets you the xorpad file (whether or not it uses Team Fail`s code or was written before that, I do not know...) / follow the instruction to acquire it, you still need a 4.5 3DS/XL to actually launch this release
and apparently XOR Tool can decrypt it and ctrtool extracts it...
is it usable to the average user? uhm no, I guess?
but it might just be the first real BIG step into fan translation apparently, since it enables rom decryption

still waiting for some big name to give his statement on this, but It looks realy promising :-)

it does say audio dumps ... omg mk7 rainbow road no kart sound

 

[Kaphotics]

Sounds promising, but I don't have Gateway... Sorry.

Re-read the tutorial. You don't need GW.

"If not using Gateway, place Launcher_NoGW.dat..."

This basically just reads the AES key from the ROM, saves it as a bin, then loads it when the 3DS is running and feeds it to the 3DS's AES engine (which scrambles the keys) in order to generate the decryption XOR data.

 

[gamesquest1]

i thinks its funny his name is "relys"...like release........just sayin

 

[GorTesK]

you do not need a gateway, but still a way to launch the launcher.dat file, hence you need a 4.x 3DS/XL console

 

[gamesquest1]

not sure this kind of stuff will be working in ssspwn.....but who knows

 

[GorTesK]

not sure this kind of stuff will be working in ssspwn.....but who knows

yeh I edited my post, I think, the level of access, which SSSpwn provides, may just not be deep enough, it basically hit me right after posting it... the OT might give us insight on that matter though


edit: basically, do we need kernel access for this or is userland enough?

 

[Snailface]

not sure this kind of stuff will be working in ssspwn.....but who knows

And that's why it was a terrible idea to release it before ssspwn.

 

[gamesquest1]

well if userland was enough....they could run some homebrew in gateway mode and be able to get the XOR pads for 7.x encrypted content.....or just wait for ssspwn, but that kinda makes me think userland is not enough

 

[Deleted User]

Is this the last step for finally hacking .3ds or just getting the keys? 3DSexplorer to extract then XOR-Tool to decrypt then ctr to decrypted files. So does this mean anyone can do this?? http://puu.sh/baAIj/ec0b7f0050.png

If so, I'm getting a 3ds.

 

[SonyUSA]

yeh I edited my post, I think, the level of access, which SSSpwn provides, may just not be deep enough, it basically hit me right after posting it... the OT might give us insight on that matter though


edit: basically, do we need kernel access for this or is userland enough?

No, Smea's work will not give you access to the CPU you need to run decryption.

 

[GorTesK]

Is this the last step for finally hacking .3ds or just getting the keys? 3DSexplorer to extract then XOR-Tool to decrypt then ctr to decrypted files. So does this mean anyone can do this??

anyone with a 4.5 DS/XL and not the final step to hacking the 3DS but to encrypting the ROMS, meaning, that fans can do translations
however, there hasn`t been a statement yet on ENCRYPTING them again, so we can actually use the changed roms


edit:

No, Smea's work will not give you access to the CPU you need to run decryption.

that was not my question, re-read it again

 

[gamesquest1]

well im pretty sure you could just re-encrypt using the zero key like bbb did with the gameboy VC

 

[windwakr]

After looking at the files, I think the nfo means the gateway rop loader, not a gateway cart itself. Looks like launcher.dat is encrypted for the gateway loader, and launcher_nogw.dat has no encryption.

Neat, time to test it.

 

[Cyan]

Thanks for including the sources (as it's based on other open sources scripts, it's normal, but there's even few more examples included).
I don't know who sbJFn5r is, never seen him before.

There even a MsetForBoss.dat
Snailface gave the trick to use that name instead of launcher.dat
edit: looks like it was first introduced by wintermute's ROP Loader.


spf180: it means you can decrypt and extract files from ROMs.
not really the "last step", as you would need to re-encrypt it to make anything with it (repack/translation/hack,etc.)
edit: 'd

 

[GorTesK]

well im pretty sure you could just re-encrypt using the zero key like bbb did with the gameboy VC

hope so, would make it easier, but are you sure VC encryption and 3DS ROM encryption is handled the same way? I would doubt it just by instict, because that would be so unreasonably stupid ... :/

 

[Deleted User]

.... however, there hasn`t been a statement yet on ENCRYPTING them again, so we can actually use the changed roms ....

Couldn't you modify the source of Team Fail and VOiD's program to encrypt them again?

 

[gamesquest1]

hope so, would make it easier, but are you sure VC encryption and 3DS ROM encryption is handled the same way? I would doubt it just by instict, because that would be so unreasonably stupid ... :/

3ds encryption is the same for 3ds roms/VC......bbb used the zerokey encryption that gateway enabled to allow homebrew to re-encrypt the edited VC titles

 

[Cyan]

to encrypt, you need the private key, only Nintendo has it. It's not encrypted using the private key, but the XOR key. Might be able to re-encrypt the data using that same key.
But if Gateway allow running games with a zero'd key, then that will work too.

 

[SirByte]

So didn't we get a while ago when someone was contemplating starting a 3DS emulator the argument "yah n00b dah romz ares encriptid and y00 needz dah hardware keyscrambler"?

It would seem to me that removing any dependency on actual hardware brings emulation a (tiny) step closer.

 

[GorTesK]

3ds encryption is the same for 3ds roms......bbb used the zerokey encryption that gateway enabled to allow homebrew to re-encrypt the edited VC titles

oh okay, forgot, that gateway allowed zero`ed keys