Changes

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

The gamecard savegame [[AES|keyslot]] keyY is unique per gamecard. This keyY is unique for every region of each game.

The gamecard savegame [[AES|keyslot]] keyY is unique per gamecard. This keyY is unique for every region of each game. Flags stored in the [[NCSD]] determines the method used to generate this keyY.

All gamecard and NAND/SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The CTR used for gamecard savegames eventually repeats, while NAND/SD savegames don't use a repeating CTR. For the old gamecard CTR method, it repeated every 0x200-bytes. With the new method it repeats at least every 0x1000-bytes, but the exact period isn't known for certain. NAND/SD savegames use a separate CTR method from the gamecard savegames, see the [[extdata]] page regarding extdata encryption.

All gamecard and NAND/SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The CTR used for gamecard savegames eventually repeats, while NAND/SD savegames don't use a repeating CTR. For the old gamecard CTR method, it repeated every 0x200-bytes. With the new method it repeats at least every 0x1000-bytes, but the exact period isn't known for certain. NAND/SD savegames use a separate CTR method from the gamecard savegames, see the [[extdata]] page regarding extdata encryption.

With system version [[2.2.0-4]] the system now uses a different gamecard CTR method, which fixed the above flaw. The CTR seems to repeat in the image but not every 0x200 bytes. The CTR may repeat every 0x1000 bytes. The system uses the new method for titles which have the [[NCSD|CCI]] NVer version set to the [[2.2.0-4]] or above, starting with "Super Mario 3D Land". Prior to that NVer version, the system uses the old 0x200-byte CTR period.

With system version [[2.2.0-4]] the system now uses a different gamecard CTR method, which fixed the above flaw. The CTR seems to repeat in the image but not every 0x200 bytes. The CTR may repeat every 0x1000 bytes. With [[2.2.0-4]] the system checks a [[NCSD]] flag, when it's set the new CTR method is used, otherwise the old method is used. All games released since [[2.2.0-4]] have this flag set.

=== Wear leveling ===

=== Wear leveling ===