Talk:3DSExplorer

Active discussions

Now I figured that I didn't explain the target of this app... It's suppose to be an Explorer like program to see inside the different filesystems that the 3ds has. Now it's the ExeFS, RomFS and SAVE. As knownledge keep flowing i'll continue to develop the application. With the goal of making a full functional drag&drop file explorer for image files. --Elisherer 18:35, 15 September 2011 (CEST)

It fails showing the tmd file content. Have you finshed working on this feature?--Lazymarek9614 15:49, 20 September 2011 (CEST)

No, I don't have time to work on it..it's not interesting enough --Elisherer 15:36, 21 September 2011 (CEST)
Yeah, the 3DS doesn't care when the tmd file was modified... it's not useful for hacking.--Lazymarek9614 21:09, 21 September 2011 (CEST)

I downloaded the sources,but I can't find Save.cs and reference "System.Development". Matyapiro31

You are right... I fixed it.. notice that the source is not the released version it has some experimental stuff in it... --Elisherer 10:53, 30 September 2011 (CEST)

Do you know Mono Develop? You can release it as multi-patform,such as Linux,Machitosh,etc.

I did not know that until now. But I don't have time to make the transition. I'm happy with VS2008 and it's relatively easy to make changes and new features for the app. The source is open and you can make a linux port if you want. --Elisherer 18:16, 30 September 2011 (CEST)
You need no change.mono can run c# program like Java VM. Matyapiro31
I tried to compile it,but That was old one,and there is "System.development."
This says that I need to fix stuff after I convert my project. and then work with the mono app which I don't find very convinient... and about the reference I don't know what it's about..I don't know a namespace called System.Development --Elisherer 17:42, 2 October 2011 (CEST) (P.s you can sign your messages with the quick signature button or 4 tildes: '~' 4 times)

lblBrew_Click() had no exception handler,

you have to change this method in fmExplorer.cs to

   private void lblBrew_Click(object sender, EventArgs e)
       {
           try
           {
               System.Diagnostics.Process.Start(lblBrew.Text);
           }
           catch (Exception ex)
           {
               MessageBox.Show("Cannot open link that was clicled.\n"+ ex.Message);
           }
       }

Matyapiro31

The algorithm for the Image Hash might be either MD2 or MD4. I found out by using HxD and Notepad. --Kiddyshaq34

Ok, but of what? (i know it's suppose to be 128 bit) And why not MD-5? --Elisherer 07:10, 9 October 2011 (CEST)
Because MD5 is longer and the Image Hash has the same number of bytes as MD2 and MD4.
MD2, 4 & 5 are all 128bit which is 0x10 bytes... --Elisherer 20:28, 9 October 2011 (CEST)
Oh, I've forgotten about MD5. You are right.

3DS include RSA Securuty 's BSafe

from 3DS manual. Matyapiro31

Thanks Matyapiro31 but I think RSA is used for encryption and *not* hashing. So the RSA might be used for ROMs and WiFi... --Elisherer 14:48, 9 October 2011 (CEST)

あほ。RSA BSafe support all security method.See this.

I cannot find English version,sorry. Matyapiro31

I guess if you mean this then the digest algorithms are the ones that we know of..we havn't tried HMAC yet or CNG but from experience we see that nintendo uses regular digest algorithms like CRC16-Modbus and SHA-256. I'll add the HMAC ones to the brute force hash tool to see if it finds something... --Elisherer 22:36, 12 October 2011 (CEST)

I've tried to decrypt 'Super Mario 3D Land' but your tool shows me an 'Corrupt Save File' error.--Lazymarek9614 18:36, 18 November 2011 (CET)

Corrupted save file might be from 2 reasons: * Size is not right (128K or 512k) * CRC on wearleveling wrong. Both problems occur from NDS adapter plus malfunctioning...try blowing on the cart and the adapter and download the savefile again... --Elisherer 20:16, 18 November 2011 (CET)
I actually don't use the useless NDS Adapter Plus, but I used DSM and I've tried it two times (always the same data).. I hope Nintendo doesn't use a new encryption now! Shall I send you the sav file?--Lazymarek9614 20:27, 18 November 2011 (CET)
Yes please, I could check it within the application... --Elisherer 20:35, 18 November 2011 (CET)
Have you found anything?--Lazymarek9614 21:25, 18 November 2011 (CET)
No..it's seems that the key found isn't the right key (even that it appears 4 times in the file). we need to figure out how to decrypt the save files without searching blindly for the key. --Elisherer 21:33, 18 November 2011 (CET)
I got an idea. Xor the image's 0x100-0x103 with every (0x200 block)'s 0x100-0x103 to see if it produces 'DISA' ..it should work with the already known files and might be faster to find. i'll try it tomorrow.. --Elisherer 21:40, 18 November 2011 (CET)
Mind linking to a SM3DL save here so I could look at it?(Btw, you're not looking for a "key", you're looking for an AES-CTR xorpad.) --Yellows8 06:03, 22 November 2011 (CET)
I'll ask for permission. In the meanwhile, can we talk about it at n-dev.net? I made a thread there. --Elisherer 16:26, 22 November 2011 (CET)
Yes, you can share them!--Lazymarek9614 17:24, 22 November 2011 (CET)
Catch the files on my server http://www.sherer.co.il/saves (Super Mario 3D Land).--Elisherer 17:43, 22 November 2011 (CET)
I'm stumped too. Since some chunks of data appears several times in these saves, in theory the CTR should still be repeating.(CTR seems to repeat >0x200 bytes now, not sure.) Didn't really manage to decrypt much via xor. --Yellows8 22:08, 22 November 2011 (CET)
I would guess they finally fixed the bug that limited the xor stream to just 0x200 bytes repeating, and now it behaves more like the data saved to SD cards? --Neimod 01:30, 25 November 2011 (CET)
But you can see that same blocks share the same xorpad in the file...the DISA header is in the file 4 times and encrypted the same all the 4 times.. so the key may not repeat but maybe every block has it's own xorpad based on its offset in the image (my speculation) --Elisherer 09:02, 25 November 2011 (CET)

*FS#.bin decrypt

Maybe I found the key: I think it's the unknown value at Rom. It's 16 characters long. When I use it, it doesn't give a error or something. --Gericom 16:06, 12 December 2011 (CET)

Extracting Data Files?

Hello! I'm SuperMario64DS, I hack Mario Kart Wii & The Super Mario Galaxy 1 & 2 ( Co-creator of the BDL Editor!). Okay, so I was wondering about extracting files from a 3DS ROM; can the program do that? I think I heard some where that it can decrypt 3DS ROMS and veiw their filesystem, is this true? And if not, will his feature be added? And if so, will an option to extract files from a ROM be added? I've been looking into studying Mario Kart 7's formats, and to see how to game works. --SuperMario64DS, 04:43, 20 December 2011 (CET)

As soon as you get the 3ds common key we could decrpyt the romfs & exefs from the CXIs and then learn the file system... We could however have your help in understanding the CGFX format which has 3d models in it. --Elisherer 07:22, 20 December 2011 (CET)
Well how faraway would you say we are from decrypting 3DS ROMs? I'd REALLY like to see inside of Mario Kart 7, I know it uses Yaz0, so it can be de-coded. 1: How might we find the decryption key? And 2: How much more longer do you think it will be until we can extract a 3DS ROM's file system? It would be really helpful. -- SuperMario64DS, 16:34, 20 December 2011 (CET)
We are VERY far. (but then again it could happen any day). Nintendo was smart enough to use AES-CTR which is a very strong encryption which can't be cracked even if you have encrypted and decrypted data (and even the initialization vector) you basicly need the key and it's far inside the 3ds (maybe even coded in hardware and not just inside the 3ds flash). So unless we were told what the key is I don't see us getting anywhere. For now, we do what we can. --Elisherer 18:29, 20 December 2011 (CET)