3dbrew - User contributions [en]

Main Page/Navigation

2011-05-01T23:29:45Z

Erant:

{{Main page box|Navigation|Main Page/Navigation}}
<div style="margin: -.3em -1em -1em -1em;">
{| width="100%" bgcolor="#fff" border="0" cellpadding="2px" cellspacing="2px" style="margin:auto;"
|- align="center" bgcolor="#e7eef6"
! width="33%" | '''General'''
! width="34%" | '''3DS hardware'''
! width="33%" | '''3DS software'''
|- valign="top" style="background: #F5FAFF;"
|
*[[Glossary]]
*[[FAQ]]
*[[Friend code]]
|
*[[Hardware]]
*[[Gamecards]]
|
*[[Nintendo Software]]
*[[File Formats]]
*[[Title list]]
*[[Title metadata]]
*[[SD Filesystem]]
*[[Flash Filesystem]]
*[[Bootloader]]
*[[Savegames]]
|}
</div>
{{box-footer-empty}}

User talk:Erant

2011-05-01T16:30:10Z

Erant:

Why did you delate my change?
I tryed to crash the game,but nothing happened.
So I reported.Though you don't like my edit,There are no meaning to delate the stuf.
And I may know how you search a game exploit.
write long name string or high score input,
and controll PC register.
jump to the address input you want to execute,then boot a bootloader.
bootloader reads data from SD card,which to run homebrew.
foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool.

I completely agree with the above user. Why so basement? --[[User:Matthew|Matthew]] 05:32, 26 April 2011 (CEST)

The post was uninformed, contained grammatical errors, and was downright wrong. The 3DS flash save games are wearleveled, partitioned and have filesystems. Simply changing a string in a savegame invalidates the wearleveling checksum, the partition checksums and the filesystem checksum. The post added no meaningful information to the wiki, and would have opened the floodgates to other people trying to simply extend a string in the hopes of crashing a game.

Savegames

2011-04-23T15:21:56Z

Erant: /* Partitions */

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done through the usage of blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

The blockmap structure is simple:
<pre>
struct header_entry {
uint8_t chksums[8];
uint8_t phys_sec;
uint8_t alloc_cnt;
} __attribute__((__packed__));
</pre>

The journal structure is as follows:
<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
}__attribute__((__packed__));
</pre>

With magic being a constant 0x080d6ce0.

=== Partitions ===

There can be multiple partitions on the chip. For some games one is a backup partition, some other games seem to use only one partition, yet other games actually use multiple partitions. Partitions are defined at the start of the de-wearleveled blob. At offset 0x200 into the image, the DIFI blobs start. These 0x130 large blobs describe the partitions. Every DIFI blob describes a partition. In order to find the partitions, you will need the uint32_t at 0x9C into the DIFI blob, and the uint32_t at 0xA4. The uint32_t at 0x9C describes the length of the hash table at the start of the partition, the uint32_t at 0xA4 is the length of the filesystem. Partitions are catted together, so the end of one partition is the beginning of the next. The first partition starts at 0x2000. The hashtable at the start of the partitions describe each in-use block in the partition with a SHA256 of the 0x1000 sized block.

The hash in the DISA blob hashes 300 bytes of the first DIFI blob.

=== Filesystem ===

Savefiles are stored on the FLASH in a custom filesystem called SAVE. SAVE has a header which describes where the various bits of the filesystem live. The most important is the FST or filesystem table. You can find the FST by first finding the file base offset which is the offset to which all the entries in the FST are relative. The file base offset is a uint16_t at 0x58 from the filesystem start. The FST offset is a uint32_t at 0x6C and is in blocks (which are 0x200 bytes large).

Once you've found the FST, parsing it is fairly straightforward.

<pre>
struct fs_entry {
u32 node_cnt;
u8 filename[0x10];
u32 index;
u32 unk1; // magic?
u32 block_offset;
u32 file_size;
u32 unk2;
u32 unk3; // flags and/or date?
u32 unk4;
}
</pre>

The first entry is the root directory, easily identifiable by the node_cnt being larger than 1. The node_cnt includes the root directory itself, so there are node_cnt - 1 files in the root directory. The entries that follow after the root directory are the actual files. Reading them out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.

Example from Super MonkeyBall 3D:
<pre>
0003800: 04000000 21000000 00000000 00000000 ....!...........
0003810: 00000000 00000000 00000000 00000000 ................
0003820: 00000000 00000000 00000000 00000000 ................
0003830: 01000000 736d6233 64732e64 61740000 ....smb3ds.dat..
0003840: 00000000 00000000 d57b1100 05000000 .........{......
0003850: e4060000 00000000 c8cf0008 00000000 ................
0003860: 01000000 6d677265 706c6179 30302e64 ....mgreplay00.d
0003870: 61740000 01000000 d57b1100 09000000 at.......{......
0003880: 1c210000 00000000 cd331000 00000000 .!.......3......
0003890: 01000000 6d677265 706c6179 30312e64 ....mgreplay01.d
00038a0: 61740000 02000000 d57b1100 1a000000 at.......{......
00038b0: 1c210000 00000000 00000000 00000000 .!..............
</pre>
[[セーブデータ|Japanese]]

3DS System Flaws

2011-04-23T15:07:48Z

Erant: /* Database */

==What exploits are==
==How to search an exploit==
==Database==

Gamecards

2011-04-22T17:56:51Z

Erant:

[[File:Gamecard.jpg|thumb|right|A 3DS gamecard]]
[[File:GamecardPhy.jpg|thumb|right|Close-up of PCB]]

===Physical interface===
The 3DS gamecards have the same physical interface as regular DS and DSi gamecards. There is only a minor cosmetic difference in the plastic case, which has a small extruding notch on the top-right side. As such, it prevents insertion of the gamecard into old Nintendo DS or DSi systems.

When modifying the case so that the 3DS gamecard fits in a DS or DSi system, those systems will refuse to detect the gamecard and show no banner icon.

{| class="wikitable" border="1"
|-
! Pin
! Name
! Description
|-
| 1
| GND
| Ground
|-
| 2
| CLK
| Clock. Frequencies 6.7MHz and 4.2MHz, 16.6MHz for SPI communication.
|-
| 3
| NC
| Not connected. Possibly used to program cards.
|-
| 4
| RCS
| ROM select, active low. Pulled low to start a ROM transfer.
|-
| 5
| RST
| Reset, active low.
|-
| 6
| ECS
| Savegame chip select, active low. Pulled low to start a savegame SPI transfer.
|-
| 7
| IRQ
| Removal detection.
|-
| 8
| VCC
| Powersupply 3.3V.
|-
| 9
| DAT0
| Bidirectional data bus.
|-
| 10
| DAT1
| Bidirectional data bus.
|-
| 11
| DAT2
| Bidirectional data bus.
|-
| 12
| DAT3
| Bidirectional data bus.
|-
| 13
| DAT4
| Bidirectional data bus / pin NC to savegame chip
|-
| 14
| DAT5
| Bidirectional data bus / pin WP# to savegame chip
|-
| 15
| DAT6
| Bidirectional data bus / SPI data from savegame chip.
|-
| 16
| DAT7
| Bidirectional data bus / SPI data to savegame chip.
|-
| 17
| GND
| Ground
|}

===SPI flash===
So far, only one savegame FLASH chip has been identified. The chip identifies as a 0xC22211. The JEDEC manufacturer ID is Macronix, and despite the chip label saying 25L1001, the JEDEC ID matches the MX25L1021E. Datasheet at: http://www.macronix.com/QuickPlace/hq/PageLibrary4825740B00298A3B.nsf/h_Index/3F21BAC2E121E17848257639003A3146/$File/MX25L1021E,%203V,%201Mb,%20v0.01.pdf. However, the MX25L1021E doesn't support the 4 bit wide transmission that the 3DS uses to talk to the SPI flash. It is thus likely that this is a custom flash chip.

===Protocol===
The communication protocol between the 3DS system and the 3DS gamecard has changed almost completely in comparison with the DS and DSi gamecard communication protocol.

After the sixth transfer, commands change size from 8 bytes to 16 bytes. Possibly a new encryption is used, such as AES CTR.

Here's a set of sample gamecard commands that a 3DS sends to a 3DS gamecard:

{| class="wikitable" border="1"
|-
! Size
! Command
! Description
|-
|2000
|9F00000000000000
| Reset
|-
|0000
|71C93FE9BB0A3B18
| Unknown
|-
|0004
|9000000000000000
| Get gamecard ID, response=9000FEC2
|-
|0004
|9000000000000000
| Get gamecard ID, response=9000FEC2
|-
|0004
|A000000000000000
| Unknown, response=00000000
|-
|0000
|3E00000000000000
| Enter 16-byte command mode.
|-
|07EC
|82000000000000000000000000000000
| Get header
|-
|05E3
|F32C92D85C9D44DED3E0E41DBE7C90D9
| Encrypted, unknown
|-
|0332
|696B9D8582FB55D31B68CAFE70C74A95
| Encrypted, unknown
|-
|0332
|BAA4812CA0AC9C5D19399530E3ACCCAB
| Encrypted, unknown
|-
|032E
|178E427C22D87ADB86387249A97D321A
| Encrypted, unknown
|-
|0332
|E06019B1BD5C9130ED6A4D9F4A9E7193
| Encrypted, unknown
|-
|0332
|4E0D224862523BBFE2E6255F80E15F37
| Encrypted, unknown
|-
|0332
|4CDF93D319FB62D0DB632A45E3E8D84C
| Encrypted, unknown
|-
|0332
|9AA5D80551002F955546D296A57F0FEF
| Encrypted, unknown
|-
|0332
|C12BA81AEF30DDDBD93FAD5D544C6334
| Encrypted, unknown
|-
|0532
|62EC5FB7F420AE1DC6253AE18AFA5BB3
| Encrypted, read address 0
|-
|0332
|E3FA23AA016BE0C93430D1F42FF41324
| Encrypted, read address 0x4000
|}

The header command has some initial dummy bytes, and eventually responds with a 0x200 byte header. Here's an example for Lego Starwars 3:
0000000: 00 8c 03 00 00 00 04 00 00 00 00 00 00 00 00 00 ................
0000010: b3 cf fb c6 6a b1 cb 20 32 af ce 35 d4 1c 74 c9 ....j.. 2..5..t.
0000020: 8e 6b 27 2f 08 01 28 3b d4 30 de 44 37 f5 b0 46 .k'/..(;.0.D7..F
0000030: 91 59 d7 38 33 48 df 83 fd 71 84 2c 00 00 00 00 .Y.83H...q.,....
0000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000100: 4e 43 43 48 7a 7f 0e 00 00 8c 03 00 00 00 04 00 NCCHz...........
0000110: 36 34 02 00 00 00 00 00 00 8c 03 00 00 00 04 00 64..............
0000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000150: 43 54 52 2d 50 2d 41 4c 47 50 00 00 00 00 00 00 CTR-P-ALGP......
0000160: 0c 27 e3 c1 de 7b 2a e2 d3 11 4f 32 a4 ee bf 46 .'...{*...O2...F
0000170: 9a fd 0c f3 52 c1 1d 49 84 c2 a9 f1 d2 14 4c 63 ....R..I......Lc
0000180: 00 04 00 00 00 00 00 00 00 00 00 00 01 03 00 00 ................
0000190: 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00001a0: 06 00 00 00 1c 0a 00 00 01 00 00 00 00 00 00 00 ................
00001b0: 22 0a 00 00 58 75 0e 00 01 00 00 00 00 00 00 00 "...Xu..........
00001c0: 13 0c 04 26 15 f6 47 c4 c6 32 25 ea 9e 67 f8 a2 ...&..G..2%..g..
00001d0: 7b 15 24 6b 88 fb c7 a9 27 25 7b 84 97 7b 78 7b {.$k....'%{..{x{
00001e0: a6 5b ee 10 60 bb 6a 68 21 bb ce c6 00 03 5b 7e .[..`.jh!.....[~
00001f0: 64 fb 6e ac a7 f0 96 0c fb 1f 5a 37 08 77 28 f7 d.n.......Z7.w(.

Games

2011-04-19T14:40:56Z

Erant:

This is a page to browse game title and data.
Feel free to write here.

The other way to use this page, is hacking with the data.
{| class="wikitable" border="1"
|-
! width="32%" | Title
! width="23%" | Serial
! width="5%" | EUR
! width="5%" |USA
! width="5%" |JPN
! width="5%" |ROM Size
! width="5%" |FLASH Size
! width="5%" |FLASH ID
! width="5%" |FLASH Chip #
! width="10%" | Get here
|-
| Ridge Racer 3D
| LNA-CTR-ARRP
| Yes
| Yes
| Yes
| 8GBit
| 512kByte
| 0xC22213
| 25L4001
| ?
|-
| Lego Star Wars III: The Clone Wars
| LNA-CTR-ALGP
| Yes
| Yes
| No
| 4GBit
| 128kByte
| 0xC22211
| 25L1001
| ?
|-
| Ton Clancy's Ghost Recon:Shadow Wars
| LNA-CTR-AGRP
| Yes
| ?
| No
| 2GBit
| 128kByte
| 0xC22211
| 25L1001
| ?
|-
| Raving Rabbids: Travel in Time 3D
| LNA-CTR-ARBJ
| ?
| Yes
| Yes
| ?
| 128kByte
| 0xC22211
| 25L1001
| [http://dl.dropbox.com/u/7830918/3DS%20Upload/decrypted.bin de]/[http://dl.dropbox.com/u/7830918/3DS%20Upload/encrypted.bin en]
|-
| The Sims 3
| LNA-CTR-AS3P
| Yes
| ?
| ?
| 4GBit
| 512kByte
| 0xC22213
| 25L4001
| ?
|-
| Super Monkey Ball 3D
| LNA-CTR-ASMP
| Yes
| ?
| ?
| 2GBit
| 128kByte
| 0xC22211
| 25L1001
| ?
|-
| Splinter Cell 3D
| LNA-CTR-ASCP
| Yes
| ?
| ?
| ?
| 128kByte
| 0xC22211
| 25L1001
| ?
|-
| Super Street Fighter IV - 3D Edition
| LNA-CTR-ASSP
| Yes
| ?
| ?
| ?
| 128kByte
| 0xC22211
| 25L1001
| ?
|-
| Pilotwings Resort
| LNA-CTR-AWAP
| Yes
| Yes
| Yes
| ?
| 128kByte
| 0xC22211
| 25L1001
| ?
|}

Games

2011-04-19T14:23:34Z

Erant:

Savegames

2011-04-15T03:28:23Z

Erant: /* Partitions */

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

The blockmap structure is simple:
<pre>
struct header_entry {
uint8_t chksums[8];
uint8_t phys_sec;
uint8_t alloc_cnt;
} __attribute__((__packed__));
</pre>

The journal structure is as follows:
<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
}__attribute__((__packed__));
</pre>

With magic being a constant 0x080d6ce0.

=== Partitions ===

There can be multiple partitions on the chip. For some games one is a backup partition, some other games seem to use only one partition, yet other games actually use multiple partitions. Partitions are defined at the start of the de-wearleveled blob. At offset 0x200 into the image, the DIFI blobs start. These 0x130 large blobs describe the partitions. Every DIFI blob describes a partition. In order to find the partitions, you will need the uint32_t at 0x9C into the DIFI blob, and the uint32_t at 0xA4. The uint32_t at 0x9C describes the length of the hash table at the start of the partition, the uint32_t at 0xA4 is the length of the filesystem. Partitions are catted together, so the end of one partition is the beginning of the next. The first partition starts at 0x2000. The hashtable at the start of the partitions describe each in-use block in the partition with a SHA256 of the 0x1000 sized block.

=== Filesystem ===

Savefiles are stored on the FLASH in a custom filesystem called SAVE. SAVE has a header which describes where the various bits of the filesystem live. The most important is the FST or filesystem table. You can find the FST by first finding the file base offset which is the offset to which all the entries in the FST are relative. The file base offset is a uint16_t at 0x58 from the filesystem start. The FST offset is a uint32_t at 0x6C and is in blocks (which are 0x200 bytes large).

Once you've found the FST, parsing it is fairly straightforward.

<pre>
struct fs_entry {
u32 node_cnt;
u8 filename[0x10];
u32 index;
u32 unk1; // magic?
u32 block_offset;
u32 file_size;
u32 unk2;
u32 unk3; // flags and/or date?
u32 unk4;
}
</pre>

The first entry is the root directory, easily identifiable by the node_cnt being larger than 1. The node_cnt includes the root directory itself, so there are node_cnt - 1 files in the root directory. The entries that follow after the root directory are the actual files. Reading them out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.

Example from Super MonkeyBall 3D:
<pre>
0003800: 04000000 21000000 00000000 00000000 ....!...........
0003810: 00000000 00000000 00000000 00000000 ................
0003820: 00000000 00000000 00000000 00000000 ................
0003830: 01000000 736d6233 64732e64 61740000 ....smb3ds.dat..
0003840: 00000000 00000000 d57b1100 05000000 .........{......
0003850: e4060000 00000000 c8cf0008 00000000 ................
0003860: 01000000 6d677265 706c6179 30302e64 ....mgreplay00.d
0003870: 61740000 01000000 d57b1100 09000000 at.......{......
0003880: 1c210000 00000000 cd331000 00000000 .!.......3......
0003890: 01000000 6d677265 706c6179 30312e64 ....mgreplay01.d
00038a0: 61740000 02000000 d57b1100 1a000000 at.......{......
00038b0: 1c210000 00000000 00000000 00000000 .!..............
</pre>
[[セーブデータ|Japanese]]

Savegames

2011-04-15T03:02:41Z

Erant: /* Partitions */

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

The blockmap structure is simple:
<pre>
struct header_entry {
uint8_t chksums[8];
uint8_t phys_sec;
uint8_t alloc_cnt;
} __attribute__((__packed__));
</pre>

The journal structure is as follows:
<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
}__attribute__((__packed__));
</pre>

With magic being a constant 0x080d6ce0.

=== Partitions ===

There can be multiple partitions on the chip. For some games one is a backup partition, some other games seem to use only one partition, yet other games actually use multiple partitions. Partitions are defined at the start of the de-wearleveled blob. At offset 0x200 into the image, the DIFI blobs start. These 0x130 large blobs describe the partitions. Every DIFI blob describes a partition. In order to find the partitions, you will need the uint32_t at 0x9C into the DIFI blob, and the uint32_t at 0xA4. The uint32_t at 0x9C describes the length of the hash table at the start of the partition, the uint32_t at 0xA4 is the length of the filesystem. Partitions are catted together, so the end of one partition is the beginning of the next. The first partition starts at 0x2000. The hashtable at the start of the partitions describe each block in the partition with a SHA256 of the 0x1000 sized block.

=== Filesystem ===

Savefiles are stored on the FLASH in a custom filesystem called SAVE. SAVE has a header which describes where the various bits of the filesystem live. The most important is the FST or filesystem table. You can find the FST by first finding the file base offset which is the offset to which all the entries in the FST are relative. The file base offset is a uint16_t at 0x58 from the filesystem start. The FST offset is a uint32_t at 0x6C and is in blocks (which are 0x200 bytes large).

Once you've found the FST, parsing it is fairly straightforward.

<pre>
struct fs_entry {
u32 node_cnt;
u8 filename[0x10];
u32 index;
u32 unk1; // magic?
u32 block_offset;
u32 file_size;
u32 unk2;
u32 unk3; // flags and/or date?
u32 unk4;
}
</pre>

The first entry is the root directory, easily identifiable by the node_cnt being larger than 1. The node_cnt includes the root directory itself, so there are node_cnt - 1 files in the root directory. The entries that follow after the root directory are the actual files. Reading them out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.

Example from Super MonkeyBall 3D:
<pre>
0003800: 04000000 21000000 00000000 00000000 ....!...........
0003810: 00000000 00000000 00000000 00000000 ................
0003820: 00000000 00000000 00000000 00000000 ................
0003830: 01000000 736d6233 64732e64 61740000 ....smb3ds.dat..
0003840: 00000000 00000000 d57b1100 05000000 .........{......
0003850: e4060000 00000000 c8cf0008 00000000 ................
0003860: 01000000 6d677265 706c6179 30302e64 ....mgreplay00.d
0003870: 61740000 01000000 d57b1100 09000000 at.......{......
0003880: 1c210000 00000000 cd331000 00000000 .!.......3......
0003890: 01000000 6d677265 706c6179 30312e64 ....mgreplay01.d
00038a0: 61740000 02000000 d57b1100 1a000000 at.......{......
00038b0: 1c210000 00000000 00000000 00000000 .!..............
</pre>
[[セーブデータ|Japanese]]

Savegames

2011-04-12T15:26:14Z

Erant: /* Partitions */

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

The blockmap structure is simple:
<pre>
struct header_entry {
uint8_t chksums[8];
uint8_t phys_sec;
uint8_t alloc_cnt;
} __attribute__((__packed__));
</pre>

The journal structure is as follows:
<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
}__attribute__((__packed__));
</pre>

With magic being a constant 0x080d6ce0.

=== Partitions ===

There can be multiple partitions on the chip. For some games one is a backup partition, some other games seem to use only one partition, yet other games actually use multiple partitions. Partitions are defined at the start of the de-wearleveled blob. At offset 0x200 into the image, the DIFI blobs start. These 0x130 large blobs describe the partitions. Every DIFI blob describes a partition. In order to find the partitions, you will need the uint32_t at 0x9C into the DIFI blob, and the uint32_t at 0xA4. The uint32_t at 0x9C describes the beginning of the filesystem from the base of the partition, the uint32_t at 0xA4 is the length of the filesystem. Partitions are catted together, so the end of one partition is the beginning of the next. The first partition starts at 0x2000.

=== Filesystem ===

Savefiles are stored on the FLASH in a custom filesystem called SAVE. SAVE has a header which describes where the various bits of the filesystem live. The most important is the FST or filesystem table. You can find the FST by first finding the file base offset which is the offset to which all the entries in the FST are relative. The file base offset is a uint16_t at 0x58 from the filesystem start. The FST offset is a uint32_t at 0x6C and is in blocks (which are 0x200 bytes large).

Once you've found the FST, parsing it is fairly straightforward.

<pre>
struct fs_entry {
u32 node_cnt;
u8 filename[0x10];
u32 index;
u32 unk1; // magic?
u32 block_offset;
u32 file_size;
u32 unk2;
u32 unk3; // flags and/or date?
u32 unk4;
}
</pre>

The first entry is the root directory, easily identifiable by the node_cnt being larger than 1. The node_cnt includes the root directory itself, so there are node_cnt - 1 files in the root directory. The entries that follow after the root directory are the actual files. Reading them out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.

Example from Super MonkeyBall 3D:
<pre>
0003800: 04000000 21000000 00000000 00000000 ....!...........
0003810: 00000000 00000000 00000000 00000000 ................
0003820: 00000000 00000000 00000000 00000000 ................
0003830: 01000000 736d6233 64732e64 61740000 ....smb3ds.dat..
0003840: 00000000 00000000 d57b1100 05000000 .........{......
0003850: e4060000 00000000 c8cf0008 00000000 ................
0003860: 01000000 6d677265 706c6179 30302e64 ....mgreplay00.d
0003870: 61740000 01000000 d57b1100 09000000 at.......{......
0003880: 1c210000 00000000 cd331000 00000000 .!.......3......
0003890: 01000000 6d677265 706c6179 30312e64 ....mgreplay01.d
00038a0: 61740000 02000000 d57b1100 1a000000 at.......{......
00038b0: 1c210000 00000000 00000000 00000000 .!..............
</pre>
[[セーブデータ|Japanese]]

Savegames

2011-04-11T16:05:46Z

Erant:

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

The blockmap structure is simple:
<pre>
struct header_entry {
uint8_t chksums[8];
uint8_t phys_sec;
uint8_t alloc_cnt;
} __attribute__((__packed__));
</pre>

The journal structure is as follows:
<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
}__attribute__((__packed__));
</pre>

With magic being a constant 0x080d6ce0.

=== Partitions ===

There can be multiple partitions on the chip. For some games one is a backup partition, some other games seem to use only one partition, yet other games actually use multiple partitions.

=== Filesystem ===

Savefiles are stored on the FLASH in a custom filesystem called SAVE. SAVE has a header which describes where the various bits of the filesystem live. The most important is the FST or filesystem table. You can find the FST by first finding the file base offset which is the offset to which all the entries in the FST are relative. The file base offset is a uint16_t at 0x58 from the filesystem start. The FST offset is a uint32_t at 0x6C and is in blocks (which are 0x200 bytes large).

Once you've found the FST, parsing it is fairly straightforward.

<pre>
struct fs_entry {
u32 node_cnt;
u8 filename[0x10];
u32 index;
u32 unk1; // magic?
u32 block_offset;
u32 file_size;
u32 unk2;
u32 unk3; // flags and/or date?
u32 unk4;
}
</pre>

The first entry is the root directory, easily identifiable by the node_cnt being larger than 1. The node_cnt includes the root directory itself, so there are node_cnt - 1 files in the root directory. The entries that follow after the root directory are the actual files. Reading them out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.

Example from Super MonkeyBall 3D:
<pre>
0003800: 04000000 21000000 00000000 00000000 ....!...........
0003810: 00000000 00000000 00000000 00000000 ................
0003820: 00000000 00000000 00000000 00000000 ................
0003830: 01000000 736d6233 64732e64 61740000 ....smb3ds.dat..
0003840: 00000000 00000000 d57b1100 05000000 .........{......
0003850: e4060000 00000000 c8cf0008 00000000 ................
0003860: 01000000 6d677265 706c6179 30302e64 ....mgreplay00.d
0003870: 61740000 01000000 d57b1100 09000000 at.......{......
0003880: 1c210000 00000000 cd331000 00000000 .!.......3......
0003890: 01000000 6d677265 706c6179 30312e64 ....mgreplay01.d
00038a0: 61740000 02000000 d57b1100 1a000000 at.......{......
00038b0: 1c210000 00000000 00000000 00000000 .!..............
</pre>
[[セーブデータ|Japanese]]

Savegames

2011-04-11T13:26:18Z

Erant: /* Filesystem */

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

The blockmap structure is simple:
<pre>
struct header_entry {
uint8_t chksums[8];
uint8_t phys_sec;
uint8_t alloc_cnt;
} __attribute__((__packed__));
</pre>

The journal structure is as follows:
<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
}__attribute__((__packed__));
</pre>

With magic being a constant 0x080d6ce0.

=== Filesystem ===

Savefiles are stored on the FLASH in a custom filesystem called SAVE. SAVE has a header which describes where the various bits of the filesystem live. The most important is the FST or filesystem table. You can find the FST by first finding the file base offset which is the offset to which all the entries in the FST are relative. The file base offset is a uint16_t at 0x58 from the filesystem start. The FST offset is a uint32_t at 0x6C and is in blocks (which are 0x200 bytes large).

Once you've found the FST, parsing it is fairly straightforward.

<pre>
struct fs_entry {
u32 node_cnt;
u8 filename[0x10];
u32 index;
u32 unk1; // magic?
u32 block_offset;
u32 file_size;
u32 unk2;
u32 unk3; // flags and/or date?
u32 unk4;
}
</pre>

The first entry is the root directory, easily identifiable by the node_cnt being larger than 1. The node_cnt includes the root directory itself, so there are node_cnt - 1 files in the root directory. The entries that follow after the root directory are the actual files. Reading them out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.

Example from Super MonkeyBall 3D:
<pre>
0003800: 04000000 21000000 00000000 00000000 ....!...........
0003810: 00000000 00000000 00000000 00000000 ................
0003820: 00000000 00000000 00000000 00000000 ................
0003830: 01000000 736d6233 64732e64 61740000 ....smb3ds.dat..
0003840: 00000000 00000000 d57b1100 05000000 .........{......
0003850: e4060000 00000000 c8cf0008 00000000 ................
0003860: 01000000 6d677265 706c6179 30302e64 ....mgreplay00.d
0003870: 61740000 01000000 d57b1100 09000000 at.......{......
0003880: 1c210000 00000000 cd331000 00000000 .!.......3......
0003890: 01000000 6d677265 706c6179 30312e64 ....mgreplay01.d
00038a0: 61740000 02000000 d57b1100 1a000000 at.......{......
00038b0: 1c210000 00000000 00000000 00000000 .!..............
</pre>
[[セーブデータ|Japanese]]

Savegames

2011-04-10T22:28:36Z

Erant: /* Wearleveling */

Savegames

2011-04-10T20:40:56Z

Erant: /* Wearleveling */

Savegames

2011-04-10T18:04:23Z

Erant: /* Wearleveling */

Savegames

2011-04-10T17:34:54Z

Erant: /* Filesystem */

Savegames

2011-04-10T15:10:43Z

Erant: /* Filesystem */

Savegames

2011-04-09T02:44:38Z

Erant: /* Filesystem */

Savegames

2011-04-09T02:42:35Z

Erant: /* Filesystem */

Savegames

2011-04-09T02:42:23Z

Erant: /* Encryption */

Savegames

2011-04-09T02:40:27Z

Erant: /* Wearleveling */

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on an EEPROM in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps. Depending on the size of the flashchip, these are located somewhere at the beginning of the flashchip, in the first sector. The structure is as follows:

<pre>
struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t chksums[8];
} __attribute__((packed));

struct long_sector_entry {
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
};
</pre>

With magic being a constant 0x080d6ce0.

=== Filesystem ===

Savefiles stored on the EEPROM are using a custom FS.

It is still unknown how to get correctly to the file table, but here is the file entry struct.

struct FileEntry {
u32 Unknown;
u8 FileName[0x10];
u32 EntryID;
u32 Unknown;
u32 Unknown;
u32 FileSize;
u32 Unknown;
u32 Unknown;
u32 Unknown;
}

Savegames

2011-04-09T02:38:53Z

Erant:

=== Encryption ===

On the 3DS savegames are stored much like on the DS, that is on an EEPROM in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

=== Wearleveling ===

The 3DS employs a wearleveling scheme on the savegame FLASH chips. This is done trough blockmaps. Depending on the size of the flashchip, these are located somewhere at the beginning of the flashchip, in the first sector. The structure is as follows:

struct sector_entry {
uint8_t virt_sec; // Mapped to sector
uint8_t prev_virt_sec; // Physical sector previously mapped to
uint8_t phys_sec; // Mapped from sector
uint8_t prev_phys_sec; // Virtual sector previously mapped to
uint8_t virt_realloc_cnt; // Amount of times virtual sector has been remapped
uint8_t phys_realloc_cnt; // Amount of times physical sector has been remapped
uint8_t chksums[8];
} __attribute__((packed));

struct long_sector_entry{
struct sector_entry sector;
struct sector_entry dupe;
uint32_t magic;
};

With magic being a constant 0x080d6ce0.

=== Filesystem ===

Savefiles stored on the EEPROM are using a custom FS.

It is still unknown how to get correctly to the file table, but here is the file entry struct.

struct FileEntry {
u32 Unknown;
u8 FileName[0x10];
u32 EntryID;
u32 Unknown;
u32 Unknown;
u32 FileSize;
u32 Unknown;
u32 Unknown;
u32 Unknown;
}

Gamecards

2011-04-08T15:09:37Z

Erant:

[[File:Gamecard.jpg|thumb|right|A 3DS gamecard]]
[[File:GamecardPhy.jpg|thumb|right|Close-up of PCB]]

===Physical interface===
The 3DS gamecards have the same physical interface as regular DS and DSi gamecards. There is only a minor cosmetic difference in the plastic case, which has a small extruding notch on the top-right side. As such, it prevents insertion of the gamecard into old Nintendo DS or DSi systems.

When modifying the case so that the 3DS gamecard fits in a DS or DSi system, those systems will refuse to detect the gamecard and show no banner icon.

{| class="wikitable" border="1"
|-
! Pin
! Name
! Description
|-
| 1
| GND
| Ground
|-
| 2
| CLK
| Clock. Frequencies 6.7MHz and 4.2MHz)
|-
| 3
| NC
| Not connected. Possibly used to program cards.
|-
| 4
| RCS
| ROM select, active low. Pulled low to start a ROM transfer.
|-
| 5
| RST
| Reset, active low.
|-
| 6
| ECS
| Savegame chip select, active low. Pulled low to start a savegame SPI transfer.
|-
| 7
| IRQ
| Removal detection.
|-
| 8
| VCC
| Powersupply 3.3V.
|-
| 9
| DAT0
| Bidirectional data bus.
|-
| 10
| DAT1
| Bidirectional data bus.
|-
| 11
| DAT2
| Bidirectional data bus.
|-
| 12
| DAT3
| Bidirectional data bus.
|-
| 13
| DAT4
| Bidirectional data bus.
|-
| 14
| DAT5
| Bidirectional data bus.
|-
| 15
| DAT6
| Bidirectional data bus / SPI data from savegame chip.
|-
| 16
| DAT7
| Bidirectional data bus / SPI data to savegame chip.
|-
| 17
| GND
| Ground
|}

===SPI flash===
So far, only one savegame FLASH chip has been identified. The chip identifies as a 0xC22211. The JEDEC manufacturer ID is Macronix, and despite the chip label saying 25L1001 it is actually an MX25L1021E. Datasheet at: http://www.macronix.com/QuickPlace/hq/PageLibrary4825740B00298A3B.nsf/h_Index/3F21BAC2E121E17848257639003A3146/$File/MX25L1021E,%203V,%201Mb,%20v0.01.pdf.

===Protocol===
The communication protocol between the 3DS system and the 3DS gamecard has changed almost completely in comparison with the DS and DSi gamecard communication protocol.

After the sixth transfer, commands change size from 8 bytes to 16 bytes. Possibly a new encryption is used, such as AES CTR.

Here's a set of sample gamecard commands that a 3DS sends to a 3DS gamecard:

{| class="wikitable" border="1"
|-
! Size
! Command
! Description
|-
|2000
|9F00000000000000
| Reset
|-
|0000
|71C93FE9BB0A3B18
| Unknown
|-
|0004
|9000000000000000
| Get gamecard ID, response=9000FEC2
|-
|0004
|9000000000000000
| Get gamecard ID, response=9000FEC2
|-
|0004
|A000000000000000
| Unknown, response=00000000
|-
|0000
|3E00000000000000
| Enter 16-byte command mode.
|-
|07EC
|82000000000000000000000000000000
| Get header
|-
|05E3
|F32C92D85C9D44DED3E0E41DBE7C90D9
| Encrypted, unknown
|-
|0332
|696B9D8582FB55D31B68CAFE70C74A95
| Encrypted, unknown
|-
|0332
|BAA4812CA0AC9C5D19399530E3ACCCAB
| Encrypted, unknown
|-
|032E
|178E427C22D87ADB86387249A97D321A
| Encrypted, unknown
|-
|0332
|E06019B1BD5C9130ED6A4D9F4A9E7193
| Encrypted, unknown
|-
|0332
|4E0D224862523BBFE2E6255F80E15F37
| Encrypted, unknown
|-
|0332
|4CDF93D319FB62D0DB632A45E3E8D84C
| Encrypted, unknown
|-
|0332
|9AA5D80551002F955546D296A57F0FEF
| Encrypted, unknown
|-
|0332
|C12BA81AEF30DDDBD93FAD5D544C6334
| Encrypted, unknown
|-
|0532
|62EC5FB7F420AE1DC6253AE18AFA5BB3
| Encrypted, read address 0
|-
|0332
|E3FA23AA016BE0C93430D1F42FF41324
| Encrypted, read address 0x4000
|}

The header command has some initial dummy bytes, and eventually responds with a 0x200 byte header. Here's an example for Lego Starwars 3:
0000000: 00 8c 03 00 00 00 04 00 00 00 00 00 00 00 00 00 ................
0000010: b3 cf fb c6 6a b1 cb 20 32 af ce 35 d4 1c 74 c9 ....j.. 2..5..t.
0000020: 8e 6b 27 2f 08 01 28 3b d4 30 de 44 37 f5 b0 46 .k'/..(;.0.D7..F
0000030: 91 59 d7 38 33 48 df 83 fd 71 84 2c 00 00 00 00 .Y.83H...q.,....
0000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000100: 4e 43 43 48 7a 7f 0e 00 00 8c 03 00 00 00 04 00 NCCHz...........
0000110: 36 34 02 00 00 00 00 00 00 8c 03 00 00 00 04 00 64..............
0000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000150: 43 54 52 2d 50 2d 41 4c 47 50 00 00 00 00 00 00 CTR-P-ALGP......
0000160: 0c 27 e3 c1 de 7b 2a e2 d3 11 4f 32 a4 ee bf 46 .'...{*...O2...F
0000170: 9a fd 0c f3 52 c1 1d 49 84 c2 a9 f1 d2 14 4c 63 ....R..I......Lc
0000180: 00 04 00 00 00 00 00 00 00 00 00 00 01 03 00 00 ................
0000190: 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00001a0: 06 00 00 00 1c 0a 00 00 01 00 00 00 00 00 00 00 ................
00001b0: 22 0a 00 00 58 75 0e 00 01 00 00 00 00 00 00 00 "...Xu..........
00001c0: 13 0c 04 26 15 f6 47 c4 c6 32 25 ea 9e 67 f8 a2 ...&..G..2%..g..
00001d0: 7b 15 24 6b 88 fb c7 a9 27 25 7b 84 97 7b 78 7b {.$k....'%{..{x{
00001e0: a6 5b ee 10 60 bb 6a 68 21 bb ce c6 00 03 5b 7e .[..`.jh!.....[~
00001f0: 64 fb 6e ac a7 f0 96 0c fb 1f 5a 37 08 77 28 f7 d.n.......Z7.w(.

Savegames

2011-04-01T03:45:10Z

Erant: Created page with "On the 3DS savegames are stored much like on the DS, that is on an EEPROM in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption..."

On the 3DS savegames are stored much like on the DS, that is on an EEPROM in the gamecart. On the DS these savegames were stored in plaintext but on the 3DS a layer of encryption was added. This is highly likely a streamcipher, as the contents of several savegames exhibit the odd behaviour that xor-ing certain parts of the savegame together will result in the plaintext appearing.

The reason this works is because the streamcipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a streamcipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plaintext (in our case, zeroes) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

Main Page/Navigation

2011-04-01T03:37:41Z

Erant:

{{Main page box|Navigation|Main Page/Navigation}}
<div style="margin: -.3em -1em -1em -1em;">
{| width="100%" bgcolor="#fff" border="0" cellpadding="2px" cellspacing="2px" style="margin:auto;"
|- align="center" bgcolor="#e7eef6"
! width="33%" | '''General'''
! width="34%" | '''3DS hardware'''
! width="33%" | '''3DS software'''
|- valign="top" style="background: #F5FAFF;"
|
*[[3DS exploits]]
*[[Glossary]]
*[[FAQ]]
|
*[[Hardware]]
*[[Gamecards]]
|
*[[Nintendo Software]]
*[[File Formats]]
*[[Title list]]
*[[Title metadata]]
*[[SD Filesystem]]
*[[Flash Filesystem]]
*[[Bootloader]]
*[[Savegames]]
|}
</div>
{{box-footer-empty}}