Talk:3DSExplorer

Active discussions
Revision as of 04:41, 30 November 2011 by Jl12 (talk | contribs)

Now I figured that I didn't explain the target of this app... It's suppose to be an Explorer like program to see inside the different filesystems that the 3ds has. Now it's the ExeFS, RomFS and SAVE. As knownledge keep flowing i'll continue to develop the application. With the goal of making a full functional drag&drop file explorer for image files. --Elisherer 18:35, 15 September 2011 (CEST)

It fails showing the tmd file content. Have you finshed working on this feature?--Lazymarek9614 15:49, 20 September 2011 (CEST)

No, I don't have time to work on it..it's not interesting enough --Elisherer 15:36, 21 September 2011 (CEST)
Yeah, the 3DS doesn't care when the tmd file was modified... it's not useful for hacking.--Lazymarek9614 21:09, 21 September 2011 (CEST)

I downloaded the sources,but I can't find Save.cs and reference "System.Development". Matyapiro31

You are right... I fixed it.. notice that the source is not the released version it has some experimental stuff in it... --Elisherer 10:53, 30 September 2011 (CEST)

Do you know Mono Develop? You can release it as multi-patform,such as Linux,Machitosh,etc.

I did not know that until now. But I don't have time to make the transition. I'm happy with VS2008 and it's relatively easy to make changes and new features for the app. The source is open and you can make a linux port if you want. --Elisherer 18:16, 30 September 2011 (CEST)
You need no change.mono can run c# program like Java VM. Matyapiro31
I tried to compile it,but That was old one,and there is "System.development."
This says that I need to fix stuff after I convert my project. and then work with the mono app which I don't find very convinient... and about the reference I don't know what it's about..I don't know a namespace called System.Development --Elisherer 17:42, 2 October 2011 (CEST) (P.s you can sign your messages with the quick signature button or 4 tildes: '~' 4 times)

lblBrew_Click() had no exception handler,

you have to change this method in fmExplorer.cs to

   private void lblBrew_Click(object sender, EventArgs e)
       {
           try
           {
               System.Diagnostics.Process.Start(lblBrew.Text);
           }
           catch (Exception ex)
           {
               MessageBox.Show("Cannot open link that was clicled.\n"+ ex.Message);
           }
       }

Matyapiro31

The algorithm for the Image Hash might be either MD2 or MD4. I found out by using HxD and Notepad. --Kiddyshaq34

Ok, but of what? (i know it's suppose to be 128 bit) And why not MD-5? --Elisherer 07:10, 9 October 2011 (CEST)
Because MD5 is longer and the Image Hash has the same number of bytes as MD2 and MD4.
MD2, 4 & 5 are all 128bit which is 0x10 bytes... --Elisherer 20:28, 9 October 2011 (CEST)
Oh, I've forgotten about MD5. You are right.

3DS include RSA Securuty 's BSafe

from 3DS manual. Matyapiro31

Thanks Matyapiro31 but I think RSA is used for encryption and *not* hashing. So the RSA might be used for ROMs and WiFi... --Elisherer 14:48, 9 October 2011 (CEST)

あほ。RSA BSafe support all security method.See this.

I cannot find English version,sorry. Matyapiro31

I guess if you mean this then the digest algorithms are the ones that we know of..we havn't tried HMAC yet or CNG but from experience we see that nintendo uses regular digest algorithms like CRC16-Modbus and SHA-256. I'll add the HMAC ones to the brute force hash tool to see if it finds something... --Elisherer 22:36, 12 October 2011 (CEST)

I've tried to decrypt 'Super Mario 3D Land' but your tool shows me an 'Corrupt Save File' error.--Lazymarek9614 18:36, 18 November 2011 (CET)

Corrupted save file might be from 2 reasons: * Size is not right (128K or 512k) * CRC on wearleveling wrong. Both problems occur from NDS adapter plus malfunctioning...try blowing on the cart and the adapter and download the savefile again... --Elisherer 20:16, 18 November 2011 (CET)
I actually don't use the useless NDS Adapter Plus, but I used DSM and I've tried it two times (always the same data).. I hope Nintendo doesn't use a new encryption now! Shall I send you the sav file?--Lazymarek9614 20:27, 18 November 2011 (CET)
Yes please, I could check it within the application... --Elisherer 20:35, 18 November 2011 (CET)
Have you found anything?--Lazymarek9614 21:25, 18 November 2011 (CET)
No..it's seems that the key found isn't the right key (even that it appears 4 times in the file). we need to figure out how to decrypt the save files without searching blindly for the key. --Elisherer 21:33, 18 November 2011 (CET)
I got an idea. Xor the image's 0x100-0x103 with every (0x200 block)'s 0x100-0x103 to see if it produces 'DISA' ..it should work with the already known files and might be faster to find. i'll try it tomorrow.. --Elisherer 21:40, 18 November 2011 (CET)
Mind linking to a SM3DL save here so I could look at it?(Btw, you're not looking for a "key", you're looking for an AES-CTR xorpad.) --Yellows8 06:03, 22 November 2011 (CET)
I'll ask for permission. In the meanwhile, can we talk about it at n-dev.net? I made a thread there. --Elisherer 16:26, 22 November 2011 (CET)
Yes, you can share them!--Lazymarek9614 17:24, 22 November 2011 (CET)
I'm not going to register on some 3dbrew-related forum not hosted on the server that 3dbrew is.(Also, I already saw that thread) --Yellows8 17:38, 22 November 2011 (CET)
If you're worried about email just use mailinator.com and throw it away. If you're worried about the password, the forum is set to mail you a random password it generates, so you don't even enter one unless you change it manually. I don't want to push the issue but I doubt registering there is going to cause any security concerns. I can also turn on HTTPS/SSL but probably overkill. It's really just a place to organize discussions, not host your secure data. --Jl12
Catch the files on my server http://www.sherer.co.il/saves (Super Mario 3D Land).--Elisherer 17:43, 22 November 2011 (CET)
I'm stumped too. Since some chunks of data appears several times in these saves, in theory the CTR should still be repeating.(CTR seems to repeat >0x200 bytes now, not sure.) Didn't really manage to decrypt much via xor. --Yellows8 22:08, 22 November 2011 (CET)
I would guess they finally fixed the bug that limited the xor stream to just 0x200 bytes repeating, and now it behaves more like the data saved to SD cards? --Neimod 01:30, 25 November 2011 (CET)
But you can see that same blocks share the same xorpad in the file...the DISA header is in the file 4 times and encrypted the same all the 4 times.. so the key may not repeat but maybe every block has it's own xorpad based on its offset in the image (my speculation) --Elisherer 09:02, 25 November 2011 (CET)