Changes

715 bytes added ,  14:48, 28 December 2011
→‎Encryption: info on the fw4+ saves...
Line 9: Line 9:     
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
 
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
 +
 +
Update:
 +
 +
Since firmware 2.0.0-4 Nintendo introduces a new way of encryption (might be a fix for the exploit above). The xorpad seems to repeat in the file but not every 0x200 bytes. so for now it is unknown how to decrypt the newer save files.
 +
 +
'''Games to use the new encryption:'''
 +
* Super Mario 3D Land
 +
* Mario Kart 7
 +
 +
'''Some information:'''
 +
* Old games saves still use the old 0x200 bytes xorpad.
 +
* New games saves can be backed-up and restored (same key is used from one save to another).
 +
* The wearleveling stayed the same.
 +
* Xoring two files togather can produce some clear text
 +
* It's been spotted that the xorpad repeated after 0x1000 bytes (so it might be the maximum length but still it's not proved).
    
=== Wear leveling ===
 
=== Wear leveling ===
399

edits