Changes

22 bytes added ,  04:09, 4 January 2013
Line 10: Line 10:  
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
 
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
   −
All gamecard and SD savegames are encrypted with AES-CTR. The gamecard savegame [[AES|keyslot]] keyY is unique for every region of each game. A flag stored in the [[NCSD]] determines the method used to generate this keyY. This same flag is also used for determining which CTR period is used as well. The keyY when the flag is clear is generated from data stored in the main [[NCCH#CXI|CXI]], and data retrieved from gamecard commands. When the flag is set, a hash is generated for the keyY over the data from the CXI, and an ID retrieved from a gamecard command. The base CTR for gamecard savegames is all-zero. SD savegames use a CTR where the base CTR is fixed per savegame, however the CTR doesn't repeat in the image.
+
All gamecard and SD savegames are encrypted with AES-CTR. The gamecard savegame [[AES|keyslot]] keyY is unique for every region of each game. A flag stored in the [[NCSD]] determines the method used to generate this keyY. This same flag is also used for determining which CTR method is used as well. The keyY when the flag is clear is generated from data stored in the main [[NCCH#CXI|CXI]], and data retrieved from gamecard commands. When the flag is set, a hash is generated for the keyY over the data from the CXI, and an ID retrieved from a gamecard command. The base CTR for gamecard savegames is all-zero. SD savegames use a CTR where the base CTR is fixed per savegame, however the CTR doesn't repeat in the image.
   −
With system version [[2.2.0-4]] the system can now use a different gamecard CTR method, which fixed the above flaw. With [[2.2.0-4]] the system checks a [[NCSD]] flag, when it's set the new CTR period is used, otherwise the 0x200-byte CTR period is used. All games released since [[2.2.0-4]] have this flag set. The new CTR-period is larger than 0x1000-bytes.
+
With system version [[2.2.0-4]] the system can now use a different gamecard CTR method, which fixed the above flaw. With [[2.2.0-4]] the system checks a [[NCSD]] flag, when it's set the new CTR method is used, otherwise the 0x200-byte CTR period is used. All games released since [[2.2.0-4]] have this flag set. When this flag is set the CTR doesn't repeat within the image at all.
    
=== Wear leveling ===
 
=== Wear leveling ===