diff --git a/Decryption.md b/Decryption.md index cbe4941..6379b6b 100644 --- a/Decryption.md +++ b/Decryption.md @@ -1,29 +1,145 @@ -## Decryption +### How to Dump and Decrypt 3DS Games -3DS ROM images can be in either encrypted or unencrypted form. Typically, homebrew images would be unencrypted while backups of retail titles would be encrypted. Citra only works with decrypted images, so any encrypted image needs to be decrypted first. +This guide focuses on how do dump games in Windows, but since all of the programs work on various operating systems, it should be fairly easy to figure out how to translate each of the steps into another operating system. -#### NOTE: You must be on firmware 9.2 or below to dump or decrypt ROMs! +#### Tools required: -### Step 1: Dumping your game +- [Gateway Launcher](http://www.gateway-3ds.com/downloads) +- [Decrypt9](https://github.com/archshift/Decrypt9) +- [xorer](https://github.com/archshift/xorer) +- A 3DS with a firmware of 9.2 or lower in order to dump or decrypt games. +- A SD Card big enough to contain the dumped games. 8GB or greater is recommended. +- A way to read SD Cards on a PC. -On your PC, download the Gateway Launcher from [their website](http://www.gateway-3ds.com/downloads/). Place the `Launcher.dat` file on the root of your SD card, and navigate to http://dukesrg.no-ip.org/3ds/go in your 3DS browser. +**For Windows Users** -Once the Gateway Launcher opens up, there will be an option to dump a ROM from its cart. After selecting the option, you will have to wait for some time while the game is saved to your SD card. Repeat this process for every game you want to dump. +- An installation of Python ([Python 2.7.9](https://www.python.org/downloads/release/python-279/) was used during the creation of this guide) -### Step 2: Generating Xorpads +**For 3DSes with firmwares older than 7.x when decrypting a 7.x firmware or newer game** +- slot0x25KeyX.bin with the key. You have to create the file and find the key yourself. -On your PC, download or compile [Decrypt9](https://github.com/archshift/Decrypt9). Run the `ncchinfo_gen.py` [python](https://www.python.org/downloads/release/python-279/) script with the path to your dumped game as the first argument. This will generate the `ncchinfo.bin` file, which you should place on your SD card. +
-Then, **if you're on firmware that is less than 7.x**, create/edit `slot0x25KeyX.bin` in a **hex editor** and put in the 7.x KeyX (no, we won't give it to you). +#### **STEP 1 – Prepping the Dumper** +On your computer, [download the latest firmware package of the gateway launcher from their website](http://www.gateway-3ds.com/downloads). Within one of the folders (ex: /GATEWAY ULTRA 3.2.1 PUBLIC BETA/ for version 3.2.1) will be a Launcher.dat file. Place the Launcher.dat file on the root of the SD Card and place it into your 3DS. Then, in the 3DS browser, navigate to http://dukesrg.no-ip.org/3ds/go on the 3DS Browser. From here, your 3DS may display some weird colors or even say that it cannot load the page, but the Gateway loader should boot up regardless. -Place the compiled Decrypt9 `Launcher.dat` on the root of your SD card, and navigate to http://dukesrg.no-ip.org/3ds/go in your 3DS browser. Select "NCCH padgen" and it will generate the required Xorpads for your game. This will take a while. +
-Repeat this process for every game you want to dump. +#### **STEP 2 – Dumping the Game** +Within the gateway launcher you have a lot of options. The only one necessary is "Backup 3DS Game Cartridge". It can take quite a while to dump bigger games, so be patient and wait for it to complete. After that, the SD Card will contain the ROM from your cartridge. -### Step 3: Applying Xorpads +You can now copy this to your computer to clear space; this ROM file will **never** need to be on your SD card again. On a smaller SD card, you'll need that space for a later step anyway! -On your PC, download or compile [xorer](https://github.com/archshift/xorer). Run xorer with run it from the command line with the 3DS application as the first argument, and the xorpad files as the subsequent arguments. Example: +**NOTE:** If a game is greater than 4GiB, it will be split into multiple files when it dumps. Using generic names, it would be Game.3D0, Game.3D1 etc. On Windows 7, we can fix this easily by putting both files into the same folder, opening up command prompt and navigating to that folder. We'll use bravely default as the example here. -`xorer someapp.3ds -e exheader.xorpad -x exefs.xorpad -r romfs.xorpad --inplace` +``` +Copy /b "Bravely Default.3DS0"+"Bravely Default.3DS1" "Bravely Default.3DS" +``` -If the program is a 7.x type program and you have both an `exefs_norm.xorpad` and an `exefs_7x.xorpad` file, specify the 7x variant as well using `-7 exefs_7x.xorpad`. If you've already merged them through some other means, just pass the merged file in with `-x`. \ No newline at end of file +This will give you a single combined file that is your entire ROM dump. If you're certain you've done this correctly, you can delete the input files and just keep the .3DS produced. + +
+ +#### STEP 3 – **Generating Xorpads** +This part can be a bit tricky, so please pay careful attention to every detail! If this part is messed up, you won't know until later! + +For the purposes of this guide, think of the xorpad as a decryption key that will eventually decrypt your ROM for use in Citra. + +**NOTE:** Python is required for this step. During the creation of this guide, [Python 2.7.9](https://www.python.org/downloads/release/python-279/) was used. + +The first thing you’ll need to do is download or compile a program called [Decrypt9](https://github.com/archshift/Decrypt9). Either method works. Within your Decrypt9 folder, there will be a scripts folder with a few scripts in it. We only care about one, _ncchinfo_gen.py_. The others can be ignored. + +Assuming Python is installed correctly, open up command prompt and navigate to this folder. A shortcut for this is to hold shift and right click on the background of the explorer window and then click "Open Command Window Here" in the options. It can be helpful when typing out long paths is annoying! Either way, just make it so that you can run the python file from the command prompt with the ROM following. For the ROM file, if you don't want to type out a big long path, you can just drag the ROM onto the command prompt and it will automatically fill everything out. Your command should look something like this. + +``` +ncchinfo_gen.py "D:\dump\Cubic Ninja.3DS" +``` + +If you have many games, you can input multiple of them to put many games in at once. NOTE: Make sure your SD card has enough space, the xorpads will amount to the same size as a game. + + +``` +ncchinfo_gen.py "D:\dump\Cubic Ninja.3DS" "D:\dump\Pokemon X.3DS" +``` + +There are many ways to get the program running in the command prompt, so if you're familiar with how to use it, feel free to use the way you're most comfortable with. + +
+ +##### **EXTRA STEP FOR USERS ON < 7.x 3DS FIRMWARES**: + +In the 7.x firmware, Nintendo added a new encryption scheme meant to force users to update to 7.x firmware and up to run the game. Those with a 3DS with a firmware less than 7.x can get around it, but they need to go through an additional step to create the encryption key manually. + +First create an empty file named "slot0x25KeyX.bin". The simplest way to do this would be to right click in an explorer window, select create empty text file, and then rename it to "slot0x25KeyX.bin". + +**Note**: This will not work if you have "Show known file extensions" disabled. + +Then you must use a [hex editor](http://mh-nexus.de/en/hxd/) to put in the key. We cannot provide you with the key, you have to find it yourself unfortunately. Once you do have it, you can literally copy and paste it in on the first line. The hex editor will likely warn you that this will change the length of the file, hit accept and save the file. Then place it on the root of the SD Card. Since this key is universal, you only have to do this step once. + +![HxD Key Example](http://i.imgur.com/Tm44cVM.jpg) +The line of FFs should be replaced with the key. It will fill out the whole line and nothing more. + +
+ +**Back to instructions everyone must follow** + +Overwrite the Launcher.dat on your SD card with the one included in the Decrypt9 package. If you'll be dumping more games, make sure you keep both Launcher.dat files safely and remember which is which! On the 3DS, open the browser and return to the site that has the exploit (http://dukesrg.no-ip.org/3ds/go) and it will launch the second Launcher.dat. This one will have a few options, but all we'll be doing is hitting A to generate the xorpads. + +Be warned: this can take an extremely long time on bigger games, so beware! If you've completed this successfully, when you put the SD card back into the computer it'll have at least three xorpad files with fairly long names. If you have these files, congratulations, you can move onto the last step; if not, you'll have to repeat step 3 from the beginning. + +
+ +#### **STEP 4 – Applying the Xorpads** +For the final step, we use the last program, [xorer](https://github.com/archshift/xorer). If you don't have that program yet, download it and extract it into a folder. If you want to make your life easier, copy the xorpads off your SD card into this folder with the xorer program, otherwise you'll have an extremely long command with the paths to each file. + +Then, using whichever method you prefer, navigate to that folder in command prompt so that you can run the program from command line. Next up we're going to give it a very specific command that will decrypt your 3DS file! + +**NOTE:** If you’re unsure you did everything correctly, backup the .3DS file! This will overwrite the encrypted one with a decrypted one. + +xorer takes 5 inputs total. First make sure you have the program put in, if you've navigated to the folder, that just means typing in xorer so that it knows to run that program. Next up, have one space and navigate to (or drag and drop on) the 3DS dump. If we use the example for earlier, it will look like this currently. + +``` +xorer "D:\dump\Cubic Ninja.3DS" +``` + +So, now the beginning of the command is correct. Next we have to feed it all the xorpads. Add a space after the ROM dump and type "-e" and another space. Now find to the xorpad that has exheader in its name. You can either type out its name (if it's in the directory alongside the xorer program) or you can drag it into the command window (regardless of wherever it is at.) + +Your command should now show something like this. + + +``` +xorer "D:\dump\Cubic Ninja.3DS" -e "0004000000046500.Main.exheader.xorpad" +``` + +Now we repeat the step for the remaining commands. -x points to the exefs_norm.xorpad, and then -r points to the romfs_xorpad. For Cubic Ninja, the command would now look like this. + +``` +xorer "D:\dump\Cubic Ninja.3DS" -e "0004000000046500.Main.exheader.xorpad" +-x "0004000000046500.exefs_norm.xorpad" -r "0004000000046500.romfs.xorpad" +``` + +Now all we have to do is set the output file. This is what the finalized command will look like for most games, except replaced with your file names. + +``` +xorer "D:\dump\Cubic Ninja.3DS" -e "0004000000046500.Main.exheader.xorpad" +-x "0004000000046500.exefs_norm.xorpad" -r "0004000000046500.romfs.xorpad" -o CubicNinjaDecrypted.3DS +``` + +If you're confident in yourself and have done this before, you can instead pass "--inplace" so it will overwrite the encrypted ROM. If you're unsure you did this correctly always use -o and check your game. + +``` +xorer "D:\dump\Cubic Ninja.3DS" -e "0004000000046500.Main.exheader.xorpad" +-x "0004000000046500.exefs_norm.xorpad" -r "0004000000046500.romfs.xorpad" --inplace +``` + +**For 7.x or newer firmware games** + +For newer games, the command is slightly different. We have to add one more command to give it the 7.x key. This is noted with the -7 command and placing in the exefs_7x.xorpad beyond it. + +``` +xorer Pokemon.3ds -e 0004003000009702.Main.exheader.xorpad +-x 0004003000009702.Main.exefs_norm.xorpad -7 0004003000009702.Main.exefs_7x.xorpad +-r 0004003000009702.Main.romfs.xorpad --inplace +``` + +Hit enter, and if it doesn't error out, it worked! The dumped ROM can now be used in Citra. \ No newline at end of file