1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Problem Signing up?

    Please use the contact us link at the bottom of the site listing the problem with your email & ip addresses & the problem will be looked into by our admin team
  3. Temporary emails are not supported for signing up accounts on 3DS Chaos, this includes 10 minute emails. All will be detected by our system & the accounts will be deleted
  4. Shared accounts, multiple accounts & inappropriate usernames not allowed on our site

    Please use a legit email account from a reliable email provider, temporary email accounts are not allowed & will be rejected by our system

How to Cryptofix a game (Version 2)

Cha0s Em3rald Oct 13, 2015

  1. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    How to Cryptofix a game (Version 2)

    This guide was originally posted by MDashK, thanks go to him for writting it & for allowing me to repost his guides on 3DS Chaos

    Thanks & credits also go to everyone involved in creating the process & making the tools used in the guide


    THIS TUTORIAL HAS BEEN HEAVILY UPDATED TO MAKE SURE THE PROCESS WORKS WITHOUT MUCH PROBLEMS.

    This tutorial is directed assuming you bought the game in the 3DS eShop and want to decrypt it and share it with the world.
    BUT, it can also be used if someone shared with you the SEED file needed AND the 3DS NON-CRYPTOFIXED ROM file.

    A Big Special Thanks To @Moody for providing the specific information from the previous tutorial version.

    First and NEEDED:
    - INSTALL Python 2.7.xx. YOU WILL NEED IT. (https://www.python.org/downloads/windows/)
    or
    python-2.7.8.msi
    Code:
    http://ul.to/3rwn312z
    http://vidzi.net/abz7l7zgho1o/python-2.7.8.msi.html
    - a 3DS console with MSET (4.x) Loader;
    - a generic NDS Flashcard (use to run NDS ROM files. This is needed to install the Decrypt9 ROP loader);
    - emuNAND (linked) or sysNAND partition with access to eShop (not needed if you have the SEED file and NON-CRYPTOFIXED 3DS ROM file);
    - access to the internet.


    PRE-PACKAGE: You can download a Pre-Assembled package with the needed tools here:
    Code:
    http://ul.to/9e1yusr2
    http://vidzi.net/2cg0f0rzcect/CRYPTOFIX.rar.html
    Still, it's advised to ALWAYS get the latest version of the tools/scripts from their specific pages.


    1) Install/Buy game from official eShop;
    2) Use FunkyCIA's Launcher_ticketdb.dat to extract your ticket.db (sysNAND) and ticket.db_gwemu (emuNAND);
    3) Use Shadowtrances's Decrypt9 (https://gbatemp.net/threads/download-decrypt9-wip-3dsx-launcher-dat.388831/) or https://github.com/Shadowtrance/Decrypt9/releases to get your NAND FAT16 XORPAD;
    4) Extract your emuNAND using emuNANDTool, decrypt it using 3DSFAT16tool (you will need the FAT16 NAND XORPAD in here) and open the decrypted emuNAND with WinImage. Use it to extract the NAND\data\(console exclusive)\sysdata\0001000f\00000000 file;
    5) Use SEEDConv to convert your 00000000 file to seeddb.bin; (https://gbatemp.net/threads/download-seedconv-seeddb-bin-generator-for-use-with-decrypt9.392856/)
    6) Now, get the latest ncchinfo_gen.py (http://builds.archshift.com/decrypt9/nightly/decrypt9-latest-browser.7z) and use the seeddb.bin with the script. You will get a ncchinfo.bin file. WE WILL NEED THIS FILE ONCE WE HAVE THE 3DS FILE AT HAND.
    Now, how to get it.

    7) Download 3DS_Multi_Decryptor (git clone or download zip - https://github.com/Relys/3DS_Multi_Decryptor). Don't forget to add makerom.exe in the CDNto3DS folder.
    8) Now, use dumpticketkeys.py (from ticket-titlekey_stuff folder) with ticket.db_gwemu / ticket.db file to get encTitleKeys.bin file;
    Open a CMD window in the folder (Left Shift+Right Mouse Click -> Open Command Prompt Here), and type

    Code:

    dumpTicketKeys.py ticket.db (or ticket.db_gwemu)

    (Don't close the cmd window yet)

    Put the generated encTitleKeys.bin file in the Decrypt9 folder of your SD card.
    Also, go ahead and put the ncchinfo.bin file in this Decrypt9 folder as well.

    9) Now, using Shadowtrances's Decrypt9, we will use the encTitleKeys.bin to get the decTitleKeys.bin file.
    For this, select "Titlekeys File" option in Decrypt9.

    Also, select "NCCH PADGEN" option to generate the needed XORPADs from the ncchinfo.bin file. These will be needed later.

    NOTE: Yes, I know some of you will say: "You could have used rxTools for all this.". Yeah, but rxTools kept spitting me errors for no known reason. So I said "**** this!" and took the long way, which in fact worked.

    10) Grab the decTitleKeys.bin file from the SD Card and put it in the ticket-titlekey_stuff folder. Now, in the open CMD window, run:
    Code:

    printKeys.py > keys.txt

    This will create a TXT file with the Keys of your titles.

    NOTE: Another place that rxTools did stuff in a nutsy way. With the decTitleKeys.bin file created from rxTools, the Python script was stuck in an endless loop...

    11) Open the Keys.txt file with Notepad. Search for the game TitleID and it's Title Key. (It should be on the latest line)
    If unsure about this, you can use DevMenu or similar to check the ID of the game you bought.
    Remember: 000400000015ba00 > Shows up in DevMenu has "0015ba" (or similar...)

    12) Now, to use the CDNto3DS from 3DS_Multi_Decryptor
    Code:

    CDNto3DS.py titleid titlekey

    (again don't forget to add makerom.exe in the CDNto3DS folder first)

    Example (for 3D Sonic 2 EUR): CDNto3DS.py 000400000015ba00 0bbb7505d8bfa7cbbcc7061f3ac40c2f

    You will get a NON cryptofixed 3DS and CIA.
    We are going to use the 3DS file to cryptofix the game.

    13) Download 3DS TO CIA 2.0.7. Now, we will need the XORPADs of the game (previously created with Decrypt9) to cryptofix it. So, put those XORPAD files in the main "3ds_to_cia" folder. They should go together with the BAT file of the converter.
    Grab the 3DS file created previously and put it here as well.
    Now, run the BAT from the converter.

    For the conversion, select the following options (meaning, they must be "YES"): Auto RSF, Original ExHeader, Keep Decrypted folder.

    The converter will create the decrypted cryptofixed CIA file for you.
    To generate a 3DS file, just use 3DS Builder (https://gbatemp.net/threads/release-3ds-builder.388858/) using the files (RomFS, ExeFS, etc...) from the decrypted folder created by 3DS to CIA converter.
     
  2. Madridi

    Madridi Chaos Contributor Staff Member VIP

    Joined:
    Oct 12, 2015
    Messages:
    103
    Likes Received:
    43
    Trophy Points:
    28
    FYI, you should check today's update of Decrypt9, apparently it has a one step cryptofix that is much easier than this, but will take very long since it's apparently slow.

    i don't know much about this topic since I don't use CIA, so I'll leave it to you or someone else to see how beneficial this can be :D
     
  3. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    I hadn't heard of that yet, thanks for the info

    even if it is slow it'll still be useful due to all the steps involved in cryptofixing a game
     
  4. Madridi

    Madridi Chaos Contributor Staff Member VIP

    Joined:
    Oct 12, 2015
    Messages:
    103
    Likes Received:
    43
    Trophy Points:
    28
    Here is the source for everyone to check out
    http://gbatemp.net/posts/5737741/
     
  5. datalogger

    datalogger Member

    Joined:
    Nov 1, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Only issue I can see doing it this way is it will lose the User Manual.

    FYI:
    The "new" way using Decrypt9WIP will generate a .CIA that includes the Users Manual, but unfortunately there is a conflict between those .CIA and Gateway's way of launching, so they only run in CFW.
    (Here is a link to the discussion [Download] Decrypt9 (WIP) (.3DSX/Launcher.dat))

    To get around this you can convert the installed .CIA back to a .3DS, then create a new .CIA and it works in both GW and CFW but...... it loses the manual [​IMG]

    There must be a method that will work to de-crypto and work on GW+CFW and not lose the manual, but I've yet to figure it out.
     
    Last edited: Nov 1, 2015
  6. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    Here's something that may help you out - http://vidce.tv/zn8bmusgre09/Manual_Tools_for_Seed_Crypto.rar

    From the read me included
    Welcome to the site BTW Datalogger
     
  7. datalogger

    datalogger Member

    Joined:
    Nov 1, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the Welcome, good to be here.

    Not sure exactly what's going on, but this is spitting out an error about not being able to locate the key.
    (I have the latest seeddb.bin in the directory)


    Still looking into it to see if I can find a fix...


    Code:
    C:\3DS\Tools\cia_to_3ds>1. manual_cfa
    
    C:\3DS\Tools\cia_to_3ds>rom_tool --extract=decrypted *.3ds
    [+] Writing 'CTR-N-KSNE_0_APPDATA.cxi'
    [+] Writing 'CTR-P-CTAP_1_MANUAL.cfa'
    [*] Completed Successfully
    
    C:\3DS\Tools\cia_to_3ds>del /q *appdata.cxi
    
    C:\3DS\Tools\cia_to_3ds>ren *manual.cfa manual.cfa
    
    C:\3DS\Tools\cia_to_3ds>ctrKeyGen.py manual.cfa
    
    Parsing NCCH in file "manual.cfa":
      Product code: CTR-P-CTAP
      KeyY: C98AF9A5B38B758CDF1FD1E10051ABD6
      Title ID: 000400000FF3FF00
      Format version: 0
    Traceback (most recent call last):
      File "C:\3DS\Tools\cia_to_3ds\1\ctrKeyGen.py", line 365, in <module>
        result = parseNCCH(fh)
      File "C:\3DS\Tools\cia_to_3ds\1\ctrKeyGen.py", line 252, in parseNCCH
        keyY = getNewkeyY(keyY,header,struct.pack('I',int(titleId[8:],16))+struct.pack('I',int(titleId[:8],16)))
      File "C:\3DS\Tools\cia_to_3ds\1\ctrKeyGen.py", line 201, in getNewkeyY
        raise SeedError("Can't find seed!")
    __main__.SeedError: Can't find seed!
    
    C:\3DS\Tools\cia_to_3ds>pause
    Press any key to continue . . .
    
    C:\3DS\Tools\cia_to_3ds>
     
  8. datalogger

    datalogger Member

    Joined:
    Nov 1, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I used d0k3's Decrypt9(WIP) to decrypt the rom first and got a lot closer, but still no cigar :(

    Maybe the place this came from has an idea as to why this error?

    Code:
    
    C:\3DS\Tools\cia_to_3ds>1. manual_cfa
    
    C:\3DS\Tools\cia_to_3ds>rom_tool --extract=decrypted *.3ds
    [+] Writing 'CTR-N-KSNE_0_APPDATA.cxi'
    [+] Writing 'CTR-P-CTAP_1_MANUAL.cfa'
    [*] Completed Successfully
    
    C:\3DS\Tools\cia_to_3ds>del /q *appdata.cxi
    
    C:\3DS\Tools\cia_to_3ds>ren *manual.cfa manual.cfa
    
    C:\3DS\Tools\cia_to_3ds>ctrKeyGen.py manual.cfa
    
    Parsing NCCH in file "manual.cfa":
      Product code: CTR-P-CTAP
      KeyY: C98AF9A5B38B758CDF1FD1E10051ABD6
      Title ID: 000400000FF3FF00
      Format version: 0
    
      RomFS offset:  00001000
      RomFS counter: 000400000ff3ff000300000000000000
      RomFS Megabytes(rounded up): 1
    
    
    
    Done!
    
    C:\3DS\Tools\cia_to_3ds>pause
    Press any key to continue . . .
    
    C:\3DS\Tools\cia_to_3ds>2. manual_xor
    
    C:\3DS\Tools\cia_to_3ds>ctrtool.exe -p --romfs=romfs.bin manual.cfa
    
    NCCH:
    Header:                 NCCH
    Signature:              C98AF9A5B38B758CDF1FD1E10051ABD694F793D1F836DC1F1B4330F009B0B377
                            A8EE45824344FBD0896C2C8DD2FE4BC488FF9796773B94A84D4E51CCEC20FDBF
                            51B0C9E11DA9D043C9580BA45975E166D22708233215B999A7CD7A05E29E1052
                            81B10036537503ED89CAE7F439399A988C8F905EFF964E98916CBF820A67F516
                            2A1F70ADA2991D728E307C6234A16A3131C1C2D5E935CCBD2B8E6F58FC7E9F35
                            C9D6E6CD214589DA10C78E2F360FD770509116105D4CD8FFA6CD62AFD700EF5F
                            A25CCD5728B6C75F7764243FE7FAF1E4C1126609B5152145344F3BF210288D12
                            963E025310C46C6AAB6F67362C1BED79FA4C9CFD5FA332DA1E911B54707B8A67
    Content size:           0x000ca000
    Partition id:           000400000ff3ff00
    Maker code:             3030
    Version:                0000
    Program id:             0004000000158d00
    Logo hash:              0000000000000000000000000000000000000000000000000000000000000000
    Product code:           CTR-P-CTAP
    Exheader size:          00000000
    Exheader hash:          0000000000000000000000000000000000000000000000000000000000000000
    Flags:                  0400090100000000
     > Mediaunit size:      0x200
     > Crypto key:          None
     > Form type:           Simple content
     > Content type:        Manual
     > Content platform:    CTR
    Plain region offset:    0x00000000
    Plain region size:      0x00000000
    Logo offset:            0x00000000
    Logo size:              0x00000000
    ExeFS offset:           0x00000000
    ExeFS size:             0x00000000
    ExeFS hash region size: 0x00000000
    RomFS offset:           0x00001000
    RomFS size:             0x000c9000
    RomFS hash region size: 0x00000200
    ExeFS Hash:             0000000000000000000000000000000000000000000000000000000000000000
    RomFS Hash:             86A370E9210B2FD8D68259261B35C5204ADCDADF242618B5B3D83A13F58CA1D0
    Saving RomFS...
    
    C:\3DS\Tools\cia_to_3ds>padxorer.exe romfs.bin *.romfs.xorpad
    100% [==================================================]
    Finished!
    
    C:\3DS\Tools\cia_to_3ds>del /q romfs.bin
    
    C:\3DS\Tools\cia_to_3ds>ren romfs.bin.out romfs.bin
    
    C:\3DS\Tools\cia_to_3ds>del /q manual.cfa
    
    C:\3DS\Tools\cia_to_3ds>pause
    Press any key to continue . . .
    
    C:\3DS\Tools\cia_to_3ds>3. manual_rebuild
    
    C:\3DS\Tools\cia_to_3ds>makerom.exe -v -f ncch -target t -romfs romfs.bin -rsf cfa.rsf -o manual.cfa
    [ROMFS ERROR] Invalid RomFS Binary.
    [NCCH ERROR] NCCH Build Process Failed
    [RESULT] Failed to build outfile
    
    C:\3DS\Tools\cia_to_3ds>del /q romfs.bin
    
    C:\3DS\Tools\cia_to_3ds>pause
    Press any key to continue . . .
    
    C:\3DS\Tools\cia_to_3ds>
    
     
  9. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    I haven't actually tried that myself & I think someone sent me it in a PM quite a while ago, can't remember who it was though
     
  10. datalogger

    datalogger Member

    Joined:
    Nov 1, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Well I tried every conceivable iteration of encrypted/unencrypted/trimmed/untrimmed and no matter what, Gateway doesn't see the Manual.

    Too bad as this means CryptoFixed ROMs will always be incomplete copies of a Cart :mad:
     
  11. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    There must be a way around it, I suggest posting a thread on gba temp & there may have been something released that we've missed to fix the problem or someone on there may be able to help you further
     
  12. datalogger

    datalogger Member

    Joined:
    Nov 1, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I asked a few times over a GBAT.
    The only replies I received were "Why does anyone care about the Manual?" and/or that it has something to do with Gateway.

    Seems to me there should be a way to preserve the complete ROM without the encryption..

    I mean it can't be that Gateway can't read a Manual.
    All of the "non-crypto" .3DS/.CIA titles with Manuals work just fine.
     
  13. HellxBattosay

    HellxBattosay Well-Known Member

    Joined:
    Feb 6, 2016
    Messages:
    69
    Likes Received:
    3
    Trophy Points:
    8
    hi, i have a question about crypto and cryptofixed, is there a way to know if for example i have 2 eshop games if some of one is with crypto and the others without crypto.

    An other i don't understand what is the different between the eshop game with crypto protection and cartridge with AP flag ? is this the same thing ?

    thx
     
  14. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    The latest eshop games have 9.6+ encryption, cartridge games don't have that.

    Other than looking at the .cia or .3ds rom with a hex editor (not actually sure what gets changed) you can't tell other than the fact that a cryptofixed one will work on your console without a visit to the eshop & a non fixed one won't
     
  15. HellxBattosay

    HellxBattosay Well-Known Member

    Joined:
    Feb 6, 2016
    Messages:
    69
    Likes Received:
    3
    Trophy Points:
    8
    ok, doest it mean the 9.6+ encryption for eshop games is the fact that user user must visit eshop for a game crypto and in an onther case for a cryptofixed games it won't.

    this protection is only that ?
     
    Last edited: Feb 16, 2016
  16. Cha0s Em3rald

    Cha0s Em3rald Chaos Immortal Staff Member Administrator

    Joined:
    Oct 1, 2015
    Messages:
    3,588
    Likes Received:
    77,206
    Trophy Points:
    148
    With a game with 9.6+ encrtyption a visit to the games page on the eshop does fix the game & makes it playable as the visit to the page adds the zeed for the game to your console.
    That is only good if the game is the correct region for your console. There are plenty of games that aren't available on all regions or there aren't dumps of for all regions so a cryptofix bypasses the eshop bit & makes a game playable by all
     
  17. Demon1977

    Demon1977 Member

    Joined:
    Mar 6, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Is this still the only of cryptofixing a game.