Author Topic: 3DS  (Read 496199 times)

anthrax, sayurin1988, philco67 and 2 Guests are viewing this topic.

Offline coccola

  • Hero Member
  • *****
  • Posts: 567
Re: 3DS
« Reply #1365 on: December 21, 2016 - 16:41:49 »
1626 - Animal Crossing - New Leaf - Welcome Amiibo (Europe) (En,Fr,De,Es,It).zip
984 MB
[You are not allowed to view links] Register or Login

Offline b2071988

  • Full Member
  • ***
  • Posts: 114
Re: 3DS
« Reply #1366 on: January 03, 2017 - 19:12:25 »
Rom below is possibly a 'Bad Dump', Decrypted Partition 0 RomFS IVFC Hashes don't match the expected Partition 0 RomFS IVFC Hashes.
Scene: Dairantou_Smash_Brothers_for_Nintendo_3DS_v07_JPN_3DS-HR (hr-dsb3dsv7)
No-Intro: 1555 - Dairantou Smash Brothers for Nintendo 3DS (Japan) (Rev 7).3ds

Code:
Only registered users can see contents. Please click here to Register or Login.and there are 3 more hash fails in Partition 7... (Contains the Japan 10.6.0 Update for Old3DS+New3DS)
Code:
Only registered users can see contents. Please click here to Register or Login.(The offsets are from the extracted Decrypted RomFS (so offset 0x0 = "IVFC" header), not the 3DS Rom offset.)

edit: I have managed to Fix the Rom, but a redump is still needed, I have attached an xDelta3 patch

From (Bad):
Code:
Only registered users can see contents. Please click here to Register or Login.
To (Fixed):
Code:
Only registered users can see contents. Please click here to Register or Login.
« Last Edit: January 03, 2017 - 22:18:33 by b2071988 »

Offline s4nQy29A

  • Hero Member
  • *****
  • Posts: 1179
Re: 3DS
« Reply #1367 on: January 03, 2017 - 22:17:04 »
@b2071988

Don't really understand a word but sounds impressive! :p
Thanks anyway! ;)
- PW = "romshepherd"
- Recommended download tool = "jDownloader"
- Archive with ".part"? ALL parts needed!
- Please provide hash values/fixdatfiles with requests!
- Please report back corrupt/incomplete uploads!
- [You are not allowed to view links] Register or Login

Offline b2071988

  • Full Member
  • ***
  • Posts: 114
Re: 3DS
« Reply #1368 on: January 03, 2017 - 22:29:00 »
Currently Decrypting ALL 3DS roms and checking / verifying the internal hashes to check if the
3DS roms are good dumps, or if some bad dumps have slipped though (like that one above)

The ExeFS of each partition has SHA256 hashes stored for each file (code / icon / banner etc) in the ExeFS stored in its header.
and the RomFS of each partition has IVFC hashes for the decrypted data, so you can verify if your decrypted data is good or not.
If i get a hash fail, I will decrypt the Rom again, if it fails again then I investigate where it failed (and try to restore/repair if possible.


Offline datman

  • Jr. Member
  • **
  • Posts: 65
Re: 3DS
« Reply #1369 on: January 04, 2017 - 10:12:03 »
@b2071988 - I like what you're doing! Would it be possible for you to explain the best way to go about verifying the internal hashes? Sorry if that's a bit like asking to briefly explain rocket science! ;)

I've got a few 3DS dumps in my "to check" pile that don't match the scene releases and in at least one case mine was from a brand new untouched cart so I'd be suprised if my dump was bad. I wasn't sure if the scene one(s) had remnants of save data on but would verifying the internal hashes flag this up? Unfortunately I no longer have access to the original carts in question but I didn't spot the discrepancies until recently when trying to get a bit more organised.

Offline b2071988

  • Full Member
  • ***
  • Posts: 114
Re: 3DS
« Reply #1370 on: January 04, 2017 - 10:53:32 »
Some games like Pokemon X+Y+OR+AS, "Animal Crossing New Leaf", "Zelda - Tri Force Heroes" and others will store their Save Data
on the GameCart in the Rom itself (known as 'Card2' type games) which will affect the hashes/checksums of the game dump.
I've noticed a 'rom trim' and then a 'rom untrim' will clear the save data from the Rom (there may also be a tool that can erase the save for you)


For checking RomFS Hashes: I downloaded the CTRTOOL code from here: [You are not allowed to view links] Register or Login
then in the source file: "ivfc.c", find the line:
Code:
Only registered users can see contents. Please click here to Register or Login.then I addedd this line after it:
Code:
Only registered users can see contents. Please click here to Register or Login.so I'll get a on-screen message if the hash fails, which offset is bad and other details that I can use to maybe fix or try an identify where the corruption is.

Then compile and run the CTRTOOL with your DECRYPTED! 3DS Rom (you'll need to decrypt it using Decrypt9 on a Real 3DS)
Code:
Only registered users can see contents. Please click here to Register or Login.and it will output some info into an info.txt file, which should look a bit like this (I've cut out some of the un-needed info):

Code:
Only registered users can see contents. Please click here to Register or Login.
You just need to check that under the "ExeFS" section that "Section hash" is always (GOOD) for each file (banner, icon, code etc),
in the IVFC section (which is the RomFS) that the Level 0, Level 1 and Level 2 hashes are (GOOD), and also if the RomFS hash and ExeFS hash is (GOOD)
If it says (FAIL) under any of those sections then that section is likely corrupted.
Note: that anything that says "Signature" will always (FAIL), its either because as the 3DS Rom isn't encrypted or we don't have the keys to verify the Signature (unsure).

The "--ncch=0" parameter cause CTRTool to check a different partition, you'll need to check partition 1, partition 2 etc (up to partition 7) manually for each rom,
although not all games use each partition, (maybe someone can modify the code of CTRTool and make a 'Decrypted 3DS Rom Verifier' that does it all the checks for you?)


I've checked all 3DS Roms from '0001 to 0500' and '1500 to 1627', plus all the 'xxxx and zzzz' roms and all of them are perfect (but I've only checked partition 0 so far).
Currently working on 3DS Roms '1000-1500' now, I have about 24 more roms left to decrypt in that batch, then I'll start working on Roms 0501-1000.

After I'm all done checking, I might upload the hashes of the Decrypted 3DS Roms in a DAT file here, for the people who want to collect/store Decrypted roms for use with Citra.
(There are a LOT of partially decrypted 3ds roms where only partition 0 has been decrypted, and badly decrypted 3ds roms floating around)

If 'KeyX 0x2C' was released (that is stored in the bootrom which apparently has been dumped), we could decrypt (and re-encrypt) all 3ds roms without using 3DS.
« Last Edit: January 04, 2017 - 11:10:49 by b2071988 »

Offline Luck3DS

  • Hero Member
  • *****
  • Posts: 701
Re: 3DS
« Reply #1371 on: January 04, 2017 - 11:52:52 »
Here 2 private japan dumps tnx to anniedoggy

Miitopia
[You are not allowed to view links] Register or Login

Osomatsu-san Matsu Matsuri
[You are not allowed to view links] Register or Login



Offline s4nQy29A

  • Hero Member
  • *****
  • Posts: 1179
Re: 3DS
« Reply #1372 on: January 04, 2017 - 13:55:18 »
@b2071988

As it really seems you know what you are doing, it would be great if you could eventually release a dat with the checksums of decrypted releases. :)

Thanks for all your time you spend on "this"!!
- PW = "romshepherd"
- Recommended download tool = "jDownloader"
- Archive with ".part"? ALL parts needed!
- Please provide hash values/fixdatfiles with requests!
- Please report back corrupt/incomplete uploads!
- [You are not allowed to view links] Register or Login

Offline datman

  • Jr. Member
  • **
  • Posts: 65
Re: 3DS
« Reply #1373 on: January 04, 2017 - 13:57:03 »
@b2071988 - Thanks for the explanation. Would it be possible for you to share your custom compiled version of CTRTOOL? I'm never any good at compiling stuff myself and I tried to compile it but failed miserably. The last application I managed to compile myself just had one .c file in the archive so this is a bit beyond my current skill level! ;)

I used a version that I've already got from some other source and tried it with no settings and also with yours (--verify --intype=ncsd --ncch=0 "your_decrypted_rom.3ds" > info.txt) as I'm assuming that your additional line before compiling should only flag up errors and make finding differences easier but not alter the output in any other major way.... right? Both outputs showed that there was apparently no difference between the decrypted ROMs even though the actual checksums of the files themselves are different and I know that there's something like 8 bytes in a row that differ when I compare the unencrypted dumps.

Have I done something wrong?

Offline b2071988

  • Full Member
  • ***
  • Posts: 114
Re: 3DS
« Reply #1374 on: January 04, 2017 - 14:32:28 »
My change just prints a message on screen with the offset of the corruption if the hash check fails,
that source modification is not really needed if you just want to check if your decrypted dump is ok.
I don't think you've done anything wrong, which game and region is it and which bytes are different?
(edit: Specify ncch=1, ncch=2 etc through to ncch=7 on the command line, maybe the difference isn't in partition 0?)

Do a binary file compare between the scene dump and your dump (both roms need to be either encrypted or decrypted) with this command
Code:
Only registered users can see contents. Please click here to Register or Login.and post the diff.txt and the CRC32 of both dumps (so I can patch / verify that I got the right checksums as you have)

the diff.txt output should be similar to this (I'm comparing encrypted rom #1555 - the bad version with my fixed version)
Code:
Only registered users can see contents. Please click here to Register or Login.
edit: 0835 - Meitantei_Conan_Phantom_Rhapsody_JPN_3DS-Caravan has bad data between offsets 0x0870000 to 0x08701000
Partition 0 RomFS: IVFC hash fail (lvl=0x02, blk=0x00008531, offset=0x8532000, length=0x1000)
(I will be unable to repair this game as the Titlekey for this game on the eShop is currently not available)

edit2: #0835 has been redumped - Meitantei_Conan_Phantom_Rhapsody_JPN_PROPER_3DS-HR [2FF55935]
« Last Edit: January 11, 2017 - 13:20:49 by b2071988 »

Offline coccola

  • Hero Member
  • *****
  • Posts: 567
Re: 3DS
« Reply #1375 on: January 05, 2017 - 02:02:26 »
1630 - Jikkyou Powerful Pro Yakyuu Heroes (Japan).zip
738 MB
[You are not allowed to view links] Register or Login

1631 - Momotarou Dentetsu 2017 - Tachiagare Nippon!! (Japan).zip
143 MB
[You are not allowed to view links] Register or Login

Offline datman

  • Jr. Member
  • **
  • Posts: 65
Re: 3DS
« Reply #1376 on: January 05, 2017 - 10:32:40 »
OK. I've also tried changing the value in --ncch from 0 to 7 and all the partitions with data in (0,1 and 7) matched their counterparts (which I was hoping I wouldn't since there is some difference somewhere). As for 2-6, they were all identical but only because there's nothing in those partitions!

I'm a little busy currently so will probably have to do more looking into this at the weekend but basically, the first one I've been looking at is: 0451 - Pokemon Y (Europe) (En,Ja,Fr,De,Es,It,Ko)

There are 8 bytes in a row that differ between the scene release and my dump, located between 5D9A67E0-5D9A67E7. Actually, I've just done the binary compare via the command line method that you posted and here's the output:

Code:
Only registered users can see contents. Please click here to Register or Login.
I manually edited a byte or two myself to ensure my dump was "corrupt" at that point and still got exactly the same output from CTRTOOL. Either my CTRTOOL build isn't working properly, I'm messing something up somewhere, or the hash check isn't reliable enough to prove that data is corrupt..... maybe?
« Last Edit: January 05, 2017 - 10:38:03 by datman »

Offline b2071988

  • Full Member
  • ***
  • Posts: 114
Re: 3DS
« Reply #1377 on: January 05, 2017 - 11:21:01 »
Pokemon Y (Encrypted) (2.00gb) I manually patched the encrypted rom at offset 5D9A67E0 from 84C470C6841E3781 to D9EB876CDA622C93 and got [CRC: A174DDC4]
Pokemon Y (Decrypted) (2.00gb) I manually patched the decrypted rom at offset 5D9A67E0 from 8940934323C5EBF1 to D46F64E97DB9F0E3 and got [CRC: E9CBBB89]

when checking the decrypted rom I get a level 2 hash fail:
Error, IVFC hash fail (lvl=0x02, blk=0x0005D699, offset=0x5D69A000, length=0x1000

Code:
Only registered users can see contents. Please click here to Register or Login.
Either somewhere in the dump process (most likely) or the copying of the file back to your computer it got corrupted somehow?

It seems to have happened in a few scene releases too:
0869 - Theatrhythm_Final_Fantasy_Curtain_Call_REPACK_JPN_3DS-Caravan
0866 - Guru_Guru_Tamagotchi_REPACK_JPN_3DS-Caravan
These two games, the original release had a few bad sections between 4 to 8 bytes, but they got fixed / propered / repacked.

also these two scene releases both have a few bytes bad in them as well and need a redump.
0835 - Meitantei_Conan_Phantom_Rhapsody_JPN_3DS-Caravan
1555 - Dairantou_Smash_Brothers_for_Nintendo_3DS_v07_JPN_3DS-HR

Update: All 3DS Roms have been decrypted and checked, only the two releases above (0835 + 1555) have been found to be bad dumps.
Preparing to make a 'Decrypted 3DS DAT file now' but unsure if its better to make the DAT for 'trimmed' or 'full' releases...
Using trimmed roms, there are 1697 files taking 1.04 TB (1,147,133,828,096 bytes) (uncompressed size, zip/7z will make the set smaller)

edit: The DAT file for 'decrypted trimmed roms' has been created, you can download it here: [You are not allowed to view links] Register or Login
« Last Edit: January 07, 2017 - 10:54:40 by b2071988 »

Offline DiGi

  • Newbie
  • *
  • Posts: 41
Re: 3DS
« Reply #1378 on: January 06, 2017 - 11:17:20 »
Hyakumasu Dora-San Nobita no Time Battle (Japan)
[You are not allowed to view links] Register or Login

Offline [mRg]

  • Full Member
  • ***
  • Posts: 185
Re: 3DS
« Reply #1379 on: January 07, 2017 - 10:20:51 »
Hi gang.. just doing some space planning before i start grabbing the 3DS set.

How large is the 3DS set now on disk ? (excluding DLC)