File size: 9,100 Bytes
034d0a2 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 | set PREVIEW_MODE "Key Dumper\n \nWorking..."
# Boot9
set BOOT9_BIN "M:/boot9.bin"
fget $[BOOT9_BIN]@D9D0:10 KEYX_2C
set KEYX_2D $[KEYX_2C]
set KEYX_2E $[KEYX_2C]
set KEYX_2F $[KEYX_2C]
fget $[BOOT9_BIN]@D9E0:10 KEYX_30
set KEYX_31 $[KEYX_30]
set KEYX_32 $[KEYX_30]
set KEYX_33 $[KEYX_30]
fget $[BOOT9_BIN]@D9F0:10 KEYX_34
set KEYX_35 $[KEYX_34]
set KEYX_36 $[KEYX_34]
set KEYX_37 $[KEYX_34]
fget $[BOOT9_BIN]@DA00:10 KEYX_38
set KEYX_39 $[KEYX_38]
set KEYX_3A $[KEYX_38]
set KEYX_3B $[KEYX_38]
fget $[BOOT9_BIN]@DA10:10 KEYX_3C
fget $[BOOT9_BIN]@DA20:10 KEYX_3D
fget $[BOOT9_BIN]@DA30:10 KEYX_3E
fget $[BOOT9_BIN]@DA40:10 KEYX_3F
fget $[BOOT9_BIN]@DA50:10 KEYY_04
fget $[BOOT9_BIN]@DA60:10 KEYY_05
fget $[BOOT9_BIN]@DA70:10 KEYY_06
fget $[BOOT9_BIN]@DA80:10 KEYY_07
fget $[BOOT9_BIN]@DA90:10 KEYY_08
fget $[BOOT9_BIN]@DAA0:10 KEYY_09
fget $[BOOT9_BIN]@DAB0:10 KEYY_0A
fget $[BOOT9_BIN]@DAC0:10 KEYY_0B
fget $[BOOT9_BIN]@DAD0:10 KEYN_0D
fget $[BOOT9_BIN]@DBA0:10 KEYN_2D
fget $[BOOT9_BIN]@DBB0:10 KEYN_32
fget $[BOOT9_BIN]@DBC0:10 KEYN_36
fget $[BOOT9_BIN]@DBD0:10 KEYN_38
# NATIVE_FIRM
if chk $[ONTYPE] "N3DS"
if not find 1:/title/00040138/20000002/content/????????.app NATIVE_FIRM_APP
echo "New 3DS NATIVE_FIRM not found."
goto Exit
end
set EXPECTED_NATIVE_FIRM_VER "1F00"
set KEYY_2E_OFFSET "66504"
set KEYY_39_NFC_OFFSET "66524"
set COMMON_0_OFFSET "6CE51"
set COMMON_1_OFFSET "6CE65"
set COMMON_2_OFFSET "6CE79"
set COMMON_3_OFFSET "6CE8D"
set COMMON_4_OFFSET "6CEA1"
set COMMON_5_OFFSET "6CEB5"
else
if not find 1:/title/00040138/00000002/content/????????.app NATIVE_FIRM_APP
echo "Old 3DS NATIVE_FIRM not found."
goto Exit
end
set EXPECTED_NATIVE_FIRM_VER "1F00"
set KEYY_2E_OFFSET "66488"
set KEYY_39_NFC_OFFSET "664A8"
set COMMON_0_OFFSET "6CDC1"
set COMMON_1_OFFSET "6CDD5"
set COMMON_2_OFFSET "6CDE9"
set COMMON_3_OFFSET "6CDFD"
set COMMON_4_OFFSET "6CE11"
set COMMON_5_OFFSET "6CE25"
end
set NATIVE_FIRM_EXTHEADER "G:/extheader.bin"
set NATIVE_FIRM_ENCRYPTED "G:/exefs/.firm"
set NATIVE_FIRM_DECRYPTED "$[GM9OUT]/native.firm"
set PROCESS9_CODE "G:/0004013000003000.Process9/exefs/.code"
imgmount $[NATIVE_FIRM_APP]
fget $[NATIVE_FIRM_EXTHEADER]@E:2 NATIVE_FIRM_VER
if not chk $[NATIVE_FIRM_VER] $[EXPECTED_NATIVE_FIRM_VER]
echo "Unsupported NATIVE_FIRM version.\nThis script requires the latest 3DS firmware.\n\nExpected $[EXPECTED_NATIVE_FIRM_VER], got $[NATIVE_FIRM_VER]"
goto Exit
end
cp -w $[NATIVE_FIRM_ENCRYPTED] $[NATIVE_FIRM_DECRYPTED]
decrypt $[NATIVE_FIRM_DECRYPTED]
imgumount
imgmount $[NATIVE_FIRM_DECRYPTED]
fget $[PROCESS9_CODE]@$[KEYY_2E_OFFSET]:10 KEYY_2E
set KEYY_31 $[KEYY_2E]
set KEYY_39_DLP $[KEYY_2E]
fget $[PROCESS9_CODE]@$[KEYY_39_NFC_OFFSET]:10 KEYY_39_NFC
fget $[PROCESS9_CODE]@$[COMMON_0_OFFSET]:10 COMMON_0
fget $[PROCESS9_CODE]@$[COMMON_1_OFFSET]:10 COMMON_1
fget $[PROCESS9_CODE]@$[COMMON_2_OFFSET]:10 COMMON_2
fget $[PROCESS9_CODE]@$[COMMON_3_OFFSET]:10 COMMON_3
fget $[PROCESS9_CODE]@$[COMMON_4_OFFSET]:10 COMMON_4
fget $[PROCESS9_CODE]@$[COMMON_5_OFFSET]:10 COMMON_5
imgumount
rm -o -s $[NATIVE_FIRM_DECRYPTED]
# NFC
if chk $[ONTYPE] "N3DS"
if not find 1:/title/00040130/20004002/content/????????.app NFC_APP
echo "New 3DS NFC not found."
goto Exit
end
set EXPECTED_NFC_VER "0700"
set NFC_PHRASE_0_OFFSET "355EE"
set NFC_SEED_0_OFFSET "355FC"
set NFC_HMAC_KEY_0_OFFSET "3560A"
set NFC_PHRASE_1_OFFSET "3561A"
set NFC_SEED_1_OFFSET "35628"
set NFC_HMAC_KEY_1_OFFSET "35638"
set NFC_IV_OFFSET "35648"
else
if not find 1:/title/00040130/00004002/content/????????.app NFC_APP
echo "Old 3DS NFC not found."
goto Exit
end
set EXPECTED_NFC_VER "0800"
set NFC_PHRASE_0_OFFSET "17382"
set NFC_SEED_0_OFFSET "17390"
set NFC_HMAC_KEY_0_OFFSET "1739E"
set NFC_PHRASE_1_OFFSET "173AE"
set NFC_SEED_1_OFFSET "173BC"
set NFC_HMAC_KEY_1_OFFSET "173CC"
set NFC_IV_OFFSET "173DC"
end
set NFC_EXTHEADER "G:/extheader.bin"
set NFC_CODE "$[GM9OUT]/nfc_code.bin"
imgmount $[NFC_APP]
fget $[NFC_EXTHEADER]@E:2 NFC_VER
if not chk $[NFC_VER] $[EXPECTED_NFC_VER]
echo "Unsupported NFC module version.\nThis script requires the latest 3DS firmware.\n\nExpected $[EXPECTED_NFC_VER], got $[NFC_VER]"
goto Exit
end
imgumount
extrcode $[NFC_APP] $[NFC_CODE]
fget $[NFC_CODE]@$[NFC_PHRASE_0_OFFSET]:E NFC_PHRASE_0
fget $[NFC_CODE]@$[NFC_SEED_0_OFFSET]:E NFC_SEED_0
fget $[NFC_CODE]@$[NFC_HMAC_KEY_0_OFFSET]:10 NFC_HMAC_KEY_0
fget $[NFC_CODE]@$[NFC_PHRASE_1_OFFSET]:E NFC_PHRASE_1
fget $[NFC_CODE]@$[NFC_SEED_1_OFFSET]:10 NFC_SEED_1
fget $[NFC_CODE]@$[NFC_HMAC_KEY_1_OFFSET]:10 NFC_HMAC_KEY_1
fget $[NFC_CODE]@$[NFC_IV_OFFSET]:10 NFC_IV
rm -o -s $[NFC_CODE]
# GodMode9 Key Database
set KEY_DB "V:/aeskeydb.bin"
set KEY_DB_18X "K:/slot0x18KeyX.ret.bin"
set KEY_DB_19X "K:/slot0x19KeyX.ret.bin"
set KEY_DB_1AX "K:/slot0x1AKeyX.ret.bin"
set KEY_DB_1BX "K:/slot0x1BKeyX.ret.bin"
set KEY_DB_1CX "K:/slot0x1CKeyX.ret.bin"
set KEY_DB_1DX "K:/slot0x1DKeyX.ret.bin"
set KEY_DB_1EX "K:/slot0x1EKeyX.ret.bin"
set KEY_DB_1FX "K:/slot0x1FKeyX.ret.bin"
set KEY_DB_25X "K:/slot0x25KeyX.ret.bin"
set KEY_DB_24Y "K:/slot0x24KeyY.bin"
set KEY_DB_2FY "K:/slot0x2FKeyY.ret.bin"
imgmount $[KEY_DB]
fget $[KEY_DB_18X]@0:10 KEYX_18
fget $[KEY_DB_19X]@0:10 KEYX_19
fget $[KEY_DB_1AX]@0:10 KEYX_1A
fget $[KEY_DB_1BX]@0:10 KEYX_1B
fget $[KEY_DB_1CX]@0:10 KEYX_1C
fget $[KEY_DB_1DX]@0:10 KEYX_1D
fget $[KEY_DB_1EX]@0:10 KEYX_1E
fget $[KEY_DB_1FX]@0:10 KEYX_1F
fget $[KEY_DB_25X]@0:10 KEYX_25
fget $[KEY_DB_24Y]@0:10 KEYY_24
fget $[KEY_DB_2FY]@0:10 KEYY_2F
imgumount
# Write Keys To File
set OUT "0:/gm9/aes_keys.txt"
dumptxt $[OUT] "# KeyX"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "slot0x18KeyX=$[KEYX_18]"
dumptxt -p $[OUT] "slot0x19KeyX=$[KEYX_19]"
dumptxt -p $[OUT] "slot0x1AKeyX=$[KEYX_1A]"
dumptxt -p $[OUT] "slot0x1BKeyX=$[KEYX_1B]"
dumptxt -p $[OUT] "slot0x1CKeyX=$[KEYX_1C]"
dumptxt -p $[OUT] "slot0x1DKeyX=$[KEYX_1D]"
dumptxt -p $[OUT] "slot0x1EKeyX=$[KEYX_1E]"
dumptxt -p $[OUT] "slot0x1FKeyX=$[KEYX_1F]"
dumptxt -p $[OUT] "slot0x25KeyX=$[KEYX_25]"
dumptxt -p $[OUT] "slot0x2CKeyX=$[KEYX_2C]"
dumptxt -p $[OUT] "slot0x2DKeyX=$[KEYX_2D]"
dumptxt -p $[OUT] "slot0x2EKeyX=$[KEYX_2E]"
dumptxt -p $[OUT] "slot0x2FKeyX=$[KEYX_2F]"
dumptxt -p $[OUT] "slot0x30KeyX=$[KEYX_30]"
dumptxt -p $[OUT] "slot0x31KeyX=$[KEYX_31]"
dumptxt -p $[OUT] "slot0x32KeyX=$[KEYX_32]"
dumptxt -p $[OUT] "slot0x33KeyX=$[KEYX_33]"
dumptxt -p $[OUT] "slot0x34KeyX=$[KEYX_34]"
dumptxt -p $[OUT] "slot0x35KeyX=$[KEYX_35]"
dumptxt -p $[OUT] "slot0x36KeyX=$[KEYX_36]"
dumptxt -p $[OUT] "slot0x37KeyX=$[KEYX_37]"
dumptxt -p $[OUT] "slot0x38KeyX=$[KEYX_38]"
dumptxt -p $[OUT] "slot0x39KeyX=$[KEYX_39]"
dumptxt -p $[OUT] "slot0x3AKeyX=$[KEYX_3A]"
dumptxt -p $[OUT] "slot0x3BKeyX=$[KEYX_3B]"
dumptxt -p $[OUT] "slot0x3CKeyX=$[KEYX_3C]"
dumptxt -p $[OUT] "slot0x3DKeyX=$[KEYX_3D]"
dumptxt -p $[OUT] "slot0x3EKeyX=$[KEYX_3E]"
dumptxt -p $[OUT] "slot0x3FKeyX=$[KEYX_3F]"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "# KeyY"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "slot0x04KeyY=$[KEYY_04]"
dumptxt -p $[OUT] "slot0x05KeyY=$[KEYY_05]"
dumptxt -p $[OUT] "slot0x06KeyY=$[KEYY_06]"
dumptxt -p $[OUT] "slot0x07KeyY=$[KEYY_07]"
dumptxt -p $[OUT] "slot0x08KeyY=$[KEYY_08]"
dumptxt -p $[OUT] "slot0x09KeyY=$[KEYY_09]"
dumptxt -p $[OUT] "slot0x0AKeyY=$[KEYY_0A]"
dumptxt -p $[OUT] "slot0x0BKeyY=$[KEYY_0B]"
dumptxt -p $[OUT] "slot0x24KeyY=$[KEYY_24]"
dumptxt -p $[OUT] "slot0x2EKeyY=$[KEYY_2E]"
dumptxt -p $[OUT] "slot0x2FKeyY=$[KEYY_2F]"
dumptxt -p $[OUT] "slot0x31KeyY=$[KEYY_31]"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "# DLP/NFC KeyY (slot 0x39)"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "dlpKeyY=$[KEYY_39_DLP]"
dumptxt -p $[OUT] "nfcKeyY=$[KEYY_39_NFC]"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "# Ticket Common KeyY (slot 0x3D)"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "common0=$[COMMON_0]"
dumptxt -p $[OUT] "common1=$[COMMON_1]"
dumptxt -p $[OUT] "common2=$[COMMON_2]"
dumptxt -p $[OUT] "common3=$[COMMON_3]"
dumptxt -p $[OUT] "common4=$[COMMON_4]"
dumptxt -p $[OUT] "common5=$[COMMON_5]"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "# KeyN"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "slot0x0DKeyN=$[KEYN_0D]"
dumptxt -p $[OUT] "slot0x2DKeyN=$[KEYN_2D]"
dumptxt -p $[OUT] "slot0x32KeyN=$[KEYN_32]"
dumptxt -p $[OUT] "slot0x36KeyN=$[KEYN_36]"
dumptxt -p $[OUT] "slot0x38KeyN=$[KEYN_38]"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "# NFC Secrets"
dumptxt -p $[OUT] ""
dumptxt -p $[OUT] "nfcSecret0Phrase=$[NFC_PHRASE_0]"
dumptxt -p $[OUT] "nfcSecret0Seed=$[NFC_SEED_0]"
dumptxt -p $[OUT] "nfcSecret0HmacKey=$[NFC_HMAC_KEY_0]"
dumptxt -p $[OUT] "nfcSecret1Phrase=$[NFC_PHRASE_1]"
dumptxt -p $[OUT] "nfcSecret1Seed=$[NFC_SEED_1]"
dumptxt -p $[OUT] "nfcSecret1HmacKey=$[NFC_HMAC_KEY_1]"
dumptxt -p $[OUT] "nfcIv=$[NFC_IV]"
# Dump seeddb.bin as well
set SEEDDB_IN "0:/gm9/out/seeddb.bin"
set SEEDDB_OUT "0:/gm9/seeddb.bin"
sdump -w seeddb.bin
cp -w $[SEEDDB_IN] $[SEEDDB_OUT]
@Exit
|