# /usr/bin/env python2 from Crypto.Cipher import AES from Crypto.Util import Counter from sys import argv import struct rol = lambda val, r_bits, max_bits: \ (val << r_bits % max_bits) & (2 ** max_bits - 1) | \ ((val & (2 ** max_bits - 1)) >> (max_bits - (r_bits % max_bits))) def to_bytes(num): numstr = '' tmp = num while len(numstr) < 16: numstr += chr(tmp & 0xFF) tmp >>= 8 return numstr[::-1] # Setup Keys and IVs plain_counter = struct.unpack('>Q', '\x01\x00\x00\x00\x00\x00\x00\x00') exefs_counter = struct.unpack('>Q', '\x02\x00\x00\x00\x00\x00\x00\x00') romfs_counter = struct.unpack('>Q', '\x03\x00\x00\x00\x00\x00\x00\x00') Constant = struct.unpack('>QQ', '\x1F\xF9\xE9\xAA\xC5\xFE\x04\x08\x02\x45\x91\xDC\x5D\x52\x76\x8A') # 3DS AES Hardware Constant # Retail keys KeyX0x18 = struct.unpack('>QQ', '\x82\xE9\xC9\xBE\xBF\xB8\xBD\xB8\x75\xEC\xC0\xA0\x7D\x47\x43\x74') # KeyX 0x18 (New 3DS 9.3) KeyX0x1B = struct.unpack('>QQ', '\x45\xAD\x04\x95\x39\x92\xC7\xC8\x93\x72\x4A\x9A\x7B\xCE\x61\x82') # KeyX 0x1B (New 3DS 9.6) KeyX0x25 = struct.unpack('>QQ', '\xCE\xE7\xD8\xAB\x30\xC0\x0D\xAE\x85\x0E\xF5\xE3\x82\xAC\x5A\xF3') # KeyX 0x25 (> 7.x) KeyX0x2C = struct.unpack('>QQ', '\xB9\x8E\x95\xCE\xCA\x3E\x4D\x17\x1F\x76\xA9\x4D\xE9\x34\xC0\x53') # KeyX 0x2C (< 6.x) # Dev Keys: (Uncomment these lines if your 3ds rom is encrypted with Dev Keys) # KeyX0x18 = struct.unpack('>QQ', '\x30\x4B\xF1\x46\x83\x72\xEE\x64\x11\x5E\xBD\x40\x93\xD8\x42\x76') # Dev KeyX 0x18 (New 3DS 9.3) # KeyX0x1B = struct.unpack('>QQ', '\x6C\x8B\x29\x44\xA0\x72\x60\x35\xF9\x41\xDF\xC0\x18\x52\x4F\xB6') # Dev KeyX 0x1B (New 3DS 9.6) # KeyX0x25 = struct.unpack('>QQ', '\x81\x90\x7A\x4B\x6F\x1B\x47\x32\x3A\x67\x79\x74\xCE\x4A\xD7\x1B') # Dev KeyX 0x25 (> 7.x) # KeyX0x2C = struct.unpack('>QQ', '\x51\x02\x07\x51\x55\x07\xCB\xB1\x8E\x24\x3D\xCB\x85\xE2\x3A\x1D') # Dev KeyX 0x2C (< 6.x) with open(argv[1], 'rb') as f: with open(argv[1], 'rb+') as g: print(argv[1]) # Print the filename of the file being decrypted f.seek(0x100) # Seek to start of NCSD header magic = f.read(0x04) if magic == "NCSD": f.seek(0x188) ncsd_flags = struct.unpack(' 0: # check if partition exists f.seek( ((part_off[0]) * sectorsize) + 0x100) # Find partition start (+ 0x100 to skip NCCH header) magic = f.read(0x04) if magic == "NCCH": # check if partition is valid f.seek(((part_off[0]) * sectorsize) + 0x0) part_keyy = struct.unpack('>QQ', f.read( 0x10)) # KeyY is the first 16 bytes of partition RSA-2048 SHA-256 signature f.seek(((part_off[0]) * sectorsize) + 0x108) tid = struct.unpack('QQQQ', f.read(0x20))) f.seek((part_off[0] * sectorsize) + 0x180) exhdr_len = struct.unpack('QQQQ', f.read(0x20))) f.seek((part_off[0] * sectorsize) + 0x1E0) # get romfs hash romfs_sbhash = str("%016X%016X%016X%016X") % (struct.unpack('>QQQQ', f.read(0x20))) plainIV = long(str("%016X%016X") % (plain_iv[::]), 16) exefsIV = long(str("%016X%016X") % (exefs_iv[::]), 16) romfsIV = long(str("%016X%016X") % (romfs_iv[::]), 16) KeyY = long(str("%016X%016X") % (part_keyy[::]), 16) Const = long(str("%016X%016X") % (Constant[::]), 16) KeyX2C = long(str("%016X%016X") % (KeyX0x2C[::]), 16) NormalKey2C = rol((rol(KeyX2C, 2, 128) ^ KeyY) + Const, 87, 128) if (partition_flags[3] == 0x00): # Uses Original Key KeyX = long(str("%016X%016X") % (KeyX0x2C[::]), 16) elif (partition_flags[3] == 0x01): # Uses 7.x Key KeyX = long(str("%016X%016X") % (KeyX0x25[::]), 16) elif (partition_flags[3] == 0x0A): # Uses New3DS 9.3 Key KeyX = long(str("%016X%016X") % (KeyX0x18[::]), 16) elif (partition_flags[3] == 0x0B): # Uses New3DS 9.6 Key KeyX = long(str("%016X%016X") % (KeyX0x1B[::]), 16) NormalKey = rol((rol(KeyX, 2, 128) ^ KeyY) + Const, 87, 128) if (partition_flags[7] & 0x01): # fixed crypto key (aka 0-key) NormalKey = 0x00 NormalKey2C = 0x00 if (exhdr_len[0] > 0): # decrypt exheader f.seek((part_off[0] + 1) * sectorsize) g.seek((part_off[0] + 1) * sectorsize) exhdr_filelen = 0x800 exefsctr2C = Counter.new(128, initial_value=(plainIV)) exefsctrmode2C = AES.new(to_bytes(NormalKey2C), AES.MODE_CTR, counter=exefsctr2C) print("Partition %1d ExeFS: Decrypting: ExHeader" % p) g.write(exefsctrmode2C.decrypt(f.read(exhdr_filelen))) if (exefs_len[0] > 0): # decrypt exefs filename table f.seek((part_off[0] + exefs_off[0]) * sectorsize) g.seek((part_off[0] + exefs_off[0]) * sectorsize) exefsctr2C = Counter.new(128, initial_value=(exefsIV)) exefsctrmode2C = AES.new(to_bytes(NormalKey2C), AES.MODE_CTR, counter=exefsctr2C) g.write(exefsctrmode2C.decrypt(f.read(sectorsize))) print("Partition %1d ExeFS: Decrypting: ExeFS Filename Table" % p) if (partition_flags[3] == 0x01 or partition_flags[3] == 0x0A or partition_flags[ 3] == 0x0B): code_filelen = 0 for j in range(10): # 10 exefs filename slots # get filename, offset and length f.seek(((part_off[0] + exefs_off[0]) * sectorsize) + j * 0x10) g.seek(((part_off[0] + exefs_off[0]) * sectorsize) + j * 0x10) exefs_filename = struct.unpack('<8s', g.read(0x08)) if str(exefs_filename[0]) == str(".code\x00\x00\x00"): code_fileoff = struct.unpack(' 0): for i in xrange(datalenM): g.write(exefsctrmode2C.encrypt( exefsctrmode.decrypt(f.read(1024 * 1024)))) print( "\rPartition %1d ExeFS: Decrypting: %8s... %4d / %4d mb..." % p, str(exefs_filename[0]), i, datalenM + 1), if (datalenB > 0): g.write(exefsctrmode2C.encrypt(exefsctrmode.decrypt(f.read(datalenB)))) print( "\rPartition %1d ExeFS: Decrypting: %8s... %4d / %4d mb... Done!" % p, str(exefs_filename[0]), datalenM + 1, datalenM + 1) # decrypt exefs exefsSizeM = ((exefs_len[0] - 1) * sectorsize) / (1024 * 1024) exefsSizeB = ((exefs_len[0] - 1) * sectorsize) % (1024 * 1024) ctroffset = (sectorsize / 0x10) exefsctr2C = Counter.new(128, initial_value=(exefsIV + ctroffset)) exefsctrmode2C = AES.new(to_bytes(NormalKey2C), AES.MODE_CTR, counter=exefsctr2C) f.seek((part_off[0] + exefs_off[0] + 1) * sectorsize) g.seek((part_off[0] + exefs_off[0] + 1) * sectorsize) if (exefsSizeM > 0): for i in xrange(exefsSizeM): g.write(exefsctrmode2C.decrypt(f.read(1024 * 1024))) print("\rPartition %1d ExeFS: Decrypting: %4d / %4d mb" % p, i, exefsSizeM + 1), if (exefsSizeB > 0): g.write(exefsctrmode2C.decrypt(f.read(exefsSizeB))) print("\rPartition %1d ExeFS: Decrypting: %4d / %4d mb... Done" % p, exefsSizeM + 1, exefsSizeM + 1) else: print("Partition %1d ExeFS: No Data... Skipping..." % p) if (romfs_off[0] != 0): romfsSizeM = (romfs_len[0] * sectorsize) / (1024 * 1024) romfsSizeB = (romfs_len[0] * sectorsize) % (1024 * 1024) romfsctr = Counter.new(128, initial_value=romfsIV) romfsctrmode = AES.new(to_bytes(NormalKey), AES.MODE_CTR, counter=romfsctr) f.seek((part_off[0] + romfs_off[0]) * sectorsize) g.seek((part_off[0] + romfs_off[0]) * sectorsize) if (romfsSizeM > 0): for i in xrange(romfsSizeM): g.write(romfsctrmode.decrypt(f.read(1024 * 1024))) print("\rPartition %1d RomFS: Decrypting: %4d / %4d mb" % p, i, romfsSizeM + 1), if (romfsSizeB > 0): g.write(romfsctrmode.decrypt(f.read(romfsSizeB))) print("\rPartition %1d RomFS: Decrypting: %4d / %4d mb... Done" % p, romfsSizeM + 1, romfsSizeM + 1) else: print("Partition %1d RomFS: No Data... Skipping..." % p) g.seek((part_off[0] * sectorsize) + 0x18B) g.write(struct.pack('