This tutorial will try to help you decrypt a 3DS ROM to change its content and will also explain how to recompile a modified version. This tutorial is essentential for 3DS ROM hacking and will be required for all other tutorials.
Although this tutorial is mainly based on Pokémon ROM hacking, the decryption method is the same for all 3DS games developed with SDK 7.X or less.
Before you begin, here's what you need:
In the tool pack you will find a slot0x25KeyX.bin file. Open it with a hex editor and replace 00 with the numbers that go along this mini-tutorial: File filling instructions. Copy and paste the key. The outcome will look like this:
Install MinGW Get Setup. To do this, double-click the MinGW Get Setup.exe.
You will need to install it in the directory "C:\MinGW". So leave the default directory and all other settings untouched as well. Then the MinGW Installation Manager should start automatically. If it does not start, run it from the Windows desktop. A window appears, click on the "Basic Setup" menu, which is on the left. Then, on the right, you will have to check "mingw-develop-toolkit", "mingw32-based", "mingw32-gcc-g ++" and also "msys-base." Then, in the Setup tab, click "Update Catalog". Wait until the installation is done.
Once this is completed, we will install Python 2.7.7.
To do this, run the Python 2.7.7.msi file, choose the default installation directory, ie "C:\Python27" and allow the installation to complete.
After that, a third program is necessary, the ARM compiler for 3DS.
Run the executable Gcc Arm None EABI 4.8-2014q3-20140805 Win32.exe and don't change the default installation directory. Allow the installation to complete.
Once all these tasks are completed, you will have to add links in the "Path" environment variable. For this you need to go to "Start," right-click on "My Computer", choose "Properties" in the context menu, click on "Advanced System Settings" and finally "Environment Variables ...".
Then in the lower column "System Variables" find the line "Path", double-click it.
A window appears. At the end of the line "Variable Value", append this:
Done, the prerequisites of the installation are complete.
Head into the "PackHack" folder.
Take your 3DS ROM.
Rename it with a simple name, such as PokemonRubisOmega.3ds.
Attention: Without accent or space in the name or you might run into problems!
Drag & drop your ROM onto the "ctrKeyGen.py" file. A "ncchinfo.bin" file is generated.
Copy the files "Launcher.dat", "slot0x25KeyX.bin", "YourRom.3ds" and the file "ncchinfo.bin" onto your SD card (the one you're using for the 3DS, also overwriting all prompts).
Do not insert the flashcard into the console, just the SD card with the files I have just mentioned.
Go into the settings of the Nintendo 3DS, then Other Settings, Profile, press the L button and enter Nintendo DS Profile at the same time.
You will access a menu with 5 options, place the cursor onto the first option and press A.
Wait while creating xorpad files, this could take a while.
Once all xorpads are generated, put your SD Card back into your PC, copy the generated .xorpad files and paste them to the root of the folder "PackHack".
Open 3DSExplorer.exe, Click on File, Open, and open your Rom.3ds.
For the folder named (NCCH (CTR-X-XXXX) 0) (X represents the Game ID, and varies from game to game), which is framed on the screen above, do these 3 easy steps:
- Right-click ExHeader.bin> Save> to save it to the root of the folder "PackHack" with the name "EncryptedExHeader.bin"> A message appears, but just click OK.
- Right-click ExeFS.bin> Save> to save it to the root of the folder "PackHack" with the name "EncryptedExeFS.bin"> A message appears, but just click OK.
- Right-click RomFS.bin> Save> to save it to the root of the folder "PackHack" with the name "EncryptedRomFS.bin"> A message appears, but just click OK.
Extracting RomFS.bin via 3DSExplorer may take some time and will make your PC lag, so please wait patiently. If you see that the PC no longer lags the extraction should be complete.
Optional: It may be that 3DSExplorer poorly extracted RomFS.bin. Should this happen, you will have a drag and drop your ROM onto getromfs.exe file to get EncryptedRomFS.bin, just like it would've been using 3DSExplorer.
Personally, I've had no problems with 3DSExplorer nor Alpha Sapphire or Omega Ruby.
There you go, now you should have extracted the files from the partition 3 0 of your ROM with the names I have mentioned.
According to the file names of the 3 previously extracted files, they are still encrypted. In the following we will decrypt them.
Open XorFiles.exe.
File Name 1: Open the file EncryptedExHeader.bin
File Name 2: Open the corresponding Xorpad (example for Omega Ruby: 000400000011C400.Main.exheader.xorpad )
File Name 3: Save the file with the name DecryptedExHeader.bin in the folder "PackHack".
Wait until the following message appears: The XOR file was successfully created!
In the case of Pokémon X or Y (or any other game of SDK less than 7), do this:
File Name 1: Open the file EncryptedExeFS.bin
File Name 2: Open the corresponding Xorpad (example for Y: 0004000000055E00.Main.exefs_norm.xorpad)
File Name 3: Save the file with the name decrypt following DecryptedExeFS.bin in the folder "PackHack"
Wait until the message appears: The file was successfully created XOR!
In the case of Pokémon Ruby or Sapphire Omega Alpha (or any other game or above SDK 7), do this:
To extract the files from ExeFS it'll be a little bit more complicated!
You have 2 Xorpads ExeFS:
-. 000400000011C400.Main exefs_7x .xorpad
-. 000400000011C400.Main exefs_norm .xorpad
(I recall that the following ID is not for all the ROM, for example, the 011C4 is Ruby Omega)
We will use the MEX.py tool, which is at the root of "PackHack" folder.
For that, go to the root of this folder, right click in the blank, and click Open a command window here.
Once the order open CMD type the following command line:
You get now a new file named Xorpad outputExeFS.xorpad.
Open again Xorfiles.exe:
File Name 1: Open the file EncryptedExeFS.bin
File Name 2: Open Xorpad you just get (outputExeFS.xorpad)
File Name 3: Save the decrypted file with the following name: DecryptedExeFS.bin in the folder "PackHack"
Wait until the message appears: The XOR file was successfully created!
To do this, go to the root of the "PackHack" folder, right-click in the blank and click Open command window here.
Once opened, type the following command and hit enter:
(Remember that the Xorpad IDs depend on the game)
It generated a EncryptedRomFS.bin.out file, so you'll rename it to DecryptedRomFS.bin.
Now we have our 3 decrypted files.
We will now finally extract from romfs which contains all the data such as music, text, table of wild pokemon, textures, etc.
Open a command prompt like before. Type the following command:
This may take 5 to 10 minutes, be patient.
Once the CMD window stops running, all data has been extracted.
You will find the data in the folder "ExtractedRomFs" inside the "PackHack" folder.
We will now finally extract all data from ExeFS which contains the banner of the game you see from the home menu, the music that plays when you select the game from the home menu and a few more files.
Open a command prompt as before. Type the following command:
Extraction is done almost instantly.
You will find the data in the folder "ExtractedExeFs" inside the "PackHack" folder.
Now go inside the "ExtractedExeFs" folder. You will see 3 files: code.bin banner.bin and icon.bin. We'll move these 3 files to the "PackHack" main folder.
Now you are ready to change the data of your game.
Compiling your hacked ROM
Once the ROM data is modified to your liking, rebuild the RomFS. To do this, launch RomFS builder.exe then click Open. Select the "ExtractedRomFs" folder. Click Go, and wait patiently.
A window will automatically open to prompt you for the name of the saved file. Always choose the same location, name the file romfs.bin click Save. Wait until it completed.
Now everything is ready.
Start the MakeRom.bat file with the name of your game, such as "makerom - Saphir.bat".
Wait until the ROM is rebuilt:
The hacked ROM will be created as [GAME] edited.3ds, e.g. SaphirEdited.3ds. Now you can copy it onto your flashcard.
Optional:
If you try to rebuild a game other than Pokémon, because I've mentioned at the beginning that the tutorial is compatible for almost any 3DS game, instead of launching a makerom - POKÉMON.bat, you simply run the file Makerom.bat.
In this case, you will need to open the file with a RSF.rsf advanced text editor like Notepad++ that I made you download at the beginning.
The RSF is a sample provided, it is "pre-built", you will need to fill it with fitting information about the game you want to use it with.
Since helping you build a good RSF file is not the purpose of this tutorial, I will redirect you to a post written in English on GBA Temp that will teach you how to do so.
If you notice that your hacked ROM does not start by freezing at the Nintendo 3DS logo, simply install the update from the game (1.3 to 1.2 for XY and OR AS 02/17/15).
Although this tutorial is mainly based on Pokémon ROM hacking, the decryption method is the same for all 3DS games developed with SDK 7.X or less.
Before you begin, here's what you need:
- A 3DS with firmware between 4.1 and 4.5 and the 3DS profile exploit installed (using a DS flashcard compatible with the 3DS)
- A 3DS linker compatible with this console version that will play the final game once modified. (Only Gateway 3DS is able to do this at this time.)
- 3DS ROM
- An archive extractor like WinRAR that I recommend or 7-Zip which is completely free
- An SD card (for the console) with a minimum capacity of 4 GB.
- Download this pack: Pack tools
- Download this file: ARM Compiler for 3DS
- Download Python 2.7.7 (and not another): Python 2.7.7
- Download Notepad ++
In the tool pack you will find a slot0x25KeyX.bin file. Open it with a hex editor and replace 00 with the numbers that go along this mini-tutorial: File filling instructions. Copy and paste the key. The outcome will look like this:
Installation of required programs
Install MinGW Get Setup. To do this, double-click the MinGW Get Setup.exe.
You will need to install it in the directory "C:\MinGW". So leave the default directory and all other settings untouched as well. Then the MinGW Installation Manager should start automatically. If it does not start, run it from the Windows desktop. A window appears, click on the "Basic Setup" menu, which is on the left. Then, on the right, you will have to check "mingw-develop-toolkit", "mingw32-based", "mingw32-gcc-g ++" and also "msys-base." Then, in the Setup tab, click "Update Catalog". Wait until the installation is done.
Once this is completed, we will install Python 2.7.7.
To do this, run the Python 2.7.7.msi file, choose the default installation directory, ie "C:\Python27" and allow the installation to complete.
After that, a third program is necessary, the ARM compiler for 3DS.
Run the executable Gcc Arm None EABI 4.8-2014q3-20140805 Win32.exe and don't change the default installation directory. Allow the installation to complete.
Once all these tasks are completed, you will have to add links in the "Path" environment variable. For this you need to go to "Start," right-click on "My Computer", choose "Properties" in the context menu, click on "Advanced System Settings" and finally "Environment Variables ...".
Then in the lower column "System Variables" find the line "Path", double-click it.
A window appears. At the end of the line "Variable Value", append this:
- Code:
;C:\MinGW\bin;C:\MinGW\libexec\gcc\mingw32\4.8.1;C:\Python27;C:\MinGW\msys\1.0\bin;C:\Program Files\GNU Tools ARM Embedded\4.8 2014q3\bin
Done, the prerequisites of the installation are complete.
Obtaining the xorpads
Head into the "PackHack" folder.
Take your 3DS ROM.
Rename it with a simple name, such as PokemonRubisOmega.3ds.
Attention: Without accent or space in the name or you might run into problems!
Drag & drop your ROM onto the "ctrKeyGen.py" file. A "ncchinfo.bin" file is generated.
Copy the files "Launcher.dat", "slot0x25KeyX.bin", "YourRom.3ds" and the file "ncchinfo.bin" onto your SD card (the one you're using for the 3DS, also overwriting all prompts).
Do not insert the flashcard into the console, just the SD card with the files I have just mentioned.
Go into the settings of the Nintendo 3DS, then Other Settings, Profile, press the L button and enter Nintendo DS Profile at the same time.
You will access a menu with 5 options, place the cursor onto the first option and press A.
Wait while creating xorpad files, this could take a while.
Once all xorpads are generated, put your SD Card back into your PC, copy the generated .xorpad files and paste them to the root of the folder "PackHack".
Extracting important ROM files
In the following we will extract files such as music, dialogues, images and other data from the game.
Open 3DSExplorer.exe, Click on File, Open, and open your Rom.3ds.
For the folder named (NCCH (CTR-X-XXXX) 0) (X represents the Game ID, and varies from game to game), which is framed on the screen above, do these 3 easy steps:
- Right-click ExHeader.bin> Save> to save it to the root of the folder "PackHack" with the name "EncryptedExHeader.bin"> A message appears, but just click OK.
- Right-click ExeFS.bin> Save> to save it to the root of the folder "PackHack" with the name "EncryptedExeFS.bin"> A message appears, but just click OK.
- Right-click RomFS.bin> Save> to save it to the root of the folder "PackHack" with the name "EncryptedRomFS.bin"> A message appears, but just click OK.
Extracting RomFS.bin via 3DSExplorer may take some time and will make your PC lag, so please wait patiently. If you see that the PC no longer lags the extraction should be complete.
Optional: It may be that 3DSExplorer poorly extracted RomFS.bin. Should this happen, you will have a drag and drop your ROM onto getromfs.exe file to get EncryptedRomFS.bin, just like it would've been using 3DSExplorer.
Personally, I've had no problems with 3DSExplorer nor Alpha Sapphire or Omega Ruby.
There you go, now you should have extracted the files from the partition 3 0 of your ROM with the names I have mentioned.
Decrypting ROM files
According to the file names of the 3 previously extracted files, they are still encrypted. In the following we will decrypt them.
Open XorFiles.exe.
Decrypting ExHeader.bin
File Name 2: Open the corresponding Xorpad (example for Omega Ruby: 000400000011C400.Main.exheader.xorpad )
File Name 3: Save the file with the name DecryptedExHeader.bin in the folder "PackHack".
Wait until the following message appears: The XOR file was successfully created!
Decrypting ExeFS.bin
File Name 1: Open the file EncryptedExeFS.bin
File Name 2: Open the corresponding Xorpad (example for Y: 0004000000055E00.Main.exefs_norm.xorpad)
File Name 3: Save the file with the name decrypt following DecryptedExeFS.bin in the folder "PackHack"
Wait until the message appears: The file was successfully created XOR!
In the case of Pokémon Ruby or Sapphire Omega Alpha (or any other game or above SDK 7), do this:
To extract the files from ExeFS it'll be a little bit more complicated!
You have 2 Xorpads ExeFS:
-. 000400000011C400.Main exefs_7x .xorpad
-. 000400000011C400.Main exefs_norm .xorpad
(I recall that the following ID is not for all the ROM, for example, the 011C4 is Ruby Omega)
We will use the MEX.py tool, which is at the root of "PackHack" folder.
For that, go to the root of this folder, right click in the blank, and click Open a command window here.
Once the order open CMD type the following command line:
- Code:
MEX.py EncryptedExeFS.bin 000400000011C400.Main.exefs_norm.xorpad 000400000011C400.Main.exefs_7x.xorpad outputExeFS.xorpad
You get now a new file named Xorpad outputExeFS.xorpad.
Open again Xorfiles.exe:
File Name 1: Open the file EncryptedExeFS.bin
File Name 2: Open Xorpad you just get (outputExeFS.xorpad)
File Name 3: Save the decrypted file with the following name: DecryptedExeFS.bin in the folder "PackHack"
Wait until the message appears: The XOR file was successfully created!
Decrypting RomFS.bin
Once opened, type the following command and hit enter:
- Code:
xor.exe EncryptedRomFS.bin 000400000011C400.Main.romfs.xorpad
(Remember that the Xorpad IDs depend on the game)
It generated a EncryptedRomFS.bin.out file, so you'll rename it to DecryptedRomFS.bin.
Now we have our 3 decrypted files.
Extracting game data
Extracting RomFS.bin
Open a command prompt like before. Type the following command:
- Code:
ctrtool.exe -t romfs --romfsdir=./ExtractedRomFs DecryptedRomFS.bin
This may take 5 to 10 minutes, be patient.
Once the CMD window stops running, all data has been extracted.
You will find the data in the folder "ExtractedRomFs" inside the "PackHack" folder.
Extracting ExeFS.bin
Open a command prompt as before. Type the following command:
- Code:
ctrtool.exe -t exefs --exefsdir=./ExtractedExeFs DecryptedExeFS.bin
Extraction is done almost instantly.
You will find the data in the folder "ExtractedExeFs" inside the "PackHack" folder.
Now go inside the "ExtractedExeFs" folder. You will see 3 files: code.bin banner.bin and icon.bin. We'll move these 3 files to the "PackHack" main folder.
Now you are ready to change the data of your game.
Stratovarius
Completed by Asia81
Completed by Asia81
Compiling your hacked ROM
Once the ROM data is modified to your liking, rebuild the RomFS. To do this, launch RomFS builder.exe then click Open. Select the "ExtractedRomFs" folder. Click Go, and wait patiently.
A window will automatically open to prompt you for the name of the saved file. Always choose the same location, name the file romfs.bin click Save. Wait until it completed.
Now everything is ready.
Start the MakeRom.bat file with the name of your game, such as "makerom - Saphir.bat".
Wait until the ROM is rebuilt:
The hacked ROM will be created as [GAME] edited.3ds, e.g. SaphirEdited.3ds. Now you can copy it onto your flashcard.
Optional:
If you try to rebuild a game other than Pokémon, because I've mentioned at the beginning that the tutorial is compatible for almost any 3DS game, instead of launching a makerom - POKÉMON.bat, you simply run the file Makerom.bat.
In this case, you will need to open the file with a RSF.rsf advanced text editor like Notepad++ that I made you download at the beginning.
The RSF is a sample provided, it is "pre-built", you will need to fill it with fitting information about the game you want to use it with.
Since helping you build a good RSF file is not the purpose of this tutorial, I will redirect you to a post written in English on GBA Temp that will teach you how to do so.
If you notice that your hacked ROM does not start by freezing at the Nintendo 3DS logo, simply install the update from the game (1.3 to 1.2 for XY and OR AS 02/17/15).
By Asia81
Credits
CTRTool: Neimod
3DSExplorer: Elisher
ctrulib: smealum
Makerom: 3dsguy
3DS Multi Decryptor (CtrKeyGen): void Team
xor: xerpi and his successors
RomFS Builder: SciresM
CTRTool: Neimod
3DSExplorer: Elisher
ctrulib: smealum
Makerom: 3dsguy
3DS Multi Decryptor (CtrKeyGen): void Team
xor: xerpi and his successors
RomFS Builder: SciresM
Thanks
Stratovarius
Reisyukaku
Megadrifter
Asia81
Reisyukaku
Megadrifter
Asia81
Google Translator
Bully@WiiPlaza for refining the English translation (Original French version here:
http://www.pokemontrash.com/jeux-pokemon/decrypter-compiler-rom-3ds.php)
Bully@WiiPlaza for refining the English translation (Original French version here:
http://www.pokemontrash.com/jeux-pokemon/decrypter-compiler-rom-3ds.php)
Last edited by Bully@WiiPlaza on 3/5/2015, 8:44 am; edited 9 times in total