3ds Simple Cia Converter Exheader Decryption Failed

Posted on |



For support in English, ask for help at Nintendo Homebrew on Discord.
If you appreciate this guide, we accept Donations.

For support (in English) with GodMode9, as well as help with scripting and to get updates and info, join GodMode9 on Discord.

Required Reading

GodMode9 is a full access file browser for the Nintendo 3DS console, giving you access to your SD card, the FAT partitions inside your SysNAND and EmuNAND, and basically anything else. Among other functionality, you can copy, delete, rename files, and create folders.

Note that if you have any payload files other than GodMode9.firm in the /luma/payloads/ folder on your SD card, holding (Start) on boot will display a “chainloader menu” where you will have to use the D-Pad and the (A) button to select “GodMode9” for these instructions.

Open the cia converter program, create ncchinfo.bin. This is something you'll need to make xorpads, which is used to convert.3ds to a.cia Copy that ncchinfo.bin to your SD card, slap it back into your 3DS and run Rxtools. Go to decryption options and then generate xorpads. Prepare XORpad SD and boot it on console to dump xorpad files needed to extract and decrypt 3ds rom (find and add slot0x25KeyX.bin to Sd with its key) - 32bit / 64bit Auto detected - Converts 3DS Games / CIA 3DZ - Build CIA from 3ds or VC ( Gbc, Gb ) and send to console through Usb and Ftp (optional) - You can play online without modifying header. A flag in the exheader determines if this is the case. On retail for SD applications, exheadersysteminfoflags.flag bit1 must be set. Retail CFAs use the default NCCH product code 'CTR-P-CTAP', while retail title/gamecard CXIs use NCCH product code 'CTR-X-XXXX'. This product code is the NCCH serial code.

GodMode9 is powerful software that has the capability to modify essentially anything on your console. Though many of these modifications are locked behind a permissions system, and it is impossible to accidentally perform dangerous actions without deliberately unlocking permissions, you should still follow instructions carefully and keep backups just in case.

Updating GodMode9

Some of the instructions below are only applicable to the latest version of GodMode9, and as such you should follow this section to update your copy before continuing. Overwrite any existing files.

What You Need

  • The v1.9.2pre1 release of GodMode9

Instructions

  1. Power off your device
  2. Insert your SD card into your computer
  3. Copy GodMode9.firm from the GodMode9 .zip to the /luma/payloads/ folder on your SD card
  4. Copy the gm9 folder from the GodMode9 .zip to the root of your SD card
  5. Reinsert your SD card into your device

Creating a NAND Backup

  1. Launch GodMode9 by holding (Start) during boot
  2. Press (Home) to bring up the action menu
  3. Select “Scripts…”
  4. Select “GM9Megascript”
  5. Select “Backup Options”
  6. Select “SysNAND Backup”
  7. Press (A) to confirm
    • This process will take some time
    • If you get an error, make sure that you have at least 1.3GB of free space on your SD card
  8. Press (A) to continue
  9. Press (B) to return to the main menu
  10. Select “Exit”
  11. Press (A) to relock write permissions if prompted
  12. Hold (R) and press (B) at the same time to eject your SD card
  13. Insert your SD card into your computer
  14. Copy <date>_<serialnumber>_sysnand_###.bin and essential.exefs from the /gm9/out/ folder on your SD card to a safe location on your computer
    • Make backups in multiple locations (such as online file storage)
    • These backups will save you from a brick and/or help you recover files from the NAND image if anything goes wrong in the future
  15. Delete <date>_<serialnumber>_sysnand_###.bin and <date>_<serialnumber>_sysnand_###.bin.sha from the /gm9/out/ folder on your SD card after copying it
  16. Reinsert your SD card into your device
    • If your SD card was not detected, hold (R) and press (B) at the same time to remount it

Restoring a NAND Backup

  1. Launch GodMode9 by holding (Start) during boot
  2. Hold (R) and press (B) at the same time to eject your SD card
  3. Insert your SD card into your computer
  4. Copy <date>_<serialnumber>_sysnand_###.bin from your computer to the /gm9/out/ folder on your SD card
  5. Reinsert your SD card into your device
  6. Press (Home) to bring up the action menu
  7. Select “Scripts…”
  8. Select “GM9Megascript”
  9. Select “Restore Options”
  10. Select “SysNAND Restore (safe)”
  11. Select your NAND backup
  12. Press (A) to unlock SysNAND (lvl3) writing, then input the key combo given
    • This will not overwrite your boot9strap installation
    • This process will take some time
  13. Press (A) to continue
  14. Press (B) to return to the main menu
  15. Select “Exit”
  16. Press (A) to relock write permissions if prompted

Injecting any .CIA app into Health & Safety

For organizational purposes, copy the .cia file you wish to inject to the /cias/ folder on your SD card

Note that it is not possible to inject files into Health & Safety that are larger than it (including games and other large applications)

  1. Launch GodMode9 by holding (Start) during boot
  2. Navigate to [0:] SDCARD -> cias
  3. Press (A) on your .cia to select it, then select “CIA image options…”, then select “Mount image to drive”
  4. Press (A) on the .app file, then select “NCCH image options”, then select “Inject to H&S”
  5. Press (A) to unlock SysNAND (lvl1) writing, then input the key combo given
  6. Press (A) to continue
  7. Press (A) to relock write permissions if prompted

Restoring Health & Safety after injecting a .CIA app

This will only work if the Health & Safety injection was performed by GodMode9 (not Decrypt9 or Hourglass9).

  1. Launch GodMode9 by holding (Start) during boot
  2. Press (Home) to bring up the action menu
  3. Select “More…”
  4. Select “Restore H&S”
  5. Press (A) to unlock SysNAND (lvl1) writing, then input the key combo given
  6. Press (A) to relock write permissions if prompted

Dumping a Game Cartridge

Insert the game cartridge you intend to dump into your device

  • 3DS game cartridges will be dumped to an installable .cia format
  • NDS game cartridges will be dumped to a non-installable .nds format compatible with flashcarts and emulators
  1. Launch GodMode9 by holding (Start) during boot
  2. Navigate to [C:] GAMECART
  3. Follow the steps applicable to your game cartridge:
    • 3DS Game Cartridge: Press (A) on [TitleID].trim.3ds to select it, then select “NCSD image options…”, then select “Build CIA from file”
    • NDS Game Cartridge: Press (A) on [TitleID].trim.nds to select it, then select “Copy to 0:/gm9/out”
  4. Your installable .cia or non-installable .nds formatted file will be outputted to the /gm9/out/ folder on your SD card

Dumping a Title

  1. Launch GodMode9 by holding (Start) during boot
  2. Hover over the drive applicable to the type of title you wish to dump:
    • User Installed Title: [A:] SYSNAND SD
    • System Title: [1:] SYSNAND CTRNAND
  3. Hold (R) and press (A) at the same time to open the drive options
  4. Select “Search for titles”
  5. Press (A) to continue
  6. Press (A) on the .tmd file to select it, then select “TMD file options…”, then select “Build CIA (standard)”
  7. Your installable .cia formatted file will be outputted to the /gm9/out/ folder on your SD card

Converting a .3DS to .CIA

  • For organizational purposes, copy each .3ds file you wish to convert to the /cias/ folder on your SD card
    • Note that if you wish to convert a .3ds file that is already on a flashcart, you should follow Dumping a Game Cartridge
  1. Launch GodMode9 by holding (Start) during boot
  2. Navigate to [0:] SDCARD -> cias
  3. Press (A) on your .3ds file to select it, then select “NCSD image options…”, then select “Build CIA from file”
  4. Your installable .cia formatted file will be outputted to the /gm9/out/ folder on your SD card

Backup GBA VC Saves

The game will be outputted to the /gm9/out/ folder on your SD card with the name <TitleID>.gbavc.sav.

To identify a <TitleID>.gbavc.sav file’s Title ID, you can get a listing of all games on the system and their corresponding Title IDs by hovering over [A:] SYSNAND SD, holding (R) and pressing (A) at the same time, then selecting “Search for titles”.

  1. Do the following process for each GBA VC game that you want to backup the save for:
    • Launch the GBA VC game
    • Exit the GBA VC game
    • Boot your device while holding (Start) to launch the Luma3DS chainloader menu
    • Launch GodMode9 by pressing (A)
    • Navigate to [S:] SYSNAND VIRTUAL
    • Press (A) on agbsave.bin to select it
    • Select “AGBSAVE options…”
    • Select “Dump GBA VC save”
    • Press (A) to continue
    • Press (Start) to reboot your device

Restore GBA VC Saves

To identify a <TitleID>.gbavc.sav file’s Title ID, you can get a listing of all games on the system and their corresponding Title IDs by hovering over [A:] SYSNAND SD, holding (R) and pressing (A) at the same time, then selecting “Search for titles”.

  1. Do the following process for each GBA VC game that you want to restore the save for:
    • Launch the GBA VC game
    • Exit the GBA VC game
    • Boot your device while holding (Start) to launch the Luma3DS chainloader menu
    • Launch GodMode9 by pressing (A)
    • Navigate to [0:] SDCARD -> gm9
    • Press (Y) on the <TitleID>.gbavc.sav file you wish to restore to copy it
    • Press (B) to return to the main menu
    • Navigate to [S:] SYSNAND VIRTUAL
    • Press (A) on agbsave.bin to select it
    • Select “AGBSAVE options…”
    • Select “Inject GBA VC save”
    • Press (A) to continue
    • Press (Start) to reboot your device
    • Launch the GBA VC game
    • Exit the GBA VC game

Format an SD card

Note that this will erase the contents of your SD card!

  1. Launch GodMode9 by holding (Start) during boot
  2. Press (Home) to bring up the action menu
  3. Select “More…”
  4. Select “SD format menu”
  5. Select any EmuNAND options you wish to use
    • Most users will want to select “No EmuNAND”
  6. Select “Auto”
  7. Press (A) to accept the label GM9SD
    • Optionally, you may input a custom name for the SD card
  8. When prompted, input the key combo given to confirm

Encrypting / Decrypting a .CIA file

For organizational purposes, copy each .cia file you wish to encrypt / decrypt to the /cias/ folder on your SD card

  1. Launch GodMode9 by holding (Start) during boot
  2. Navigate to [0:] SDCARD -> cias
  3. Press (A) on the .cia file to select it, then select “CIA image options…”
  4. Select the option to perform the desired function:
    • Encrypt to 0:/gm9/out: Create an encrypted copy of the selected .cia file in the /gm9/out/ folder on your SD card
    • Decrypt to 0:/gm9/out: Create a decrypted copy of the selected .cia file in the /gm9/out/ folder on your SD card
    • Encrypt inplace: Replace the selected .cia file with an encrypted version
    • Decrypt inplace: Replace the selected .cia file with a decrypted version
  5. Your encrypted / decrypted .cia will be outputted to the desired location

Removing an NNID without formatting your device

  1. Launch GodMode9 by holding (Start) during boot
  2. Press (Home) to bring up the action menu
  3. Select “Scripts…”
  4. Select “GM9Megascript”
  5. Select “Scripts from Plailect’s Guide”
  6. Select “Remove NNID”
  7. Press (A) to continue
  8. Press (A) to unlock SysNAND (lvl1) writing, then input the key combo given
  9. Press (A) to continue
  10. Press (B) to return to the main menu
  11. Select “Exit”
  12. Press (A) to relock write permissions if prompted
  13. Press (Start) to reboot your device

The following text tries to document the structure of the NCCH (Nintendo Content Container Header) container format. This format is used to store the content of any installed title.

3ds Simple Cia Converter Exheader Decryption Failed Download

  • 1Overview
  • 2Container File Format
    • 2.4NCCH Flags

Overview[edit]

There are two known NCCH container specializations used on the 3DS, 'executable' and 'non-executable', officially known as CXI and CFA, respectively.

CXI[edit]

The CXI (CTR Executable Image) specialization of the NCCH container contains executable code, which runs on a single ARM11 core.

The CXI format is structured in the following order:

  • first a NCCH header,
  • followed by an extended header,
  • followed by an access descriptor,
  • followed by an optional plain binary region,
  • followed by an optional executable filesystem (ExeFS) - (contains ARM11 code, Home menu icn/bnr and logo),
  • and finally followed by an optional read-only filesystem (RomFS) - (Used for external file storage).

The extended header contains additional information regarding access control. The plain binary region is an area specifically stored in plaintext, mostly containing SDK library strings for identification.

CFA[edit]

The CFA (CTR File Archive) specialization of the NCCH container is not executable, but is used in conjunction with CXI files, e.g. the DLP Child Container and the Electronic Manual. (There is a system update NCCH which follows this format, but is used by the 3DS rather than the Application NCCH, and only works when embedded in the CCI format because the nVer is kept in the header of retail CCI files instead of the application NCCH). There are CFA files which exist alone in a title, but these are just System Data Archive titles and are found only in the NAND.

CFA files are structured in the following order:

  • first a NCCH header,
  • followed by an optional executable filesystem (ExeFS) (same as in CXI, except no ARM11 code)
  • followed by an optional read-only filesystem (RomFS)

Container File Format[edit]

Encryption[edit]

The extended header, the ExeFS, and the RomFS are encrypted using 128-bit AES CTR unless the NoCrypto flag is set in ncchflag[7]. There are different sets of encryption parameters in use, as over the time new system updates introduced more sophisticated means of encryption.

All encrypted regions are grouped into two categories, each of which uses one kind of encryption scheme:

  • The 'menu info' group, including the extended header, the ExeFS header, and the files 'icon' and 'banner' in ExeFS, which are needed to display the game on the menu regardless whether system version supports the game, or whether the pre-downloaded eshop game is officially released.
  • The 'content' group, including the rest files ('.code' and '.firm') in ExeFS, and the entire RomFS, which is needed for actually running the game, and which can be only decrypted on the supported system (and when the seed is officially released for eshop games).

The decryption key is generated using the AES Engine. The keyX and keyY for each group are set as follows:

  • The 'menu info' group uses the primary key, always generated by keyX in the slot 0x2C (set by bootrom) and keyY from the first 0x10 bytes of the NCCH signature.
  • The 'content' group uses the secondary key. The slot selection for keyX depends on ncchflag[3], as listed in the table below.
ncchflag[3]FW IntroducedOld3DSAES KeyslotsNotes
0x00The initial versionYes0x2CThis keyslot is initialized by bootrom. This is the same key as the primary key.
0x017.0.0-XYes0x25This keyslot is initialized by the 6.0 gamecard savegame keyY init function during boot, using a different portion of the final hash (this keyslot is separate from the one used for the 6.0 save crypto).
0x0A9.3.0-XNo0x18This keyslot is initialized by arm9loader on New3DS starting with 8.1.0-0_New3DS, but only 9.3.0-X and later know how to use it with ncchflag[3].
0x0B9.6.0-XNo0x1B9.6.0-X's arm9loader changed the contents of keyslots 0x19-0x1F; 9.6.0-X was the first time they were officially used, so this is not a breaking change (there is no content that would use the old versions of those keys).
3ds Simple Cia Converter Exheader Decryption Failed

Besides all rules above, if ncchflag[7] bitmask 0x1 is set, and a fixed AES key instead is used for both groups. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ('zeros' key). These are debug keys, as they aren't nomally supported on retail systems.

The initial CTR for decryption each region is generated from the partition ID, as described below:

  • if the version field (NCCH header + 0x112) is 0 or 2, the 16-byte CTR is [partition_id[7], partition_id[6], ..., partition_id[0], M, 0, ..., 0], where
    • The 8-byte partition ID starts from the beginning in the reverse order. If the partition ID is viewed as a little-endian u64, and the CTR is viewed as big-endian u128, then this is to put the partition ID to the most significant bits of the CTR
    • CTR[8] is set to a magic number M. For extended header, M = 1. For ExeFS, M = 2. For RomFS, M = 3.
    • The rest 7 bytes (the least significant bits of big-endian CTR) are set to zero
  • if the version field is 1, the 16-byte CTR is [partition_id[0], partition_id[1], ...,partition_id[7], 0, 0, 0, 0, T[0], T[1], T[2], T[3]], where
    • The 8-byte partition ID starts from the beginning in the same order.
    • Then four zeros follow.
    • Then a number T in big-endian follows. This number is the offset of each encrypted region to the NCCH beginning. So for extended header, T = 0x200. For ExeFS/RomFS. T = 0x200 * ExeFS/RomFS offset in media units

Note that due to the key generation schemes described above, ExeFS can contain regions using different keys. Regardless of this, both regions shared the same initial CTR at the beginning of ExeFS. If one region doesn't start at the beginning of ExeFS, its actual CTR at its own beginning = ExeFS CTR + (region offset / AESBlockSize=16)

Format[edit]

Currently, only ExeFS:/.code can be compressed (with a LZ77 variant). A flag in the exheader determines if this is the case.

3ds Simple Cia Converter Exheader Decryption Failed

On retail for SD applications, exheader_systeminfoflags.flag bit1 must be set.

Retail CFAs use the default NCCH product code 'CTR-P-CTAP', while retail title/gamecard CXIs use NCCH product code 'CTR-X-XXXX'. This product code is the NCCH serial code. The region-locking info checked by home menu is stored in the icon.

All of the hashes stored in this NCCH header are over the cleartext data. The ExeFS/RomFS superblock starts at offset 0x0 in the ExeFS/RomFS, and the size is specified by the hash region fields. Nintendo's NCCH validation code seems to have the size of this region fixed to 0x200 bytes (for ExeFS at least).

As of 5.0.0-11 the application ExeFS:/logo can be loaded from the plaintext region between the access descriptor and the plain region, all applications built since 5.0.0-11 store the logo here. The size of this logo is always 0x2000-bytes.

The plain region mainly contains tags for each SDK library used when building the CXI. The version used for the 'FIRMWARE' tag is the kernel/FIRM version, this version can also be stored in the exheader 'kernel release version' ARM11 kernel descriptor field. As of 2.2.0-X the NATIVE_FIRM kernels check the CXI exheader 'kernel release version' field, if it is stored in the CXI exheader. If the kernel/FIRM version specified by this field is higher than the version of the running NATIVE_FIRM, the kernel will return error-code 0xD9001413.

NCCH Header[edit]

OffsetSizeDescription
0x0000x100RSA-2048 signature of the NCCH header, using SHA-256.
0x1004Magic ID, always 'NCCH'
0x1044Content size, in media units (1 media unit = 0x200 bytes)
0x1088Partition ID
0x1102Maker code
0x1122Version
0x1144When ncchflag[7] = 0x20 starting with FIRM 9.6.0-X, this is compared with the first output u32 from a SHA256 hash. The data used for that hash is 0x18-bytes: <0x10-long title-unique content lock seed> <programID from NCCH+0x118>. This hash is only used for verification of the content lock seed, and is not the actual keyY.
0x1188Program ID
0x1200x10Reserved
0x1300x20Logo Region SHA-256 hash. (For applications built with SDK 5+) (Supported from firmware: 5.0.0-11)
0x1500x10Product code
0x1600x20Extended header SHA-256 hash (SHA256 of 2x Alignment Size, beginning at 0x0 of ExHeader)
0x1804Extended header size, in bytes
0x1844Reserved
0x1888Flags (See Below)
0x1904Plain region offset, in media units
0x1944Plain region size, in media units
0x1984Logo Region offset, in media units (For applications built with SDK 5+) (Supported from firmware: 5.0.0-11)
0x19c4Logo Region size, in media units (For applications built with SDK 5+) (Supported from firmware: 5.0.0-11)
0x1A04ExeFS offset, in media units
0x1A44ExeFS size, in media units
0x1A84ExeFS hash region size, in media units
0x1AC4Reserved
0x1B04RomFS offset, in media units
0x1B44RomFS size, in media units
0x1B84RomFS hash region size, in media units
0x1BC4Reserved
0x1C00x20ExeFS superblock SHA-256 hash - (SHA-256 hash, starting at 0x0 of the ExeFS over the number of media units specified in the ExeFS hash region size)
0x1E00x20RomFS superblock SHA-256 hash - (SHA-256 hash, starting at 0x0 of the RomFS over the number of media units specified in the RomFS hash region size)

Given offsets are based on the start of the file.

NCCH Flags[edit]

INDEXDESCRIPTION
3Crypto Method: When this is non-zero, a NCCH crypto method using two keyslots is used(see above).
4Content Platform: 1 = CTR, 2 = snake (New 3DS).
5Content Type Bit-masks: Data = 0x1, Executable = 0x2, SystemUpdate = 0x4, Manual = 0x8, Child = (0x4|0x8), Trial = 0x10. When 'Data' is set, but not 'Executable', NCCH is a CFA. Otherwise when 'Executable' is set, NCCH is a CXI.
6Content Unit Size i.e. u32 ContentUnitSize = 0x200*2^flags[6];
7Bit-masks: FixedCryptoKey = 0x1, NoMountRomFs = 0x2, NoCrypto = 0x4, using a new keyY generator = 0x20(starting with FIRM 9.6.0-X).

CXIs NCCH header signature is verified using the RSA public key stored in the accessdesc,(which follows the exheader) while CFAs NCCH header is verified with a fixed RSA public key.

3ds Simple Cia Converter Exheader Decryption Failed Version

NCCH header example for Lego Starwars III[edit]

Plain region example for Lego Starwars III[edit]

Example dependency list from the extended header[edit]

Tools[edit]

ctrtool - (CMD)(Windows/Linux) Parsing and decrypting (debug only) NCCH files

3ds Simple Cia Converter Exheader Decryption Failed Windows 10

Retrieved from 'https://www.3dbrew.org/w/index.php?title=NCCH&oldid=20935'