Hacking NTR CFW 3.0!

[dsrules]

That's a typo I did write to 088916F0. It's a Hotkey in ntrclient. Just writes not sticking now?

peek after write to see if your hotkey works or not
data(0x088916F0, 0x10, pid=0x28)

 

[Phil5004]

How Do I install the Launcher.cia?

 

[lemanuel]

How Do I install the Launcher.cia?

With a CIA installer, like Bigbluemenu or Devmenu or FBI or any similar other.

 

[MassExplosion213]

How Do I install the Launcher.cia?

With a CIA installer, like Bigbluemenu or Devmenu or FBI or any similar other.

Aka no 9.9.

 

[hashcheck1]

LBX: Little Battle eXperience (U)

Infinity money

write(0x088916f0, (0x7f, 0x96, 0x98, 0x00), pid=0xXX)

Works finally got it thanks for your help dsrules

 

[Phil5004]

Yes but I need cubic ninja for this isn't it? (New 3ds)

 

[Afterglow]

Hi, I'm trying to get NTR to work in emuNAND 9.9 and I keep getting this error when initiating the NTR app:

dump finished at addr: 0010d000
current firmware not supported.
kversion:02320100
bnBootNTR failed

What do I do?

 

[Zidapi]

Yes but I need cubic ninja for this isn't it? (New 3ds)

Cubic Ninja is one option, the homescreen launcher is the more popular choice now, for obvious reasons.

Hi, I'm trying to get NTR to work in emuNAND 9.9 and I keep getting this error when initiating the NTR app:

dump finished at addr: 0010d000
current firmware not supported.
kversion:02320100
bnBootNTR failed

What do I do?

Open an issue on the GitHub page, and/or contact @cell9

 

[Phil5004]

Cubic Ninja is one option, the homescreen launcher is the more popular choice now, for obvious reasons.

The Homescreen Launcher? Do u Have a Link or something?

 

[iceaco]

Hopefully this is the right place to put a question. Where do I find the windows debugger client?

Google can't give me useful results for ntrclient

 

[dsrules]

http://filetrip.net/dl?Hnp6C8NakH

Hopefully this is the right place to put a question. Where do I find the windows debugger client?

Google can't give me useful results for ntrclient

 

[hashcheck1]

Persona Q: Shadow of the Labyrinth
money 9999999
03AC1844 0098967F

valid memregions:
00100000 - 0065bfff , size: 0055c000
06000000 - 06010fff , size: 00011000
07000000 - 07005fff , size: 00006000
08000000 - 08f8efff , size: 00f8f000
0e000000 - 0e000fff , size: 00001000
0e002000 - 0e002fff , size: 00001000
0e004000 - 0e004fff , size: 00001000
0fffc000 - 10000fff , size: 00005000
10002000 - 10002fff , size: 00001000
14000000 - 16afffff , size: 02b00000
end of memlayout.

03AC1844+14000000=17AC1844ntr outmemrange

Is the out mem formula

03AC1844-16c00000=ANS
ANS+08000000=CHT OFFSET

 

[Phil5004]

Cubic Ninja is one option, the homescreen launcher is the more popular choice now, for obvious reasons.

The Homescreen Launcher? Do u Have a Link or something?

 

[Shadowtrance]

The Homescreen Launcher? Do u Have a Link or something?

https://github.com/44670/BootNTR/releases

 

[dsrules]

Persona Q: Shadow of the Labyrinth
money 9999999
03AC1844 0098967F

valid memregions:
00100000 - 0065bfff , size: 0055c000
06000000 - 06010fff , size: 00011000
07000000 - 07005fff , size: 00006000
08000000 - 08f8efff , size: 00f8f000
0e000000 - 0e000fff , size: 00001000
0e002000 - 0e002fff , size: 00001000
0e004000 - 0e004fff , size: 00001000
0fffc000 - 10000fff , size: 00005000
10002000 - 10002fff , size: 00001000
14000000 - 16afffff , size: 02b00000
end of memlayout.

03AC1844+14000000=17AC1844ntr outmemrange

Is the out mem formula

03AC1844-16c00000=ANS
ANS+08000000=CHT OFFSET

search in 00100000 region

 

[hashcheck1]

Persona Q: Shadow of the Labyrinth
money 9999999
03AC1844 0098967F

valid memregions:
00100000 - 0065bfff , size: 0055c000
06000000 - 06010fff , size: 00011000
07000000 - 07005fff , size: 00006000
08000000 - 08f8efff , size: 00f8f000
0e000000 - 0e000fff , size: 00001000
0e002000 - 0e002fff , size: 00001000
0e004000 - 0e004fff , size: 00001000
0fffc000 - 10000fff , size: 00005000
10002000 - 10002fff , size: 00001000
14000000 - 16afffff , size: 02b00000
end of memlayout.

03AC1844+14000000=17AC1844


data (0x004b1844, pid = 0xXX)

found differences on two dumps at above offset but when writing

but when writing

write(0x004b1844, (0x7f, 0x96, 0x98, 0x00), pid=0xXX)

theres no change to money,

 

[dsrules]

write(0x004b1844, (0x7f, 0x96, 0x98, 0x00), pid=0xXX)

theres no change to money,

peek after poke to see if the value changes

 

[hashcheck1]

> write(0x004b1844, (0x7f, 0x96, 0x98, 0x00), pid=0x29)
null
finished
> data(0x004b1844, 0x10, pid=0x29)
null
packet: cmd = 9, dataLen = 16
7F 96 98 00 30 00 2D E9 6C 20 80 E2 68 C0 90 E5
finished

but when i dump
data(0x00100000, 0x00500000, filename='moneychr', pid=0x29)
the changes above are not showing at 04b1844

 

[thinhvnn]

check addr 0x004b1844-0x00100000

 

[hashcheck1]

yup code working below

Persona Q: Shadow of the Labyrinth
money $9999999

write(0x005b1844, (0x7f, 0x96, 0x98, 0x00), pid=0x2b)