How to use NTR CFW + Debugger with ARCode Cheats
You need:
- A retail Cartridge or legit CIA buyed from eShop
(unsigned cia works with pre bootet
PASTA CFW)
- Cubic Ninja with NTR QR Code
-
NTR.BIN in root folder of internal memorycard
- Create empty file '
debug.flag' in root folder of internal memorycard
-
NTR Debugger
- Activated WLAN with Internet and a PC in the same Network
debug.flag or activate it inside NTR Menu (press X+Y)
Used Commands:
To connect to your console's IP use:
connect('
XXX.
XXX.
XXX.
XXX', 8000)
A few games disconnect wlan when playing movie / loading,
if that happens, don't close NTR Debugger, re-connect it!
To get your App/Game's PID:
listprocess()
Example
MH4U-EUR:
(
pid: 0x00000028, pname: redgiant, tid:
0004000000126100)
PID might change once per boot!
You can find TitleID's for games here:
http://3ds.essh.co/
To write your value:
write(0x
<OFFSET>, (0x
<VALUE>, 0x
<VALUE> ,0x
<VALUE> ,0x
<VALUE>), pid=0x
<PID>)
OFFSET = Cheat Offset //
VALUE = The Value you want to write //
PID = The Apps/Games Process ID
NTR Debugger:
- Start Cubic Ninja and execute NTR Exploit
- Start your desired game
- Start NTR Debugger on PC
- Connect NTR Debugger Example: connect('192.168.1.100', 8000)
- To get the PID, write listprocess() and look for your Games TitleID (TID)
As example i took PID 0x28.
Now how to use ARCode:
Example ARCode
-=[Paper Mario Sticker Star]=-
$9999
02CBCE9C 0000270F
NTR will be 14000000 +
ARCode Offset =
OFFSET:
write(0x
16CBCE9C, (0x
0F, 0x
27 ,0x
00 ,0x
00), pid=0x28)
Depending on what you cheated, it might be necessary to
buy/sell,enter/exit map/house or gain exp to take affect.
To dump your games flash memory:
Additional Commands:
Display Apps/Games Memory Layout:
memlayout (pid=0xPID)
Example MH4U (EUR):
valid memregions:
00100000 - 0111dfff ,
size: 0101e000
08000000 - 0b13efff ,
size: 0313f000
0ffc0000 - 10000fff ,
size: 00041000
10002000 - 10002fff ,
size: 00001000
1e800000 - 1e9fffff ,
size: 00200000
end of memlayout.
You have to find the region where your value
belongs to! In most cases, it will be inside
the region that covers offset around 14000000!
To DUMP memoryregions:
data(0x
<START OFFSET>, 0x
<size>, filename='<name of the file>', pid=0x<PID>)
To find cheats:
Make as many dumps you need and use Cheatengine to find your offset.
Example:
Dump 01 > 1000
Dump 02 > 2000
To use Cheatengine with dumped files:
Press "Open Process", then press "Open File" and choose
your file. After searching, switch to the next dump.
To get the real offset from Cheatengine to NTR it's:
<START OFFSET> + <FOUND OFFSET> = <OFFSET>
To write the offset with your value (4 Bytes): (Example 50000 dec //
0000C350 Hex)
write(0x<OFFSET>, (0x
50 ,0x
C3 ,0x
00 ,0x
00), pid=0x<PID>)
To export the offset to ARCode (HEX):
<START OFFSET> + <FOUND OFFSET> - 14000000 = <ARCode OFFSET>
If the result is negative (<0), ARCode is unable to use the cheat!
For a few games, the found offset is not fixed and you need to find it once per use.
You are free to copy my Tutorial as long you share it for everyone!