[Tutorial] Building NTR custom firmware cheat plugins w/ cheat menu

Discussion in '3DS - Tutorials' started by supermariorick, Jan 20, 2016.

  1. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    so thanks to @cell9 for releasing the source for NTR cheat plugins that use the cheat menu instead of the outdated button toggles method that has interference with certain games.
    Today is the moment you've all been waiting for. this is some simple steps on building your own cheat plugins!
    first there are some prerequisites:
    you'll need python 2.7 from here
    https://www.python.org/download/releases/2.7/
    and devkitpro from here
    https://gbatemp.net/threads/ds-programming-environment-on-windows.292386/
    and you'll need a computer with Windows XP/Vista/7/8/8.1/10 edit: this also works on the Ematic tablet computer that has Windows 8.1 on it
    then get @cell9 's source code here
    http://gbatemp.net/threads/source-cheat-menu-plugin-demo-for-ntr-cfw.411032/
    and my improvement to the gameplg.c sample file here (i put a sample of adding in more cheat entries)
    http://gbatemp.net/threads/source-cheat-menu-plugin-demo-for-ntr-cfw.411032/#post-5996714

    ok so here's the steps

    1) extract menuCheat.zip from @cell9 's source code thread and replace the gameplg.c in /menuCheat/source/ with the improved sample gameplg.c from my post.

    2) open gameplg.c from /menuCheat/sources/ with your source code editor of choice (e.g. notepad++ on Windows or DroidEdit on Android), scroll to near the bottom where the cheats are and edit them with your own found with NTR debugger/Cheat Engine or from someone requesting a cheat plugin for codes they found but dont know how to build cheat plugins. then scroll down more for the cheat entry names and edit them to match the cheats you put in. to add more entries, simply follow the pattern and format of them with proper bracketing and tab-spacing and follow the numbering for the cheats (0, 1, 2, 3, 4, etc.) and hit save in your source code editor. make sure your edited gameplg.c is in /menuCheat/sources/ ! (use FTP transfers if you used DroidEdit like I did lmao)

    3) then go to the /menuCheat/ folder and doubleclick the startenv.bat (make sure python and devkitpro are installed before you do this!) and it'll open a command prompt window with the directory aimed at /menuCheat/. then type in build.bat and hit enter! at this point it will run python and build your cheat plugin, which will appear in the /menuCheat/ folder. you can then place cheat.plg in /plugin/[titleid]/ with the appropriate titleid for your game from here
    http://3dsdb.com/ and test your NTR custom firmware plugin cheats!
    note: @cell9 said so himself that these plugins won't work online so don't expect to ruin games online with this!

    Enjoy~
     
    Last edited by supermariorick, Jan 9, 2017


  2. Asia81

    Asia81 In my Ecchi World <3

    Member
    4,813
    2,315
    Nov 15, 2014
    France
    Albi
    Useful, I will try it asap, thanks!
     
  3. Tieracloud

    Tieracloud Member

    Newcomer
    34
    2
    Apr 26, 2015
    United States
    From Cell9's old source for Zelda it was using button presses and there are games where it is better for it. Mario games are an example where buttons presses are faster as you can switch quicker. Do you know if this source still allows it? Or would I have to base it off of the Zelda source?

    Code:
            key = getKey();
            if (key == BUTTON_SE) {
                // toggle cheats when SELECT button pressed
                cheatEnabled = !cheatEnabled;
                // wait until key is up
                waitKeyUp();
            }
            if (cheatEnabled) {
                // freeze hearts
                WRITEU16(0x168b6044 , 0x5050);
                // freeze rupees
                WRITEU16(0x168b5fa8 , 9999);
            }
    
    And by any chance do you know if you can combine in-game menu and button press methods in 1 plugin? And can you do a quick tutorial on how you would find the addresses needed? I have a rough idea from watching some gateway cheat tutorials but maybe a all in one tutorial here might make it easier.
     
  4. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    i dont have that information. although I suppose if you cross referenced the source codes of both gameplg.c files you could attempt to combine them and set up button toggles for some and cheat menu for others. if anything try asking @cell9 who just released the source code. as for finding addresses I don't have that information as I have done that for spider3dstools ARcode when Retroboy and I ported gameshark codes for Majora's Mask to spider ARcodes for the 3DS version; however I have yet to use NTR debugger to dump RAM and Cheat Engine to cross reference addresses in RAM but I suppose it's really a matter of dumping RAM enough times and cross referencing with values displayed on a game with searches on Cheat Engine updated with each RAM dump as it was with spiderhax on old3ds.
     
  5. Tieracloud

    Tieracloud Member

    Newcomer
    34
    2
    Apr 26, 2015
    United States
    Thanks. I will test a plugin with a basic maro game and see if I can get it to work. Got the button presses working last year but see some use for a game menu option. I am familiar with gateway cheats but never dived in to using ntr debugger so guess I will try it out for now. Just wish gateway and ntr used the same codes as it would make it easier for everyone in terms of compatibility.
     
  6. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    just don't ask me anything about Gateway as I don't own one.
     
  7. gudenau

    gudenau Never a unique idea

    Member
    3,203
    1,208
    Jul 7, 2010
    United States
    /dev/random
    Easy enough, could be better though...

    Edit:
    Not going to work on it for a while though!
     
  8. Angelcraft

    Angelcraft GBAtemp Fan

    Member
    496
    50
    Sep 8, 2015
    Spain
    can someone do a youtube tutorial?? pls
     
  9. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    I have already requested @DarkFlare69 make one via PM and gave full permission to him to use it.
     
    DarkFlare69 and Angelcraft like this.
  10. Angelcraft

    Angelcraft GBAtemp Fan

    Member
    496
    50
    Sep 8, 2015
    Spain
    thanks :D
     
  11. Rhapsody

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    Can anyone provide me with a guide that details how to convert ARCode or Gateshark codes to the NTR format? I'm giving making NTR plugins a try but I haven't really found a concrete way to do this.

    Also, if a code is more than one line long, what do I do to make it into NTR format?
     
    Games&Stuff and Angelcraft like this.
  12. Angelcraft

    Angelcraft GBAtemp Fan

    Member
    496
    50
    Sep 8, 2015
    Spain
    pls that too
     
  13. Rhapsody

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    Quick tl;dr before you get excited reading this post, it didn't work and froze the game, but I think I might be on the right path.

    So I was messing around with RAM dumps of Fire Emblem Awakening to try and see if I could locate the money value and change it. I made a RAM dump (using the first option out of three for the process, those being 0x00100000, 0x08000000, and 0x14000000, in order). On the first RAM dump I made, I looked for the value of the money I had using Cheat Engine and the default settings after loading a file (4 Bytes value type, Equal To search criteria, etc.), and I found one result when looking for that, so I noted it down. Cheat Engine reported it as 00369200. I went back into the game and made another RAM dump after selling an item and getting more money. Thing is, this time I got two values matching the criteria (360), and neither of them were the same as before. In particular, they were 000358AC and 00035968. For shits and giggles I edited the plugin source to use the first value and set it to 9999, here's what I did;

    Code:
    // freeze the value
    void freezeCheatValue() {
       if (cheatEnabled[0]) {
         WRITEU16(0x00369200, 0x0000270F);
       }
       // TODO: handle your own cheat items
    }
    Note the first part, that's the result that I got from my first dump. The second one is hex for 9999.

    After compiling the plugin and loading it on my game, it loaded fine and showed up in my NTR CFW menu. Issue is when I loaded into my save and used the code, the game crashed, so something clearly wasn't right with what I did (as if that wasn't obvious after I got three different values). So what do I need to do?
     
  14. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    don't ask me how to convert from Gateshark as I do not have a Gateway; however usually spider arcode to NTR code is +0x14000000 unless the memory addresses for NTR for a game are out of range from the addresses for spider arcode due to physical memory addresses vs virtual memory addresses. as for codes more than one line long, the old source code has an example

    if (cheatEnabled) {
    // freeze hearts
    WRITEU16(0x168b6044 , 0x5050);
    // freeze rupees
    WRITEU16(0x168b5fa8 , 9999);
    }
     
    Last edited by supermariorick, Jan 20, 2016
  15. Rhapsody

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    I'm aware of that, but then what do I do with the second section of the code? Would I just put that there like it is in the code I posted?

    And for multi-line ARCodes, what do I do? Or is there no way to convert those?
     
  16. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    i just edited my post with an answer
    basically as long as it remains in the brackets for the code then multiple lines can be used for one code as long as it follows the WRITEU16([address], [value]); format for each line
    perhaps it's time to update my example gameplg.c with that info
     
    Last edited by supermariorick, Jan 20, 2016
  17. Rhapsody

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    Thanks for specifying. Just to be sure, if I were to use a code like, say;

    Code:
    // x255 of all items
    03EDFB18 0A000031
    03EDFBA8 0A00000D
    03EDFBC4 0A000006
    03EDFBD4 E3A010FF
    E3EDFBD8 00000018
    0210C4E5 0600A0E1
    0C19FEEB 04D08DE2
    048BBDEC 460100EA
    
    I would do this;

    Code:
    if (cheatEnabled) {
    WRITEU16(line1leftcodewithoffset, line1rightcode);
    WRITEU16(line2leftcodewithoffset, line2rightcode);
    WRITEU16(line3leftcodewithoffset, line3rightcode);
    WRITEU16(line4leftcodewithoffset, line4rightcode);
    WRITEU16(line5leftcodewithoffset, line5rightcode);
    WRITEU16(line6leftcodewithoffset, line6rightcode);
    WRITEU16(line7leftcodewithoffset, line7rightcode);
    WRITEU16(line8leftcodewithoffset, line8rightcode);
    }
    
    Correct?

    And while we're here, I guess I'll ask one last thing, since there are actually two questions left I need answered. Firstly, as I mentioned above, do you know what I'm doing wrong with RAM dumping and finding the value I'm looking for? And secondly, what's the difference between WRITEU16 and WRITEU32? Do they have different use cases?
     
  18. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    needs proper tabspacing but the format above is correct. as for RAMdumping and finding the codes with NTR debugger ramdumps and cheat engine I have no idea since I haven't tried myself. I have done RAM dumps with spider ARcode but I haven't applied the steps for NTR. my test example gameplg.c has someone else's codes that they requested a cheat plugin be made for.

    WRITEU16 is for 16 bit cheat codes (0x1AAAAAAA, 0x0000BBBB) and WRITEU32 is for 32 bit cheat codes (0x0AAAAAAA, 0xBBBBBBBB) and WRITEU8 is for 8 bit cheat codes (0x2AAAAAAA, 0x000000BB) it looks like.
     
    Last edited by supermariorick, Jan 20, 2016
  19. Rhapsody

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    Gotcha, thanks for the help. Trying out the ARCode conversion stuff you talked about and it seems to be working just fine, At least, the one line version did. I tried out this code;

    Code:
    // All enemy items drop
    03D99848 E1D11AB2
    03D9984C E3510000
    
    I converted it to NTR format by adding 14000000 to the first line, and this is what I have;

    Code:
      if (cheatEnabled[1]) {
         WRITEU16(0x17D99848, 0xE1D11AB2); // All enemies drop their items upon death.
         WRITEU16(0x17D9984C, 0xE3510000);
       }
    
    I compiled it and tested it, but it makes the game crash. Any idea what's up? Hopefully this'll be the last bit of help I need, sorry if I'm bothering you.
     
  20. supermariorick
    OP

    supermariorick GBAtemp Fan

    Member
    415
    112
    Jun 18, 2010
    United States
    move the comment (the one with the //afsgxryhh ) out of the brackets. that's how cell9 put in comments. don't put notes in places they would interfere with bracketed lines of scripts.

    it should be
    Code:
      if (cheatEnabled[1]) {
         WRITEU16(0x17D99848, 0xE1D11AB2);
         WRITEU16(0x17D9984C, 0xE3510000);
       }
    // All enemies drop their items upon death.
     
    Last edited by supermariorick, Jan 20, 2016