Hacking Gateway kernel access/memory editing question

flarn2006

Well-Known Member
OP
Member
Joined
Apr 6, 2014
Messages
394
Trophies
0
Age
30
XP
523
Country
United States
My understanding is that Gateway, along with the dev menu, etc. basically allows full kernel access. Am I correct?

This would mean it would be possible to do Action Replay-like memory editing, right? (Maybe someone, perhaps myself if I can figure it out, could write a Cheat Engine server similar to the one for Android, so you can use CE with 3DS games.)
 

sgtkwol

Well-Known Member
Member
Joined
Oct 29, 2008
Messages
222
Trophies
0
XP
270
Country
United States
My understanding is that Gateway, along with the dev menu, etc. basically allows full kernel access. Am I correct?

This would mean it would be possible to do Action Replay-like memory editing, right? (Maybe someone, perhaps myself if I can figure it out, could write a Cheat Engine server similar to the one for Android, so you can use CE with 3DS games.)

SaveDataFiler is available for that. Most games have checksums. Pokemon X/Y/oR/aS are supported by PkHex and other games have tools, as well.
 
  • Like
Reactions: Margen67

acidmango

Well-Known Member
Member
Joined
Nov 8, 2014
Messages
106
Trophies
0
Age
38
XP
170
Country
Canada
SaveDataFiler is available for that. Most games have checksums. Pokemon X/Y/oR/aS are supported by PkHex and other games have tools, as well.

By the sounds of it, he intends to do real-time editing not save editing.
I'm not sure if anything has been done in terms of peeking/poking the 3DS yet. Certainly nothing public.
 

Ericss

Well-Known Member
Member
Joined
Sep 1, 2010
Messages
464
Trophies
0
XP
365
Country
United States
NTR CFW lets you edit the memory via plugins and patch games on the fly. It could be used for cheating, but nobody has written a cheat plugin for it yet, and it since it's based on an old GW launcher.dat, it doesn't support games with 7.x-8.x encryption or cia installing.
 
  • Like
Reactions: acidmango

hackotedelaplaqu

Well-Known Member
Member
Joined
Jan 10, 2009
Messages
606
Trophies
1
Website
wiibrew.org
XP
1,196
Country
France
Palatine CFW's ctrclient allows it too :
ctrclient.exe --serveradr=<3ds ip> --customcmd=“<custom cmd>“

installcia:<cia name>

readmem:<mem type> <offset> <size> @<optional output file name>
memtypes: 11kern, 11usr=, 9
11usr=<process name> (i.e. pxi, pm)

writemem:<mem type> <offset> <size> @<input hex file>
memtypes: 11kern, 11usr=, 9
11usr=<process name> (i.e. pxi, pm)

getservhandle <service name> (i.e. ir:u )

sendservicecmd <service handle> <header code> <arg1>,<arg2>…

getprocinfo:addrconv <arm11 procname> <vaddr> (i.e. pxi 0x100000)
getprocinfo:kprocess <arm11 procname> (i.e. pxi)
getprocinfo:mmutable <arm11 procname> (i.e. pxi)
 
  • Like
Reactions: Margen67

hackotedelaplaqu

Well-Known Member
Member
Joined
Jan 10, 2009
Messages
606
Trophies
1
Website
wiibrew.org
XP
1,196
Country
France
How likely is it that I can use this with my 9.2 3DS using nothing but a Gateway card, given what GW has said so far about 9.2 support? I might be able to make something to connect this to Cheat Engine.


It's not related to emunand compatibility
Only sysnand matters here. CFW creates its own emunand.

Tuto reminder :
1. Launch the GW3DS exploit so you're at the GW3DS menu. You want to dump your NAND to the SD card.

2. Backup your NAND.bin file to your PC.

3. Now you'll want to boot into the GW3DS menu again and select "Format emuNAND".

4. Once that's done go to your PC and open the NAND.bin you extracted earlier in HxD. Now here's where things get tricky. You want to copy lines going from offset 00000000 all the way to and including line 000001F0.

5. Once copied go to the beginning of the code. (To the right of where it says 00000000 under offsets.) And click Copy Insert. Once you've done that go ahead and save the NAND.bin file.

6. Almost done. Next put your SD card that you formatted emuNAND on and open up the emuNAND tool made by n1ghty. Click the option to insert emuNAND and insert the NAND.bin file you modified.

7. Now you're going to want to download the files off of GovanifY's website. Throw the files in the 3DS_Stuff folder into the root of your SD card. Extract the rest of it to your Desktop or wherever.

8. Next up you're going to want to get your DS flashcart's microSD card ready, you'll just want to throw thisfile onto it.

Alright so you think you're ready to install the DevMenu? Hope you're ready to reset your 3DS about 50 times.

1. Boot up your DS flashcart and run the NDS file you downloaded. You want to install the Homebrew Rop Loader 4X, (Not the MSETBOSS one. The other one.) Once that's done go ahead and exit to the 3DS main menu.

2. Make sure you have your SD card that you formatted emuNANDon and injected the NAND.bin in the 3DS and go to Settings->Profile->Nintendo DS Profile. Hold L when pressing Nintendo DS Profile.

3. Now your top screen should be blue, and the bottom screen should flash white for a second. If it didn't flash white then you're going to have to restart your 3DS. Keep doing step 2 until it flashes white and your 3DS reboots. (It won't give you an error.)

4. Perfect. Now that your 3DS rebooted and you're in the 3DS' main menu go to your computer. Those files you downloaded from GovanifY's website are going to come in handy. Open run.bat in Notepad and replace "IPTOMODIFY" with your 3DS' IP address. Save run.bat.

5. Now run the run.bat file. If it says it can't connect, keep trying. Eventually it should send a CIA Install command. Congrats. If it doesn't then you'll want to reboot the 3DS, and try again from step 2. (You don't have to keep editing the run.bat file. Once is enough.)

Now instead of step 5, use ctrclient in command line in order to peek and poke memory.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Hello kitty ds is required