Hacking [Release]NTR CFW 3.2 with experimental Real-Time Save feature.

[ChrisX930]

original file name was GW_OMEGA_2.2_RELEASE.zip

that should make it easier

thx

 

[Zidapi]

Edit: Ninja'd by gamesquest1 *tips hat*

nice, very nice
But I can't find a downloadlink for NTR CFW 1.0 and no tutorial that describes how to install it x_x
Can you post it for me?

I posted a guide to setting up NTR1 in your thread earlier, along with a link to the translated release thread on the Chinese forum.

Thanks
Problem: Can't find any downloads for Gateway 2.2 right now x_X

You don't have to look very far, it's still available on Gateway's server.

All you need is the file name, which is “GW_OMEGA_2.2_RELEASE.zip”

 

[AlanWeird]

Weird.

NTR's not been mega reliable at booting for me.

I've had to uninstall and reinstall a few times... it does work occasionally,

but the common issue is... it gets to freeing memory. and halts at 00000063.

Is this a common fault and I just haven't googled properly?

New 3ds. Eur version. 9.2.0-20 fw.

 

[yafeee]

Weird.

NTR's not been mega reliable at booting for me.

I've had to uninstall and reinstall a few times... it does work occasionally,

but the common issue is... it gets to freeing memory. and halts at 00000063.

Is this a common fault and I just haven't googled properly?

New 3ds. Eur version. 9.2.0-20 fw.

Same here, with 9.0 European firmware.


In the future, will it be possible to launch NTR through Ninjhax with a .3dsx file ?

 

[MeisterFenster]

The 0000063 issue is very common, just wait some seconds before starting cubic ninja, that increases the success rate.

 

[dandymanz]

I got NTR to boot successfully on average like 1 out of 4 tries. The rates are better than trying to boot PBT or Palantine CFW, and at least it's pretty stable once you manage to launch it.

 

[JasonMoh]

I got NTR CFW 2.2 to boot 4/5 times in N3DS US v9.0.0. 1 time it failed because I booted CN and NTR in haste. Didn't even wait 10 seconds before I booted CN from 3ds dashboard (main menu). Been using it for 4 days now but maybe I will get problems l8r. Will see what happens.

 

[Oishikatta]

cell9 Do plugins have access to all of the svc_* functions?

 

[cearp]

cell9 - bravely default end layer does not run when i am in ntr mode. i get a black screen with an error message. is this normal?
the game usually wants fw 9.4, but ntr ignores the update?

or, it would be very good if there was a way to dump/restore the save of a game without having to load the game. because, i want to dump my save, but i cannot because i cannot run the game

 

[Zidapi]

cell9 Do plugins have access to all of the svc_* functions?

Yes, I believe so. Working on a plugin?

 

[Xsiide]

The server is down? i can't install on n3ds fw 9.0. I get a black screen freeze and error message in home menu.
I have the ntr.bin on sd card and internet connection works fine.

 

[Oishikatta]

Yes, I believe so. Working on a plugin?

I'm kind of stuck trying to do the equivalent of write(...) in the NTR debugger from a plugin. E.g. for the eshop patch.

Anyone know of any sort of documentation at all for the svc_* functions? VS shows the arguments at least, but that's apparently not enough to get it working.

 

[NewWorldOrder]

I'm kind of stuck trying to do the equivalent of write(...) in the NTR debugger from a plugin. E.g. for the eshop patch.

Anyone know of any sort of documentation at all for the svc_* functions? VS shows the arguments at least, but that's apparently not enough to get it working.

working example code: https://github.com/yuriks/3ds-process-dumper

Also, I'm asking myself why NTR does not use other stuff that's available and known to work reliably and stable, such as libkhax?

edit: or wouldn't using libkhax result in a 100% success rate?

 

[maybe toucan]

It would be a very awesome solution for new3ds, but when will be available for o3ds?

 

[Zidapi]

It would be a very awesome solution for new3ds, but when will be available for o3ds?

old3DS owners can use NTR 1.0

Those waiting for NTR 2 to support older models will, according to cell9, waiting "a long time".

old3ds support is working in progress, however it is not at the top priority and maybe you have to wait a long time.

 

[maybe toucan]

Thanks,then will the ntr cfw 1.0 for o3ds 9.2?

 

[Oishikatta]

working example code: https://github.com/yuriks/3ds-process-dumper

Also, I'm asking myself why NTR does not use other stuff that's available and known to work reliably and stable, such as libkhax?

edit: or wouldn't using libkhax result in a 100% success rate?

Is that your code? That gives me the right syntax at least, but now I have no way of knowing if it doesn't work because of NTR not giving access, or another code issue...

If NTR doesn't give the permissions, then it's just not possible right?

nim handle: 0086003b, ret: 00000000
debugActiveProcess failed, ret: f8c007f4
nimDebug handle: 00000000
 
svc_readProcessMemory ret: d9002002
svc_writeProcessMemory ret: d9002002

#include "global.h"
 
Handle fsUserHandle;
FS_archive sdmcArchive = {0x9, (FS_path){PATH_EMPTY, 1, (u8*)""}};
 
u32 doPatch() {
    u32 ret;
    u32 nimPid = 0x00000025;
    Handle nim = 0;
    Handle nimDebug = 0;
 
    const char patch[] = { 0x00, 0x20, 0x08, 0x60, 0x70, 0x47 };
   
    ret = svc_openProcess(&nim, nimPid);
    if (ret != 0) {
        showDbg("openProcess failed, ret: %08lx", ret, 0);
    }
    showDbg("nim handle: %08lx, ret: %08lx", (u32)nim, ret);
 
    ret = svc_debugActiveProcess(&nimDebug, nimPid);
    if (ret != 0) {
        showDbg("debugActiveProcess failed, ret: %08lx", ret, 0);
    }
    showDbg("nimDebug handle: %08lx, ret: %08lx", (u32)nimDebug, ret);
 
    char buf[0x3F] = { 0 };
    ret = svc_readProcessMemory(buf, nimDebug, (u32)0x14E1BC, 0x3E);
 
    showDbg("str: %08lx, ret: %08lx", (u32)*buf, ret);
 
    ret = svc_writeProcessMemory(nimDebug, &patch, (u32)0x10DD28, sizeof(patch));
    showDbg("ret: %08lx - wrote to nim", ret, 0);
 
    return 0;
}
 
int main() {
 
    initSharedFunc();
    nsDbgPrint("initializing eshop plugin\n");
    plgGetSharedServiceHandle("fs:USER", &fsUserHandle);
    plgRegisterMenuEntry(1, "Patch eShop", doPatch);
}

 

[Zidapi]

Thanks,then will the ntr cfw 1.0 for o3ds 9.2?

No. You'll have to downgrade to 4.5 if you want to use it.

 

[cell9]

Is that your code? That gives me the right syntax at least, but now I have no way of knowing if it doesn't work because of NTR not giving access, or another code issue...

If NTR doesn't give the permissions, then it's just not possible right?

nim handle: 0086003b, ret: 00000000
debugActiveProcess failed, ret: f8c007f4
nimDebug handle: 00000000
 
svc_readProcessMemory ret: d9002002
svc_writeProcessMemory ret: d9002002

#include "global.h"
 
Handle fsUserHandle;
FS_archive sdmcArchive = {0x9, (FS_path){PATH_EMPTY, 1, (u8*)""}};
 
u32 doPatch() {
    u32 ret;
    u32 nimPid = 0x00000025;
    Handle nim = 0;
    Handle nimDebug = 0;
 
    const char patch[] = { 0x00, 0x20, 0x08, 0x60, 0x70, 0x47 };
 
    ret = svc_openProcess(&nim, nimPid);
    if (ret != 0) {
        showDbg("openProcess failed, ret: %08lx", ret, 0);
    }
    showDbg("nim handle: %08lx, ret: %08lx", (u32)nim, ret);
 
    ret = svc_debugActiveProcess(&nimDebug, nimPid);
    if (ret != 0) {
        showDbg("debugActiveProcess failed, ret: %08lx", ret, 0);
    }
    showDbg("nimDebug handle: %08lx, ret: %08lx", (u32)nimDebug, ret);
 
    char buf[0x3F] = { 0 };
    ret = svc_readProcessMemory(buf, nimDebug, (u32)0x14E1BC, 0x3E);
 
    showDbg("str: %08lx, ret: %08lx", (u32)*buf, ret);
 
    ret = svc_writeProcessMemory(nimDebug, &patch, (u32)0x10DD28, sizeof(patch));
    showDbg("ret: %08lx - wrote to nim", ret, 0);
 
    return 0;
}
 
int main() {
 
    initSharedFunc();
    nsDbgPrint("initializing eshop plugin\n");
    plgGetSharedServiceHandle("fs:USER", &fsUserHandle);
    plgRegisterMenuEntry(1, "Patch eShop", doPatch);
}

NTR has unlocked all the syscalls, however the debug flag is disabled on retail units by default.
See here for how to enable the debug flag for all process:
https://github.com/yuriks/bootstrap/tree/debug-flag

 

[Zidapi]

Also, I'm asking myself why NTR does not use other stuff that's available and known to work reliably and stable, such as libkhax?

edit: or wouldn't using libkhax result in a 100% success rate?

Because libkhax had only been available for two weeks and is still in Alpha?