Hacking [Release]NTR CFW 3.2 with experimental Real-Time Save feature.

[Oishikatta]

I run gateway from the DS exploit, and now i have the cubic ninja free.
I installed NTR, run Gateway in classic mode, and tried to boot NTR but it says "Freeing memory" for ever. I'm trying to use the language emulation plugin to play codename steam in english(it's on japanese even though the game is US). I Have a new 3ds 9.1J

I saw that it's only for legit, but i just said that if you guys wanted to know

Gateway is based on 9.5 (for both gateway and classic modes), this requires 9.2 or lower.

 

[Zidapi]

I run gateway from the DS exploit, and now i have the cubic ninja free.
I installed NTR, run Gateway in classic mode, and tried to boot NTR but it says "Freeing memory" for ever. I'm trying to use the language emulation plugin to play codename steam in english(it's on japanese even though the game is US). I Have a new 3ds 9.1J

I saw that it's only for legit, but i just said that if you guys wanted to know

Despite what Oishikatta said, I don't think you can boot NTR from emuNAND even on 9.2,

It may be part of NTR's Anti-Piracy "features". But it's more likely that NTR calls upon offsets in the memory that Gateway uses for its hacks (the same reason some spider webhacks don't work in Gateway Mode I believe).

Edit: This would also seem to explain why it crashes at the "clearing memory" stage

 

[Oishikatta]

Despite what Oishikatta said, I don't think you can boot NTR from emuNAND even on 9.2,

I said gateway is based on 9.5, and I meant that to mean your emunand version is irrelevant. You can run NTR with arm9 patches but gateway is always 9.5 for the new 3ds.

 

[stanleyopar2000]

is it common for NTR 2.2 on N3DS to fail to boot multiple times?

"Freeing memory"

or "start ntr.bin" and hangs

the only fix is to wipe cubic Ninja's exploit save and reinstall NTR again ._

i've done this like 5 times today

Wait a few seconds before starting the game, and the success-rate will be about 80% .

okay so it is known to not be 100% reliable...okay! i'll roll with the punches then. Great work = D

PS: waited about 15 seconds in SYSNAND before starting Cubic Ninja and NTR booted fine
the eshop spoof is divine

 

[Kuifa]

Once I install the QR Code, is there any way to reset or delete it?

 

[Oishikatta]

Once I install the QR Code, is there any way to reset or delete it?

It's right in the first post:

If you have installed other exploits already, hold L+R+X+Y at game's main menu to erase the savedata

That's all you do to delete it.

 

[Kuifa]

It's right in the first post:



That's all you do to delete it.

I do that, but I can't rescan a QR Code. It always boots me to NTR.

 

[Oishikatta]

I do that, but I can't rescan a QR Code. It always boots me to NTR.

At the game's main menu (after pressing A only once, not in the edit section), you need to hold LRXY until a menu comes up asking if you want to delete the save data.

 

[Kuifa]

At the game's main menu (after pressing A only once, not in the edit section), you need to hold LRXY until a menu comes up asking if you want to delete the save data.

Oh, I just tap them. Thanks for the help.

 

[Imhullu]

Is it normal for games to be unable to launch on NTR 2.2? I'm trying to run Style Savvy, and upon launching it, I just get a black screen. Now, it does have an update that is available for download, but I'm launching it with wifi turned off. Doesn't seem to want to start. I can still go back to the home menu, but the game itself will only give me a black screen. Any ideas?

EDIT: Sonic Lost World won't launch, either. Are there known compatibility issues with NTR?
EDIT: Ace Combat Legacy Horizon+ freezes during the first mission, after destroying 4 or so planes. I'll just update as I go.
EDIT: Even with language emulation, Ace Combat still freezes.

 

[Zidapi]

I said gateway is based on 9.5, and I meant that to mean your emunand version is irrelevant. You can run NTR with arm9 patches but gateway is always 9.5 for the new 3ds.

Okay, after re-reading your comment again I understand what you meant. I misinterpreted it the first time. Sorry!

 

[xdarkmario]

now that us N3ds users have a MSET back is there an easier way to launch NTR mode?

 

[cearp]

i think in this thread or somwhere, there was a link posted, to i think a chinese site, it had a little guide on how you would use NTR to cheat in games.
does anyone have the link?

- http://www.speedfly.cn/8286.html found it

 

[liomajor]

cearp

I've already explained how to use NTR + Debugger to cheat here:
http://gbatemp.net/threads/spider-arcode.383937/page-60#post-5457556

 

[cearp]

cearp

I've already explained how to use NTR + Debugger to cheat here:
http://gbatemp.net/threads/spider-arcode.383937/page-60#post-5457556

oh thanks very good!
i saw this as well https://gbatemp.net/threads/release...s-usa-cheat-plugin.375916/page-3#post-5215274
but the more help and information the better

 

[liomajor]

How to use NTR CFW + Debugger with ARCode Cheats

You need:

- A retail Cartridge or legit CIA buyed from eShop
(unsigned cia works with pre bootet PASTA CFW)
- Cubic Ninja with NTR QR Code
- NTR.BIN in root folder of internal memorycard
- Create empty file 'debug.flag' in root folder of internal memorycard
- NTR Debugger
- Activated WLAN with Internet and a PC in the same Network

debug.flag or activate it inside NTR Menu (press X+Y)

Used Commands:

To connect to your console's IP use:
connect('XXX.XXX.XXX.XXX', 8000)

A few games disconnect wlan when playing movie / loading,
if that happens, don't close NTR Debugger, re-connect it!

To get your App/Game's PID:
listprocess()

Example MH4U-EUR:
(pid: 0x00000028, pname: redgiant, tid: 0004000000126100)

PID might change once per boot!

You can find TitleID's for games here: http://3ds.essh.co/

To write your value:
write(0x<OFFSET>, (0x<VALUE>, 0x<VALUE> ,0x<VALUE> ,0x<VALUE>), pid=0x<PID>)

OFFSET = Cheat Offset // VALUE = The Value you want to write // PID = The Apps/Games Process ID

NTR Debugger:

- Start Cubic Ninja and execute NTR Exploit
- Start your desired game
- Start NTR Debugger on PC
- Connect NTR Debugger Example: connect('192.168.1.100', 8000)
- To get the PID, write listprocess() and look for your Games TitleID (TID)

As example i took PID 0x28.

Now how to use ARCode:

Example ARCode
-=[Paper Mario Sticker Star]=-
$9999
02CBCE9C 0000270F

NTR will be 14000000 + ARCode Offset = OFFSET:
write(0x16CBCE9C, (0x0F, 0x27 ,0x00 ,0x00), pid=0x28)

If the resulting value beyond valid memory range,
you will have to calculate it like explained here: >CLICK<

Depending on what you cheated, it might be necessary to
buy/sell,enter/exit map/house or gain exp to take affect.

To dump your games flash memory:

Additional Commands:

Display Apps/Games Memory Layout:
memlayout (pid=0xPID)

Example MH4U (EUR):
valid memregions:
00100000 - 0111dfff , size: 0101e000
08000000 - 0b13efff , size: 0313f000
0ffc0000 - 10000fff , size: 00041000
10002000 - 10002fff , size: 00001000
1e800000 - 1e9fffff , size: 00200000
end of memlayout.

You have to find the region where your value
belongs to! In most cases, it will be inside
the region that covers offset around 14000000!

To DUMP memoryregions:
data(0x<START OFFSET>, 0x<size>, filename='<name of the file>', pid=0x<PID>)

To find cheats:

Make as many dumps you need and use Cheatengine to find your offset.

Example:
Dump 01 > 1000
Dump 02 > 2000

To use Cheatengine with dumped files:
Press "Open Process", then press "Open File" and choose
your file. After searching, switch to the next dump.

To get the real offset from Cheatengine to NTR it's:
<START OFFSET> + <FOUND OFFSET> = <OFFSET>

To write the offset with your value (4 Bytes): (Example 50000 dec // 0000C350 Hex)
write(0x<OFFSET>, (0x50 ,0xC3 ,0x00 ,0x00), pid=0x<PID>)

To export the offset to ARCode (HEX):
<START OFFSET> + <FOUND OFFSET> - 14000000 = <ARCode OFFSET>

If the result is negative (<0), ARCode is unable to use the cheat if you don't convert it!

Arcode > NTR will work like explained here: >CLICK<

For a few games, the found offset is not fixed and you need to find it once per use.

You are free to copy my Tutorial as long you share it for everyone!

 

[yipchunyu]

Any chance for 2.3 to support firmware 9.7 like regionfour?

 

[dkabot]

Any chance for 2.3 to support firmware 9.7 like regionfour?

This requires far, far more permissions than RegionFour does.
When RegionFour relaunches to the home menu with the check removed, let me know.

 

[Arkansaw]

is this compatible with gateway installation steps? or do I need to choose one over the other

 

[dkabot]

is this compatible with gateway installation steps? or do I need to choose one over the other

Any CN exploits are incompatible with one another. Ninjhax, RegionFour, GW and NTR are all one-at-a-time. If you have a Sky you can write multiple copies of CN to counteract this, and if you don't you can erase the save if you still wish to swap around (L+R+X+Y on the Main Menu).

Of course, GW also released an exploit for downgraded MSET, so if you want to mix the two you can try that. Just remember you can't actually *run* both at once,