ROM Hack How can I hack games using NTR Debugger?

[Kirbs]

Since the spider exploit does not work for New 3ds, the only option to hack games is to use NTR Debugger. I want to know how I could use NTR Debugger in order to use hacks. Like how to properly dump all of the ram for a game without leaving anything behind. Also, how could I inject the modified RAM dump back into the game. Also, is there a way I could modify the ram dump with a spider based hack without using the spider exploit? I would like to hack Animal Crossing New Leaf as an example. Could I hack it using NTR Debugger and could it be like the spider based hacks currently for ACNL. Thanks.

 

[samiam144]

This + This

 

[Kirbs]

This + This

It doesn't say how I can inject the modified ram dump back into the game. Do you know how to do that?

 

[samiam144]

It doesn't say how I can inject the modified ram dump back into the game. Do you know how to do that?

So, you're talking specifically about New Leaf right? Because that link only talks about using ARCodes. You would have to do everything by hex. Basically, you'd have to find out the starting offset that the ACNL ram dumper starts at. Then you would take a copy of your ram dump, edit it, then look at the offsets that were edited through the Editor (leaf tools of Marx's editor), then convert those to codes which is simple enough. It's long and tedious but it's not too hard, I don't think anyone has done it yet (publicly) though, but I'm pretty sure it would work.

 

[Kirbs]

So, you're talking specifically about New Leaf right? Because that link only talks about using ARCodes. You would have to do everything by hex. Basically, you'd have to find out the starting offset that the ACNL ram dumper starts at. Then you would take a copy of your ram dump, edit it, then look at the offsets that were edited through the Editor (leaf tools of Marx's editor), then convert those to codes which is simple enough. It's long and tedious but it's not too hard, I don't think anyone has done it yet (publicly) though, but I'm pretty sure it would work.

Do you have any idea how I could find the offset that the ACNL ram dumper starts at?

 

[samiam144]

Do you have any idea how I could find the offset that the ACNL ram dumper starts at?

You will probably have to ask in the thread, or specifically Marc_Max.

Or you can look at the ARCodes here: https://gbatemp.net/threads/spider-arcode.383937/page-36#post-5435805
Then look at this: https://gbatemp.net/threads/spider-animal-crossing-new-leaf-ram-editor.382965/page-59#post-5411646

The ARCode offsets for the mailbox are
0200FD8c and
0200FD95

The offsets in the ram dump for the mailbox are:
0x057e8c
0x057e95

See the difference? You will have to calculate those and input them into the Debugger

 

[Kirbs]

You will probably have to ask in the thread, or specifically Marc_Max.

Or you can look at the ARCodes here: https://gbatemp.net/threads/spider-arcode.383937/page-36#post-5435805
Then look at this: https://gbatemp.net/threads/spider-animal-crossing-new-leaf-ram-editor.382965/page-59#post-5411646

The ARCode offsets for the mailbox are
0200FD8c and
0200FD95

The offsets in the ram dump for the mailbox are:
0x057e8c
0x057e95

See the difference? You will have to calculate those and input them into the Debugger

Yes, I think I am understanding a bit more. But, how could I inject a file made with the RAM editor back into the game?

 

[samiam144]

Yes, I think I am understanding a bit more. But, how could I inject a file made with the RAM editor back into the game?

Unfortunately you cannot, this is simply a workaround. To help you understand more: Make a copy of your current dump. Now change a single thing in that dump (like add a flower in front of your house). Now use a hex editor like HxD to compare the dumps; you will see that at a certain offset there is a different value. You will take that offset and do the necessary conversions to make it a code. That's the only way right now, sorry :/

 

[Kirbs]

Unfortunately you cannot, this is simply a workaround. To help you understand more: Make a copy of your current dump. Now change a single thing in that dump (like add a flower in front of your house). Now use a hex editor like HxD to compare the dumps; you will see that at a certain offset there is a different value. You will take that offset and do the necessary conversions to make it a code. That's the only way right now, sorry :/

ok, thanks for your help. I guess I am understanding a bit more on how to hack ACNL. Thanks again!

 

[samiam144]

ok, thanks for your help. I guess I am understanding a bit more on how to hack ACNL. Thanks again!

You're welcome, I have no N3DS to help but I bid you good luck!

 

[Kirbs]

You're welcome, I have no N3DS to help but I bid you good luck!

I just have one more question. How do I make a code out of the different offsets?

 

[samiam144]

I just have on

e more question. How do I make a code out of the different offsets?

Okay let's take an example again. I saw that someone replied to you, the offsets start at 00000000. So that means you don't have to do any conversion I believe.

Let us take the mailbox example again. Offsets are 0x057e8c & 0x057e95. The value for a golden mailbox is 06.

In HxD, press Ctrl+G to find the offsets.
This is how you read them in a hex editor:

You can see that my value is 12. We are going to turn that into 06 (the golden mailbox).

Now if you find the guide I linked in my first post above, it will show you the format that you will write the codes in, which is:
write(0x<OFFSET>, (0x<VALUE>, 0x<VALUE> ,0x<VALUE> ,0x<VALUE>), pid=0x<PID>)
To get the PID of the game, you have to write "listprocess()" in the debugger while the game is on.

So, you would write the code to get the gold mailbox as:
write(0x057e8c, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)
write(0x057e95, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)

but those extra zeroes will make the three values before 8c & 95 "00".
So I will tag @liomajor here to ask how exactly to write a single byte at 8c & 95 only. I'm not sure, but I think it's either the following:

write(0x057e8c, (0x06), pid=0xPID)
write(0x057e95, (0x06), pid=0xPID)

OR

write(2x057e8c, (0x06), pid=0xPID)
write(2x057e95, (0x06), pid=0xPID)

Edit: I forgot, to compare your ram dumps, open both dumps in HxD and then go to Analysis->File-Compare

Then navigate to each offset that has a different value and just input the offset and value in the debugger as shown above.

 

[Kirbs]

Okay let's take an example again. I saw that someone replied to you, the offsets start at 00000000. So that means you don't have to do any conversion I believe.

Let us take the mailbox example again. Offsets are 0x057e8c & 0x057e95. The value for a golden mailbox is 06.

In HxD, press Ctrl+G to find the offsets.
This is how you read them in a hex editor:

You can see that my value is 12. We are going to turn that into 06 (the golden mailbox).

Now if you find the guide I linked in my first post above, it will show you the format that you will write the codes in, which is:
write(0x<OFFSET>, (0x<VALUE>, 0x<VALUE> ,0x<VALUE> ,0x<VALUE>), pid=0x<PID>)
To get the PID of the game, you have to write "listprocess()" in the debugger while the game is on.

So, you would write the code to get the gold mailbox as:
write(0x057e8c, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)
write(0x057e95, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)

but those extra zeroes will make the three values before 8c & 95 "00".
So I will tag @liomajor here to ask how exactly to write a single byte at 8c & 95 only. I'm not sure, but I think it's either the following:

write(0x057e8c, (0x06), pid=0xPID)
write(0x057e95, (0x06), pid=0xPID)

OR

write(2x057e8c, (0x06), pid=0xPID)
write(2x057e95, (0x06), pid=0xPID)

Edit: I forgot, to compare your ram dumps, open both dumps in HxD and then go to Analysis->File-Compare

Then navigate to each offset that has a different value and just input the offset and value in the debugger as shown above.

Thanks I was also wondering what to do with the other zeroes. So I have to do this for every byte that has changed?

 

[samiam144]

Thanks I was also wondering what to do with the other zeroes. So I have to do this for every byte that has changed?

Yes unfortunately

Just note that I'm not sure if that's the way to write them. I hope liomajor responds Or you can ask in the ARCode thread, but it may be a little off-topic. Or just ask/search in the NTR thread.

 

[Kirbs]

Yes unfortunately

Just note that I'm not sure if that's the way to write them. I hope liomajor responds Or you can ask in the ARCode thread, but it may be a little off-topic. Or just ask/search in the NTR thread.

That's unfortunate. I was looking to edit a lot of stuff, I guess it will take a long time to change everything. I hope he has a chance to look at this thread or I'll go ask in the NTR thread. Thanks!

 

[dsrules]

write(0x057e95, (0x06, ), pid=0xPID)

 

[Kirbs]

write(0x057e95, (0x06, ), pid=0xPID)

Thanks for the info.

 

[Kirbs]

Okay let's take an example again. I saw that someone replied to you, the offsets start at 00000000. So that means you don't have to do any conversion I believe.

Let us take the mailbox example again. Offsets are 0x057e8c & 0x057e95. The value for a golden mailbox is 06.

In HxD, press Ctrl+G to find the offsets.
This is how you read them in a hex editor:

You can see that my value is 12. We are going to turn that into 06 (the golden mailbox).

Now if you find the guide I linked in my first post above, it will show you the format that you will write the codes in, which is:
write(0x<OFFSET>, (0x<VALUE>, 0x<VALUE> ,0x<VALUE> ,0x<VALUE>), pid=0x<PID>)
To get the PID of the game, you have to write "listprocess()" in the debugger while the game is on.

So, you would write the code to get the gold mailbox as:
write(0x057e8c, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)
write(0x057e95, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)

but those extra zeroes will make the three values before 8c & 95 "00".
So I will tag @liomajor here to ask how exactly to write a single byte at 8c & 95 only. I'm not sure, but I think it's either the following:

write(0x057e8c, (0x06), pid=0xPID)
write(0x057e95, (0x06), pid=0xPID)

OR

write(2x057e8c, (0x06), pid=0xPID)
write(2x057e95, (0x06), pid=0xPID)

Edit: I forgot, to compare your ram dumps, open both dumps in HxD and then go to Analysis->File-Compare

Then navigate to each offset that has a different value and just input the offset and value in the debugger as shown above.

Sadly, It appears this is not the correct way to write to the ram dumps. I'm going to ask the NTR thread to see if they know how to do it. I'll keep you posted.

 

[samiam144]

Sadly, It appears this is not the correct way to write to the ram dumps. I'm going to ask the NTR thread to see if they know how to do it. I'll keep you posted.

Where does it fail? I suggest you try the golden mailbox code on the debugger to see if it even works.
1. Enter the game, load it up to the point that you can walk around.

2. Get the PID:

listprocess()


3. Enter the code in the debugger (one at a time I guess):

write(0x057e8c, (0x06, ), pid=0xPID)
write(0x057e95, (0x06, ), pid=0xPID)

Go inside a house/train station, come back out, your mailbox should have changed to the golden one. You can undo it later, just change the value to the one you see in your ram dump.

On a side note:
Wow just realized, I thought you somehow already had a ram dump of your acnl game xD You will have to ask in the NTR thread how to dump from the offsets 00000000 to 000BFFF0 so that it will match the acnl dump offsets, then MAYBE it will work in Marc_Max's editor

 

[Kirbs]

Where does it fail? I suggest you try the golden mailbox code on the debugger to see if it even works.
1. Enter the game, load it up to the point that you can walk around.

2. Get the PID:

listprocess()


3. Enter the code in the debugger (one at a time I guess):

write(0x057e8c, (0x06, ), pid=0xPID)
write(0x057e95, (0x06, ), pid=0xPID)

Go inside a house/train station, come back out, your mailbox should have changed to the golden one. You can undo it later, just change the value to the one you see in your ram dump.

On a side note:
Wow just realized, I thought you somehow already had a ram dump of your acnl game xD You will have to ask in the NTR thread how to dump from the offsets 00000000 to 000BFFF0 so that it will match the acnl dump offsets, then MAYBE it will work in Marc_Max's editor

I already got it to work in Marc_Max's editor. In the editor I just changed two villagers in order to not have to change everything by hand. When I changed the two villagers, it gave me 4 bytes to change, which I did. It says it finished but, when I exit the train
station, the same old villagers are there. Nothing happens even though it says it finished.

Edit: I guess I have to somehow convert it to an AR code for it to work, Since, in the guide that's how @liomajor got it to work.