Hacking Gateway 3.6.2

[Asia81]

the second one has the correct code format
try the other two address
like I said, if enabled the cheat doesn't work then use Cheat Finder to search for the address again to see if the address becomes different

Spoiler: Codes

[Test1] #Freeze
05411724 00‭0A2C2A‬

[Test2] #Didn't Work
D3000000 10000000
05411724 00‭0A2C2A‬

[Test3] #Freeze
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

[Test4] #Didn't Work
D3000000 10000000
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

[Test5] #Freeze
05411724 00‭0A2C2A‬
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

[Test6] #Didn't Work
D3000000 10000000
05411724 00‭0A2C2A‬
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

I tried to search again the address with Test6 enabled, but I can't even find something, "No Hits Found, resetting" oO For an Exact Search.

If I try with Unsigned (always with Test6 enabled), I can found 4 differents address.

As you can see, if I edit those 4 address with 000F423F (999999) I can change the max number of Knight I got, but the the "actual", "real"...

I will try to save the code since I found something, and continue to search with Signed instead...

 

[urherenow]

I will try to save the code since I found something, and continue to search with Signed instead...

Do you understand the difference between signed and unsigned? If the number you are searching for can't possibly be NEGATIVE, then there is no point in searching for a signed number because it simply isn't signed (and you are limiting the range of numbers you can search for). Signed, as in the first bit is used to tell the machine whether or not the number is positive or negative, so in effect, you are limited to a 7, 15, or 31 bit number on the positive or negative end.

On another note, I have a request for something not as simple as searching for a specific value. Anyone have a clue how to go about an invincible code for Mii Force? Better yet, always have that invincible item activated that you can pick up and it kills anything you touch and what not...

 

[dsrules]

Spoiler: Codes

[Test1] #Freeze
05411724 00‭0A2C2A‬

[Test2] #Didn't Work
D3000000 10000000
05411724 00‭0A2C2A‬

[Test3] #Freeze
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

[Test4] #Didn't Work
D3000000 10000000
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

[Test5] #Freeze
05411724 00‭0A2C2A‬
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

[Test6] #Didn't Work
D3000000 10000000
05411724 00‭0A2C2A‬
068000C8 00‭0A2C2A‬
06848644 00‭0A2C2A‬

I tried to search again the address with Test6 enabled, but I can't even find something, "No Hits Found, resetting" oO For an Exact Search.

If I try with Unsigned (always with Test6 enabled), I can found 4 differents address.


As you can see, if I edit those 4 address with 000F423F (999999) I can change the max number of Knight I got, but the the "actual", "real"...

I will try to save the code since I found something, and continue to search with Signed instead...

yes but the address is different from the ones you found before
(Address: 15411724)
(Address: 168000C8)
(Address: 16848644)

so, the address should be dynamic

 

[Deleted User]

Hey, so my nands are unlinked. →Sysnand-9.0.0-20U
→Emunand-9.5.0-20U.
At one point way back when i first set up emunand I had it th

--------------------- MERGED ---------------------------

[QUOTE="Hunter Guimont, post: 5957520, member: 37906Hey, so my nands are unlinked.

→Sysnand-9.0.0-20U
→Emunand-9.5.0-20U.

At one point way back when I first set up emunand I had the ds profile exploit installed so my sys settings were downgraded. So my emunand has that too.

 

[Asia81]

yes but the address is different from the ones you found before
(Address: 15411724)
(Address: 168000C8)
(Address: 16848644)

so, the address should be dynamic

So what should I do?

 

[dsrules]

So what should I do?

nothing can do now except search for the new address again every time when you play a Stage....?

 

[The Real Jdbye]

how do you use this tool? i want to format my sysnand, do i have to install this in sysnand as well or can i run the tool in emunand?

Just run the .3dsx from HBL in sysnand.

So what should I do?

You can try to find a pointer to the dynamic address.

My nands are already unlinked..

Are you sure about that? Because there should be no way menuhax is installed to emuNAND when you install it to sysNAND if the NANDs are unlinked. Unless you installed menuhax before you unlinked NANDs and didn't remove it from your emuNAND. Try changing your theme on emuNAND before you set menuhax to autoboot.

 

[Asia81]

I'm giving up...
It's boring me...

Almost 7h in trying to search this fucking address...
Thanks anyways for your help @dsrules

 

[Deleted User]

Just run the .3dsx from HBL in sysnand.

You can try to find a pointer to the dynamic address.


Are you sure about that? Because there should be no way menuhax is installed to emuNAND when you install it to sysNAND if the NANDs are unlinked. Unless you installed menuhax before you unlinked NANDs and didn't remove it from your emuNAND. Try changing your theme on emuNAND before you set menuhax to autoboot.

I'll try changing themes, but I know for sure that my nands are unlinked.

--------------------- MERGED ---------------------------

I'll try changing themes, but I know for sure that my nands are unlinked.

It turns out I never actualy went into my theme settings yet... On my SYSnand lol not emu. thx.

--------------------- MERGED ---------------------------

I'll try changing themes, but I know for sure that my nands are unlinked.

It turns out I never actualy went into my theme settings yet... On my SYSnand lol not emu. thx.

--------------------- MERGED ---------------------------

I'll try changing themes, but I know for sure that my nands are unlinked.

It turns out I never actualy went into my theme settings yet... On my SYSnand lol not emu. thx.

--------------------- MERGED ---------------------------

sry im on my n3ds and its glitching as usual.

 

[Zidapi]

I don't know how hard it would be to use the 3DS's built in SD card, but since they didn't they must have had a good reason

Yeah, it's not like they don't have read/write access, as they write saves, and ROM dumps to the internal SD.

I might email them about it. I'm sure they'd appreciate a change from all the WEN 10.3 SUPPRT!? emails.

Now that Gateway has released the live RAM searching feature and people are making codes in swarms, I was wondering if I am the only one that thinks a sub-forum for testing cheats would be useful.

We have a ROM Hacking board which is designed for just that sort of thing, and an existing GateShark discussion thread already.

nothing can do now except search for the new address again every time when you play a Stage....?

You can try to find a pointer to the dynamic address.

Have you any suggested reading for using pointers and BXXXXXXX codes? I'd like to learn how to turn dynamic addresses into GateShark codes.

 

[Asia81]

How would I search a value for puzzle pieces, for trying to have all pieces?

 

[cearp]

How would I search a value for puzzle pieces, for trying to have all pieces?

search before and after you get a new one

 

[Asia81]

search before and after you get a new one

I know I need to do like that, but I don't know where to begin the search.
I tried to do a RAM dump before, and after got a new piece, but many.. many... many... offsets are differents between those 2 dumps.

 

[cearp]

I know I need to do like that, but I don't know where to begin the search.
I tried to do a RAM dump before, and after got a new piece, but many.. many... many... offsets are differents between those 2 dumps.

yes... it's annoying... find an empty, no puzzles pieces save too.

 

[Asia81]

yes... it's annoying... find an empty, no puzzles pieces save too.

not understood

 

[Zidapi]

I know I need to do like that, but I don't know where to begin the search.
I tried to do a RAM dump before, and after got a new piece, but many.. many... many... offsets are differents between those 2 dumps.

If it helps, games often use 01 (harder lots of results) and FF (255, easier, less results) as completion values.

eg. An empty space in a puzzle is represented as 00, when that space is filled with it's puzzle piece that 00 changes to 01 (or ideally FF/255).

A better way to find the place you're looking for would probably to to run the search when you have a number of visitors with complete puzzles.

Then you could pick one puzzle, and fill the top left corner, then the one to the right of that, and so on (taking ram dumps between each piece).

Then look for the 01/FF pattern between each dump.

The first dump would be
00 00 00 00

After the second dump it would become
FF 00 00 00

The third
FF FF 00 00

and so on, as each puzzle piece is obtained.

 

[cearp]

not understood

use someone else's save/a new save. so, if they have 0 puzzle pieces, it will be useful to compare.

 

[Asia81]

If it helps, games often use 01 (harder lots of results) and FF (255, easier, less results) as completion values.

eg. An empty space in a puzzle is represented as 00, when that space is filled with it's puzzle piece that 00 changes to 01 (or ideally FF/255).

A better way to find the place you're looking for would probably to to run the search when you have a number of visitors with complete puzzles.

Then you could pick one puzzle, and fill the top left corner, then the one to the right of that, and so on (taking ram dumps between each piece).

Then look for the 01/FF pattern between each dump.

The first dump would be
00 00 00 00

After the second dump it would become
FF 00 00 00

The third
FF FF 00 00

and so on, as each puzzle piece is obtained.

Useful, thanks!

 

[Asia81]

@Zidapi
I LOVE YOU
I successfully found a puzzle
Now, I need to try a code!

 

[Asia81]

@Zidapi
So, let's try with the puzzle of Kirby.

Spoiler: Ram0.bin

000000000100000100000000000000

Spoiler: Ram1.bin

010000000100000100000000000000

Spoiler: Ram2.bin

010100000100000100000000000000

Spoiler: Ram3.bin

010101000100000100000000000000

So now I check the offset for the fourth piece, which is:

I try to do the code:
024C89FB 00000001

So for Gateshark:
[Test]
D3000000 10000000
224C89FB 00000001

But I only got a freeze.
Where I'm wrong?