Homebrew Using HANS for making an in-game cheat menu?

  • Thread starter Deleted User
  • Start date
  • Views 3,946
  • Replies 22

Do you think this is possible?

  • Yes

  • No


Results are only viewable after voting.
D

Deleted User

Guest
OP
Hello Gbatemp:
Could that be possible?
Thinking about a think like Gateway ingame cheat menu.
With HANS we can return to HBL so we could make a pause game and go to cheatmenu.3dsx ?
 
D

Deleted User

Guest
OP
Another way would be to edit the hans payload so that it creates a thread in game code that will run in the free executable space at the end of .text pages.
In this custom thread we can try to make a simple RAM editor which loads a cheat file previously loaded in a buffer, and will run with the game code.
That's my lil idea.
 
  • Like
Reactions: JJTapia19

Mrrraou

Well-Known Member
Member
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,374
Country
France
Not possible:
Another way would be to edit the hans payload so that it creates a thread in game code that will run in the free executable space at the end of .text pages.
In this custom thread we can try to make a simple RAM editor which loads a cheat file previously loaded in a buffer, and will run with the game code.
That's my lil idea.
.text size can't be edited because of exheaders and things that follows. Plus, memory problems would occur when trying to load cheats in RAM.
A better idea would be to patch directly the code.bin to make the cheat you want.
Hello Gbatemp:
Could that be possible?
Thinking about a think like Gateway ingame cheat menu.
With HANS we can return to HBL so we could make a pause game and go to cheatmenu.3dsx ?
Making the game pause would maybe be possible when patching the home button code, as the payload does for screenshots. Then maybe something could be done here, but not sure, if the code runs in another service/process, the game RAM cannot be patched (with gspwn, maybe it can). And it would never run a 3DSX. Ever. (making it running a 3dsx that could access the game ram while running it would be as possible as your famous amiibohax that gives kernel exploit. :rofl2: I'm sorry but it makes me laugh so hard)
 
Last edited by Mrrraou,
D

Deleted User

Guest
OP
Not possible:

.text size can't be edited because of exheaders and things that follows. Plus, memory problems would occur when trying to load cheats in RAM.
A better idea would be to patch directly the code.bin to make the cheat you want.
I'm aware of how it works.
But the memory pages are 0x1000 aligned, so there will be very little executable space between .text code end and .text page end.
If i understood the sources well, this is how hans repairs game's code before launch it.
 

Mrrraou

Well-Known Member
Member
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,374
Country
France
I'm aware of how it works.
But the memory pages are 0x1000 aligned, so there will be very little executable space between .text code end and .text page end.
If i understood the sources well, this is how hans repairs game's code before launch it.
Well, depending on games.
And, I don't know where you saw that HANS was repairing "game's code", but... could you explain (or give a link to that part of the code) ?
 
D

Deleted User

Guest
OP
https://github.com/smealum/HANS/tree/master/loader
I looked quicly at the sources, i can be wrong;
The loader seems to overwrite the first 0x5000 bytes of the game code, which then gets repaired.
In order to do this the loader places a stub at the very end of the .text page, which will re-jump at the game code once gspwn finished to copy the corrupted parte.

My idea was to expand the stub code to create a custom thread.
But the space is very little.
 

Mrrraou

Well-Known Member
Member
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,374
Country
France
https://github.com/smealum/HANS/tree/master/loader
I looked quicly at the sources, i can be wrong;
The loader seems to overwrite the first 0x5000 bytes of the game code, which then gets repaired.
In order to do this the loader places a stub at the very end of the .text page, which will re-jump at the game code once gspwn finished to copy the corrupted parte.

My idea was to expand the stub code to create a custom thread.
But the space is very little.
Well, in fact, it does. It copies stub.bin at the beginning of the .text first then runs it. But still, you would have to find where you are going to put the cheats inside memory without breaking the game. But, well, maybe it could be possible. Let's see if you can restore it and still having the thread running, too.

--------------------- MERGED ---------------------------

What?
 
  • Like
Reactions: JJTapia19

hacksn5s4

Banned!
Banned
Joined
Aug 12, 2015
Messages
4,332
Trophies
0
XP
1,322
Country
could make it so yo apply the cheats before you start the game and you hold a button combination the browser ramhack thing worked with out kernel exploit and rom hacks are possible on hans so i don't see why is would not
 

MsMidnight

part time fe modder
Member
Joined
Oct 12, 2015
Messages
1,753
Trophies
0
Location
kys
Website
camilla.hostfree.pw
XP
1,437
Country

Attachments

  • Screenshot_2015-11-30-07-10-05.png
    Screenshot_2015-11-30-07-10-05.png
    42.7 KB · Views: 357
  • Like
Reactions: Deleted User

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended