Homebrew [Custom Launcher] Spider3DSTools released

[Helper]

Yes, through a workaround using a GPU command.

Cool, thanks for the confirmation. I'll start screwing around with RAM modifications, then. Look mom, I'm a haxxor!

Helper
If he doesn't have any malloc and it's small enough allocating a buffer on the stack should be sufficient...
If you use C99 I believe you can just declare stack arrays with dynamic sizes these days.
Then again that might be difficult to do during ROP... although probably no problem when you get to the code execution stage of things.
But I'm also kinda n00bish at hacks, yet I have quite a bit of experience with C and programming in general.

Good point. From what I could tell from playing with objdump and ninjhax homebrew, allocating a buffer on the stack should be as simple as decrementing the stack pointer (and incrementing it when you're done, obviously). Just be careful of the buffer size; it would be embarrassing to accidentally smash your own stack.

 

[Helper]

Ooops.

 

[hippy dave]

it would be embarrassing to accidentally smash your own stack.

I heard you'll go blind.

 

[Helper]

Ahh yes. Made a memory dump work with a code.bin. Found what I was looking for. Time to have some fun with this.

I've hit the same block you did. MemoryDump.S doesn't work with a modified RAM offset. Any chance you could share that code.bin/code.s file?

I've been trying to adapt MemoryDump.S to ARM11 assembly but I'm probably doing it completely wrong

 

[krisztian1997]

I've hit the same block you did. MemoryDump.S doesn't work with a modified RAM offset. Any chance you could share that code.bin/code.s file?

I've been trying to adapt MemoryDump.S to ARM11 assembly but I'm probably doing it completely wrong

I think that it has no access to those parts of the RAM, you will have to use some of the GPU stuffs to copy the ram to an accessible part then dump it.

 

[shutterbug2000]

Another question. Figured out how to store hex string(used an array of ints, don't ask me why...) it's a suprise!
All I need now is a way to store 1 value at a time(FOR loop, I know that) to the memory at the base location + value from for loop(int i )

 

[PokeChampion]

I wonder if this Spider3DSTools. [Custom Launcher] could be injected into the root of your SD cart. Because I know the Rei did that with JP console and a U.S. cartridge of Alpha Sapphire. But then used a QR code. to go into Gateway mode

 

[shutterbug2000]

Ok, adding on to my post earlier, I think I know how to write to ram now. However, the program STILL crashes with no changes. It's supposed to display on the screen, not doing that either. Does this look at all incorrect?

addr = 0x14000000;
GSPGPU_FlushDataCache(addr, 0x10000);
GX_SetTextureCopy(addr, buf, 0x10000, 0, 0, 0, 0, 8);
GSPGPU_FlushDataCache(buf, 0x10000);
for(int i = 0; i < 4096; i++){
buf[i + 0x028002AD] = data[i + 1];
}
GSPGPU_FlushDataCache(buf, 0x10000);
GX_SetTextureCopy(buf ,addr, 0x10000, 0, 0, 0, 0, 8);
GSPGPU_FlushDataCache(addr, 0x10000);
svcSleepThread(0x400000LL);

 

[PokeChampion]

Looks like they were just RAM hacking on JP consoles and not English.

 

[Hikari06]

Ok, adding on to my post earlier, I think I know how to write to ram now. However, the program STILL crashes with no changes. It's supposed to display on the screen, not doing that either. Does this look at all incorrect?

addr = 0x14000000;
GSPGPU_FlushDataCache(addr, 0x10000);
GX_SetTextureCopy(addr, buf, 0x10000, 0, 0, 0, 0, 8);
GSPGPU_FlushDataCache(buf, 0x10000);
for(int i = 0; i < 4096; i++){
buf[i + 0x028002AD] = data[i + 1];
}
GSPGPU_FlushDataCache(buf, 0x10000);
GX_SetTextureCopy(buf ,addr, 0x10000, 0, 0, 0, 0, 8);
GSPGPU_FlushDataCache(addr, 0x10000);
svcSleepThread(0x400000LL);

Well, I do not know what these functions do but I noticed that you declared the variable named i in the loop, which is fine, but you have to ensure that c99 mode is activated. I'm just telling that because it's not activated by default in devkit's compiler. But it's probably something else...

 

[pastaconsumer]

This is what i was able to do with Spider3DSTools. its a code.bin file, going to try to make some kind of UI to allow the user to select what Pokemon to inject into the encounter tables, then release it.

Spoiler

Can it be edited to be used with Pokemon Y?

 

[pastaconsumer]

Here is I compiled .dat, .bin.
Test it yourself if you interested in this! Thank you Yifanlu.

How do I use this? sorry for being a noob...

 

[shutterbug2000]

I have a question I've never seen anything about. I know that Nintendo releases some games on eShop that are retro games running on a Virtual console. Is that virtual console prepacked, or is it on the handheld like DS Mode? If so, I wonder if we could inject our SNES/GBC/GBA games with this.

You "requested" it. I've done it. Mostly. I've gotten Super Mario bros. to have different game injected into memory, but the game crashes, not the emulator... Investigation time!

 

[Slushie3DS]

You "requested" it. I've done it. Mostly. I've gotten Super Mario bros. to have different game injected into memory, but the game crashes, not the emulator... Investigation time!

Dude, I swear we are always on the same page with each other! A) Have you found anything new? B) What exactly happens? C) It'd be nice if you could summarize how it all works.

 

[shutterbug2000]

Dude, I swear we are always on the same page with each other! A) Have you found anything new? B) What exactly happens? C) It'd be nice if you could summarize how it all works.

Ok, so here's how I did it.

1. I got a memory dump while super mario was running in the background. Turns out, the game loads the entire rom into ram at once. Just what we need !

2. I used the code.bin launcher to "inject" the rom from a huge int array, into the location which the rom was at the the RAM dump.

3. Once the browser crashes with "an error blah blah", I load up Mario, and reset emulation.

4. The rom freezes, but NOT the entire VC.

 

[PokeChampion]

Ok, so here's how I did it.

1. I got a memory dump while super mario was running in the background. Turns out, the game loads the entire rom into ram at once. Just what we need !

2. I used the code.bin launcher to "inject" the rom from a huge int array, into the location which the rom was at the the RAM dump.

3. Once the browser crashes with "an error blah blah", I load up Mario, and reset emulation.

4. The rom freezes, but NOT the entire VC.

I found the ARM11 file in the 3DS_CFW where the devMenu was. And then after that. Etc

 

[Slushie3DS]

Ok, so here's how I did it.

1. I got a memory dump while super mario was running in the background. Turns out, the game loads the entire rom into ram at once. Just what we need !

2. I used the code.bin launcher to "inject" the rom from a huge int array, into the location which the rom was at the the RAM dump.

3. Once the browser crashes with "an error blah blah", I load up Mario, and reset emulation.

4. The rom freezes, but NOT the entire VC.

I would have never thought about that! The only problem is isn't there GBA games released for VC? If so, I'm pretty there some games that are TOO big to be injected into the RAM

 

[shutterbug2000]

I would have never thought about that! The only problem is isn't there GBA games released for VC? If so, I'm pretty there some games that are TOO big to be injected into the RAM

Honestly, I wouldn't know. I'm not an ambassador, so I have no means to test that.

 

[SciresM]

Anyone interested in my pokemon injection, please see http://projectpokemon.org/forums/sh...-Browser-RAM-based-Pokemon-Injection&p=195497 for instructions on how to do it yourself.

 

[krisztian1997]

Anyone interested in my pokemon injection, please see http://projectpokemon.org/forums/sh...-Browser-RAM-based-Pokemon-Injection&p=195497 for instructions on how to do it yourself.

Can I do that with pkm x ?

 

[SciresM]

Can I do that with pkm x ?

It should work in Pokemon X/Y/OR/AS.