[GUIDE] Badge Arcade Cheating with NTR Debugger

Discussion in '3DS - Flashcards & Custom Firmwares' started by HappyzLife, Jan 16, 2016.

  1. HappyzLife
    OP

    HappyzLife ( ͡° ͜ʖ ͡°)

    Member
    198
    74
    Sep 9, 2015
    Italy
    I'M EVERYWHERE
    IT'S OUTDATED
    I could update this thread, but the spreadsheet is no longer updated :hateit:


    Warning: A lot of users are reporting error codes (002-xxxx) when trying to open badge arcade after abusing of the unlock code. Use at your ownrisk!
    :ha: (@rafamariofan)​

    Hello guys, some people tells me to make a guide for cheating on Badge Arcade without a Gateway.
    My english isn't very good, but let's try :)

    Requirements
    - ntr.bin and BootNTR.cia (thread)
    - NTR Debugger (thread)
    - FBI as cia (just for see your 3ds ip quickly)
    - A PC connected to the same router as your 3ds
    - A working 3ds (it never goes out of style)
    - Python 2.7 (direct link)

    First Step - Install NTR CFW
    Put ntr.bin and BootNTR.cia in your 3ds root and install the cia with your favourite manager.

    Second Step - Connect your PC to your 3ds
    Launch FBI (as cia) and press Y, mine is 192.168.1.132, for example.
    Now launch BootNTR from your 3ds and, after the text "NTR CFW succesfully bla bla bla" press the HOME button for return to the home menu.
    Press X and Y and click A on "Enable Debugger"
    Now you can launch ntrclient.exe from your PC and type the command:
    Code:
    connect('192.168.x.xx', 8000)
    If all works fine you're connect with your 3ds :)

    Third Step - Find the right code for your 3ds
    Go to this site (@soaresden and @Godson777) and look for your 3ds region and model code.
    I have a o3ds EUR so i need this code.
    Copy that and convert it in decimal value with this site. My value is 3286B24C so in decimal is 847688268.
    Now I (with my o3ds EUR) have to do 847688268 - 16 (always -16), and is 847688252.
    I have to reconvert it in hex with this site.
    Now we have the unlock code for our 3ds, with this we can unlock the game when we have 0 plays :)

    Fourth Step - Find your right process
    In NTR Debugger type that code and find the string with "pname: CENTER".
    Code:
    listprocess()
    Example:
    Code:
    pid: 0x0000002a, pname:   CENTER, tid: 0004000000153600, kpobj: fff7b390
    My pid is 0x0000002a, so i need the "2a" value.

    Fifth Step - Unlock Plays :)
    Type that code in NTR Debugger when you're in the screen of the game (i don't know how to translate it asd)
    Code:
    write(0xYOURCODEHERE,(0x04,0x00), pid=0xYOURPIDHERE)
    For me is: write(0x3286B23C,(0x04,0x00), pid=0x2a)
    Now you have 5 free plays, but let's set it to 99! :D

    Sixth Step - OVER 9000 PLAYS!!!!
    Type that code in NTR Debugger when you have at least 1 plays:
    Code:
    write(0xOLDCODE,(0x64,0x00), pid=0xPID)
    PID is the pid who we found in the Fourth Step.
    OLDCODE is the code without -16, so what we found in Third Step.
    Just use a plays and now you have 99 plays :)

    Enjoy this fabulous game, and support Nintendo buying real plays :)
     
    Last edited by HappyzLife, Sep 13, 2016
    BlastXDX, TamDanny, Kafke and 6 others like this.


  2. peteruk

    peteruk GBAtemp Maniac

    Member
    1,383
    615
    Jun 26, 2015
    thank you for this
     
  3. DjoeN

    DjoeN Captain Haddock!

    Member
    5,134
    1,477
    Oct 21, 2005
    Belgium
    Somewhere in this potatoland!
    Great, but i think i'll swap my gateway between my systems :)
    much easier
     
  4. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,622
    1,195
    Oct 8, 2015
    Italy
    Hyrule Castle
    i can't manage to do the 6th step.
    EDIT: i did it.

    — Posts automatically merged - Please don't double post! —

    @HappyzLife i think you should translate it in ita for you know what i mean.
     
  5. HappyzLife
    OP

    HappyzLife ( ͡° ͜ʖ ͡°)

    Member
    198
    74
    Sep 9, 2015
    Italy
    I'M EVERYWHERE
    Oh yeah, why not :)
     
  6. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,622
    1,195
    Oct 8, 2015
    Italy
    Hyrule Castle
    or you do -1 to the code. (at least it is what happens for me)

    — Posts automatically merged - Please don't double post! —

    EDIT: sorry i am dumb sometimes.

    is it not too much hard to convert a gateway to ntr cfw cheat? if yes can you make a tutorial even for that? (it would be awesome to convert them)
     
  7. HappyzLife
    OP

    HappyzLife ( ͡° ͜ʖ ͡°)

    Member
    198
    74
    Sep 9, 2015
    Italy
    I'M EVERYWHERE
    I also converted T Address (for training) to ntr, but i'm testing all, i'll make a guide, in the future :)
     
  8. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,622
    1,195
    Oct 8, 2015
    Italy
    Hyrule Castle
    gatwait soon(tm)? or 1-2 days soon?
     
  9. HappyzLife
    OP

    HappyzLife ( ͡° ͜ʖ ͡°)

    Member
    198
    74
    Sep 9, 2015
    Italy
    I'M EVERYWHERE
    I don't know, i guess it was easier, just wait :3
     
    Last edited by HappyzLife, Jan 16, 2016
  10. TuxSH

    TuxSH GBAtemp Advanced Fan

    Member
    602
    961
    Oct 19, 2015
    France
    Thank you!
    Step 3 can be simplified :
    write(0xYOURCODEHERE - 16,(0x04,0x00), pid=0xYOURPIDHERE)
     
  11. Godson777

    Godson777 Everyone's Favorite Blue Mario

    Member
    394
    70
    Mar 27, 2010
    United States
    idk
    Converting to decimal isn't really even nessesary. The reason why is cause Hex has a numeric system of 16 digits. The decimal numbers being 0 through 9, then A, B, C, D, E, and F.

    So, when you subtract 16, it's literally the same process as subtracting 10 in the decimal system.

    3286B24C
    3286B23C

    Hope I was able to simplify step 3 and make some sense out of the code. :3
     
  12. TuxSH

    TuxSH GBAtemp Advanced Fan

    Member
    602
    961
    Oct 19, 2015
    France
    Please read what I've posted above :3
     
  13. HappyzLife
    OP

    HappyzLife ( ͡° ͜ʖ ͡°)

    Member
    198
    74
    Sep 9, 2015
    Italy
    I'M EVERYWHERE
    Yes, but i just explained it :3
     
  14. Godson777

    Godson777 Everyone's Favorite Blue Mario

    Member
    394
    70
    Mar 27, 2010
    United States
    idk
    That probably works too. I'm no expert on NTR so I wouldn't know. xD

    For all I know, it's probably more effective than my previous post.

    Personally, it looks more complicated converting it, doing math, and converting it back.
     
  15. TuxSH

    TuxSH GBAtemp Advanced Fan

    Member
    602
    961
    Oct 19, 2015
    France
    NTRClient is just a python interpreter with custom functions.
     
  16. HappyzLife
    OP

    HappyzLife ( ͡° ͜ʖ ͡°)

    Member
    198
    74
    Sep 9, 2015
    Italy
    I'M EVERYWHERE
    @TuxSH I'll edit he guide with your info when i'm at home :)
     
  17. Ev1l0rd

    Ev1l0rd ◥▷◁◤ Knight of Void

    Member
    963
    647
    Oct 26, 2015
    Netherlands
    Land of Darkness and Bounty
    Could you help me?

    I'm at the main arcade section. I am connected and everything using NTRDebugger. When I run the command write(0x3286B23C,(0x04,0x00), pid=0x28). pid 28 is CENTER, I get the output:
    Code:
    null
    finished
    and nothing happens.
     
  18. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,622
    1,195
    Oct 8, 2015
    Italy
    Hyrule Castle
    99 plays code right? you need to use the code, try to catch and THEN you have 99 plays.
     
  19. Ev1l0rd

    Ev1l0rd ◥▷◁◤ Knight of Void

    Member
    963
    647
    Oct 26, 2015
    Netherlands
    Land of Darkness and Bounty
    No, I don't have any plays. Thats the unlock code.
     
  20. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,622
    1,195
    Oct 8, 2015
    Italy
    Hyrule Castle
    ehm... are you using it in a machine riht? (OP said wrong, it isn't menu it is IN A MACHINE)