Help? NTR Debugger + ARCodes - What am i doing wrong?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by SlateXD, Jun 8, 2015.

  1. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    Ok maybe i'm typing something wrong, but no matter what i do, it's not working.

    027823B4 0098967F = Code for max money (Bravely default USA)

    Add 14000000 to 027823B4 = 167823B4

    I then get this when i write to Debugger on NTR:

    > write(0x167823B4,(0x7F,0x96,0x98,0x00),pid=0x28)
    null
    Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
    Server disconnected.

    valid memregions:
    00100000 - 006acfff , size: 005ad000
    08000000 - 09392fff , size: 01393000
    0ffc0000 - 10000fff , size: 00041000
    10002000 - 10002fff , size: 00001000
    14000000 - 1667ffff , size: 02680000


    Any ideas? Not sure what's going on.

    old issue: fixed thanks to dsrules!! (typo lol)
    Warning: Spoilers inside!
     
    Last edited by SlateXD, Jun 9, 2015


  2. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    must be a typo in the tutorial
    try
    write(0x167823B4, (0x7F, 0x96 ,0x98 ,0x00), pid=0x29)
     
    SlateXD likes this.
  3. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    That's a step in the right direction! haha thanks, i got this error now, i tried restarting as well:

    > write(0x167823B4, (0x7F, 0x96 ,0x98 ,0x00), pid=0x28)
    null
    Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
    Server disconnected.

    When i reconnect, it has this error trying to reconnect:
    Server connected.
    rtCheckRemoteMemoryRegionSafeForWrite failed: d8e007f5
    broken protocol: 00000063, 12345678
     
  4. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    it means the address 0x167823B4 is invalid, out of range
    check valid memory range
    memlayout(0x29)

    then 0x167823B4 - the max address in 14000000 region
     
    SlateXD likes this.
  5. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    I don't understand, in the tutorial it says NTR will be 14000000 + ARCode Offset = OFFSET:

    So i added 027823B4 + 14000000. I have a headache, trying my best to comprehend your help!

    I appreciate it a lot by the way :)
     
  6. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    that rule only applies if the code address in within the Valid 14000000 - XXXXXXXX Memory Region in ntr
     
  7. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    So just don't add the 1400000 and try? Or if it doesn't work with the added 14000000 i'm just SOL?
     
  8. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    add 14000000 and try
    if "rtCheckRemoteMemoryRegionSafeForWrite failed: d8e007f5" then check valid memory regions with
    memlayout

    if 14000000 region size 2000000 = 16000000
    16xxxxxx - 16000000 = start of 08000000 region
    0x167823B4 - 0x16000000 = 0x7823B4 + 0x08000000 = 0x087823B4
     
    Melon__Bread likes this.
  9. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    This is crazy lol, I was hoping things would be much easier than this. ;o

    Really need an indepth guide for all this. My feeble knowledge is having a hard time understanding all this even with your excellent help on the subject. I feel like a lost cause =/ sigh.
     
  10. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    treat it as ntr is divided into 3 regions where codes could exist 001000000, 08000000, 14000000 memory regions
    where fcram combine all memory regions together 14000000 then 08000000 then 001000000

    so, if ntr 14000000 region size is 03000000 (14000000 to 17000000) and ARCode is 02800000 + 14000000 = 16800000(within 14000000 to 17000000) then the code would work without extra work
     
  11. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    Ok i understand. Why does write(0x167823B4,(0x7F,0x96,0x98,0x00),pid=0x28) not work then? I need to adjust it basically? I need to do a memdump and adjust? I'll paste my memdump if that will help

    — Posts automatically merged - Please don't double post! —

    valid memregions:
    00100000 - 006acfff , size: 005ad000
    08000000 - 09392fff , size: 01393000
    0ffc0000 - 10000fff , size: 00041000
    10002000 - 10002fff , size: 00001000
    14000000 - 1667ffff , size: 02680000

    Ok so i need to adjust it obviously because mine is 0x167823B4.

    I need to add what to 027823B4?
     
  12. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    try 167823B4-16680000+08000000
     
  13. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    81023B4

    right? trying now

    > write(0x81023B4, (0x7F, 0x96 ,0x98 ,0x00), pid=0x28)

    caused game to reboot due to error lol
     
  14. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    dump 08000000 to 08200000 and search money value
    some codes posted are dynamic
     
    SlateXD likes this.
  15. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    Ah, so there is no easy way around this. This is all too time consuming for me. Between work, school, and kids i really just am at a loss for all this now.

    Really appreciate your help. Gonna try and retire my headache.
     
  16. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    well, money code usually only takes 2 memory dumps to find
    if you know the memory region and range, it should only take a few mins to find it

    example: ARCode 03443128 (17433128)
    08000000 - 085e5fff , size: 005e6000
    0ffc0000 - 10000fff , size: 00041000
    10002000 - 10002fff , size: 00001000
    14000000 - 1736afff , size: 0336b000 (0x1736B000)

    ARCode 03443128 (+0x1400000) = 0x17443128 - 0x1736B000 = 0xD8128 + 0x08000000 = estimate 0x080D8128 (no higher than this address)
    actual address 0x08043128

    it means your money address should be no higher than 0x08100000
    so, you will find the address by dumping memory from 0x08000000 to 0x08100000
    and the last 3 or 4 or 5 numbers of the address will always be the same as the ARCode
     
    Last edited by dsrules, Jun 9, 2015
    Melon__Bread likes this.
  17. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    0x080823B4

    my guess is that if the last 5 numbers of the size: are not all 0s then increase the 3rd # by 1 follow by all 0s will = the start of 0x08000000 region
    08000000 - 09392fff , size: 01393000
    0ffc0000 - 10000fff , size: 00041000
    10002000 - 10002fff , size: 00001000
    14000000 - 1667ffff , size: 02680000 (80000 are not all 0s) -->02700000 (so increase 6 by 1 then follow by all 0s) --> 16700000
    167823B4 - 16700000 = 823B4 + 0x08000000 = 0x080823B4
     
    Last edited by dsrules, Jun 9, 2015
    SlateXD likes this.
  18. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    It...worked...
    YOU ARE AMAZING. I shall try your math process on another code. With excitement!

    — Posts automatically merged - Please don't double post! —

    02781274 00000063 - mega elixers x99

    write(0x08081274, (0x63, 0x00 ,0x00 ,0x00), pid=0x28)

    the game auto saved, and now the saves ruined xD must of messed up that one lol
     
  19. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,612
    499
    Sep 20, 2005
    peek at the address before you poke, make sure it matches the amount you have
    if it's 8bit value poke with
    write(0x08081274, (0x63,), pid=0x28)
     
  20. SlateXD
    OP

    SlateXD GBAtemp Regular

    Member
    173
    34
    Apr 22, 2013
    United States
    ah ok, what exactly would i write to make sure it matches? Like do a dump? Just an example would be great :)

    Thanks for all the help, even after i called it quits.