How can I hack games using NTR Debugger?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by Kirbs, Jul 2, 2015.

  1. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    Since the spider exploit does not work for New 3ds, the only option to hack games is to use NTR Debugger. I want to know how I could use NTR Debugger in order to use hacks. Like how to properly dump all of the ram for a game without leaving anything behind. Also, how could I inject the modified RAM dump back into the game. Also, is there a way I could modify the ram dump with a spider based hack without using the spider exploit? I would like to hack Animal Crossing New Leaf as an example. Could I hack it using NTR Debugger and could it be like the spider based hacks currently for ACNL. Thanks.
     


  2. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
  3. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    It doesn't say how I can inject the modified ram dump back into the game. Do you know how to do that?
     
  4. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    So, you're talking specifically about New Leaf right? Because that link only talks about using ARCodes. You would have to do everything by hex. Basically, you'd have to find out the starting offset that the ACNL ram dumper starts at. Then you would take a copy of your ram dump, edit it, then look at the offsets that were edited through the Editor (leaf tools of Marx's editor), then convert those to codes which is simple enough. It's long and tedious but it's not too hard, I don't think anyone has done it yet (publicly) though, but I'm pretty sure it would work.
     
  5. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    Do you have any idea how I could find the offset that the ACNL ram dumper starts at?
     
  6. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    You will probably have to ask in the thread, or specifically Marc_Max.

    Or you can look at the ARCodes here: https://gbatemp.net/threads/spider-arcode.383937/page-36#post-5435805
    Then look at this: https://gbatemp.net/threads/spider-animal-crossing-new-leaf-ram-editor.382965/page-59#post-5411646

    The ARCode offsets for the mailbox are
    0200FD8c and
    0200FD95

    The offsets in the ram dump for the mailbox are:
    0x057e8c
    0x057e95

    See the difference? You will have to calculate those and input them into the Debugger
     
  7. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    Yes, I think I am understanding a bit more. But, how could I inject a file made with the RAM editor back into the game?
     
  8. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    Unfortunately you cannot, this is simply a workaround. To help you understand more: Make a copy of your current dump. Now change a single thing in that dump (like add a flower in front of your house). Now use a hex editor like HxD to compare the dumps; you will see that at a certain offset there is a different value. You will take that offset and do the necessary conversions to make it a code. That's the only way right now, sorry :/
     
  9. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    ok, thanks for your help. I guess I am understanding a bit more on how to hack ACNL. Thanks again! :)
     
  10. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    You're welcome, I have no N3DS to help but I bid you good luck!
     
    Kirbs likes this.
  11. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    I just have one more question. How do I make a code out of the different offsets?
     
  12. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    Okay let's take an example again. I saw that someone replied to you, the offsets start at 00000000. So that means you don't have to do any conversion I believe.

    Let us take the mailbox example again. Offsets are 0x057e8c & 0x057e95. The value for a golden mailbox is 06.

    In HxD, press Ctrl+G to find the offsets.
    This is how you read them in a hex editor:
    [​IMG]
    You can see that my value is 12. We are going to turn that into 06 (the golden mailbox).

    Now if you find the guide I linked in my first post above, it will show you the format that you will write the codes in, which is:
    write(0x<OFFSET>, (0x<VALUE>, 0x<VALUE> ,0x<VALUE> ,0x<VALUE>), pid=0x<PID>)
    To get the PID of the game, you have to write "listprocess()" in the debugger while the game is on.

    So, you would write the code to get the gold mailbox as:
    write(0x057e8c, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)
    write(0x057e95, (0x06, 0x00 ,0x00 ,0x00), pid=0xPID)

    but those extra zeroes will make the three values before 8c & 95 "00".
    So I will tag @liomajor here to ask how exactly to write a single byte at 8c & 95 only. I'm not sure, but I think it's either the following:

    write(0x057e8c, (0x06), pid=0xPID)
    write(0x057e95, (0x06), pid=0xPID)

    OR

    write(2x057e8c, (0x06), pid=0xPID)
    write(2x057e95, (0x06), pid=0xPID)

    Edit: I forgot, to compare your ram dumps, open both dumps in HxD and then go to Analysis->File-Compare

    Then navigate to each offset that has a different value and just input the offset and value in the debugger as shown above.
     
  13. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    Thanks I was also wondering what to do with the other zeroes. So I have to do this for every byte that has changed?
     
  14. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    Yes unfortunately :(

    Just note that I'm not sure if that's the way to write them. I hope liomajor responds :P Or you can ask in the ARCode thread, but it may be a little off-topic. Or just ask/search in the NTR thread.
     
  15. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    That's unfortunate. I was looking to edit a lot of stuff, I guess it will take a long time to change everything. I hope he has a chance to look at this thread or I'll go ask in the NTR thread. Thanks! :)
     
  16. dsrules

    dsrules GBAtemp Psycho!

    Member
    3,659
    508
    Sep 20, 2005
    write(0x057e95, (0x06, ), pid=0xPID)
     
  17. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    Thanks for the info. :)
     
  18. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    Sadly, It appears this is not the correct way to write to the ram dumps. :( I'm going to ask the NTR thread to see if they know how to do it. I'll keep you posted.
     
  19. samiam144

    samiam144 Régulier

    Member
    2,871
    936
    Aug 19, 2007
    Canada
    Where does it fail? I suggest you try the golden mailbox code on the debugger to see if it even works.
    1. Enter the game, load it up to the point that you can walk around.

    2. Get the PID:

    listprocess()


    3. Enter the code in the debugger (one at a time I guess):

    write(0x057e8c, (0x06, ), pid=0xPID)
    write(0x057e95, (0x06, ), pid=0xPID)

    Go inside a house/train station, come back out, your mailbox should have changed to the golden one. You can undo it later, just change the value to the one you see in your ram dump.

    On a side note:
    Wow just realized, I thought you somehow already had a ram dump of your acnl game xD You will have to ask in the NTR thread how to dump from the offsets 00000000 to 000BFFF0 so that it will match the acnl dump offsets, then MAYBE it will work in Marc_Max's editor
     
  20. Kirbs
    OP

    Kirbs GBAtemp Fan

    Member
    304
    39
    Jan 12, 2015
    United States
    I already got it to work in Marc_Max's editor. :) In the editor I just changed two villagers in order to not have to change everything by hand. When I changed the two villagers, it gave me 4 bytes to change, which I did. It says it finished but, when I exit the train
    station, the same old villagers are there. Nothing happens even though it says it finished.

    Edit: I guess I have to somehow convert it to an AR code for it to work, Since, in the guide that's how @liomajor got it to work.