Homebrew Question How to find offsets for IPS / exeFS patches?

[lingi]

I am trying to create an exeFS patch for Dark Souls Remastered. I extracted main from the NCAs and then converted it to an ELF with nx2elf.

The problem is, this ELF file is different from the ELF file produced by nsnsotool, hactool, or Ghidra. Which one of these produces the correct file? And do I need to add 0x100 to account for the NSO header?

 

[Draxzelex]

I am trying to create an exeFS patch for Dark Souls Remastered. I extracted main from the NCAs and then converted it to an ELF with nx2elf.

The problem is, this ELF file is different from the ELF file produced by nsnsotool, hactool, or Ghidra. Which one of these produces the correct file? And do I need to add 0x100 to account for the NSO header?

First, you can't bump your threads. Secondly, the first ELF file seems appropriate.

 

[masagrator]

You don't need to convert them to elf (even you shouldn't because some info won't be parsed by standard elf loader). If you are using Ghidra, download ghidra switch loader.
And with main loaded via ghidra switch loader you need to get last 4 bytes of offset and add 0x100, this will be offset to use within ips32

 

[thethiny]

You don't need to convert them to elf (even you shouldn't because some info won't be parsed by standard elf loader). If you are using Ghidra, download ghidra switch loader.
And with main loaded via ghidra switch loader you need to get last 4 bytes of offset and add 0x100, this will be offset to use within ips32

Hi, sorry to bump a relatively old thread, but I cannot run Ghidra due to multiple JDK & Gradle issues, and also I don't know how to use it at all, as I'm an IDA person. I'm trying to create a pchtxt / ips patch for super mario odyssey, but I noticed that the nso header is actually 0x101 in length, and not 0x100, which is making me confused. I'm using Nintendo Switch Loader for IDA currently. I am wondering how to get the address from IDA into an IPS patch. I know about adding 100 to the offset, but I'm not sure it's the right thing, since I'm intentionally writing bad opcodes and yet the game is still booting. Example: IDA shows that at 0x710020976C there's a function called ShopItem::getPrice(int), and if I create an IPS patch / IPSwitch pchtxt at addresses 0020976C, or 0020986C, or 0020966C, the game still functions normally as if no adjustments were made. I have no way of verifying (in Yuzu) that the patch applied other than the UI showing a ✔ next to it. Any insight on this as I'm currently trying to make a simple mod just to understand how switch mods work.

my current pchtxt file:

@nsobid-B424BE150A8E7D78701CBE7A439D9EBF00000000

@flag print_values
@flag offset_shift 0x100

// Free Shop Items @ 710020976C
@enabled
0020966C 000080D2
00209670 C0035FD6
0020976C 000080D2
00209770 C0035FD6
0020986C 000080D2
00209870 C0035FD6

 

[Imancol]

Hi, sorry to bump a relatively old thread, but I cannot run Ghidra due to multiple JDK & Gradle issues, and also I don't know how to use it at all, as I'm an IDA person. I'm trying to create a pchtxt / ips patch for super mario odyssey, but I noticed that the nso header is actually 0x101 in length, and not 0x100, which is making me confused. I'm using Nintendo Switch Loader for IDA currently. I am wondering how to get the address from IDA into an IPS patch. I know about adding 100 to the offset, but I'm not sure it's the right thing, since I'm intentionally writing bad opcodes and yet the game is still booting. Example: IDA shows that at 0x710020976C there's a function called ShopItem::getPrice(int), and if I create an IPS patch / IPSwitch pchtxt at addresses 0020976C, or 0020986C, or 0020966C, the game still functions normally as if no adjustments were made. I have no way of verifying (in Yuzu) that the patch applied other than the UI showing a ✔ next to it. Any insight on this as I'm currently trying to make a simple mod just to understand how switch mods work.

my current pchtxt file:

I love IDA, for its intuitive interface and the most precise search. But it hurts that the module is so outdated. I am also interested in knowing how to build Main.

 

[masagrator]

but I noticed that the nso header is actually 0x101 in length,

This is wrong. This happens if you are using main decompressed with tool not designed to use its output in disassembler. For example nsnsotool. Use main compressed directly or decompress it with hactool.
I don't know how pchtxt patches are working, so can't help with that.

 

[thethiny]

This is wrong. This happens if you are using main decompressed with tool not designed to use its output in disassembler. For example nsnsotool. Use main compressed directly or decompress it with hactool.
I don't know how pchtxt patches are working, so can't help with that.

Yes I am using nsnsotool. Thank you I will use hactool now.
edit: been trying for a while now and cant figure out how to decompress the main using hactool. I extracted everythjing and everything is working but the main is compressed. Can u give me example on how t odecompress using hactool?

 

[hippy dave]

Yes I am using nsnsotool. Thank you I will use hactool now.
edit: been trying for a while now and cant figure out how to decompress the main using hactool. I extracted everythjing and everything is working but the main is compressed. Can u give me example on how t odecompress using hactool?

Not in front of my computer, but looks like it should be something like:

hactool -x -t nso0 --uncompressed=main.uncompressed main

 

[thethiny]

Not in front of my computer, but looks like it should be something like:

hactool -x -t nso0 --uncompressed=main.uncompressed main

I am facepalming right now, I was missing the "-x" flag. Thanks!

 

[masagrator]

I am facepalming right now, I was missing the "-x" flag. Thanks!

-x flag is not needed in this case

 

[thethiny]

-x flag is not needed in this case

Then that means the problem was that I wrote NSO0 in capital instead of small? Cuz when I tried
hactool -t NSO0 --uncompressed=main.uncompressed main
it didn't work.

 

[masagrator]

Then that means the problem was that I wrote NSO0 in capital instead of small? Cuz when I tried
hactool -t NSO0 --uncompressed=main.uncompressed main
it didn't work.

Yes.

https://github.com/SciresM/hactool/blob/c2c907430e674614223959f0377f5e71f9e44a4a/main.c#L247

strcmp is case sensitive.

 

[thethiny]

Yes.

https://github.com/SciresM/hactool/blob/c2c907430e674614223959f0377f5e71f9e44a4a/main.c#L247

strcmp is case sensitive.

I wasn't aware he used strcmp. Thanks. Also to answer your question (kinda) pchtxt is actually a text version of IPS files.

 

[masagrator]

I wasn't aware he used strcmp. Thanks. Also to answer your question (kinda) pchtxt is actually a text version of IPS files.

I know. I mean I don't know all rules used to read it.