Tutorial
Updated
Noexs Hacking Guide
NOEXS cheat Code search guide
Now with Videos
Getting Started
Link to setup noexs
Big thanks to Biggles for this
https://gbatemp.net/threads/tutoria...switch-hekate-atmosphere.569079/#post-9119379
First thing is connecting to the switch.
Load your game you want to hack.
I always wait until the game starts to attach.
Input your switch IP address in the bottom of the Noexs client.
Click connect.
Click on refresh pids.
Scroll all the way down to the bottom and click on the last number.
Click attach to process and it should connect.
(If you get a error saying couldn't attach or tcpgecko already attached,
what that means is that dmnt cht is active and you either have to deactivate it
from the hekate.ini or you can hold L button down while loading the game up.)
So there are a total of 6 tabs at the top.
We're going to go into some small detail of each one of them.
TOOLS is of course where we attach to the processes and switch, but it also has
all of the memory locations to the left of it.
There are many different types in it but the ones we mostly focus on are Main and
Heap. Most times a code is found in Heap but it's not stable. So we use whats called
pointers to keep the value to be written to the address. Pointers are found in the Main
area of memory. Essentially an address in main points to an address in heap by offsets.
This tells the memory that a value should be written to an address at an offset from
this location. It could be minus or plus. It all depends. It seems that some pointers can be found in heap memory as well. This is proving to be something since the lego codes I found had pointers in Heap rather than Main.
SEARCH is where we search for values either unknown or known. If a health bar is looked
for it would be unknown. But if health is 100 then we would look for 100 but in hex. It
doesn't mean that the value would be 100, but most likely it would be. If you don't know
decimal to hex, all you have to do is type in the decimal number in the value box and
click convert to hex.
You can search different data types up to 64 bit. Search conditions allow you to change
from equal to less than to greater than etc.
POINTER SEARCH is where you can search for pointers for a address in heap. You can use this to search for pointers in Main memory and heap memory as well. Keep in mind Heap addresses are not always guaranteed to work. I'll add more
details on this later. It will most definitely require it's own section on how to use it. It also seems
that Noexs will not find pointers if it's +0 or +8 and it can't parse them as well. Thank you DannyDarth
for the info.
MEMORY VIEWER allows you to see the memory addresses in real time. Still new to this so
if someone has more info on how to better use this let me know and I'll add it in.
WATCH LIST allows you to keep an eye on a address and also allows you to lock it to a
value or to even see what that address has for a value. This also helps when you want
to look for pointers for an address you found in Heap.
DISASSEMBLER Shout out to Falo for information on this.
So the disassembler requires tools like Ida Pro or Ghidra to be useful.
This isn't really useful for normal users. But I'll put the info in that he added in the comments.
If you find a possible code patch in Ida Pro, you can enter the memory address in the form of
[main + offset} into it. Which will allow you to see and edit the code in real time. Still is a bit complicated
for us normal users.
It is seemingly really slow, missing a good amount of features as well. As it gets updated, this will as well.
DIFFERENT TYPES OF CODES
Lives are usually found using the method of known values. You know how many lives you have
so you either gain or lose some to change the value.
Something thats a lot more complex in finding would be a moon jump code. This would most likely
be found by using unknown searches. Very time consuming but awesome effect.
Health is one that could be found by using both methods depending on what you're searching for.
If it has a value of lets say 100 on screen like in the game Turok. You would use a known value search but
in the game Mortal Kombat where it's a bar representation, you would use an unknown value. Its
kind of weird but like I said it all depends on the game.
MAKING CODES
KNOWN VALUE
Now you want to make your own codes.
The easiest ones to make are usually something that you can find easily. Lets say
a cheat code for money or gold.
Lets say you have 32 coins.
First type 32 into value and click convert decimal to hex.
The value 32 changes to 20.
Click search.
This may take a while so allow it to finish.
On the right hand side there where be a list of addresses. What you want to do is get those
down to as few as possible. So gather some more coins.
Lets say the new value is 40 coins. Type that in and click convert.
We do this until we get down to just a few locations.
Now that you have that down to a few addresses, lets start to poke them.
Click on each and down on the bottom of those addresses is a box that says value and poke.
Type in either an amount that is higher or lower than what you have and click poke.
If it changes, you found your address. If not, keep going until you do.
New Video
UNKNOWN VALUE
This is the same process as above but you don't know the value.
So click on search condition and change it to unknown.
Click Search to look at all values.
Now either gain some or lose some. So for health bars, lose some health.
Click search again. This will search for whatever search condition you have chosen.
Whether it be greater than, lesser than, equal to, etc.
Continue to do so until you have only a few options left. Then once again just poke
the values to either add to it or decrease to it.
**
Back in the GameCube era, there were times when lives and health were actually set
to one lower than what was shown on screen. Like lives being 3 on screen but in hex
they had the value at 2. So essentially 0=1 life, 1=2 lives, etc. I haven't seen
this yet but just as a precaution I wanted you all to know that.
POINTER SEARCH
Thanks to Deathwing Zero for a more detailed explanation on this!!!
Go to Tools and right click on MAIN in the memory section. Select Pointer Search Main
While still in the MAIN memory section right click on the first CODE_MUTABLE and select
Pointer search Min.
Right Click on the last CODE_MUTABLE right before sdk and select Pointer Search Max.
Find your address and copy and paste it into the address tab in pointer search.
Go to Browse and select your first ram dump you did. It will always be the biggest.
Now at this point you can choose to do your max offset and max depth.
If you aren't finding pointers with your offset, try making it a bit bigger.
Once you have everything correct including the beginning of MAIN memory address at the bottom,
click search.
Now it should pull up some locations after a bit.
Take the MAIN beginning address and add the offset to it to get a new address
Take that address and go to Watch List and click add. Type that address in and hit enter.
Change the type from 32 to 64 and click update.
This should bring up a value.
Take that value and add or minus the second offset to that.
If its the right pointer, it give you an address to poke which should be the same one you found earlier.
This can be used the same way for heap, just do pointer main and pointer min on the first address of heap.
Pointer max on the last address of Heap.
Now the depth should be used if you believe that the address you're looking for has more than one
pointer. This could take a bit of time to find. It may be my laptop but it took me 6 hours to finish the
search only to realize that I had a very low offset...So be mindful of that as well. I think Noexs can
support up to 3 in depth. Might be wrong on that but haven't tried it either.
[Hold L and A 550,000,000 level stud]
80000041
581F0000 9F087A88
781F1000 00000070
641F1000 00000000 20C85580
20000000
Looking at this code you will notice the first 1 on the middle addresses.
It will be 0 for main but since my codes use heap it's a 1. 581F0000
On the 3rd line you will see there is another 1 as well.
That means it's a negative offset. 781F1000
Video guys and gals...
Since this hasn't been updated for a while I wanted to talk about a new tool that was released in December 2019.
User Takumi4685 released a pointer searcher tool he created. This has made making codes 1000x easier.
This tool uses Noexs memory dumps that include both Heap and Main.
To use this you need to make sure that you get the start and end of both Main and Heap memory.
So to use it click on path and choose the noexs dump that you made at the beginning of the code search.
Then input the start of Main. Input the ending of Main. Input the start of Heap. Input the ending of Heap. And input the address that you found for what you were looking for.
Click on read 1st dump. On version 3, it now has a progress bar that tells you how long you have to wait.
When it is done, you just have to mess with the depth, offset number and offset range.
I've been able to find success in finding depths of 2 to 10.
Offset number I usually find it in 2 to 4.
Offset range I usually set to FFF to FFFF.
If it produces "too many results" utilize another memory dump and click narrow down results.
It should be able to find what you need.
SX OS
Up until now I've talked about Noexs. SX OS has a search function as well.
I've not used it but the basics are the same, save for that SX OS has to have hex as its values. There's
no way to click convert decimal to hex on it. So either make sure you have a calculator that allows you
to convert decimal to hex or go to your computer and type in decimal to hex calculator in google to bring one up.
KNOWN
To start you get to where you want to find the cheat whether it be health or gold or coins.
Hit the home button and go to the album viewer (SX OS Menu).
Navigate to cheat searcher in the cheat menu.
Once again choose your bit size and it should start a ram dump.
Now choose next search and equal to if you know your value and put in the value in hex.
This now runs through the ram dump and finds the value that you were searching for.
If there are once again too many addresses, you either gain or lose some.
Do another search and continue to do so until you have very few addresses left.
One of these should be the address you need.
In the view candidates section, it will allow you to poke these addresses to see which one is correct.
POINTERS
Now with Videos
Getting Started
Link to setup noexs
Big thanks to Biggles for this
https://gbatemp.net/threads/tutoria...switch-hekate-atmosphere.569079/#post-9119379
First thing is connecting to the switch.
Load your game you want to hack.
I always wait until the game starts to attach.
Input your switch IP address in the bottom of the Noexs client.
Click connect.
Click on refresh pids.
Scroll all the way down to the bottom and click on the last number.
Click attach to process and it should connect.
(If you get a error saying couldn't attach or tcpgecko already attached,
what that means is that dmnt cht is active and you either have to deactivate it
from the hekate.ini or you can hold L button down while loading the game up.)
So there are a total of 6 tabs at the top.
We're going to go into some small detail of each one of them.
TOOLS is of course where we attach to the processes and switch, but it also has
all of the memory locations to the left of it.
There are many different types in it but the ones we mostly focus on are Main and
Heap. Most times a code is found in Heap but it's not stable. So we use whats called
pointers to keep the value to be written to the address. Pointers are found in the Main
area of memory. Essentially an address in main points to an address in heap by offsets.
This tells the memory that a value should be written to an address at an offset from
this location. It could be minus or plus. It all depends. It seems that some pointers can be found in heap memory as well. This is proving to be something since the lego codes I found had pointers in Heap rather than Main.
SEARCH is where we search for values either unknown or known. If a health bar is looked
for it would be unknown. But if health is 100 then we would look for 100 but in hex. It
doesn't mean that the value would be 100, but most likely it would be. If you don't know
decimal to hex, all you have to do is type in the decimal number in the value box and
click convert to hex.
You can search different data types up to 64 bit. Search conditions allow you to change
from equal to less than to greater than etc.
POINTER SEARCH is where you can search for pointers for a address in heap. You can use this to search for pointers in Main memory and heap memory as well. Keep in mind Heap addresses are not always guaranteed to work. I'll add more
details on this later. It will most definitely require it's own section on how to use it. It also seems
that Noexs will not find pointers if it's +0 or +8 and it can't parse them as well. Thank you DannyDarth
for the info.
MEMORY VIEWER allows you to see the memory addresses in real time. Still new to this so
if someone has more info on how to better use this let me know and I'll add it in.
WATCH LIST allows you to keep an eye on a address and also allows you to lock it to a
value or to even see what that address has for a value. This also helps when you want
to look for pointers for an address you found in Heap.
DISASSEMBLER Shout out to Falo for information on this.
So the disassembler requires tools like Ida Pro or Ghidra to be useful.
This isn't really useful for normal users. But I'll put the info in that he added in the comments.
If you find a possible code patch in Ida Pro, you can enter the memory address in the form of
[main + offset} into it. Which will allow you to see and edit the code in real time. Still is a bit complicated
for us normal users.
It is seemingly really slow, missing a good amount of features as well. As it gets updated, this will as well.
DIFFERENT TYPES OF CODES
Lives are usually found using the method of known values. You know how many lives you have
so you either gain or lose some to change the value.
Something thats a lot more complex in finding would be a moon jump code. This would most likely
be found by using unknown searches. Very time consuming but awesome effect.
Health is one that could be found by using both methods depending on what you're searching for.
If it has a value of lets say 100 on screen like in the game Turok. You would use a known value search but
in the game Mortal Kombat where it's a bar representation, you would use an unknown value. Its
kind of weird but like I said it all depends on the game.
MAKING CODES
KNOWN VALUE
Now you want to make your own codes.
The easiest ones to make are usually something that you can find easily. Lets say
a cheat code for money or gold.
Lets say you have 32 coins.
First type 32 into value and click convert decimal to hex.
The value 32 changes to 20.
Click search.
This may take a while so allow it to finish.
On the right hand side there where be a list of addresses. What you want to do is get those
down to as few as possible. So gather some more coins.
Lets say the new value is 40 coins. Type that in and click convert.
We do this until we get down to just a few locations.
Now that you have that down to a few addresses, lets start to poke them.
Click on each and down on the bottom of those addresses is a box that says value and poke.
Type in either an amount that is higher or lower than what you have and click poke.
If it changes, you found your address. If not, keep going until you do.
New Video
UNKNOWN VALUE
This is the same process as above but you don't know the value.
So click on search condition and change it to unknown.
Click Search to look at all values.
Now either gain some or lose some. So for health bars, lose some health.
Click search again. This will search for whatever search condition you have chosen.
Whether it be greater than, lesser than, equal to, etc.
Continue to do so until you have only a few options left. Then once again just poke
the values to either add to it or decrease to it.
**
Back in the GameCube era, there were times when lives and health were actually set
to one lower than what was shown on screen. Like lives being 3 on screen but in hex
they had the value at 2. So essentially 0=1 life, 1=2 lives, etc. I haven't seen
this yet but just as a precaution I wanted you all to know that.
POINTER SEARCH
Thanks to Deathwing Zero for a more detailed explanation on this!!!
Go to Tools and right click on MAIN in the memory section. Select Pointer Search Main
While still in the MAIN memory section right click on the first CODE_MUTABLE and select
Pointer search Min.
Right Click on the last CODE_MUTABLE right before sdk and select Pointer Search Max.
Find your address and copy and paste it into the address tab in pointer search.
Go to Browse and select your first ram dump you did. It will always be the biggest.
Now at this point you can choose to do your max offset and max depth.
If you aren't finding pointers with your offset, try making it a bit bigger.
Once you have everything correct including the beginning of MAIN memory address at the bottom,
click search.
Now it should pull up some locations after a bit.
Take the MAIN beginning address and add the offset to it to get a new address
Take that address and go to Watch List and click add. Type that address in and hit enter.
Change the type from 32 to 64 and click update.
This should bring up a value.
Take that value and add or minus the second offset to that.
If its the right pointer, it give you an address to poke which should be the same one you found earlier.
This can be used the same way for heap, just do pointer main and pointer min on the first address of heap.
Pointer max on the last address of Heap.
Now the depth should be used if you believe that the address you're looking for has more than one
pointer. This could take a bit of time to find. It may be my laptop but it took me 6 hours to finish the
search only to realize that I had a very low offset...So be mindful of that as well. I think Noexs can
support up to 3 in depth. Might be wrong on that but haven't tried it either.
[Hold L and A 550,000,000 level stud]
80000041
581F0000 9F087A88
781F1000 00000070
641F1000 00000000 20C85580
20000000
Looking at this code you will notice the first 1 on the middle addresses.
It will be 0 for main but since my codes use heap it's a 1. 581F0000
On the 3rd line you will see there is another 1 as well.
That means it's a negative offset. 781F1000
Video guys and gals...
Since this hasn't been updated for a while I wanted to talk about a new tool that was released in December 2019.
User Takumi4685 released a pointer searcher tool he created. This has made making codes 1000x easier.
This tool uses Noexs memory dumps that include both Heap and Main.
To use this you need to make sure that you get the start and end of both Main and Heap memory.
So to use it click on path and choose the noexs dump that you made at the beginning of the code search.
Then input the start of Main. Input the ending of Main. Input the start of Heap. Input the ending of Heap. And input the address that you found for what you were looking for.
Click on read 1st dump. On version 3, it now has a progress bar that tells you how long you have to wait.
When it is done, you just have to mess with the depth, offset number and offset range.
I've been able to find success in finding depths of 2 to 10.
Offset number I usually find it in 2 to 4.
Offset range I usually set to FFF to FFFF.
If it produces "too many results" utilize another memory dump and click narrow down results.
It should be able to find what you need.
SX OS
Up until now I've talked about Noexs. SX OS has a search function as well.
I've not used it but the basics are the same, save for that SX OS has to have hex as its values. There's
no way to click convert decimal to hex on it. So either make sure you have a calculator that allows you
to convert decimal to hex or go to your computer and type in decimal to hex calculator in google to bring one up.
KNOWN
To start you get to where you want to find the cheat whether it be health or gold or coins.
Hit the home button and go to the album viewer (SX OS Menu).
Navigate to cheat searcher in the cheat menu.
Once again choose your bit size and it should start a ram dump.
Now choose next search and equal to if you know your value and put in the value in hex.
This now runs through the ram dump and finds the value that you were searching for.
If there are once again too many addresses, you either gain or lose some.
Do another search and continue to do so until you have very few addresses left.
One of these should be the address you need.
In the view candidates section, it will allow you to poke these addresses to see which one is correct.
POINTERS
Last edited by wiitendo84,