RELEASE Noexs Remote Debugger

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by matt123337, Jul 26, 2018.

  1. nmkd

    nmkd GBAtemp Advanced Fan

    Member
    4
    Oct 25, 2016
    Germany
    Ever heard of something called a "readme.md"?

    How do I install it? There are some exe files but what is there to be done on the Switch?
     
  2. matt123337
    OP

    matt123337 GBAtemp Regular

    Member
    4
    Mar 25, 2014
    Canada
    [​IMG]
    I had a few people ask me for automatically parsing pointers, in this case I show getting my money in XC2 v1.5.0 (I have 2928G, or B70 in hex). The UI stuff is currently WIP, I plan on integrating it into the pointer search tab.
     
    DaBlackDeath and Supreme23 like this.
  3. ioritree

    ioritree Member

    Newcomer
    2
    Jan 4, 2015
    Taiwan
    need remove aslr or pointer is very hard to sarching and use.
     
  4. matt123337
    OP

    matt123337 GBAtemp Regular

    Member
    4
    Mar 25, 2014
    Canada
    You can disable ASLR with a patch to Loader iirc, just it wouldn't help as much as you'd think (games can dynamically allocate memory, so you still wouldn't have static addresses... Plus disabling ASLR is outside the scope of Noexs). As to pointer searching... I have a few ideas to make it better, and I'm working on implementing them just I've been super busy the past couple months IRL and haven't had time to activly work on Noexs.
     
    Last edited by matt123337, Sep 27, 2018 - Reason: loader, not PM
    ioritree likes this.
  5. supermariorick

    supermariorick GBAtemp Advanced Fan

    Member
    4
    Jun 18, 2010
    United States
    You made me look up what that is instead of elaborating abbreviations.
    https://www.mpgh.net/forum/showthread.php?t=1161252
    >Address Space Layout Randomization
    well shit
     
  6. talixme

    talixme Member

    Newcomer
    3
    Apr 12, 2009
    United States
    Finally got some time and test the pointer search option, WORKS really good and now with Sx OS 2.1 is the best combination.
    Will you please update it with the pointer tester?, it takes forever test each pointer on SX, and if you can add multiple search on pointers will be great, after 3 search all the results should works.
    Thanks a lot for your work.
     
    Last edited by talixme, Oct 12, 2018
  7. talixme

    talixme Member

    Newcomer
    3
    Apr 12, 2009
    United States
    Find Pointers Nintendo Switch


    First thanks to @matt123337, for the support, the app,and this amazing work.


    Need:
    -Hekate Working
    -JNoexs (https://github.com/mdbell/Noexes/releases )


    Config:

    First we need make a new profile config in our “hekate_ipl.ini” has to look like this:

    Code:
    [config]
    autoboot=0
    bootwait=5
    customlogo=1
    verification=2
    
    {-- NSwitchDebugger --}
     [Noexs]
    kip1=modules/nsdebugger/loader.kip
    kip1=modules/newfirm/sm.kip
    kip1=noexs.kip1
    fullsvcperm=1
    kip1patch=nosigchk
    atmosphere=1
    debugmode=1
    fullsvcperm=1
    The file “noexs.kip1” has to be on your SD root

    We run the new profile with hekate and we are ready to go.


    Search:

    -Run the game that you want , i gonna do this tutorial with “Super Mario Odyseey”
    -And run “JNoexs” on the PC

    [​IMG]

    -Set Our Ip Address and click Connect
    -Once we are connect clic Refresh Pids
    -Select the last one, and click Attach to Process

    [​IMG]

    -Now we click on search , and search for the HP, in this case 3

    [​IMG]

    -After some search pick the codes and test it on Watch List

    [​IMG]

    -Once you have the real one Erase the others.
    -In my case the Real one was “1D47D2A534”


    Search the pointer:


    Now we are gonna search for pointer for this code.

    *First we have to understant how this Works. This option its going to search in “Main” memory a jump to heap memory and calculate the difference to our code.

    -So the first thing that he have to to is dump all the main memory like this.

    -Rigth click on the first block of main

    [​IMG]

    -And select Search (Start),
    -Repeat and select “pointer Search Main” then,
    -Rigth click again on the last block of Main, and select Search End

    [​IMG]

    -Now go to Search Tab, and have to looks like this

    [​IMG]

    -Press restart Search, and search. The number on value doesnt care .
    -With this we have make a complete dump of Main memory.
    -Now go to “Pointer search”.
    -This is a little explanation of each thing.

    Code:
    “Dump file” The last dump we made ( Main Memory)
    
    “Index File” On same directory
    
    “Address” The code that we found for our HP
    
    “Max Offset” The valueo the diff to calculate after the jump
    
    “Main” The address where Main memory start “ we selected on Tools Tab”
    It should looks like this:

    [​IMG]

    -Then click Search

    [​IMG]

    The problem with the pointers is that some of them Works and others not,so you have to test one by one. In this case the last code is working for me.


    Code:
    [main+264af58] + 642d3c

    Convert to SX format:

    Now that we have a pointer we have to convert it to SX format, the good thing is the we have a app that do it for us. THANKS to @DaBlackDeath for the tool.

    -Download it from (https://gbatemp.net/attachments/sxos_codebuilder-zip.146262/ )
    -Is really easy to use and still on preogress, Works really good.
    -With our code have to look like this,

    [​IMG]

    Copy the code to our txt and thats all!!!


    I made the tutorial on 30 minutes and my english its not really good, hope everyone understand the basic , and we can enjoy a good community of codes for Nintendo Swith.


    Thanks.
     
    Last edited by talixme, Oct 13, 2018
    Ntrack, Jonhy, Tracefox and 2 others like this.
  8. fadx

    fadx Filthy Cheater

    Member
    4
    Sep 15, 2016
    United Kingdom
    EDIT: It was a network issue caused by the DNS I was using.

    So I'm able to connect to the switch console but whenever I click "refresh pids" it just errors:
    Warning: Spoilers inside!

    Any ideas? Using the latest Java 10.
     
    Last edited by fadx, Oct 13, 2018
  9. mflvs

    mflvs Member

    Newcomer
    1
    May 7, 2017
    Hi,
    I think the tool seems awesome from what i have read but i have an issue getting it to work for me. Was wondering what im doing wrong.
    i have copied noexs.kip1 to the sd card root.
    changed my hekate_ipl.ini to include the following:
    using hekate_ctcaer_4.2
    Code:
    {-- NSwitchDebugger --}
    [Noexs]
    debugmode=1
    kip1=modules/kips/loader.kip
    kip1=modules/kips/sm.kip
    kip1=modules/kips/noexs.kip1
    kip1=modules/kips/nx-dreport.kip
    fullsvcperm=1
    kip1patch=nosigchk
    atmosphere=1
    fullsvcperm=1
    Though when i go to launch noexs from hekate i get the following error: Failed to launch firmware.

    Thanks in advance
     
    Last edited by mflvs, Oct 13, 2018
  10. matt123337
    OP

    matt123337 GBAtemp Regular

    Member
    4
    Mar 25, 2014
    Canada
    Try to follow the readme on GitHub. Your IPL file is wrong (you copy/pasted mine, just you have the wrong file paths for the kips)
    More edit: Oh and I just posted a new pre-release on GitHub, feel free to check it out!
     
    Last edited by matt123337, Oct 14, 2018
  11. mflvs

    mflvs Member

    Newcomer
    1
    May 7, 2017
    Thanks that got it working. will check it out
     
  12. Omno

    Omno Advanced Member

    Newcomer
    3
    Mar 2, 2016
    Any idea why noexs doesn't work on Starlink? It gives an error when trying to resume after a pause, and when disconnecting/reconnecting and carrying on with a search. Thought it might be some sort of built-in protection.
     
  13. mflvs

    mflvs Member

    Newcomer
    1
    May 7, 2017
    Just a quick suggestion, is there anyway to add the ability to export a list of addresses to the clipboard. e.g. when you have searched for pointers

    Thanks again
     
    talixme likes this.
  14. matt123337
    OP

    matt123337 GBAtemp Regular

    Member
    4
    Mar 25, 2014
    Canada
    What is the error? In the past people who have had the same issue they've forgotten to enable debug mode :P

    Good idea! I'm actually planning on overhauling how I handle pointer search stuff, and when I do I'll try to add that
     
    DaBlackDeath and talixme like this.
  15. Omno

    Omno Advanced Member

    Newcomer
    3
    Mar 2, 2016
    I'll check again shortly. It works for other games, so it's certainly not that. Gives some sort of mod=1 error I think. I'll get back to you with a direct error code.
     
  16. Jonhy

    Jonhy Advanced Member

    Newcomer
    2
    May 22, 2016
    United States
    Thanks for the pointer search tutorial Tali.

    I don't have SXOS to test pointers/converted codes, but I'll see if I can help.
     
  17. matt123337
    OP

    matt123337 GBAtemp Regular

    Member
    4
    Mar 25, 2014
    Canada
    Yeah I need to know the exact message to be able to look into it, but that is kindof odd.
     
  18. Omno

    Omno Advanced Member

    Newcomer
    3
    Mar 2, 2016
    Latest version now, different error. Resume Failed. Reason : Module - 1, Desc - 33
     
  19. DaBlackDeath

    DaBlackDeath .::[ lone wolf ]::.

    Member
    5
    Dec 22, 2007
    Germany
    Hey @matt123337
    Is USB Connection still a placeholder or do I need another USB Driver ? Zadig 2.4 gives me 4 drivers to install, but what driver and what device to install for (controller or switch).
     
  20. mflvs

    mflvs Member

    Newcomer
    1
    May 7, 2017
    Im loving it so far. just wondering is there anyway to use this with .xci or should i contiune to use my carts.
    Loving the tool super heapfull hehe
     
Loading...