Homebrew RELEASE Noexs Remote Debugger

[nmkd]

Seeing as a few other programs have been released, I figured there would now be no harm in releasing Noexs. It's a program I've teased a bit on reddit and on the RS discord. Enjoy!

https://github.com/mdbell/Noexes

You need Java 10 installed.

Oh and don't forget to enable debug mode in your hekate_ipl file. here's a snippet of mine:

[Noexes]
debugmode=1
kip1=modules/kips/loader.kip
kip1=modules/kips/sm.kip
kip1=modules/kips/noexs.kip1
kip1=modules/kips/nx-dreport.kip

Shoutout to roblabla for helping us figure out a bunch of stuff!

Ever heard of something called a "readme.md"?

How do I install it? There are some exe files but what is there to be done on the Switch?

 

[matt123337]

I had a few people ask me for automatically parsing pointers, in this case I show getting my money in XC2 v1.5.0 (I have 2928G, or B70 in hex). The UI stuff is currently WIP, I plan on integrating it into the pointer search tab.

 

[ioritree]

need remove aslr or pointer is very hard to sarching and use.

 

[matt123337]

need remove aslr or pointer is very hard to sarching and use.

You can disable ASLR with a patch to Loader iirc, just it wouldn't help as much as you'd think (games can dynamically allocate memory, so you still wouldn't have static addresses... Plus disabling ASLR is outside the scope of Noexs). As to pointer searching... I have a few ideas to make it better, and I'm working on implementing them just I've been super busy the past couple months IRL and haven't had time to activly work on Noexs.

 

[supermariorick]

need remove aslr or pointer is very hard to sarching and use.

You can disable ASLR with a patch to Loader iirc, just it wouldn't help as much as you'd think (games can dynamically allocate memory, so you still wouldn't have static addresses... Plus disabling ASLR is outside the scope of Noexs). As to pointer searching... I have a few ideas to make it better, and I'm working on implementing them just I've been super busy the past couple months IRL and haven't had time to activly work on Noexs.

You made me look up what that is instead of elaborating abbreviations.
https://www.mpgh.net/forum/showthread.php?t=1161252
>Address Space Layout Randomization
well shit

 

[talixme]

I had a few people ask me for automatically parsing pointers, in this case I show getting my money in XC2 v1.5.0 (I have 2928G, or B70 in hex). The UI stuff is currently WIP, I plan on integrating it into the pointer search tab.

Finally got some time and test the pointer search option, WORKS really good and now with Sx OS 2.1 is the best combination.
Will you please update it with the pointer tester?, it takes forever test each pointer on SX, and if you can add multiple search on pointers will be great, after 3 search all the results should works.
Thanks a lot for your work.

 

[talixme]

Find Pointers Nintendo Switch


First thanks to @matt123337, for the support, the app,and this amazing work.


Need:
-Hekate Working
-JNoexs (https://github.com/mdbell/Noexes/releases )


Config:

First we need make a new profile config in our “hekate_ipl.ini” has to look like this:

[config]
autoboot=0
bootwait=5
customlogo=1
verification=2

{-- NSwitchDebugger --}
 [Noexs]
kip1=modules/nsdebugger/loader.kip
kip1=modules/newfirm/sm.kip
kip1=noexs.kip1
fullsvcperm=1
kip1patch=nosigchk
atmosphere=1
debugmode=1
fullsvcperm=1

The file “noexs.kip1” has to be on your SD root

We run the new profile with hekate and we are ready to go.


Search:

-Run the game that you want , i gonna do this tutorial with “Super Mario Odyseey”
-And run “JNoexs” on the PC

-Set Our Ip Address and click Connect
-Once we are connect clic Refresh Pids
-Select the last one, and click Attach to Process

-Now we click on search , and search for the HP, in this case 3

-After some search pick the codes and test it on Watch List

-Once you have the real one Erase the others.
-In my case the Real one was “1D47D2A534”


Search the pointer:


Now we are gonna search for pointer for this code.

*First we have to understant how this Works. This option its going to search in “Main” memory a jump to heap memory and calculate the difference to our code.

-So the first thing that he have to to is dump all the main memory like this.

-Rigth click on the first block of main

-And select Search (Start),
-Repeat and select “pointer Search Main” then,
-Rigth click again on the last block of Main, and select Search End

-Now go to Search Tab, and have to looks like this

-Press restart Search, and search. The number on value doesnt care .
-With this we have make a complete dump of Main memory.
-Now go to “Pointer search”.
-This is a little explanation of each thing.

“Dump file” The last dump we made ( Main Memory)

“Index File” On same directory

“Address” The code that we found for our HP

“Max Offset” The valueo the diff to calculate after the jump

“Main” The address where Main memory start “ we selected on Tools Tab”

It should looks like this:

-Then click Search

The problem with the pointers is that some of them Works and others not,so you have to test one by one. In this case the last code is working for me.

[main+264af58] + 642d3c

Convert to SX format:

Now that we have a pointer we have to convert it to SX format, the good thing is the we have a app that do it for us. THANKS to @DaBlackDeath for the tool.

-Download it from (https://gbatemp.net/attachments/sxos_codebuilder-zip.146262/ )
-Is really easy to use and still on preogress, Works really good.
-With our code have to look like this,

Copy the code to our txt and thats all!!!


I made the tutorial on 30 minutes and my english its not really good, hope everyone understand the basic , and we can enjoy a good community of codes for Nintendo Swith.


Thanks.

 

[fadx]

EDIT: It was a network issue caused by the DNS I was using.

So I'm able to connect to the switch console but whenever I click "refresh pids" it just errors:

Spoiler

Exception in thread "JavaFX Application Thread" java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
at javafx.fxml/javafx.fxml.FXMLLoader$MethodHandler.invoke(Unknown Source)
at javafx.fxml/javafx.fxml.FXMLLoader$ControllerMethodEventHandler.handle(Unknown Source)
at javafx.base/com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.CompositeEventDispatcher.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventUtil.fireEventImpl(Unknown Source)
at javafx.base/com.sun.javafx.event.EventUtil.fireEvent(Unknown Source)
at javafx.base/javafx.event.Event.fireEvent(Unknown Source)
at javafx.graphics/javafx.scene.Node.fireEvent(Unknown Source)
at javafx.controls/javafx.scene.control.Button.fire(Unknown Source)
at javafx.controls/com.sun.javafx.scene.control.behavior.ButtonBehavior.mouseReleased(Unknown Source)
at javafx.controls/com.sun.javafx.scene.control.inputmap.InputMap.handle(Unknown Source)
at javafx.base/com.sun.javafx.event.CompositeEventHandler$NormalEventHandlerRecord.handleBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.CompositeEventDispatcher.dispatchBubblingEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(Unknown Source)
at javafx.base/com.sun.javafx.event.EventUtil.fireEventImpl(Unknown Source)
at javafx.base/com.sun.javafx.event.EventUtil.fireEvent(Unknown Source)
at javafx.base/javafx.event.Event.fireEvent(Unknown Source)
at javafx.graphics/javafx.scene.Scene$MouseHandler.process(Unknown Source)
at javafx.graphics/javafx.scene.Scene$MouseHandler.access$1300(Unknown Source)
at javafx.graphics/javafx.scene.Scene.processMouseEvent(Unknown Source)
at javafx.graphics/javafx.scene.Scene$ScenePeerListener.mouseEvent(Unknown Source)
at javafx.graphics/com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(Unknown Source)
at javafx.graphics/com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at javafx.graphics/com.sun.javafx.tk.quantum.GlassViewEventHandler.lambda$handleMouseEvent$2(Unknown Source)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.runWithoutRenderLock(Unknown Source)
at javafx.graphics/com.sun.javafx.tk.quantum.GlassViewEventHandler.handleMouseEvent(Unknown Source)
at javafx.graphics/com.sun.glass.ui.View.handleMouseEvent(Unknown Source)
at javafx.graphics/com.sun.glass.ui.View.notifyMouse(Unknown Source)
at javafx.graphics/com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at javafx.graphics/com.sun.glass.ui.win.WinApplication.lambda$runLoop$3(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javafx.reflect.Trampoline.invoke(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at javafx.base/com.sun.javafx.reflect.MethodUtil.invoke(Unknown Source)
at javafx.fxml/com.sun.javafx.fxml.MethodHelper.invoke(Unknown Source)
... 56 more
Caused by: me.mdbell.noexs.core.ConnectionException: Unable to fully read data. Expected 2 bytes, but we only read:0
at me.mdbell.noexs.core.IConnection.readShort(IConnection.java:49)
at me.mdbell.noexs.core.IConnection.readUShort(IConnection.java:42)
at me.mdbell.noexs.core.IConnection.readInt(IConnection.java:38)
at me.mdbell.noexs.core.Debugger.getPids(Debugger.java:425)
at me.mdbell.noexs.ui.controllers.ToolsController.setPidsList(ToolsController.java:105)
... 66 more

Any ideas? Using the latest Java 10.

 

[mflvs]

Hi,
I think the tool seems awesome from what i have read but i have an issue getting it to work for me. Was wondering what im doing wrong.
i have copied noexs.kip1 to the sd card root.
changed my hekate_ipl.ini to include the following:
using hekate_ctcaer_4.2

{-- NSwitchDebugger --}
[Noexs]
debugmode=1
kip1=modules/kips/loader.kip
kip1=modules/kips/sm.kip
kip1=modules/kips/noexs.kip1
kip1=modules/kips/nx-dreport.kip
fullsvcperm=1
kip1patch=nosigchk
atmosphere=1
fullsvcperm=1

Though when i go to launch noexs from hekate i get the following error: Failed to launch firmware.

Thanks in advance

 

[matt123337]

Hi,
I think the tool seems awesome from what i have read but i have an issue getting it to work for me. Was wondering what im doing wrong.
i have copied noexs.kip1 to the sd card root.
changed my hekate_ipl.ini to include the following:
using hekate_ctcaer_4.2

{-- NSwitchDebugger --}
[Noexs]
debugmode=1
kip1=modules/kips/loader.kip
kip1=modules/kips/sm.kip
kip1=modules/kips/noexs.kip1
kip1=modules/kips/nx-dreport.kip
fullsvcperm=1
kip1patch=nosigchk
atmosphere=1
fullsvcperm=1

Though when i go to launch noexs from hekate i get the following error: Failed to launch firmware.

Thanks in advance

Try to follow the readme on GitHub. Your IPL file is wrong (you copy/pasted mine, just you have the wrong file paths for the kips)
More edit: Oh and I just posted a new pre-release on GitHub, feel free to check it out!

 

[mflvs]

Try to follow the readme on GitHub. Your IPL file is wrong (you copy/pasted mine, just you have the wrong file paths for the kips)
More edit: Oh and I just posted a new pre-release on GitHub, feel free to check it out!

Thanks that got it working. will check it out

 

[Deleted member 384851]

Any idea why noexs doesn't work on Starlink? It gives an error when trying to resume after a pause, and when disconnecting/reconnecting and carrying on with a search. Thought it might be some sort of built-in protection.

 

[mflvs]

Just a quick suggestion, is there anyway to add the ability to export a list of addresses to the clipboard. e.g. when you have searched for pointers

Thanks again

 

[matt123337]

Any idea why noexs doesn't work on Starlink? It gives an error when trying to resume after a pause, and when disconnecting/reconnecting and carrying on with a search. Thought it might be some sort of built-in protection.

What is the error? In the past people who have had the same issue they've forgotten to enable debug mode

Just a quick suggestion, is there anyway to add the ability to export a list of addresses to the clipboard. e.g. when you have searched for pointers

Thanks again

Good idea! I'm actually planning on overhauling how I handle pointer search stuff, and when I do I'll try to add that

 

[Deleted member 384851]

What is the error? In the past people who have had the same issue they've forgotten to enable debug mode

I'll check again shortly. It works for other games, so it's certainly not that. Gives some sort of mod=1 error I think. I'll get back to you with a direct error code.

 

[JonJaded]

Thanks for the pointer search tutorial Tali.

I don't have SXOS to test pointers/converted codes, but I'll see if I can help.

 

[matt123337]

I'll check again shortly. It works for other games, so it's certainly not that. Gives some sort of mod=1 error I think. I'll get back to you with a direct error code.

Yeah I need to know the exact message to be able to look into it, but that is kindof odd.

 

[Deleted member 384851]

Latest version now, different error. Resume Failed. Reason : Module - 1, Desc - 33

 

[DaBlackDeath]

Hey @matt123337
Is USB Connection still a placeholder or do I need another USB Driver ? Zadig 2.4 gives me 4 drivers to install, but what driver and what device to install for (controller or switch).

 

[mflvs]

Im loving it so far. just wondering is there anyway to use this with .xci or should i contiune to use my carts.
Loving the tool super heapfull hehe