Homebrew [Release] Zelda - A Link Between Worlds (USA) Cheat Plugin

[qaz015393]

Just run the game. You don't have to do anything.

? k now Im confused. can some1 show a quick vid/screen shot then of this in use... I was wondering if its doing anything for me. Since it seems not to.


EDIT:
I know my problem now... Im using an EUr rom I just saw the region... now im going to try again with the correct rom. I still think a quick vid/ a few screen shots would be nice to show it it working just incase others say it doesnt work... like me.

 

[Lord M]

can make a tutorial for create cheat plugin, and/or make plugin for other games too?

 

[Arras]

Now I haven't played ALTTP a whole lot but I found some of the mobs in Lorule to be pretty hard. Some of them can kill you within just a few hits and are very persistant and hard to kill (and also frequently encountered)
So in any case I wouldn't say ALBW is easy. It's rather hard compared to other Zelda games.

True, the first time you reach the dark world, the bomb throwing guys are a pain in the ass. Same goes for the flamethrower guys, although you hardly ever see those. The main differences are that heart drops in ALBW are about 10 times more common, there are no random bombs when you cut grass and the bosses are much easier.

 

[conanac]

NTR CFW is required.

Usage:
Copy plugins folder to sd card, the plugin will be loaded in the game.
Hearts and rupees will freeze at maximum values.
Works on USA region game only.

https://www.sendspace.com/file/yeekc4

This is a great progress and working well when I tried it (fighting shadow link and others).
Here are the screenshots (using the plugin as well):

I also saw some codes (see below) posted in speedfly.cn perhaps related to this plug-in? It would be great if you could share the process and example of codes in your code repository so more and more players could contribute to the community cheat database for various games by using NTR CFW.

Spoiler

void SetByte (u32 addr, u8 value)
{
u32 handle = 0;
svc_openProcess (& amp; handle, 0x25); // pid = 0x25
svc_writeProcessMemory (handle, & amp; value, addr, 1);
}
 
u8 CheatOn_HP = 0;
u32 CheatUi () {
u8 buf [200];
acquireVideo ();
while (1) {
blank (0, 0, 320, 240);
xsprintf (buf, "Cheat:% 02d", CheatOn_HP);
print (buf, 10, 10, 255, 0, 0);
updateScreen ();
u32 key = waitKey ();
if (key == BUTTON_DU)
{
CheatOn_HP = 1;
SetByte (0x168b5fa8, 99);
}
if (key == BUTTON_DD) {
CheatOn_HP = 0;
SetByte (0x168b5fa8, 10);
}
if (key == BUTTON_B) {
break;
}
}
releaseVideo ();
return 0;
}
 
void Run_Cheat (u32 addr, u8 value)
{
while (1)
{
if (CheatOn_HP)
SetByte (0x168b5fa8, 99);
}
}
 
u64 Stack_buf [0x200 / 8];
int main () {
u32 retv;
Handle thread;
 
initSharedFunc ();
nsDbgPrint ("initializing Cheat plugin \ n");
plgRegisterMenuEntry (1, "CheatContro", CheatUi);
plgGetSharedServiceHandle ("fs: USER", & amp; fsUserHandle);
nsDbgPrint ("fsUserHandle:% 08x \ n", fsUserHandle);
// Svc_createThread (& amp; thread, Run_Cheat, 0, (u32) Stack_buf, 0x18, 1);
}

 

[qaz015393]

Can I transfer my save from my Eur rom. I want to continue where I left off. but last time I tried to use savedatafiler it said it was broken for the game. Any help.
cart2sav doesnt work.

EDIT:
any chance u can make it work for the EUR version.

 

[Myria]

EDIT:
any chance u can make it work for the EUR version.

When my European version of Triforce of the Gods 2 arrives, I could dump the cart and edit this for you...if I can figure out how to edit it at all.

 

[cearp]

When my European version of Triforce of the Gods 2 arrives, I could dump the cart and edit this for you...if I can figure out how to edit it at all.

i'm sure i said this to you before, it looks so silly for you to call it triforce of the gods please

 

[Bug_Checker_]

This is a great progress and working well when I tried it (fighting shadow link and others).
Here are the screenshots (using the plugin as well):

I also saw some codes (see below) posted in speedfly.cn perhaps related to this plug-in? It would be great if you could share the process and example of codes in your code repository so more and more players could contribute to the community cheat database for various games by using NTR CFW.

Spoiler

void SetByte (u32 addr, u8 value)
{
u32 handle = 0;
svc_openProcess (& amp; handle, 0x25); // pid = 0x25
svc_writeProcessMemory (handle, & amp; value, addr, 1);
}
 
u8 CheatOn_HP = 0;
u32 CheatUi () {
u8 buf [200];
acquireVideo ();
while (1) {
blank (0, 0, 320, 240);
xsprintf (buf, "Cheat:% 02d", CheatOn_HP);
print (buf, 10, 10, 255, 0, 0);
updateScreen ();
u32 key = waitKey ();
if (key == BUTTON_DU)
{
CheatOn_HP = 1;
SetByte (0x168b5fa8, 99);
}
if (key == BUTTON_DD) {
CheatOn_HP = 0;
SetByte (0x168b5fa8, 10);
}
if (key == BUTTON_B) {
break;
}
}
releaseVideo ();
return 0;
}
 
void Run_Cheat (u32 addr, u8 value)
{
while (1)
{
if (CheatOn_HP)
SetByte (0x168b5fa8, 99);
}
}
 
u64 Stack_buf [0x200 / 8];
int main () {
u32 retv;
Handle thread;
 
initSharedFunc ();
nsDbgPrint ("initializing Cheat plugin \ n");
plgRegisterMenuEntry (1, "CheatContro", CheatUi);
plgGetSharedServiceHandle ("fs: USER", & amp; fsUserHandle);
nsDbgPrint ("fsUserHandle:% 08x \ n", fsUserHandle);
// Svc_createThread (& amp; thread, Run_Cheat, 0, (u32) Stack_buf, 0x18, 1);
}

Did you see https://github.com/44670/libntrplg

 

[huhao1987]

I am not sure why are you so sensitive for this plugin, In my option, the author might just want to achieve and test a function for the NTR CFW. This plugin is only a way to tell us that the cheat function could be realized for 3ds. We can choose to use it or ignore it, that`s all.

 

[conanac]

Did you see https://github.com/44670/libntrplg

Yes, I knew about it, and was asking whether he could add the example of his cheat plugin (in addition to the helloworld and backlight ones) into that code repository.

Back to the topic of discussion: is it possible to have a general cheat plugin (for writting to the memory)? We perhaps could have a general plugin code that read a cheat file (either a text or binary format) from sdmc with content like the following three columns (pid#, memoryaddress, and contenttowrite), as an example for the animal crossing new leaf game:

25 15F7EBD4 12210000

write to pid 0x25 with the offset 0x15F7EBD4 the value of 0x12210000
assuming that offset in the memory represents the first slot in the pocket of the first player, and 0x1221 is the tag/code for a bag of 99,000 bells.

With this type of set-up, it will allow more players to contribute to the community cheat database (none at this time) easier. I will see whether I have enough knowledge and time for creating this type of plugin. If cell9 could provide guidance and help on creating this generic way (or similar one) then that would be a tremendous help for us.

I already sent a PM to cell9 to get more information about his ntr debugger as well. I hope he will respond.

Cheers.

 

[Lord M]

But the memory of those codes (health and rupees) are inside in one place of game (those info like in EBOOT of ps3 games...). For 3ds where to look? If someone want to patch permanently the game (like infinite ammo or money) how can see? RomFS.bin? I think not (here file folder, for models, animation etc...) Maybe in ExeFS.bin??

 

[conanac]

But the memory of those codes (health and rupees) are inside in one place of game (those info like in EBOOT of ps3 games...). For 3ds where to look? If someone want to patch permanently the game (like infinite ammo or money) how can see? RomFS.bin? I think not (here file folder, for models, animation etc...) Maybe in ExeFS.bin??

Here is the list of steps for example to see the memory content of player pocket in the animal crossing new leaf game:

Spoiler

1. Play 3ds with NTR CFW for the game ACNL (with wireless switch on)
2. Check the IP address of the 3ds (e.g. 192.168.1.10)
3. Run ntrclient application on Windows PC
4. Execute the following command:
 
connect('192.168.1.10', 8000)
 
5. After the connection is establish, you could see the list of process by using command:
 
listprocess()
 
6. One of them is the ACNL game of interest (in this case the process name is GARDEN, and has pid # 0x25)
7. Then you could check the memory layout, for example:
 
> memlayout(0x25)
null
valid memregions:
00100000 - 00b6efff , size: 00a6f000
08000000 - 08073fff , size: 00074000
0ffc0000 - 10000fff , size: 00041000
10002000 - 10002fff , size: 00001000
14000000 - 174dcfff , size: 034dd000
1f000000 - 1f5fffff , size: 00600000
1ff50000 - 1ff57fff , size: 00008000
1ff70000 - 1ff77fff , size: 00008000
1ff80000 - 1ff81fff , size: 00002000
1ffad000 - 1ffaefff , size: 00002000
end of memlayout.
 
8. I could dump the biggest one and see whether the savegame file is in that part (i.e. finding
garden.dat file (extracted by using savefiler 3ds application) content inside this memory data
dump file, data.bin):
 
> data(0x14000000, 0x34DD000, filename='data.bin', pid=0x25)
 
9. garden.dat actually starts at offset 0x01FB7E80 in that data.bin file, so now we could try finding
the location of the pocket slots of the first player by changing the content in the first slot of the
pocket multiple times and dump those data.bin for each change. In this case, I could see the offset
is 0x1FBEAD0 (or 0x15FBEAD0 after taking into consideration that data.bin starts at 0x14000000 in
the memory of pid 0x25).
 
10. Now, we could use command to put a bag of 99,000 bells in that first slot of pocket:
 
write(0x15FBEAD0, (0x12, 0x21, 0x00, 0x00), pid=0x25)
 
11. Profit

Hope this clarifies.

Cheers.

 

[Lord M]

thanks for this small useful tips , but maybe I was not clear. I mean if i want top "mod" a game with those things like a cheat (like inf ammo, money etc.) without CFW or plugins... but physical modding, inside game, into the decrypted rom... i where can see? exheader.bin, romfs.bin or exefs.bin?

 

[hippy dave]

Depends, romfs if you want to cheat by changing data, exefs if you want to cheat by changing program code.

 

[Lord M]

Oh... and what the difference? I only want to mod the game with hack like cheats, as armax or codebreaker, but permanently and inside the game (change equipment, inf health and so on...) so this is changing data or program code? Changing data, right? XD

 

[conanac]

Oh... and what the difference? I only want to mod the game with hack like cheats, as armax or codebreaker, but permanently and inside the game (change equipment, inf health and so on...) so this is changing data or program code? Changing data, right? XD

If you want infinite health then you may need to find a portion of code in exefs where it deals with decreasing or increasing health number and "nop" the corresponding line of code to make those changes in the health number to be ineffective.

Just to share some progress on editing the town in the animal crossing new leaf game. Here is the picture where I could put the fish (in this case, carp) on the ground (now we could distribute fishes and insects if we want to other players), and have two planted flowers on the paving stone.

Enjoy.

 

[Lord M]

You can write here a small tut for find something in exefs? What are you doing? Decrypt then hex editor or other way?

 

[conanac]

You can write here a small tut for find something in exefs? What are you doing? Decrypt then hex editor or other way?

I am afraid it will not be a small tutorial. As an example, I had to transform the decrypted code.bin in exefs along with other information from exheader to build an elf file so that I could use IDA to learn the code flow of a specific game of interest. Since I have not tried changing any of the original codes, I have not even tried to repack the ROM (which could be another challenging task, at least with my limited knowledge on this). Another way perhaps is to use an emulator on PC and watching behind the screen how the codes in the game of interest work (assuming there is a 3ds emulator that could run that game and provides debugging capabilities).

The way I am trying to do now is basically just using the NTR CFW and its associated debugger capabilities to change the value in the memory on the fly. It is a lot of trial and error (which at the end you still may not get what you want to achieve).

Please do not feel discourage, it takes time to learn all this. You just need to map out what you need to learn, and execute one by one of those simple steps. As an example, I spent some time as the first step learning ARM assembly/binary codes.

 

[Lord M]

So... many things its not simple as elf file in an hex editor like ps3 XD But real time editing for now can nly edit the difference with number, right? Only specific numerical value, cant able to do somethings like highter than, less, etc...?
Anyway will be useful if when you will have time, you write a guide for those "manual cheats apply" (no cfw, no rte, etc.)

 

[Huntereb]

Info in the description.

SciresM