Oh, I mean like editing save data or something like Animal Crossing New Horizons did with Inventory Items.
IDA and Ghidra are mostly known as disassembly tools but do have some light decompilation available as well which some could use.
You can use them to do cheats and save editing but most would not.
For the former then you have two things.
1) If the binary for the console in question is in memory the cheat program can access then you can edit the binary to do all fun things that speak to the fundamental nature of the game rather than just giving you infinite values (gold, HP, mana, potions...), giving stuff in your inventory, setting speed really high, setting max (or higher than max that any normal play would allow) stats, basic moon jump, replicating the effects of potions and the other more minor stuff that editing variables gets you (though you can still make some absolutely massively game altering experiences with simple memory cheats).
2) You can use it to hardpatch cheats -- a basic cheat will say tell a piece of memory to always have a max value written to it. Fantastic you have infinite health/ammo/many/potions now. If however you find the thing that reads that memory and decides what to do with it then you can change that instead (or do something fun like change a sub to an add so dying actually gains your a life or something, or so doing something in the game that you might not do will refill a life bar say).
For the purposes of save editors then the game itself might well have a hash; older games going back to the NES and earlier will have a hash/checksum -- it is how they know if you entered a wrong password in those sorts of games. Newer consoles often have their own console level hash on top of things (it is how they tie saves to given accounts) so might skip it and assume the console's own hashing is all it needs.
Anyway said hashes can be mightily complex such that figuring out what is hashed and what the hash method is can be very hard by simple observation. If however you have the disassembled binary in front of you then you can follow along with what the save hash does when writing a save to the save part of memory, this will tell you what is hashed and how the hash works.
You can also dodge this and disable hash checking on your save (when loading the save it will go through it, hash it all and compare what it gets against what it is supposed to be, if it fails this comparison then it says "broken save, sorry mate/let's load a backup" but if you break this compare so it always takes the "it matched just fine" path then fantastic. That way you can edit a save to your heart's content and have the game load the save, not care that the hash is broken and then when you save in the game again it will go through and do the hash for you (you presumably did not touch that part in this). At this point you can grab the save back and share it with those on unmodified games.
IDA and Ghidra are good stuff (both are world class tools and there is a reason you see them so often in hacker circles) but if you have an emulator or the ability to debug on live hardware then that will likely blow both of those out of the water -- IDA and Ghidra are for the most part static tools that don't have any info about a running game (though they do have some options to fake it in some ways and ways to speak to emulators if you are good at using them) where a running game you can see change live before you eyes, manipulate things in the game to find what you want to fiddle with, get to a point in the code where it is acting upon your desired thing rather than staring at a list of hundreds of thousands of instructions, any compression or encryption is likely to be dodged and so on.
You can use them to do cheats and save editing but most would not.
For the former then you have two things.
1) If the binary for the console in question is in memory the cheat program can access then you can edit the binary to do all fun things that speak to the fundamental nature of the game rather than just giving you infinite values (gold, HP, mana, potions...), giving stuff in your inventory, setting speed really high, setting max (or higher than max that any normal play would allow) stats, basic moon jump, replicating the effects of potions and the other more minor stuff that editing variables gets you (though you can still make some absolutely massively game altering experiences with simple memory cheats).
2) You can use it to hardpatch cheats -- a basic cheat will say tell a piece of memory to always have a max value written to it. Fantastic you have infinite health/ammo/many/potions now. If however you find the thing that reads that memory and decides what to do with it then you can change that instead (or do something fun like change a sub to an add so dying actually gains your a life or something, or so doing something in the game that you might not do will refill a life bar say).
For the purposes of save editors then the game itself might well have a hash; older games going back to the NES and earlier will have a hash/checksum -- it is how they know if you entered a wrong password in those sorts of games. Newer consoles often have their own console level hash on top of things (it is how they tie saves to given accounts) so might skip it and assume the console's own hashing is all it needs.
Anyway said hashes can be mightily complex such that figuring out what is hashed and what the hash method is can be very hard by simple observation. If however you have the disassembled binary in front of you then you can follow along with what the save hash does when writing a save to the save part of memory, this will tell you what is hashed and how the hash works.
You can also dodge this and disable hash checking on your save (when loading the save it will go through it, hash it all and compare what it gets against what it is supposed to be, if it fails this comparison then it says "broken save, sorry mate/let's load a backup" but if you break this compare so it always takes the "it matched just fine" path then fantastic. That way you can edit a save to your heart's content and have the game load the save, not care that the hash is broken and then when you save in the game again it will go through and do the hash for you (you presumably did not touch that part in this). At this point you can grab the save back and share it with those on unmodified games.
IDA and Ghidra are good stuff (both are world class tools and there is a reason you see them so often in hacker circles) but if you have an emulator or the ability to debug on live hardware then that will likely blow both of those out of the water -- IDA and Ghidra are for the most part static tools that don't have any info about a running game (though they do have some options to fake it in some ways and ways to speak to emulators if you are good at using them) where a running game you can see change live before you eyes, manipulate things in the game to find what you want to fiddle with, get to a point in the code where it is acting upon your desired thing rather than staring at a list of hundreds of thousands of instructions, any compression or encryption is likely to be dodged and so on.
This thread comes up as a top google search when looking for info so I figured for posteriority of people finding this thread and looking for a good beginner video series in answer to the OP there is this playlist:
How to Make Cheats for the Nintendo Switch - Part 1 - The Basics
How to Make Cheats for the Nintendo Switch - Part 2 - Noexs and Different Searches
How to Make Cheats for the Nintendo Switch - Part 3 - Pointers
How to Make Cheats for the Nintendo Switch - Part 4 - Double+ Pointers and Basic ASM Cheats
How To Make Cheats For The Nintendo Switch - Part 5 - Debugging NX Games (Keep Captions On!)
How To Make Cheats For The Nintendo Switch - Part 6 - Code Caves And Custom Values
It seems to use Ida 7.0-7.6 and https://github.com/pgarba/SwitchIDAProLoader among other tools, unfortuantly the loader program does not have great mac support.
I'd like to point out that Ghidra has its own 3rd party loader plugin but you'll need to build it yourself, not hard, install gradle and the JDK then run the commands in building instructions.
There are also these scripts and a guide on using Ghidra with Switch Binaries:
https://github.com/borntohonk/Switch-Ghidra-Guides
There is also this page that might help https://reswitched.github.io/awesome/ but many of the resources are towards reversing the OS itself.
How to Make Cheats for the Nintendo Switch - Part 1 - The Basics
How to Make Cheats for the Nintendo Switch - Part 2 - Noexs and Different Searches
How to Make Cheats for the Nintendo Switch - Part 3 - Pointers
How to Make Cheats for the Nintendo Switch - Part 4 - Double+ Pointers and Basic ASM Cheats
How To Make Cheats For The Nintendo Switch - Part 5 - Debugging NX Games (Keep Captions On!)
How To Make Cheats For The Nintendo Switch - Part 6 - Code Caves And Custom Values
It seems to use Ida 7.0-7.6 and https://github.com/pgarba/SwitchIDAProLoader among other tools, unfortuantly the loader program does not have great mac support.
I'd like to point out that Ghidra has its own 3rd party loader plugin but you'll need to build it yourself, not hard, install gradle and the JDK then run the commands in building instructions.
There are also these scripts and a guide on using Ghidra with Switch Binaries:
https://github.com/borntohonk/Switch-Ghidra-Guides
There is also this page that might help https://reswitched.github.io/awesome/ but many of the resources are towards reversing the OS itself.
Last edited by gbatempfan1,
You can use also official nxo64.py instead of this DLL.
It's using Python (depending on your IDA version you must have 2 or 3), and python `lz4` library is required to install via pip.
https://github.com/reswitched/loaders/blob/master/nxo64.py
Last edited by masagrator,
Similar threads
-
- Article
-
-
-
-
-
-
-
-
-
-
-
@
xtremegamer:
loving the new zelda, i started a game, it was so fucking good, so i
am waiting on my friend to get home so we can start a new one together -
@
Skelletonike:
I just dislike that they don't let me choose the voices before the game starts. Happened with botw as well, had to change to japanese and restart. -
-
-
-
-
-
-
-
@
Skelletonike:
Just scanned all my zelda amiibos, took a while but didn't get anything that cool, did get the lon lon ranch hylian fabrics though.
-
-
@
K3N1:
@Skelletonike, btw I ran that custom for mgs4 on the deck I'm amazed it got that far in game -
-
-
