ROM Hack [Release] ultraSuMoFramework - NTR Plugin for Ultra SuMo

[Yomiichi]

Wormhole mini-game program seems to be expand to temporary working area.
So it's difficult for me to find the period mini game program is alive.
The only way I could success to cheat is using Rosalina and gdb.

Spoiler: How to Cheat Wormhole mini game

• Step1

Using plugin and 3ds
Search address which is stored warp year by the message after entering the wormhole
In my ultra sun,this address is 0x32DE30E0 fixed

• Step2

Using Citra+GDB,
Set write access break point at the address found step1,then enter wormhole
2 line above the break line,you will find this year was loaded from R4 + 0x04
In my environment,break at 0x00385354 and R4 is 0x32DE30E0

• Step3

DURING playing mini game,
set write access break point at the address R4+0x04 found step2(0x32DE30E4),and enter the wormhole
In my environment,break at 0x006F3748

• Step4

If you modify R5 of the code 0x006F3748,you can change the wormhole year

If you modify R1 of the code 0x006F3754,you can change the wormhole color
0:While(UltraBeast),1:Red,2:Blue,3:Yellow,4:Green

If you modify R0 of the code 0x006F3760,you can change the wormhole rarity
0: Normal,1: SingleRing ,2: DoubleRing,3: DoubleAuraRing

Can you teach me how to do this? im kinda noob at this stuff sorry
thanks btw

 

[Takumi4685]

Can you teach me how to do this? im kinda noob at this stuff sorry
thanks btw

Do you have a gdb debug tool which support ARM such as IDA?
If you have,set break point at the address I mentioned step4 DURING mini game.
If you set break point successfully ,break will happen when you enter the wormhole.
Then you modify the Register I mentioned step4,you will enter wormhole you need.

CAUTION
Break point must be set every mini game.
if you have already set break point playing previous mini game,clear break point once,and set again.
This is because temporary area at which you set break point seems to be discarded.
And break point setting also discarded

 

[supermariorick]

Do you have a gdb debug tool which support ARM such as IDA?
If you have,set break point at the address I mentioned step4 DURING mini game.
If you set break point successfully ,break will happen when you enter the wormhole.
Then you modify the Register I mentioned step4,you will enter wormhole you need.

CAUTION
Break point must be set every mini game.
if you have already set break point playing previous mini game,clear break point once,and set again.
This is because temporary area at which you set break point seems to be discarded.
And break point setting also discarded

looks like it is set each time you enter the ultra wormhole. any way a pointer code that covers each area even if the previous area is discarded will work? it would suck to have to keep finding the address each time you want to manipulate the result of the wormhole.

 

[Takumi4685]

looks like it is set each time you enter the ultra wormhole. any way a pointer code that covers each area even if the previous area is discarded will work? it would suck to have to keep finding the address each time you want to manipulate the result of the wormhole.

Thanks for your advice
But it doesn't matter to make plugin because mini game program code is expanded to the same area every time.
The reason I gave up to make plugin is lack of knowledge about memory protection system of arm cpu.
I could write hook code,but segmentation fault occurred when pc jumped into my hooked function.
I think,to solve this problem,it's needed to unlock the memory protection to plugin code area,
but I don't know how to do so

 

[Nanquitas]

Thanks for your advice
But it doesn't matter to make plugin because mini game program code is expanded to the same area every time.
The reason I gave up to make plugin is lack of knowledge about memory protection system of arm cpu.
I could write hook code,but segmentation fault occurred when pc jumped into my hooked function.
I think,to solve this problem,it's needed to unlock the memory protection to plugin code area,
but I don't know how to do so

CTRPF has everything needed to do that (hook class and memory protection), so with all your infos @AnalogMan might be able to implement it in the plugin.

 

[Takumi4685]

CTRPF has everything needed to do that (hook class and memory protection), so with all your infos @AnalogMan might be able to implement it in the plugin.

I see,I’ll leave making plugin up to AnalogMan or someone else.
By the way,Nanquitas,I appreciate for your great works!
Thanks to your sumo plugin,I could study how to make hook code

 

[dsrules]

Wormhole mini-game program seems to be expand to temporary working area.
So it's difficult for me to find the period mini game program is alive.
The only way I could success to cheat is using Rosalina and gdb.

Spoiler: How to Cheat Wormhole mini game

• Step1

Using plugin and 3ds
Search address which is stored warp year by the message after entering the wormhole
In my ultra sun,this address is 0x32DE30E0 fixed

• Step2

Using Citra+GDB,
Set write access break point at the address found step1,then enter wormhole
2 line above the break line,you will find this year was loaded from R4 + 0x04
In my environment,break at 0x00385354 and R4 is 0x32DE30E0

• Step3

DURING playing mini game,
set write access break point at the address R4+0x04 found step2(0x32DE30E4),and enter the wormhole
In my environment,break at 0x006F3748

• Step4

If you modify R5 of the code 0x006F3748,you can change the wormhole year

If you modify R1 of the code 0x006F3754,you can change the wormhole color
0:While(UltraBeast),1:Red,2:Blue,3:Yellow,4:Green

If you modify R0 of the code 0x006F3760,you can change the wormhole rarity
0: Normal,1: SingleRing ,2: DoubleRing,3: DoubleAuraRing

USun 0x32DE30E0,0x32DE30E4 is 00000000000000000 in wormhole when I looked in RAM
Do you keep searching Greater Than to find the address?

 

[omega59]

I have a 2Ds, how exactly do i use this if it is not for NTR-CFW Plugins? thank you!

 

[Devon0505]

Sorry, it's staying, because now people have a wider choice of options for Shiny chance (ex. You couldn't get 40%, 60%, 75%, or 80% or many other percentages with the old system).

OK. Is it possible to make a character change code like the OrAs Framework? That would be super cool

 

[supermariorick]

I have a 2Ds, how exactly do i use this if it is not for NTR-CFW Plugins? thank you!

use the old3ds compatible plugin. you're in the wrong thread.

so about the wormhole result hacking
I could help if I could get the IDA Pro gdb remote debugger tool to connect to Rosalina menu's gdb debugger but unfortunately every time I have tried the debugger refuses to connect.

 

[Yomiichi]

Do you have a gdb debug tool which support ARM such as IDA?
If you have,set break point at the address I mentioned step4 DURING mini game.
If you set break point successfully ,break will happen when you enter the wormhole.
Then you modify the Register I mentioned step4,you will enter wormhole you need.

CAUTION
Break point must be set every mini game.
if you have already set break point playing previous mini game,clear break point once,and set again.
This is because temporary area at which you set break point seems to be discarded.
And break point setting also discarded

i have IDA pro but i cant use it xD how do i start using it?

 

[Takumi4685]

i have IDA pro but i cant use it xD how do i start using it?

Spoiler: 3DS Praparing

During mini game,push home button and return home
Call Rosalina menu by pushing L +DD + SEL
Select "Debugger options"->"Enable debugger" and "Process list"->"momiji"
Then you can find 3ds IP at top right and port number at right next to momiji

Spoiler: IDA

Select "Dubugger" -> "Attach"->"Remote GDB Debugger"
Select Debug option
Select Set specific option
Select ARM at Procrssor Groupe and push OK

USun 0x32DE30E0,0x32DE30E4 is 00000000000000000 in wormhole when I looked in RAM
Do you keep searching Greater Than to find the address?

Did you use DGB debugger?
The data of these address is cleared after generating wormhole map.
To confirm data, you need to stop game process by using gdb break point

 

[Yomiichi]

solved

 

[dsrules]

Did you use DGB debugger?
The data of these address is cleared after generating wormhole map.
To confirm data, you need to stop game process by using gdb break point

I only used memory viewer and the value is always 0000000 when riding on pokemon, I guess the address is not static

 

[ciaxel]

I can't seem to view the IV/EVs listed on the Summary screen. For your old SuMoCheatMenu I know it was press Start and scroll up/down, but now I can't seem to figure out which button combination it is in this instance or if it's buggy at the moment.

EDIT: Welp I'm blind. There's an info button listed next to the 'Favorite' star sticker that tells you ZL for IV and ZR for EVs.

 

[Chrisssj2]

Hoping for a cheat that will allow catching event pokemon from x/y and other versions.

 

[_______]

It seems that the "Rename any Pokemon" option will crash Ultra Sun but not Ultra Moon.

Also, the Exp Mod is way too low even with a 10000% setting. I tried this one and it's 255000% value seems to be better. (Also, it give us all items which is nice. I wish that could be add to this plugin as this plugin have a much better UI/UX.)

I also found this:

[Wild Pokemon Modifier v1.0]
005B9FC0 E1D500B0
005B9FC4 E12FFF1E
005B9FC8 E5C40004
005B9FCC E59F0000
005B9FD0 E12FFF1E
005B9FD4 00000XXX <- Pokemon ID
005B9FD8 000000YY <- Pokemon LV
003A7298 EB084B48
003A72A8 EB084B44
003A72C4 EB084B3D
DD000000 00000004
005B9FC4 E59F000C
D0000000 00000000
Then hold SELECT until you get a encounter

 

[Oris]

It seems that the "Rename any Pokemon" option will crash Ultra Sun but not Ultra Moon.

Also, the Exp Mod is way too low even with a 10000% setting. I tried this one and it's 255000% value seems to be better. (Also, it give us all items which is nice. I wish that could be add to this plugin as this plugin have a much better UI/UX.)

I also found this:

[Wild Pokemon Modifier v1.0]
005B9FC0 E1D500B0
005B9FC4 E12FFF1E
005B9FC8 E5C40004
005B9FCC E59F0000
005B9FD0 E12FFF1E
005B9FD4 00000XXX <- Pokemon ID
005B9FD8 000000YY <- Pokemon LV
003A7298 EB084B48
003A72A8 EB084B44
003A72C4 EB084B3D
DD000000 00000004
005B9FC4 E59F000C
D0000000 00000000
Then hold SELECT until you get a encounter

Does the current exp code stack at all with Lucky Eggs and Roto Exp Power? Because if it does, Poni Plains' bushes have Chanseys that call more Chanseys and the occasional Blissey. If you are in post-game.

 

[Mimikyuuu]

Since i got no answer i am asking this question again - I Got Shiny Charm and if i Increase Shiny rate to 5%,does it increase the shiny encounter chance 5% more out of 4,000 or it increase 5% out of original number of chances to encounter a shiny? Also even when i set the encounter rate to 1% i usually ended up getting shines around 15-70 pokemons in SOS.

 

[DocKlokMan]

Since i got no answer i am asking this question again - I Got Shiny Charm and if i Increase Shiny rate to 5%,does it increase the shiny encounter chance 5% more out of 4,000 or it increase 5% out of original number of chances to encounter a shiny? Also even when i set the encounter rate to 1% i usually ended up getting shines around 15-70 pokemons in SOS.

Original shiny chance is 1/4096 which is around .02% for a shiny chance. With the shiny charm it increases your chances to 3/4096 or around 0.07%. With the shiny cheat, all the percentages are approximate, so if you set it to 5% it's actually 5.02% or 5.07% depending on if you have the shiny charm or not.

Setting the encounter rate to 1% means you will roughly get a shiny once every 100 Pokémon. However, if you are chaining shines with SOS battles, you will see them more often as chaining SOS battles increases shiny odds.