![]() ![]() ![]() Atmosphere will load the modified file instead of the original one.ĭ) you can reverse engineer previous cheats (see exactly what they are patching/modifying) if you have an access to the previous game versions. by using this tool Ĭ) you can use Atmosphere's built-in layered FS and place the patched "main" file (you need to compress the modified "main.elf") into /atmosphere/contents//exefs/ directory, if you patched the "main.elf" directly with IDA/Ghidra. In addition you can even debug a Unity game with dnSpy (requires modified mono DLL files) in a very comfortable way.ī) you can also create permanent patches for a given game by using IPS patches, e.g. this way you can also easily mod any game, just by using C# and modifying classes, methods, attributes etc. the learnings from the PC version of the game can be used for any other platform of the same game version/build (e.g. NET decompilation, where ALL source code is available in highly readable form (unless obfuscated), so you can easily analyze it and even modify it. Ī) if you have an access to the PC version of the same game and it's NOT compiled with IL2CPP on PC, you can load its "Assembly-CSharp.dll" with dnSpy and enjoy the full power of. For different cheat code generation you can use such tools as and. you can learn basics of ARM assembly here (unfortunately it's for a 32bit Arm v7, not for 64bit Arm v8, but I guess similar guides for Arm64/AArch64/Arm8 can be found as well, this was just a quick web search). (6) look for code parts and offsets you want to change and write "04000000" or "08000000" cheat codes from ARM64 Assembler commands ( ) by using tools like (don't forget to use "GDB/LLDB" flag to create big endian hex codes with proper byte order). Without this step you are pretty much totally lost in IDA/Ghidra. it will help you to understand the code almost perfectly. (5) run Python scripts "ida_with_struct_p圓.py" within IDA Pro (File -> Script file.) or "ghidra_with_struct.py" within Ghidra, to populate the disassembled code database with comprehensive meta information (class names, method names, attribute names, struct names etc.). (primary target there is always "Assembly-CSharp.dll", where most game functionality is located) "DummyDll" can be used with dnSpy for a quick look through functions, attributes etc. ![]() to briefly patch a bool return function by using its offset with "return true/false"). for a quick look you can use "dump.cs" (e.g. (4) use IL2CPP Dumper on "main.elf" + "global-metadata.dat", which will create a lot of useful additional files about the executable binary. ![]() (3) load "main.elf" with IDA Pro or Ghidra, remember that Switch uses big endian byte order, so select it in the disassembling settings (ARMB processor type) (2) use NX2ELF on "main" to get uncompressed "main.elf" then dump "global-metadata.dat" from RomFS (search in subdirectories for this file, this is by the way the easiest way to see if it's a Unity game or not) (1) use NXDump on the Unity game you want to modify, select the proper last used patch version (not the base game version!!) there and dump "main" from ExeFS. The bug is somewhere in the engine, and there is no visible way ATM to overcome or circumvent it.As I had to dig through a lot of information by myself, I thought that I could do a small tutorial on how to modify Unity games for cheating (and not only, e.g. I tried using "expert mode" which has death automatically enabled every game load, and still experienced all the bugs associated with party member death and adventurer recruitment. The "Death" setting isn't as principal as I suspected. I understand this is a soliloquy at this point, but unfortunately the nice guys at Obsidian don't allow new forum members to post on their forums without prior moderator approval, so I'm relegated to the considerably less active Steam board. Which may naturally conflict with the fact that some party members are *dead*, leading to all sorts of freaky stuff, up to and including *ghosts* (shadows of supposedly dead party members), and of course to the fact that the dead guys still "occupy" party slots, conflicting with newly recruited adventurers and bugging the saved games. Apparently the "Death" setting in game options gets turned off every time a save game is loaded. I may have pinpointed the root cause of this bug. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |