More actions
Sys-botbase | |
---|---|
General | |
Author | olliz0r |
Type | Sysmodules |
Version | 2.3 |
License | GPL-3.0 |
Last Updated | 2023/04/03 |
Links | |
Download | |
Website | |
Source | |
A Nintendo Switch (CFW) sys-module that allows users to remote control their Switch via sockets as well as read and write to a games memory. This can be used to create bots for games and other fun automation projects.
Note: This project was created for the purpose of development for bot automation. Using a hacked Switch online can get you banned. The creators and maintainers of this project are not liable for any damages caused or bans received. Use at your own risk.
Features
- Remote Control:
- Set controller state.
- Simulate buttons press, hold, and release.
- Simulate touch screen drawing.
- Memory Reading and Writing:
- Read/write x amount bytes of consecutive memory from RAM based on:
- i. Absolute memory address.
- ii. Address relative to main nso base.
- iii. Address relative to heap base.
- Read/write x amount bytes of consecutive memory from RAM based on:
- Screen Capture:
- Capture current screen and return as JPG.
Installation
Download latest release and extract into your Nintendo Switch SD card. Restart your Switch.
The sysmodule opens a socket connection on port 6000. See the python example on how to talk to the sysmodule and what commands are available.
Media
LiveHeX ( ͡° ͜ʖ ͡°) We live injecting now bois (powered by sys-botbase) (Archit Date)
Known issues
Changelog
v2.3 2023/04/03
- All single-stream peek commands no longer require you to "chunk" the data as the sysmodule will do this to send large data quickly in one command.
GetInfo()
is now used to get the heap base to reduce overhead on all peek and poke commands. getTitleVersion
was added courtesy of @6A-Realm.- Various info commands were added courtesy of @amel-am.
- Smaller fixes were provided by @Lincoln-LM and @ELY3M.
- Other smaller fixes are also included in this release.
- Thank you to all the contributors.
v2.2 2022/04/10
- Sys-botbase no longer inits fs or mounts the sd card. If you run a fork or adapt from sys-botbase then please make sure to yield the fs service once you're done with it to avoid hitting the too many sessions panic.
- screenOn and screenOff once again turn on/off the backlight. Many thanks to SciresM for yielding atmosphère's lbl service session until required such that we can do the same here. Note that this only works with Atmosphère 1.3.1 onwards.
v2.1.1 2022/03/26
- This is an interim update until a stable 14.0.0 libnx is available, however it should work fine for the vast majority of cases.
- All lbl sessions are allocated and as such screenOn/screenOff will no longer turn the backlight on/off.
v2.1 2022/02/07
- This should fix an issue with certain virtual controllers not connecting correctly.
isProgramRunning
requires the entire identifier, so to check if the keyboard is open you would sendisProgramRunning 0x0100000000001008\r\n
v2.0 2021/11/22
- The following commands were added:
- Functionality:
- peekMulti
- peekMainMulti
- peekAbsoluteMulti
- controllerType
- Functionality:
Multi
commands are the same as their non-multi counterparts, and have the added benefit of accepting an array of addresses and sizes split by spaces, and return a sequential concat stream of bytes of all data that was looked up.- controllerType allows configuration of the controller from the default pro controller to other controllers, such as a single joy-con, ring-con, etc. Useful if you're writing a bot for something that requires a different controller, such as an LGPE bot. This must be configured to a HidDeviceType
- The amount of memory allocated by sys-botbase is now also reduced, and the backlight will now turn off when using the screenOff command.
v1.9 2021/09/20
- In addition to the title, this build has the
pointerRelative
command if you want a pointer solved with the value returned relative to the heap.
v1.8 2021/04/19
- The home button will now glow if docked to your switch on startup to notify you sys-botbase is ready to accept requests.
- Additionally, it has the following new commands:
- Functionality:
- clickSeq <sequence> eg clickSeq A,W1000,B,W200,DUP,W500,DD,W350,%5000,1500,W2650,%0,0 (some params don't parse correctly, such as DDOWN so use the alt)
- clickCancel
- touchCancel
- screenOff
- screenOn
- charge
- Both
screenOff
andscreenOn
change the screen's IsScanning state. They are especially useful if you are running always-on bots that would benefit from slightly less power use. Charge
will return the current battery charge percentage as an integer between 0-100.
v1.7 2021/02/24
- Thanks to olli for giving me free rein to add cool new stuff and thanks to Red for the keyboard emulation research & implementation
- Newly added commands with this version are below. If you are not using any of this functionality then feel free to stick with 1.6.
- Functionality:
- pointer <first (main) jump> <additional jumps> !!do not add the last jump in pointerexpr here, add it yourself!! (returns the pointer at the end nb: return value is in little endian)
- pointerAll <first (main) jump> <additional jumps> <final jump in pointerexpr> (as above)
- pointerPeek <amount of bytes in hex or dec> <first (main) jump> <additional jumps> <final jump in pointerexpr>
- pointerPoke <first (main) jump> <additional jumps> <final jump in pointerexpr>
- freeze <offset>
- unFreeze <offset>
- freezeCount (returns the amount of freeze slots use by the sysmodule, max is 255)
- freezeClear (removes all freezes)
- freezePause
- freezeUnpause
- touch followed by arrayof: <x in the range 0-1280> <y in the range 0-720>. Array is sequential taps, not different fingers.
- touchHold <x in the range 0-1280> <y in the range 0-720>
- touchDraw followed by arrayof: <x in the range 0-1280> <y in the range 0-720>. Array is vectors of where finger moves to, then removes the finger.
- key followed by arrayof: <HidKeyboardKey> to be pressed in sequential order
- keyMod followed by arrayof: <HidKeyboardKey> <HidKeyboardModifier>(without the bitfield shift) to be pressed in sequential order
- keyMulti followed by arrayof: <HidKeyboardKey> to be pressed at the same time.
- Config:
- configure keySleepTime
- configure fingerDiameter <finger diameter in the range 0-150 (default is 50)>
- configure pollRate <pollrate wait time to be used by the touch and key commands (default is 17ms)>
- configure freezeRate <freezeRate (default is 3ms)>
- Most of the defaults are based on minimum pollrates for system applets. Both keySleepTime & pollRate should be set to a higher number if using an in-game keyboard as these are usually tied to framerate.
v1.6 2020/11/01
- RTNX brought to my attention a nasty little bug that would randomly cause RAM pokes to go bad and corrupt, injecting the wrong data or potentially crashing the console.
- This release fixes that issue and should hopefully be the most stable version of sys-botbase to date.
- Thanks to Anubis and the army of testers for stress-testing.
v1.5 2020/06/11
- Switching back from dmntcht again. Version 1.4 creates a lot of issues when reading/writing, so this version is mainly to replace the old broken version.
v1.4 2020/03/06
- Switched back to dmntcht, stability issues should be solved.
- New commands:
- getTitleID - returns the titleid of the current open application.
- getSystemLanguage - returns the consoles language setting, see.
- https://github.com/switchbrew/libnx/blob/86a5aa446695573ddea594199357185488a08f19/nx/include/switch/services/set.h#L25 for a mapping
- getHeapBase - returns the base address of the heap.
- pokeAbsolute/PeekAbsolute - same as peek/poke, but with a absolute.
- address instead of a heap offset.
v1.3 2020/02/11
- New release includes the option to echo back any command you send to the sysmodule.
- Send "configure echoCommands 1" to enable.
- The zip file contents can be copied onto the sd card and include all files/folders necessary to run the sysmodule.
v1.2 2020/02/02
- Replaced dmntcht with old implementation to freeze the process during ram reads/writes.
- Changes to socket read function to be able to work with bigger write requests.
- Made sleep timing on the main loop and button click command configurable. Default values are 0ms for the main loop and 50ms for the click command.
v1.1.1 2020/02/01
- I intended to change the sysmodule to sleep for 50ms instead of 100ms after every command, but accidentally changed it to 500ms instead.
- Thanks to archit for telling me.
v1.1 2020/01/31
- Uses dmntcht now instead of the old svcdebug method of reading/writing RAM. This should make it more reliable when working with other applets or switching games.
- The sysmodule is now able to accept several socket connections at the same time, as well as allowing to reconnect to the bot after a disconnect without having to restart the whole switch.
v1.0 2020/01/26
- First Release.
Credits
- Big thank you to jakibaki for a great sysmodule base to learn and work with, as well as being helpful on the Reswitched discord!
- Thanks to RTNX on discord for bringing to my attention a nasty little bug that would very randomly cause RAM poking to go bad and the switch (sometimes) crashing as a result.
- Thanks to Anubis for stress testing!