Creating your own unencrypted Codebreaker codes

Sapharrad
On this page, you will find several guides and tools you can use to make unencrypted codes for the Codebreaker Advance cheat device. This page was created for all of you who bought a Codebreaker and want to make your own codes, but have been stopped due to the lack of resources. These methods will also work on the Xploder cheat device. The Codebreaker cheat device is identical to the Xploder, which is only sold in Europe. The Codebreaker is just sold here under another name.


Finding the memory addresses for codes

There are aparently several ways of doing this. The easiest is using the memory/cheat search features of the VisualBoy Advance emulator. I will not cover this, because if you need to ask, and cannot figure out how to find values yourself, you'll probably have problems following this information. The GUI in VBA is rather easy to understand, and I had no problem finding memory addresses without help, so I trust others can. Experience with Hex, creating codes for other systems is a big help here. If you do not understand what hex is, you will not be able to follow this information, so stop now until you can understand it. A valid memory address will follow the format 02XXXXXX or 03XXXXXX. If you've found a value in those area's you're fine. Making codes from this is simple. Just attach a code type, as explained below.



Code Types


3AAAAAAA 00YY

8 bit constant write. This only writes the value of YY into the address provided.


4AAAAAAA YYYY         
MMMMCCCC IIII        

The slide code. This is an advanced code type you can use to write multiple values with. It starts at the address provided, and writes the value provided. It will write the value the amount of times provided as the count, (C) and it will increase the address provided by the number provided in the increment (I) each time. The value also increases with each increment by the value increment, M.


6AAAAAAA YYYY        

This is the 16-bit AND code. It performs the AND function on the address provided with the value provided. I'm not going to explain what AND does, so if you'd like to know I suggest you see the instruction manual for a graphing calculator. This is another advanced code type you'll probably never need to use.


7AAAAAAA YYYY        

This is the 16-bit if code type. If the data address (A) is equal to the provided value (YYYY), then execute the code on the next line. If it's not, the next line will be skipped.


8AAAAAAA YYYY

16 bit constant write. This writes the value of YYYY into the address provided.


AAAAAAAA YYYY

This code type is basicly the opposite of the 16-bit if type. If the data at the address provided is not equal to the value, then the next line is executed. Otherwise it's skipped.


D0000020 YYYY

This is the button checking code type. If the values of the buttons pressed is equal to YYYY, enable the next code. This can also be checked with the 16-bit if (7) code type, and is another advanced code type, which will be explained later.


Attaching the memory address you found to a code type is easy. Take the memory address you found, and omit the first 0. It should now only be 7 characters long. Now just use that portion of the Address as the AAAAAAA part of the code types above. The Y portion is the address you'd like to modifiy the address to be. The most commonly used code types are the 3 code type, and the 8 code type. You will most likely use one of these. The more advanced code types just follow the same template above. If you've gotten this far, you should be able to make your own codes for already existing games.


Enable Codes

You need enable codes for any game to be able to work. These tell the Codebreaker where it can hook into a game to be able to change values. An enable code consists of two lines. The first line tells the CBA where it can hook the game, and the 2nd line tells the CBA how to identify the game, so it is automaticly detected when you start. To make the first line, you can follow the guide below:


Hacking GameBoy Advance Enabler Codes (Used with Permission) - By Parasyte

(NOTE: This guide has been modified from it's original text to cover the Codebreaker Advance.)

Required Software:
 - GameBoy Advance ROM to hack (find on your own)
 - Mappy Virtual Machine - http://www.bottledlight.com/

Hacking the hook code:
(this method only works on Thumb assembly in ROM)

1)  Load up the rom in Mappy, then goto View -> Disassembler

2)  Goto File -> Export -> Disassembly

3)  Pick a destination txt file to save

4)  Near the bottom you see three text boxes, leave the first one blank, type 08000000 into the second, and 200000 into the third

5)  Select "Thumb" in the drop down list box

6)  Click the Add button

7)  Click the OK button, and wait a few seconds to a minute for the disassembly to complete.

8)  Open the new txt file in a text editor, the file will be around 7MB

9)  Text search for 04000130

10) You may find more than one place with this info, so be sure to write down every address with that text string.

11) Going through all addresses, find two opcodes that might work. They can be anything BELOW the "04000130", and ABOVE any opcode beginning with a "B". The two opcodes you choose must be right next to each other, and they cannot have an "=" sign in any part of the line.

Example of USABLE opcodes -
080002D2 add r1, r4, #0
080002D4 add r1, #24

080002DE ldrh r0, [r0]
080002E0 mvn r0, r0

Example of NON-USABLE opcodes -
080002E8 bne #$080002F2
080002EA ldr r0, =$03000540
 
12) Once you find an address that can be used, put it into the following code type, ignoring the 8 that leads it:
10AAAAAA 0007

Example of a valid enable code:   10000A40 0007

13) If the game crashes, you will need to find another area to hook. So just use the rules above and find a new address to use.


To create the 2nd line of the enable is much easier. Download the CRCgen program below. It is a command line program, so it must be run from the DOS prompt. Pass it the location of the rom you are trying to make an enable for, and it will return the 2nd line of the enable for you automaticly. The results will not be correct if you're using an edited rom, such as if it contains an intro. If this is the case, there is still another way to find the 2nd line. Start your GBA with the cart inserted you're looking for the 2nd line of the enable for, and at the screen with the list of games, hold down both triggers (L+R) and while you're doing this, press A and B at the same time. A hidden screen will come up, and on the bottom of it is the Game ID. Take the number it gives you, and convert it to hex. Insert it into the following code type: 0000IIII 000A. This will also make a valid 2nd line for your enable code. With both lines, you now have a working unencrypted enable code you can use to run your own unencrypted CodeBreaker Advance codes.


Encryption

In order to prevent codes being stolen by the makers of other cheat devices, the Codebreaker uses Encryption. All of the official codes for the device are also encrypted. The encyption seed is stored in the 9XXXXXXXX XXXX code type, and is almost always before the first line of every official enable code. If the 9 code type is used, unencrypted codes are not accepted by the cheat device. Thankfully, Parasyte was able to crack the encryption, and release a program called CBAcrypt that has the ability to decrypt and encrypt codes. This can be useful for anyone who doesn't understand how to make their own enable codes to decrypt the official ones. Using CBAcrypt is rather simple. Paste the codes you'd like to encrypt or decrypt into the program, (the MUST contain spaces betweeen the Address and value portions of the code, as in XXXXXXXX XXXX, or it will not work) and click the approiate button. The 9 code must be present as the first line for the program to work properly. You must NOT use a 9 code with unencrypted codes. It's either all encrypted, or nothing is encrypted. There is no in between. I dont like encrypted codes, as they make 'mod' codes impossible, and therefore I do not reccomend using them. The information is provided here for completeness.


Button Activated Codes

A nice feature of the Codebreaker is the ability to use codes that can be activated using certian buttons. See the table below for the values of buttons:

START          0x0008
SELECT 	       0x0004
A              0x0001
B              0x0002
UP             0x0040
DOWN           0x0080
LEFT           0x0020
RIGHT          0x0010
Left Trigger   0x0200
Right Trigger  0x0100

Buttons can be checked with the 7AAAAAAA YYYY code type easily, if you know how to use a calculator. Figure out what buttons you want to use, and OR their values together. Remember to use Hex mode if you are using a scientific calculator. Finally, XOR the result of the values with 0x03FF. The result goes into the 7 code type, using the following template. 74000130 YYYY. The next line of the code will be what is executed if the buttons for the 7 type are true.


Helpful Tools

Below are some of the tools mentioned above. They can help you in making your own CBA codes

CBAcrypt  (6.34KB) - This tool can encrypt and decrypt Codebreaker Advance codes

CRCgen (266KB) - This program will generate the 2nd line of an Enable code.

MappyVM (Website Link) - This program is needed to hack CBA enable codes.

Cheats.cpp - Source code with Codebreaker Decryption methods. (Written in C/C++) 


A big thanks goes out to Parasyte for all of the information and help he has provided. Without him this page wouldn't have been possible.

Last Updated ( Tuesday, 20 July 2004 )