LETS get the ps2 hacking started

[GameMasterZer0]

ok ok ok, first you have to learn how to make a master code.

this is how cmgsccc makes there Master Codes
--------------------------------------------
Method 3 "Entrypoint / Memcpy +3":
--------------------------------------------

This method is not compatible with PAL2NTSC and Y-Fix codes!
Search for "entrypoint", which is mostly 00100008 or 00200008.
Search for "jal memcpy" inside the "scepadread" routine. Add +3 to that address.

ENTRYPOINT:
lui v0, 0x0027 # 00100008:3c020027 v0=s_pInput
...
jal 0x0011e620 # 0011fc58:0c047988 ^ memcpy

-> Master Code
F0100008 0011FC5B

[TruWizdom]

Simple enough, ehehe lets get this party started

[GameMasterZer0]

Universal master codes


the most common master code for codebreaker and Xploder are
F0100008 0000000E

and

F0100008 000001DF


basically all you have to do is open the elf with ps2dis, it will automatically open to the entry point and all you got to do it add 0000000E or 000001DF to the end of it.

[TruWizdom]

So with those Universal master Codes on you can Enter Lines of Code in Raw format? and they should work as normal Correct? like days of old and the Psx

[Sephiroth]

Hello, I am just a little German Game Hacker but I hope I can help ^^

O.K..

There are very simply methods and other methods witch are more heavily and sometimes nothing of this methods works!

Digets or Value:
There are 2 matters they the master code for the XP2 and free-switches AR2 and that is always same. (Raw/Hex)

1. possibility: 0000000E
2. possibility: 000001FD


So if you want to make a master code, you must load the "Sles"-File into the PS2Dis these can also vary from SCED or even Slus.

If the Sles is loaded, we can start.

At the example GTC Africa and for the XP2!!!

1. method, the cheapest ^^

Go to "Jump to Labels" and write "Entrypoint"
If you have found it make a double - "click"

so now, you are on the address, double-click does also again there and then, you see address and Digit/Value. with this example, however, only the address interests us!

Address is in the case = 00100008
We know this the master code in more purely does Hex/Raw and always normal-molds in the front a "F" stands. Therefore we take the first number of the address and replace it with the F! The address therefore now is called = F0100008.

from where do we get the Value/Digit now? Quite simply, with the method, we take a one of the possebilities of Digit/Value.
Our more completely first master code therefore is called = F0100008 0000000E or F0100008 000001FD

However, that now was the simplest method ^ ^



2. Method
Exactly the same plays, you go on Labels. There you look for "memcpy" and do a double-click on it!
Now, you are with the address! So if you marked it with the space bar, you first press Shift and then F3. Now, it work and looks for values witch are behind.
If it simply had done press the "Right-Bar" and then goes through every address and adding with 3 and then, one has the Digit/Value! example Smackdown 4.

Address is = 001155b4
Adding with 3 = 001155b7 = Digit/Value

Both (address and Digit) therefore compose, the code then is called
= 001155b4 001155b7

We know this a F in the front, first number therefore must stand again through F replaces = F01155b4 001155b7 = complete master code

Method 3
as always the same and with Labels this time "HandleCmdLineArgs" seeks. Then double-click the Lable. Then double-click to see the value and address. Example GTC Africa.

Address = 00109d94
for the first number, there have to be a F and as Digit/Value again one of the two possebilities.

Master code therefore then is = F0109D94 0000000E/000001FD

Method 4

as always the same and with Labels this time "MainGameLoop" seeks. Then double-click the Lable. Then double-click to see the value and address. Example GTC Africa.

Address = 0010a140
for the first number, there have to be a F and as Digit/Value again one of the two possebilities.

master code = F010A140 0000000E/000001FD


Only as hint! the master Code always stands in the normal case into a jal - file (GMO say to it the ultimate Mastercode ^^ but sometimes this codes doesn`t work ^^)


I hope, some people have understood my bad english

[Sephiroth]

Making Codes with PS2Dis

General info

First the Things that you see on Ps2 Dis from the Left to the Right

Address Digit Label systemcall Label2 descriptions


Systemcall is this in " () "
+0000 - RFU000_FullReset
+0001 - ResetEE
+0002 - SetGsCrt
+0003 - RFU003
+0004 - Exit
+0005 - RFU005

+0006 - LoadPS2Exe
+0007 - ExecPS2
+0008 - RFU008
+0009 - RFU009
+0010 - AddSbusIntcHandler
+0011 - RemoveSbusIntcHandler
+0012 - Interrupt2Iop
+0013 - SetVTLBRefillHandler
+0014 - SetVCommonHandler
+0015 - SetVInterruptHandler
+0016 - AddIntcHandler
+0017 - RemoveIntcHandler
+0018 - AddDmacHandler
+0019 - RemoveDmacHandler

+0020 - _EnableIntc
+0021 - _DisableIntc
+0022 - _EnableDmac
+0023 - _DisableDmac
+0024 - _SetAlarm
+0025 - _ReleaseAlarm
-0026 - _iEnableIntc
-0027 - _iDisableIntc
-0028 - _iEnableDmac
-0029 - _iDisableDmac
-0030 - _iSetAlarm
-0031 - _iReleaseAlarm
+0032 - CreateThread
+0033 - DeleteThread
+0034 - StartThread
+0035 - ExitThread
+0036 - ExitDeleteThread
+0037 - TerminateThread

+0039 - DisableDispatchThread
+0040 - EnableDispatchThread
+0041 - ChangeThreadPriority
-0042 - iChangeThreadPriority
+0043 - RotateThreadReadyQueue
-0044 - iRotateThreadReadyQueue
+0045 - ReleaseWaitThread
-0046 - iReleaseWaitThread
+0047 - GetThreadId
+0048 - ReferThreadStatus
-0049 - iReferThreadStatus

+0050 - SleepThread
+0051 - WakeupThread
-0052 - iWakeupThread
+0053 - CancelWakeupThread
-0054 - iCancelWakeupThread
+0055 - SuspendThread
-0056 - iSuspendThread
+0057 - ResumeThread
-0058 - iResumeThread
+0059 - JoinThread
+0060 - RFU060
+0061 - RFU061
+0062 - EndOfHeap
+0063 - RFU063
+0064 - CreateSema
+0065 - DeleteSema
+0066 - SignalSema
-0067 - iSignalSema
+0068 - WaitSema
+0069 - PollSema


So, now we making a Code ^^

Searching in Labels, that sounds useful for a Racing-Game,
for example "car, lap track, times, champion-hip, AI(artificial intelligence", etc
A Label looks very interesting: "CheatUnlockAll."
If the Label chooses. PS2DIS jumps to the routine:

CheatUnlockAll: , If you clicks on it, it jumps directly to the adress and you see 3 lines witch are colored red. This means that there are 3 Codes behind.


addiu a1, zero, 0x0001 #001aa660:24050001 a1=0x00000001
lui at, 0x0028 #001aa664:3c010028 at=0x00280000
sw a1 , 0xa588(at, #001aa668:ac25a588 [0027a588]
lui at, 0x0028 #001aa66c:3c010028 at=0x00280000
sw a1 , 0xa594(at, #001aa670:ac25a594 [0027a594]
lui at, 0x0028 #001aa674:3c010028 at=0x00280000
sw a1 , 0xa598(at, #001aa678:ac25a598 [0027a598]

At the beginning you see how the value 1 is stored in three addresses. (Red color)
In sum there are 3 Codes, sw = "store word" therefore 1xxxxxxx

a1 therefore always means in the case 00000001 (Digit) and sw = 1 at the beginning

Result:
1 027A588 00000001
1 027A594 00000001
1 027A598 00000001

If what happens tries out the codes one after the other in order to see.
Result:
Unlock universe Challenges
1027A588 00000001
Unlock universe Championships
1027A594 00000001
Unlock universe single Races
1027A598 00000001


One first-once simply must find the Labels and then must see something you can do with it. Unlock codes go something the cheapest, with RPGs like FFX or KH, it therefore is almost impossibly codes here to be found out without Dev Kit something us a clear border places!

[SephiRon]

This is off-topic, i just noticed the new user Sephroth, and noticed he was from Berlin, and found it interesting, as i'm from germany too, but most of you know that already. hehe, just a thought, and a post, to keep things fresh. Also, MORE PPL NEED TO GO ON IRC!

...We now return you to your regularly schedule program. :muahaha:

[TruWizdom]

Holy shizzle, i read this topic Yesterday and thought it was Sephiron Posting theese methods, lol I prolly wouldnt have noticed for quite a while if Seph didnt mention it...... (/me feels uber stupid)

[Sephiroth]

Sorry...... I don`t know that because I did not find a post about making PS2 Codes in this Forum :cry:

Sorry!

[TruWizdom]

?? eh, i was just commenting on my stupidity, eheh feel free to post the methods you want, I am eager to learn all about ps2