No announcement yet.

NetCheat For PS2 V2.0 By Dnawrkshp

  • Filter
  • Time
  • Show
Clear All
new posts

  • NetCheat For PS2 V2.0 By Dnawrkshp

    An Open Source PlayStation 2 Cheat Device By Dnawrkshp

    NetCheat - consists of NetCheat.elf, NetCheatManager.exe, cb2util (made by misfire), and zlib.dll
    Product of hardwork and
    Developed by Dnawrkshp and ORCXodus
    GUI functions by Berion.

    Status: Done-ish. It's not "done", but it's really damn close.

    This is my alternative to CodeMajic and CodeBreaker. It combines CB's codetypes with CM's network and massive codelist capabilites.
    NetCheat supports around 3584 codes. Which turns out to be exactly 28 kilobytes..
    The codes are memcpy'd into 0x80079000 and can range to 0x80080000. The engine is placed at 0x80047000. NetCheat hooks itself to 0x800001A0.
    These places worked well with CL-LiveDebug (when in DEBUG mode), OPL, and ESR.

    DEBUG mode:
    When in DEBUG mode, CL-LiveDebug is installed with NetCheat and is hooked to 0x800001A0. NetCheat is hooked to 0x800002FC.

    Gtlcpimp: Execute Data/Hook
    Pyriel: Helped me out getting start about 3 years ago (August of 2012)
    misfire: Mentioning the SBV patches (allows booting elfs from mass and mc) and cb2util
    ORCXodus: Created the GUI for NC's PC Manager and implemented his GUI for cb2util
    Dnawrkshp: Wrote the engine, ps2 side code, and the network part of the PC Manager

    NetCheat codetypes:

    For all the codetypes not explained, please refer to this:
    The ones below either are new or have something different.
    My thanks to Pyriel for making such a thorough guide on the codetypes of CodeBreaker.

    ------------------------- Code Type 4
    Multi-address Write (slide-fill code)
    4aaaaaaa wcccssss
    xxxxxxxx iiiiiiii

    a: 25-bit address.
    w: Width (0 = 32 bit, 1 = 16 bit, 2 = 8 bit)
    c: Number of times to write.
    s: Step value (w = 0: s = (s * 4), w = 1: s = (s * 2), w = 2: s = s.
    x: 32-bit value.
    i: 32-bit value increment.

    By Pyriel:
    The 32-bit value xxxxxxxx will be stored at the address given by aaaaaaa.
    The count ccc will be decremented.
    The step value ssss will be multiplied by (w = 0:4; w = 1:2; w = 2:1) and added to the address.
    The value xxxxxxxx will have iiiiiiii added to it.
    This process will continue until cccc reaches zero.
    Basically, write to ccc addresses, while jumping ssss * (4 - (w * 2)) addresses in between.

    40EE7174 00060002
    00000063 00000001
    ------------------------- Code Type 9
    Conditional mastercode
    9aaaaaaa vvvvvvvv
    a: Address
    v: 32-bit value

    NetCheat will read the value at aaaaaaa and compare it with vvvvvvvv.
    If they are equal, NetCheat will execute it's engine.
    Otherwise it will not and no cheats will run.
    If you do not include a 9 type mastercode, NetCheat will run the moment it is hooked and a syscall is called

    9013BA48 00832021
    ------------------------- Code Type A
    Kernel write
    Aaaaaaaa vvvvvvvv
    a: Address
    v: 32-bit value

    The value v will be stored at 0x8aaaaaaa (KSEG0)

    A0070000 1337D00D
    ------------------------- Code Type B
    B0000000 0vvvvvvv

    v: 28-bit value

    The engine will execute all the codes above vvvvvvv times before executing the one below

    B0000000 00000100
    ------------------------- Code Type F1
    Execute Data / Hook - Idea by Gtlcpimp
    F10000dd 0aaaaaaa

    a: Address
    d: 8-bit value

    The engine will run dd times before executing a jalr to aaaaaaa

    F100000E 000C0000

    ------------------------- Code Type F2
    Switch Conditional
    F200nnnn taaaaaaa
    xxxxxxxx yyyyyyyy

    n: number of lines to execute under it if on
    t: comparison type (0 = 8 bit, 1 = 16bit, 2 = 32bit)
    a: address
    x: off value
    y: on value

    F2000001 101EE682
    0000FFF9 0000FFF6
    20347E8C 00000000

    The rest can once again be accessed at:

    Discussion thread here.
    Last edited by dlevere; 04-22-2015, 04:30:26 AM.
    The Hackmaster
    dlevere's blog