Announcement

Collapse
No announcement yet.

luc-ita's codes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Rugrats - Search for Reptar\Rugrats - Alla Ricerca di Reptar PAL-I SLES-01671 PSX

    Code:
    #MoonJump ASM method
    D00CF03A BFFF
    80062C1A 2400
    D00CF03A FFFF
    80062C1A 0043
    D00CF03A BFEF
    80062C1A 2400
    D00CF03A FFFF
    80062C1A 0043
    D00CF03A BFCF
    80062C1A 2400
    D00CF03A FFFF
    80062C1A 0043
    D00CF03A BF6F
    80062C1A 2400
    D00CF03A FFFF
    80062C1A 0043
    
    #MoonJump RAM method
    D00CF03A BFFF
    800E4142 FC18
    D00CF03A BFEF
    800E4142 FC18
    D00CF03A BFCF
    800E4142 FC18
    D00CF03A BF6F
    800E4142 FC18
    
    #GodMode
    80078C0E 2400
    
    #1 coin == complete mini-game
    300E3BC8 0001
    
    #1 egg == complete mini-game
    300E3BCC 0001
    
    #Infinite flashlight's charge
    300F61DA 0000
    
    #Infinite remote control's charge
    300EF0E6 0000
    
    #1 biscuit == complete mini-game
    80058C1A 2400
    
    #1 ballon == complete 1 box
    80052E2E 2400
    
    #Infinite tries at Angelica's circus
    8008111E 1000
    
    #Have all pieces of the puzzle
    800C6B44 0FFF
    
    #Max timer
    // press R1 button
    // Activate ONLY on levels with timer
    D00CF03A F7FF
    800C5924 FFFF
    
    #Clear the timer
    // press L2 button
    D00CF03A FEFF
    800C5924 0001
    
    #Joker command
    D00CF03A ????
    
    #Another joker command
    D00E93EA ????
    Learning how to hack real life

    Comment


    • #17
      Rugrats in Paris the Movie PAL-E SLES-03342 PSX

      Code:
      #1 red ticket gives 999 red tickets and 999 gold tickets
      80018EC2 2400
      80018ECA 2400
      80018ED2 2400
      80018EDC 03E7
      80018EDE 2402
      
      #Items costs zero
      //Visually the prices don't change but costs zero tickets
      80087A50 0000
      
      #999 Shots hit\Bowling points
      80087AA0 03E7
      Unfortunately the character does not jump, so no InfiniteJumps hack
      Learning how to hack real life

      Comment


      • #18
        Originally posted by luc-ita View Post
        Rugrats in Paris the Movie PAL-E SLES-03342 PSX

        Code:
        #1 red ticket gives 999 red tickets and 999 gold tickets
        80018EC2 2400
        80018ECA 2400
        80018ED2 2400
        80018EDC 03E7
        80018EDE 2402
        
        #Items costs zero
        //Visually the prices don't change but costs zero tickets
        80087A50 0000
        
        #999 Shots hit\Bowling points
        80087AA0 03E7
        Unfortunately the character does not jump, so no InfiniteJumps hack
        You can write a jump code for almost any game. Find the player y-coordinate and write a function to increase it while holding a specified button.

        PS2 example:

        Code:
        address $200A0100
        
        // check player pointer
        lui t0, $006E
        lw t0, $F8B4(t0)
        beq t0, zero :FAIL
        nop
        
        // load y-coord and add to it
        lwc1 $f0, $0044(t0) //load y-axis data
        lui t1, $3F80 // increase by 1.0
        mtc1 t1, $f1
        add.s $f2, $f1, $f0 //increase y-axis data by 1.0
        swc1 $f2, $0044(t0) //store y-axis data
        
        FAIL:
        jr ra
        
        
        // hook to custom jump function while holding X
        address $D070DBC2
        hexcode $0000BFFF
        address $203d9bac
        j $000A0100
        
        // original data while no buttons pressed
        address $D070DBC2
        hexcode $0000FFFF
        address $203d9bac
        jr ra
        Last edited by Harry62; 01-08-2016, 10:43:29 AM.

        Comment


        • #19
          Many thanks Harry62! It's like nolberto82 did for Crash Bandicoot 2. But...I can't find a way to find a piece of code to do codecaves for PSX games! I remember Pyriel wrote that for PSX games it's not possible to do codecaves as well as for PS2 system.

          Very nice example!!!

          I need help.
          Last edited by luc-ita; 01-08-2016, 07:22:26 PM.
          Learning how to hack real life

          Comment


          • #20
            Originally posted by luc-ita View Post
            Many thanks Harry62! It's like nolberto82 did for Crash Bandicoot 2. But...I can't find a way to find a piece of code to do codecaves for PSX games! I remember Pyriel wrote that for PSX games it's not possible to do codecaves as well as for PS2 system.

            Very nice example!!!

            I need help.
            I'm not sure I understand that correctly but I'm sure you can write your own routines for PS1 games. Study the functions in the game you want to hack and see how they start and end.

            Comment


            • #21
              Sorry for my bad english. I'll try studying the code and see what I can do. Maybe I'll find a unused part of RAM. I've an important question for you Harry62. In some PS2 games I've found a dynamic code! For example in the JAK and Daxter games. How can I modify a code that changes his address every change of map? With Cheat Engine I've made an Array Of Bytes Scan script...but how can I do the same with Codebreaker or Gameshark?
              Last edited by luc-ita; 01-09-2016, 06:12:04 PM.
              Learning how to hack real life

              Comment


              • #22
                Originally posted by luc-ita View Post
                Sorry for my bad english. I'll try studying the code and see what I can do. Maybe I'll find a unused part of RAM. I've an important question for you Harry62. In some PS2 games I've found a dynamic code! For example in the JAK and Daxter games. How can I modify a code that changes his address every change of map? With Cheat Engine I've made an Array Of Bytes Scan script...but how can I do the same with Codebreaker or Gameshark?
                Depends on what you're changing. I'll use player coordinates as an example. Below are two methods for modifying your player coordinates when the actual coordinates are dynamic:

                1. Player pointer
                Many games use something we call a player pointer. This address is static and the data points to the start of the player stats(health, location, etc). You can load the data at the player pointer and then load data from the pointer using offsets (player pointer + 0x44 may equal "x-coordinate"). The best way to find a player pointer is to find your player XYZ coordinates. These coordinates are almost always dynamic. Once you find them you can usually scroll up in pcsx2dis and start getting referrals. These referrals will usually lead back to one address that is static. If you find this address then you have a direct pointer to your player stats. It sounds confusing at first but it's rather simple and I will further explain with the game "25 to life".

                Game: 25 to Life
                Player pointer: 0x6DF8B4
                offsets:
                0x40: player coords X
                0x44: player coords Y
                0x48: player coords Z

                To modify the player coord Y we would do this:

                Code:
                // Store player pointer in t0
                lui t0, $006E // this starts with 6E because the second half of the address is above 7FFF. Can't remember why this is needed.
                lw t0, $F8B4
                
                // store player coord Y in to t1
                lw t1, $44(t0)
                
                // your code here

                2. Hijack a function
                This one can be tricky if a static player pointer does not exist. Find the player XYZ coords as you did in the first method. Now scroll up in pcsx2dis and see if you can find any referrals in the same way you did before. You will most likely find one or two, and they will refer to dynamic pointers. This is exactly the same as a player pointer except it is not static and can not be used in the same way. Now you need to find out what is accessing that dynamic player pointer. Pcsx2dis will allow you to put a read-breakpoint on the address. Use this to see what accesses the player pointer. More than likely you will find some sort of updater function(not sure what else to call it) that accesses the player pointer constantly. Using pcsx2dis you will notice that your player pointer address is stored in one of the registers on the right. You can create a JAL from the current function to your codecave knowing that one of the registers holds the player pointer address.

                The downside to this is that some functions control your player and most of the AI on screen. If that's the case then you will have to dig deeper to differentiate the player pointers. This isn't difficult but it requires understanding what the player pointer is storing for yourself and for the AI. Chances are the player pointer stores an ID or ID TYPE for every player on screen. If you find a pattern then you can make your function execute only when your ID comes through.

                Create save states when working on player pointers since the main pointer will change every time you load. Sorry for the wall of text but it's much easier than I make it sound.
                Last edited by Harry62; 01-10-2016, 03:31:38 PM.

                Comment


                • #23
                  WOW another great guide from you! You're my teacher! I know how to do this on PC games but didn't know how to for PS2 games. Now I know that, too! Your tutorials are gold! Really! Many thanks again!!! I'll try with some PS2 games!
                  Last edited by luc-ita; 01-10-2016, 03:20:46 PM.
                  Learning how to hack real life

                  Comment


                  • #24
                    Rugrats - Studio Tour PAL-I SLES-02912 PSX

                    Code:
                    #MoonJump RAM method
                    D00D1182 BFFF
                    800E7D96 FC18
                    D00D1182 BFEF
                    800E7D96 FC18
                    D00D1182 BFCF
                    800E7D96 FC18
                    D00D1182 BF6F
                    800E7D96 FC18
                    
                    #MoonJump ASM method
                    80058D4A 0043
                    D00D1182 BFFF
                    80058D4A 2400
                    D00D1182 BFEF
                    80058D4A 2400
                    D00D1182 BFCF
                    80058D4A 2400
                    D00D1182 BF6F
                    80058D4A 2400
                    
                    #255 keys
                    300C9B08 00FF
                    
                    #4 blue\green keys
                    300E7DBE 0004
                    
                    #1 coin == finish the round
                    300C9B12 0001
                    
                    #1 gold nugget == finish the round
                    300E7DBB 0001
                    
                    #1 target == finish the round
                    300C8694 0001
                    
                    #255 rockets
                    300E7DC3 00FF
                    
                    #Invisible character
                    //Select button to activate, Circle button to deactivate
                    D00D1182 FFFE
                    300E7CC5 0000
                    D00D1182 DFFF
                    300E7CC5 0001
                    
                    #Big head (Only works on some levels)
                    300C7978 0001
                    
                    #Character walks fast and auto-change of the area
                    //For walks fast: press L1 button and then move the character
                    //For auto-change of the area: 
                    //after have opened the two doors
                    // hold L1 button and move the character
                    D00D1182 FBFF
                    800E7CAC 0000
                    D00D1182 FBFF
                    800E7CAE 0000
                    
                    
                    #Opponents don't move
                    300E83D9 0006
                    300E87B1 0006
                    300E8B89 0006
                    300E8F61 0006
                    300E9339 0006
                    
                    #NoTimer
                    800904DC 1000
                    
                    #Joker command
                    D00D1182 ????
                    
                    #Another joker command
                    D00F097A ????
                    Last edited by luc-ita; 01-15-2016, 08:35:56 AM. Reason: Optimized MoonJump ASM's code
                    Learning how to hack real life

                    Comment


                    • #25
                      I notice you have no master codes for these games

                      Disney Princess - Enchanted Journey PAL (Fr-It-Nl) SLES-54942 PS2

                      Pirates of the Caribbean - At World's End PAL (En-Fr-De-Es-It-Nl) SLES-54179 PS2

                      you can use this software to find master codes for ps2 games
                      http://gamehacking.org/vb/threads/9127-Pelvicthrustman-s-Mastercode-Finder-(PS2)
                      lee4 Does Not Accept Codes Requests !
                      When lee4 asks a question it does not mean lee4 will look at your game
                      *How to create and use SegaCD codes >click here<*
                      >)

                      Comment


                      • #26
                        Many thanks lee4! I'm not quite familiar with the why of the need of the master codes. So I ask...why these master codes are needed? When they are needed and when they're not? Sorry. I'm a newbie.
                        Learning how to hack real life

                        Comment


                        • #27
                          master codes are to make codes to work on real PS2
                          Last edited by lee4; 01-10-2016, 05:28:25 PM.
                          lee4 Does Not Accept Codes Requests !
                          When lee4 asks a question it does not mean lee4 will look at your game
                          *How to create and use SegaCD codes >click here<*
                          >)

                          Comment


                          • #28
                            Found master code sceSifSendCmd for Disney Princess. Editing game's post and add code to the code's database.
                            I'm searching the DVD or ISO of my Pirates of the Caribbean. When I'll find it I'll post the master code.

                            Thanks for the reputation!

                            Edit:
                            Added master code for Pirates of the Caribbean.
                            Last edited by luc-ita; 01-10-2016, 07:19:28 PM.
                            Learning how to hack real life

                            Comment


                            • #29
                              master codes are in main ELF file

                              example
                              SLES_541.79 file
                              lee4 Does Not Accept Codes Requests !
                              When lee4 asks a question it does not mean lee4 will look at your game
                              *How to create and use SegaCD codes >click here<*
                              >)

                              Comment


                              • #30
                                Originally posted by lee4 View Post
                                master codes are in main ELF file

                                example
                                SLES_541.79 file
                                I konw. I had lost the DVD of Pirates. Then I found it and added the master code
                                Learning how to hack real life

                                Comment

                                Working...
                                X