Hacking XCXGecko: Xenoblade Chronicles X trainer GUI using pyGecko

[MiMiCAX]

you said
Instructions

1. for disc: run kernel exploit + pygecko payloads<---- before
   
2. start XCX and load into your savegame
3. run XCXGecko.exe, enter your Wii U IP, and press the connect icon
4. have fun reading and poking

once in game i cant go back to home or game freeze

(I'm assuming that your emphasis on pygecko payload means that you ran pygecko payload before you started XCX but after running kernel exploit, as opposed to first running pygecko payload, then kernel exploit, then XCX)

I have not personally tried using tcpgecko/pygecko/xcxgecko with a disc version of XCX. Those instructions were originally posted by others within several old threads on this forum (search Xenoblade & during first 2 weeks of December).

Again, I recommend that you re-direct your questions about pyGecko to its authors or maintainers.

 

[manpccore]

MiMiCAX can you please update GUI with option to Mod weapons and armors, cant do it for some reason TCP gecko doesnt connect on 5.5.1 spoof , ability to add

Potential Up XX, Potential Boost XX, Treasure Sensor XX, 3 empty slots


Melee Attack Up XX, Melee Accuracy Up XX, Melee Attack Boost XX, 3 empty slots

if you cant , thanks away for the awesome program

 

[phoenixseven]

MiMiCAX, I went ahead and decided to be adventurous... I updated my XCX to USA Ver. 1.0.2 and spoofed my firmware to 5.5.1. Both XCXGecko and GeckodotNet work just fine for me. For XCXGecko, the values remain the same. No offsets needed.

 

[manpccore]

MiMiCAX, I went ahead and decided to be adventurous... I updated my XCX to USA Ver. 1.0.2 and spoofed my firmware to 5.5.1. Both XCXGecko and GeckodotNet work just fine for me. For XCXGecko, the values remain the same. No offsets needed.

how did u get GeckodotNet to work?

i did the same am on XCX USA ver 1.0.2 spoofed to 5.5.1 only xcxgecko works

 

[phoenixseven]

how did u get GeckodotNet to work?

i did the same am on XCX USA ver 1.0.2 spoofed to 5.5.1 only xcxgecko works

I just follow the instructions on this site: https://gbatemp.net/threads/the-definitive-guide-to-wii-u-hacking.396828/

Then, I do the Wii U Exploit and then PyGecko. I use the following site through the Wii U browser to do it: http://wj44.bplaced.net/

 

[manpccore]

I just follow the instructions on this site: https://gbatemp.net/threads/the-definitive-guide-to-wii-u-hacking.396828/

Then, I do the Wii U Exploit and then PyGecko. I use the following site through the Wii U browser to do it: http://wj44.bplaced.net/

are you using tubehax or url filtering? i too followed all steps still tcp gecko fails to connect

 

[manpccore]

@MiMiCAX ur program works fine with 1.0.2 USA VERSION , i have few questions since i cant use TCP gecko always fails to connect, how can i get gear values?

is the other codes in your program for getting address of equipped items?
the dont poke melee-range -armor slot 001?

i used fetch value for DO_NOT_POKE_ melee weapons 001: i thought it was first melee weapon in my inventory , then turned the dec to hex and went to custom codes

addess the value i got from fetching and code u posted xxxxxxxxxxx <--- fetched value

# Potential Up XX, Potential Boost XX, Treasure Sensor XX
# xxxxxxxxxxx(fetched value address) (ur code 0A001400 DE000000 00000000) and poked and nothing happened to the gear in slot 1

 

[phoenixseven]

are you using tubehax or url filtering? i too followed all steps still tcp gecko fails to connect

I use both tubehax and url filtering through my router.

 

[manpccore]

I use both tubehax and url filtering through my router.

can you share the client are using ? tcp gecko client and do u have port forwarding?

 

[manpccore]

I've partially decoded how gear is stored in memory. Here are some findings for XCX v1.0.1E/U:

Addr range for Ranged Weapons: 1C3AC6B8 to 1C3B2448 (24 bytes per)
Addr range for Melee Weapons: 1C3B2460 to 1C3B81F0 (24 bytes per)
Addr range for Armor: 1C3A6910 to 1C3AC6A0 (24 bytes per)
Addr range for Skell Weapons: 1C3A0B68 to 1C3A68F8 (24 bytes per)
Addr range for Skell Armor: 1C39ADC0 to 1C3A0B50 (24 bytes per)

Format: wwwwxxxx yyyyyyyy zzzzpppq aaaabbbb cccc1111 22223333
w: 2-byte unknown; includes gear ID (with embedded maker + specs)
x: 2-byte unknown; ranged wep=0xC008/0xC009, melee wep=0xE008/0xE009
y: 4-byte unknown; possibly indicates item purchase / found locations; only seen \0 in last 6 bits
z: 2-byte unknown; only seen 0x0000
p: 10-bit placement index (incl upper 2 bits of 3rd byte)
q: 6-bit unknown; only seen 0b000000
a-c: gear/skell skill ID 1-3: subformat yyyi
  y: 12-bit (packed); skill type + base lvl (if applicable); see codes/gear_id_v1.0.1e.txt
  i: 4-bit skill level incr (+0 to +15)
1-3: augment slot 1-3: 0xFFFF = no slot, 0x0000 = empty slot, other values = possibly augment slot ID

Addr range for Augments: 1C3B8208 to 1C3BB0D0 (12 bytes per)
Format: unknown

Note that randomly poking 'w' or 'x' often leads to XCX crashing back to title screen.

Using this data, I can modify the skills on a particular gear slot, and add/remove augment slots. You will need to find which slot your target gear is located; I suggest using tcpGecko to scan for changes while you equip/swap your target gear around. Once found, here are some useful skill mods (poke into the latter 3 words):

Potential Up XX, Potential Boost XX, Treasure Sensor XX, 3 empty slots
0A001400 DE000000 00000000

Melee Attack Up XX, Melee Accuracy Up XX, Melee Attack Boost XX, 3 empty slots
07801180 03C00000 00000000

I don't plan to update the GUI currently, although as always, I welcome git pull requests

how do you guys search for Gear address in TCP gecko?

first type 1C3A6910 to 1C3AC6A0 in range section? and keep at 01? datatype 32 bit? cant see 24bit then search condition unknown value?

 

[phoenixseven]

can you share the client are using ? tcp gecko client and do u have port forwarding?

I use this client: https://www.dropbox.com/s/0y2bjp0i56o7yr7/TCPGeckoClient.7z?dl=0

No port forwarding.

 

[Onion_Knight]

I use my own version of TCPGecko written entirely in PyQT since I'm on Linux..

 

[HyeVltg3]

I could be understanding the instructions wrong.
Does this not work if you DONT have Smash? ( I use Miimaker mode to run games, "Press X")
instructions just make it a bit confusing, you mention Mii maker, but then say run game with Smash.

 

[ossay78]

I could be understanding the instructions wrong.
Does this not work if you DONT have Smash? ( I use Miimaker mode to run games, "Press X")
instructions just make it a bit confusing, you mention Mii maker, but then say run game with Smash.

yeah, I'm confused too, does it works only with Smash Bros Disc?
*fyi the trainer doesn't support 32bit Windows System.

 

[HyeVltg3]

yeah, I'm confused too, does it works only with Smash Bros Disc?
*fyi the trainer doesn't support 32bit Windows System.

I dont know about the trainer and 32-bit, since I have 64. bro why are you still on 32-bit in 2016.

http://gbatemp.net/threads/release-loadiinev4-pygecko.408902/
This is Loadiine v4 + pyGecko.
I used this and it works!
just follow the same steps with loadiine v4, but replace it with the one at this link.
For those using Definitive Package, just put v4+pygecko in its own folder and just edit the DefPack index.html, change Loadiine location to the v4+pygecko.
Worked great! all I wanted to do was increase my probes and shorten my Main(made too tall).
Thanks a lot XCXGecko.

P.S: It does crash/freeze the game a lot, so make sure you save after each change, took me 3 freezes to get and save what I liked.

 

[MiMiCAX]

I dont know about the trainer and 32-bit, since I have 64. bro why are you still on 32-bit in 2016.

http://gbatemp.net/threads/release-loadiinev4-pygecko.408902/
This is Loadiine v4 + pyGecko.
I used this and it works!
just follow the same steps with loadiine v4, but replace it with the one at this link.
For those using Definitive Package, just put v4+pygecko in its own folder and just edit the DefPack index.html, change Loadiine location to the v4+pygecko.
Worked great! all I wanted to do was increase my probes and shorten my Main(made too tall).
Thanks a lot XCXGecko.

P.S: It does crash/freeze the game a lot, so make sure you save after each change, took me 3 freezes to get and save what I liked.

- Yes, Onion_Knight's Loadiine v4 + pyGecko package works with XCXGecko, although you need to ensure that config.ini is set into the correct mode: loadiine_v4_pygecko: True.
- Yes, that version of pyGecko is highly unstable, so if you have or can obtain a Smash Bros disc (or eshop version), I highly suggest using the older payload.
- Yes, the older Loadiine (MiiMaker + pyGecko) payload supports XCXGecko, but weirdly only if you boot with the Smash Bros disc/eshop version.

yeah, I'm confused too, does it works only with Smash Bros Disc?
*fyi the trainer doesn't support 32bit Windows System.

My python install is 64 bit, since it's tied to quite a few dev packages. I *might* eventually get around to installing a VM and compiling a 32-bit version, but for now, if you want to use XCXGecko on a 32-bit windows machine, you will need to install python 2.7+ 32-bit and pyqt4 32-bit versions. See instructions.

 

[newandy]

Any of this work if you are on Firmware 5.4?

 

[HyeVltg3]

- Yes, Onion_Knight's Loadiine v4 + pyGecko package works with XCXGecko, although you need to ensure that config.ini is set into the correct mode: loadiine_v4_pygecko: True.

Weirdly the config.ini already had
[General]
wiiu_ip: 192.168.###.###
loadiine_v4_pygecko: True

havent touched it since downloading.

Is there any way to figure out what the Min and Max value is for Height/Chest ?

 

[MiMiCAX]

Weirdly the config.ini already had
[General]
wiiu_ip: 192.168.###.###
loadiine_v4_pygecko: True

havent touched it since downloading.

Is there any way to figure out what the Min and Max value is for Height/Chest ?

You probably downloaded the latest release, which is titled "adjusted codes for Loadiine v4 + pyGecko".

As far as I know, you can put any float value in height/chest fields and the game shouldn't crash, so there's no hard thresholds on those. Nevertheless, I remember reading values right after using the character creation screen, and those seem to be within the range of 0.7 to 1.3. Although these are sensible values to put, you can definitely set the user height to 0.1 or 2.0 (or even 10.0), and the geometry will scale in game (even though cutscenes may look awkward).

 

[WekkinsWiiU]

possible to make peach have bigger breasts in SM3DW pls