Hacking VitaCheat/FinalCheat Database

[kaymynd]

The language problem is the same as the plugin problem, the vita uses a plugin for the language changing so it moves the memory slightly and breaks most codes, same with certain plugins, they move the memory slightly and break the codes, you can fix by finding just one and then using a hex calculator to do the math to find the others, that is assuming the codes are not arm codes as those have to be found one by one again.

 

[Yohoki]

The ARM codes are especially difficult to troubleshoot.... Since it's not about changing dynamic values, but about understanding the Thumb Assembly and reverse engineering the code... If it's off by even a byte, it's so hard to figure out where it's supposed to go... And changing the wrong bytes will almost certainly crash the game immediately... I wish I knew how dask decrypts the code to read it, or at least understood ARM assembly a bit better so I could do it myself..

 

[NeoGranzon]

The ARM codes are especially difficult to troubleshoot.... Since it's not about changing dynamic values, but about understanding the Thumb Assembly and reverse engineering the code... If it's off by even a byte, it's so hard to figure out where it's supposed to go... And changing the wrong bytes will almost certainly crash the game immediately... I wish I knew how dask decrypts the code to read it, or at least understood ARM assembly a bit better so I could do it myself..

@Yohoki ,this is what happens when you activate codes in DariusBurst,the game immediately crashes any code you activate!

 

[Yohoki]

@Yohoki ,this is what happens when you activate codes in DariusBurst,the game immediately crashes any code you activate!

As I mentioned... they are ARM codes. They don't change the value of your HP bar... they make it so your HP bar doesn't exist any more.... at least, that's the idea in a nutshell.

That's what makes fixing them so difficult... it takes a great amount of understanding the ARM assembly language, or game programming in general. It's not like I can go in and search for your HP value and lower it and search again... These parts of the code never change, so unless you can read it, you can't find it.

Using CheatEngine on PC may help, as it does have some disassembly tools, but I'm not sure if it can disassemble ARMv7 Thumb (the specific language that vita's CPU uses)

 

[NeoGranzon]

As I mentioned... they are ARM codes. They don't change the value of your HP bar... they make it so your HP bar doesn't exist any more.... at least, that's the idea in a nutshell.

That's what makes fixing them so difficult... it takes a great amount of understanding the ARM assembly language, or game programming in general. It's not like I can go in and search for your HP value and lower it and search again... These parts of the code never change, so unless you can read it, you can't find it.

Using CheatEngine on PC may help, as it does have some disassembly tools, but I'm not sure if it can disassemble ARMv7 Thumb (the specific language that vita's CPU uses)

Sorry @Yohoki ,pretend you don't understand or what?
I have been repeating for some time that those codes for DariusBurst don't work,whatever you can try example:no DLC,change language settings,version 1.11 or earlier version only,i don't want you to fix them or find the codes for me,you know what i mean now?

 

[kaymynd]

@Yohoki
Yeah definitely, once we understand the ARM codes it will be way easier to find cheats that work with everyone. As for the decrypting, my guess is that they use the decrypted save data somehow to find the correct addresses.

 

[Yohoki]

Sorry @Yohoki ,pretend you don't understand or what?
I have been repeating for some time that those codes for DariysBurst don't work,whatever you can try example:no DLC,change language settings,version 1.11 or earlier version only,i don't want you to fix them or find the codes for me,you know what i mean now?

Not pretending I don't understand. I don't feel like arguing about it.

I have no doubt in my mind that these codes worked at one point or another for Dask, and the users on Speedfly... here's my reasoning:

1. - Dask (as far as I know) is the creator of VitaCheat. He knows how to use his own program. And I trust he knows how to tell if codes are not good.

2.- Dask understands Armv7Thumb Assembly language and is very familiar with it. If he has released a code that says it gives you inf hp, you can be sure it gave inf HP.

3. These codes do not use a pointer, so no amount of learning TempAR will help. These codes are static and NEVER move in RAM. This is because he isn't editing the data the game creates (which vita stores wherever there is currently room), but is using the data directly from the eboot (which the vita ALWAYS stores exactly in the same place [usually. There's some exceptions]). The only way this data moves, is if a plugin or language settings are taking up room early in ram.

So. There's only 3 options there to WHY you think the code isn't working. 1.) Dask is an idiot and doesn't know how to use the very tool he created. (doubtful) 2.) Dask is an idiot and uploaded bad codes.(doubtful) 3.) you may have something messing with the RAM. (Highly likely)

It's hard to tell WHAT is messing with the codes. It could be languages. It could be plugins. it could simply be that Vitacheat itself has changed it's size slightly since those codes were updated. Maybe it also needs tested with version z03-z06.

 

[Deleted User]

excuse, range x81000.-x8a000 ,address found 88ec376c, dump ox81000- 0x8f0000000?
thanks

 

[tomberyx]

excuse, range x81000.-x8a000 ,address found 88ec376c, dump ox81000- 0x8f0000000?
thanks

Yes 81-89

 

[Yohoki]

@Yohoki
Yeah definitely, once we understand the ARM codes it will be way easier to find cheats that work with everyone. As for the decrypting, my guess is that they use the decrypted save data somehow to find the correct addresses.

I believe I read somewhere that there is an Armv7Thumb plugin for IdaPro or Ghidrah. They may be using IdaPro to reverse engineer the game, by looking at the code in regular languages, like C, instead of Hex and ARM.

I WAS able to partially decrypt the EBOOT of one of the lego games, and it actually allowed me to make a code from the code I was reading. But I wasn't able to fully read the code... It was only partial fragments mixed up here and there.

 

[NeoGranzon]

Not pretending I don't understand. I don't feel like arguing about it.

I have no doubt in my mind that these codes worked at one point or another for Dask, and the users on Speedfly... here's my reasoning:

1. - Dask (as far as I know) is the creator of VitaCheat. He knows how to use his own program. And I trust he knows how to tell if codes are not good.

2.- Dask understands Armv7Thumb Assembly language and is very familiar with it. If he has released a code that says it gives you inf hp, you can be sure it gave inf HP.

3. These codes do not use a pointer, so no amount of learning TempAR will help. These codes are static and NEVER move in RAM. This is because he isn't editing the data the game creates (which vita stores wherever there is currently room), but is using the data directly from the eboot (which the vita ALWAYS stores exactly in the same place [usually. There's some exceptions]). The only way this data moves, is if a plugin or language settings are taking up room early in ram.

So. There's only 3 options there to WHY you think the code isn't working. 1.) Dask is an idiot and doesn't know how to use the very tool he created. (doubtful) 2.) Dask is an idiot and uploaded bad codes.(doubtful) 3.) you may have something messing with the RAM. (Highly likely)

It's hard to tell WHAT is messing with the codes. It could be languages. It could be plugins. it could simply be that Vitacheat itself has changed it's size slightly since those codes were updated. Maybe it also needs tested with version z03-z06.

Sorry @Yohoki ,the Ram of the Ps Vita how do i solve if it is that?
I tested the codes with vitacheat z05 and now have z06 installed on Ps Vita 3.65 Enso,never working!

 

[kaymynd]

I believe I read somewhere that there is an Armv7Thumb plugin for IdaPro or Ghidrah. They may be using IdaPro to reverse engineer the game, by looking at the code in regular languages, like C, instead of Hex and ARM.

I WAS able to partially decrypt the EBOOT of one of the lego games, and it actually allowed me to make a code from the code I was reading. But I wasn't able to fully read the code... It was only partial fragments mixed up here and there.

Gotcha, yea that makes sense, i tried using ghidra on titan souls but it was a mess i couldn't understand so i gave up after a few days. Sounds like without that Armv7Thumb plugin it's going to be hit or miss. Let's hope that at some point they release that plugin so more people can make ARM codes.

 

[Yohoki]

Sorry @Yohoki ,the Ram of the Ps Vita how do i solve if it is that?
I tested the codes with vitacheat z05 and now have z06 installed on Ps Vita 3.65 Enso,never working!

HA! I wish I knew, friend. I wish I knew. XD

--------------------- MERGED ---------------------------

Gotcha, yea that makes sense, i tried using ghidra on titan souls but it was a mess i couldn't understand so i gave up after a few days. Sounds like without that Armv7Thumb plugin it's going to be hit or miss. Let's hope that at some point they release that plugin so more people can make ARM codes.

I think Ida Pro comes with the plugin already installed. I don't have the $$$ to spend on a license for Ida Pro... so I only have Ida's free trial, which doesn't include Armv7-Thumb.

I'm pretty sure that's what Dask uses, though. I think I read a comment on one of the codes that mentioned Ida. As an active developer, the money spent on Ida Pro would be well used.

 

[NeoGranzon]

HA! I wish I knew, friend. I wish I knew. XD

Sorry @Yohoki ,so you don't know the solution,yours is pure guess!

 

[Yohoki]

Sorry @Yohoki ,so you don't know the solution,yours is pure guess!

If I knew the specific answer to your specific problem, I would tell. I don't hold info back, I like to share. But in your case, there are so many reasons why it could be not working, I can't say for certain... If it was a code I had made, I would gladly look at your dumps and see why it's messing up. But I'm sadly not, and I can only give suggestions..... guesses is a harsh term to use. XD

 

[Deleted User]

Yes 81-89

range, numerical only, and if the third digit is a letter, in the dump you put the letter that comes after the one found?

 

[Yohoki]

range, numerical only, and if the third digit is a letter, in the dump you put the letter that comes after the one found?

These values are in Hexidecimal. so you count like this: 1,2,3,4,5,6,7,8,9,A,B,C,D,E,F,10.

So for your dumps, your address was 88ec376c. Thats a lot of numbers, so round down to 2 digits = 88. Then add 1, so 88+1=89. New dump range is 81000000-89000000.

If you have something like 8A... it's still the same. 8A+1=8B.

 

[NeoGranzon]

If I knew the specific answer to your specific problem, I would tell. I don't hold info back, I like to share. But in your case, there are so many reasons why it could be not working, I can't say for certain... If it was a code I had made, I would gladly look at your dumps and see why it's messing up. But I'm sadly not, and I can only give suggestions..... guesses is a harsh term to use. XD

@Yohoki of course,i just wanted to make you understand the problem and not waste your time ok!

 

[Yohoki]

@Yohoki of course,i just wanted to make you understand the problem and not waste your time ok!

oh, no. I understand the problem.

I just don't understand how more tutorials will fix it. I don't mean to sound upset or anything. I'm all for sharing info. but we have the tools, and information out there, and people still release non-working codes... however, the codes you've specifically picked, I don't know that they're broken, but maybe something is causing them not to work. would take some digging to find out., I'm afraid.

 

[kaymynd]

HA! I wish I knew, friend. I wish I knew. XD

--------------------- MERGED ---------------------------


I think Ida Pro comes with the plugin already installed. I don't have the $$$ to spend on a license for Ida Pro... so I only have Ida's free trial, which doesn't include Armv7-Thumb.

I'm pretty sure that's what Dask uses, though. I think I read a comment on one of the codes that mentioned Ida. As an active developer, the money spent on Ida Pro would be well used.

Oh wow i didn't realize it came with the plugin, if it didn't cost an arm and a leg I'd buy a license right now haha, only other option would be for someone who knows what their doing to make a similar plugin for ghidra, maybe we can get a bounty going for this?