Hacking VitaCheat/FinalCheat Database

[Smoker1]

It feels like NOPping in cheat engine. You can use ARM write to set your values temporarily or use NOP (anywhere! jk)
Assembly: NOP in ARM
$A100 81000000 0000BF00

Change the address you want to nop then start debugging. Now I feel like this is one of their ways of debugging from coders of ARM write. By searching an opcode from decrypted eboot with ida pro, then nop the hell out of them. Keep it up!



Sadly, no. I can't open Vitacheat and even GoHANmem in GTA3 and VC. I haven't tried their early versions yet. I forgot if RinCheat works but I can open Memdump! But memdump was so slow in my first try. There might be something conflicting on my part.

Yeah, I tried getting VitaCheat and others to work with Mario 64, but did not work. VitaCheat, it just gave a Error for the Game.

 

[Zernix]

Yeah, I tried getting VitaCheat and others to work with Mario 64, but did not work. VitaCheat, it just gave a Error for the Game.

It might depends on how the hombrews handle the memory or the modules vice versa. If we can hope for memdump as cheat activator... I can dump a memory with memdump but with range from 81000000 - 82000000. I can see ELF in 0x0 offset. Maybe it's feasible but If the pointer was beyond from memdump range, it's hopeless.

 

[Deleted User]

fff

 

[Smoker1]

It might depends on how the hombrews handle the memory or the modules vice versa. If we can hope for memdump as cheat activator... I can dump a memory with memdump but with range from 81000000 - 82000000. I can see ELF in 0x0 offset. Maybe it's feasible but If the pointer was beyond from memdump range, it's hopeless.

GTA Cheats come up and work perfectly. Great work

 

[Zernix]

GTA Cheats come up and work perfectly. Great work

Good news for you. On GTA3, Money address is within range. I believe this should be static; but as you mentioned, the addresses are dynamic. There's a -+0x00100000 offset difference which is common in 3.65 NND games.

0x81000000

8160D54C - Money
8160D550 - Display Money
8160D558 - HP?

Vita's starting address is 0x81000000. idk for switch. the game address should be relative between 2 platforms. share me your findings from switch.

 

[Smoker1]

Good news for you. On GTA3, Money address is within range. I believe this should be static; but as you mentioned, the addresses are dynamic. There's a -+0x00100000 offset difference which is common in 3.65 NND games.

0x81000000

8160D54C - Money
8160D550 - Display Money
8160D558 - HP?

Vita's starting address is 0x81000000. idk for switch. the game address should be relative between 2 platforms. share me your findings from switch.

Was a lot of work finding everything. LOL. MAIN is supposed to represent Static, while HEAP represents Dynamic.

 

[tomberyx]

@Zernix
Can you explain step-by-step again how to do B200 with offset and startingpoint etc.

Spoiler: B2 Code Conversion

This is the example of my findings:

The speed hack address 82xDE720 is already out of range from this module which is:
seg1 812806A0 - 812CD110 (for example)
you can't make a B2 code with it. To solve this problem, find the starting memory block. I used GoHANmem with "Scan Block" function. With that, I found the starting range block which is 81F00000. Search this hex with vitacheat to find the pointer. I found 4 adresses, 2 of them are the same and it's within the memory module. I picked 8128BDD8 which +B738 offset from seg1. The address 8128BDD8 is a direct pointer to 81F00000.

_V0 Speed Hack
$B200 00000001 00000000
$3201 0000B738 006DE720
$3300 00000000 00000000

This is compatible for all different regions and dumps but not for the patched ones. Only best for static address.

To find the pointer within the module with vitacheat, Use Fuzzy Search with your address that you found (speed hack for example), set the search type into "less than or equal" (<=) and limit the range from 81000000 to the end of seg1 (it will include seg0). After the result list down the the address and its value, pick the value which is closer to your address that you found. then resart, repeat and:

_V0 Speed Hack
$B200 00000001 00000000
$3201 0003E990 00003AE0
$3300 00000000 00000000

_V0 Mira
$B200 00000001 00000000
$3201 0003E990 000A5038
$3300 00000000 00000064

This will work in all version, regions, dumps, and to whatever patch you put in rePatch. Unless rePatch omits the address that you want to modify (not sure)

notes:

• Speed hack 82xDE720 where x sometimes change.
  
  
• Memory module "here" is the eboot.bin vitacheat mostly use this module to display the seg0 & seg1 when you push the R-Analog-UP in "Browse Memory"
  
  
• seg1 812806A0 - 812CD110 you can see this by pushing the right analog up in "Browse Memory". This is useful for B2 code.
  
  
• "Memory block" is a chunk of data from RAM. the biggest will be the game files. GoHANmem can differentiate each block.
  
  
• GoHANmem can determine the range of memory block while vitacheat cannot.
  
  
• VitaCheat can specifically determine the memory executable modules and it's names while GoHANmem cannot. vitacheat only recognize executable modules like suprx, skprx. you can see more of it when you dump a memory with vitacheat.

PCSG00488 - Eiyuu Densetsu: Sora no Kiseki FC Evolution (without patch).

I found this code and many more;

_V0 Instant all Items [945pcs.]
$4201 8247EC7C 004D0000 # + - 100000/200000/300000
$03B1 00000004 00000001

Btw.found this code with "Dog-Search Code" ;-)

Now I would like to make this code static, since I don't have a Gohanmem it will be a bit difficult.
thank you for your help

Edit:
This is the part were im crying;

"GoHANmem with "Scan Block" function. With that, I found the starting range block which is 81F00000. Search this hex with vitacheat to find the pointer. I found 4 adresses, 2 of them are the same and it's within the memory module. I picked 8128BDD8 which +B738 offset from seg1. The address 8128BDD8 is a direct pointer to 81F00000.

_V0 Speed Hack
$B200 00000001 00000000
$3201 0000B738 006DE720
$3300 00000000 00000000 "

 

[Hollow357]

Hello. I'm having an issue with some cheats for God of War Collection v 1.00 (USA). Certain cheats, like the one selected in the picture below in Vitacheat, cause the game to crash. Apparently these were made for the vitamin dump, which I also tried using them on, but got the same result.

I'm using the NoNpDrm version of the game, on HENkaku-Enso 3.60. Using Vitacheat z04. I'm not sure what's causing this issue or how to fix it, other than perhaps changing the code so that it works for NoNpDrm. I'm not a coder/programmer, don't understand HEX values, etc. Not very knowledgeable with code in general. Any help would be appreciated.

The codes in question:

_V0 获得眼睛和羽毛后最大//Get Eye and Feather Max(v.Vitamin)
$D201 81000EC0 F092B510
$A200 8104522E 0812F04F
$D201 81000EC0 3401B2A5
$A100 8104FA34 00002012

_V0 全魔法技能武器//All Magic Skill Weapon (v.Vitamin)
$D208 81000EC0 F092B510
$A200 81215490 E3E00000
$A200 81215494 E1C108B2
$A200 81215498 E3A00000
$A200 8121549C E1D118B2
$A200 812154A0 E51FF004
$A200 812154A4 81042EB1
$A100 81042EAA 00004778
$A200 81042EAC EA074977
$D209 81000EC0 3401B2A5
$A200 81234E90 E5D0409C
$A200 81234E94 E5824078
$A200 81234E98 E3E02000
$A200 81234E9C E5802054
$A200 81234EA0 E5902054
$A200 81234EA4 E51FF004
$A200 81234EA8 8104F625
$A200 8104F61C 47781C00
$A200 8104F620 EA07961A

Tried these cheats again on a proper vitamin dump and they don't work/have no effect in game. The other vitamin made cheats also don't work. Wonder what the problem could be. I guess I'll stick with the NoNpDrm version for now.

 

[Zernix]

@Zernix
Can you explain step-by-step again how to do B200 with offset and startingpoint etc.

Spoiler: B2 Code Conversion

This is the example of my findings:

The speed hack address 82xDE720 is already out of range from this module which is:
seg1 812806A0 - 812CD110 (for example)
you can't make a B2 code with it. To solve this problem, find the starting memory block. I used GoHANmem with "Scan Block" function. With that, I found the starting range block which is 81F00000. Search this hex with vitacheat to find the pointer. I found 4 adresses, 2 of them are the same and it's within the memory module. I picked 8128BDD8 which +B738 offset from seg1. The address 8128BDD8 is a direct pointer to 81F00000.

_V0 Speed Hack
$B200 00000001 00000000
$3201 0000B738 006DE720
$3300 00000000 00000000

This is compatible for all different regions and dumps but not for the patched ones. Only best for static address.

To find the pointer within the module with vitacheat, Use Fuzzy Search with your address that you found (speed hack for example), set the search type into "less than or equal" (<=) and limit the range from 81000000 to the end of seg1 (it will include seg0). After the result list down the the address and its value, pick the value which is closer to your address that you found. then resart, repeat and:

_V0 Speed Hack
$B200 00000001 00000000
$3201 0003E990 00003AE0
$3300 00000000 00000000

_V0 Mira
$B200 00000001 00000000
$3201 0003E990 000A5038
$3300 00000000 00000064

This will work in all version, regions, dumps, and to whatever patch you put in rePatch. Unless rePatch omits the address that you want to modify (not sure)

notes:

• Speed hack 82xDE720 where x sometimes change.
  
  
• Memory module "here" is the eboot.bin vitacheat mostly use this module to display the seg0 & seg1 when you push the R-Analog-UP in "Browse Memory"
  
  
• seg1 812806A0 - 812CD110 you can see this by pushing the right analog up in "Browse Memory". This is useful for B2 code.
  
  
• "Memory block" is a chunk of data from RAM. the biggest will be the game files. GoHANmem can differentiate each block.
  
  
• GoHANmem can determine the range of memory block while vitacheat cannot.
  
  
• VitaCheat can specifically determine the memory executable modules and it's names while GoHANmem cannot. vitacheat only recognize executable modules like suprx, skprx. you can see more of it when you dump a memory with vitacheat.

PCSG00488 - Eiyuu Densetsu: Sora no Kiseki FC Evolution (without patch).

I found this code and many more;

_V0 Instant all Items [945pcs.]
$4201 8247EC7C 004D0000 # + - 100000/200000/300000
$03B1 00000004 00000001

Btw.found this code with "Dog-Search Code" ;-)

Now I would like to make this code static, since I don't have a Gohanmem it will be a bit difficult.
thank you for your help

Edit:
This is the part were im crying;

"GoHANmem with "Scan Block" function. With that, I found the starting range block which is 81F00000. Search this hex with vitacheat to find the pointer. I found 4 adresses, 2 of them are the same and it's within the memory module. I picked 8128BDD8 which +B738 offset from seg1. The address 8128BDD8 is a direct pointer to 81F00000.

_V0 Speed Hack
$B200 00000001 00000000
$3201 0000B738 006DE720
$3300 00000000 00000000 "

It will be difficult to determine the range of block without GoHANmem. If you want to find it with vitacheat alone, you have to browse the memory and find the beginning of normal values after XX XX XX.

Spoiler: XX XX XX

Tried these cheats again on a proper vitamin dump and they don't work/have no effect in game. The other vitamin made cheats also don't work. Wonder what the problem could be. I guess I'll stick with the NoNpDrm version for now.

Vitamin and Mai dumps had inconsistency when it comes to decrypting assets. It creates discrepancies between original and decrypted; Not to mention that factor if whether game was dumped from psn or physical carts. I've never encountered ARM write codes for NND so I'm not sure.

Was a lot of work finding everything. LOL. MAIN is supposed to represent Static, while HEAP represents Dynamic.

I'm late to realize that memdump can't use pointer hahaha. Anyways, I found the addresses, pointer and offsets. They are almost relative so it's easy to find thanks to your findings.

 

[tomberyx]

@Zernix

I found the starting point after XXXX
It was very easy just 20sec.

Here is the Address
81060000

Please next step

 

[Zernix]

@Zernix

I found the starting point after XXXX
It was very easy just 20sec.

Here is the Address
81060000

Please next step

Sorry but I forgot to mention that there are more blocks there that exist. The starting block that you've found is the eboot. The starting point that game mainly uses is usually somewhere in 81F-830. It might be wrong; It depends on how many modules the game uses or plugins that you use.

 

[tomberyx]

Seems that I have to install Gohanmem.
Will try again if I can get it to run on 3.65.
Thanks for your feedback

 

[Smoker1]

@Zernix - With the latest GTA3, can it also be added to VitaCheat, just like GTASA?

 

[Zernix]

Seems that I have to install Gohanmem.
Will try again if I can get it to run on 3.65.
Thanks for your feedback

Use the latest GoHANmem 3.01 which is working for 3.65. After you found the starting point, search the address as value. Pick the result which is within eboot segment.

@Zernix - With the latest GTA3, can it also be added to VitaCheat, just like GTASA?

If you can open the Vitacheat menu. I believe the latest vpk is 1.3. I'm using the latest but I can't open Vitacheat. I suggest you try it too. I might be the only one who can't open it.

 

[faythdus]

tested 3,60.

Rogue Aces 1.02
alternative not found

# PCSE01198

_V0 level up
$B200 00000001 00000000
$0200 0007C020 0000270F

_V0 bomb
$B200 00000001 00000000
$0200 00070744 00000004

_V0 missiles
$B200 00000001 00000000
$0200 00070748 00000002

_V0 slow
$B200 00000001 00000000
$0200 000AB1A0 00000000

_V0 blue bar
$3202 81400290 00000388
$3200 00000000 00000A70
$3300 00000000 3F700000

shovel knight: treasure 1.08
# PCSE00640
_V0 collectibles for shop
$B200 00000001 00000000
$0200 0002A678 00000064

Slow and blue bar not work

 

[NeoGranzon]

Slow and blue bar not work

@faythdus sorry but you still don't understand,the codes were created on cfw 3.60,if you have installed cfw 3.65 on your PS Vita,the codes created with a different firmware(from the one installed)often don't work.

 

[faythdus]

@faythdus sorry but you still don't understand,the codes were created on cfw 3.60,if you have installed cfw 3.65 on your PS Vita,the codes created with a different firmware(from the one installed)often don't work.

I have something confuse B2 code not work for 3.60 so how you can use it?

 

[kapteinknutsen]

# Title: Severed
# ID: PCSB00702
# Region: EU
# Version: 1.00
# Type: NoNpDrm
# Code Author: tomberyx

Thanks for doing a cheat for severed! Me and my daughter will finally be able to get further into the game now. I have the PCSE00589 version of the game, do you think there's a chance the cheat will work on that as well?

 

[tomberyx]

hard to say!
At best you try out the codes or simply change the psv file to your game ID, you have to change two things: 1x the file and 1x in the text.


Ignore this png file below, dondt know why is it here

 

[kapteinknutsen]

hard to say!
At best you try out the codes or simply change the psv file to your game ID, you have to change two things: 1x the file and 1x in the text.


Ignore this png file below, dondt know why is it here

I'll have a go tonight Cheers!