Such great news!!New Report!
It works!!!! Seg1 does not shift i tried it on both psVitas.
Now i ask my selfe what can i do now with it....
Ahh, I see. Segs and B2 stuff still go over my head, plus I forgot what little I knew about them. I'm gonna need a little extra time to get back into the full swing of things but yeah I checked the .txt from my new dumps and all of them are static. Like straight 81000000 which was pretty neat to see.ASLR shouldn't affect pointers at all. That's a separate issue. I think the main thing to look for is the seg0/1 locations. Are they static now? because a lot of games have the locations move sometimes, either on boot, or switching map levels, etc. You have installed it correctly, though. It would require a reboot of the vita, and it might also now show up under the TXT file in your dumps. I think the plugins are also loaded in order from top to bottom, so putting it higher on the list may also have an effect.
Great news! Turn that into a b200 and it should work flawlessly, even if the user doesn't have noASLR installed and the seg moves around!Experiments with noaslr.skprx.
what I found out at the moment.
It seems that the pattern XYZ is no longer present when you do dumps.<----- Edit: still be present but yeahh baby it doesnt matter you can use that for pointer search too. [I hope I'm right it is not easy to see everything]
Pointer search with TempAR remains the same but is now more precise.
I was able to benefit from the noaslr in 60 minutes.
I think we now have a good springboard for further researches. I hope I'm not mistaken... finger cross
This is a test code with noaslr.skprx.
I know this game has(extremly) the pattern XYZ
If this code works for you, then we might have a proof. there are more results of codes but I think this one could be it.
# Title: SteamWorld Dig 2
# ID: PCSB01114
# Region: EU
# Version: 1.01
# Type: NoNpDrm
# Code Author: tomberyx
_V0 Money 1
$3203 81189D74 00000288
$0000 00000000 00000064
$0000 00000000 0000023C
$0000 00000000 00000001
b200 codes are not hard. It just needs a little math. You're aiming for a code inside the Seg0 section, once you find that, just take the seg0 out of it.Ahh, I see. Segs and B2 stuff still go over my head, plus I forgot what little I knew about them. I'm gonna need a little extra time to get back into the full swing of things but yeah I checked the .txt from my new dumps and all of them are static. Like straight 81000000 which was pretty neat to see.
The actual code for the game is the same, weather it's on vita or pstv, so there should be no difference if the code is made right. Unfortunately, that code doesn't use a b200 yet, so it may stop working for you at some point. b200 is simple to make, though.@tomberyx hey i tried the code from steamworld dig 2 with noaslr plugin on pstv and it worked the same as with kid tripp which didn't work before on pstv
i tried to make a B200 and it worked !!Experiments with noaslr.skprx.
what I found out at the moment.
It seems that the pattern XYZ is no longer present when you do dumps.<----- Edit: still be present but yeahh baby it doesnt matter you can use that for pointer search too. [I hope I'm right it is not easy to see everything]
Pointer search with TempAR remains the same but is now more precise.
I was able to benefit from the noaslr in 60 minutes.
I think we now have a good springboard for further researches. I hope I'm not mistaken... finger cross
This is a test code with noaslr.skprx.
I know this game has(extremly) the pattern XYZ
If this code works for you, then we might have a proof. there are more results of codes but I think this one could be it.
# Title: SteamWorld Dig 2
# ID: PCSB01114
# Region: EU
# Version: 1.01
# Type: NoNpDrm
# Code Author: tomberyx
_V0 Money 1
$3203 81189D74 00000288
$0000 00000000 00000064
$0000 00000000 0000023C
$0000 00000000 00000001
# Title: Defenders Quest-Valley of the Forgotten DX
# ID: PCSB01223
# Region: EU-US
# Version: 1.00
# Type: NoNpDrm
# Code Author: tomberyx
# PCSB01223
_V0 max.PSI [push Select] X
$C201 00000001 00000001
$3201 9663C380 0000012C
$0000 00000000 41200000
$C201 00000001 00000001
$3201 9663C380 00000134
$0000 00000000 41200000
_V0 inf.max Skill-Points X
$3002 9663C380 000000E4
$0000 00000000 00000050
$0000 00000000 0000004D
_V0 inf.Money X
$3201 966445B0 0000003C
$0000 00000000 04A2CB71
_V0 -------------------
$0000 00000000 00000000
_V0 max.PSI [push Select] Y
$C201 00000001 00000001
$3201 9653C380 0000012C
$0000 00000000 41200000
$C201 00000001 00000001
$3201 9653C380 00000134
$0000 00000000 41200000
_V0 inf.max Skill-Points Y
$3002 9653C380 000000E4
$0000 00000000 00000050
$0000 00000000 0000004D
_V0 inf.Money Y
$3201 965445B0 0000003C
$0000 00000000 04A2CB71
_V0 -------------------
$0000 00000000 00000000
_V0 max.PSI [push Select] Z
$C201 00000001 00000001
$3201 9673C380 0000012C
$0000 00000000 41200000
$C201 00000001 00000001
$3201 9673C380 00000134
$0000 00000000 41200000
_V0 inf.max Skill-Points Z
$3002 9673C380 000000E4
$0000 00000000 00000050
$0000 00000000 0000004D
_V0 inf.Money Z
$3201 967445B0 0000003C
$0000 00000000 04A2CB71
_V0 -Note- If Crash use Alternative
$0000 00000000 00000000
_V0 Codes and Vice-Versa.
$0000 00000000 00000000
_V0 Use only X Y or Z do not mix.
$0000 00000000 00000000
_V0 Codes can switch from XtoZ and back.
$0000 00000000 00000000
_V0 Do not activate codes permanent.
$0000 00000000 00000000
_V0 PSI-Code can crash game.
$0000 00000000 00000000
826acf44 is outside the range of the segments, so it may move still. Aslr only effects the modules loaded by kernel, it doesn't affect malloc or garbage collection used by programs, I don't think.Yes, starting Point is always on 8100000.
I have to do that again to find HP Ys8
I just dindt find out how to find 77D4
$B200 00000001 00000000
$3202 000077D4 00003870
$0000 00000000 00000F04
00. module name :ys8_release_true
path: ux0:/patch/PCSE01103/eboot.bin
vaddr: 0x8106a4f0
memsz: 0x338b30
vaddr: 0x813e0f80 8141CC10
813e0f80-20D00--813C0280
memsz: 0x3bc90
PO 826acf44
_V0 HP new
$0200 8CFBB654 3F8 1065353216
[0x8153E118] + 0xF04
[0x8153E144] + 0xF04
[0x8153F580] + 0xF04
[0x8153F58C] + 0xF04
[0x8153F5A8] + 0xF04
[0x8153F5CC] + 0xF04
the rest was possible for me.
Will try it by time, now time for a beer with chicks,i Promise no cheating...
If there're too many characters in line we may need an ARM code to get it.Yes, starting Point is always on 8100000.
I have to do that again to find HP Ys8
I just dindt find out how to find 77D4
$B200 00000001 00000000
$3202 000077D4 00003870
$0000 00000000 00000F04
00. module name :ys8_release_true
path: ux0:/patch/PCSE01103/eboot.bin
vaddr: 0x8106a4f0
memsz: 0x338b30
vaddr: 0x813e0f80 8141CC10
813e0f80-20D00--813C0280
memsz: 0x3bc90
PO 826acf44
_V0 HP new
$0200 8CFBB654 3F8 1065353216
[0x8153E118] + 0xF04
[0x8153E144] + 0xF04
[0x8153F580] + 0xF04
[0x8153F58C] + 0xF04
[0x8153F5A8] + 0xF04
[0x8153F5CC] + 0xF04
the rest was possible for me.
Will try it by time, now time for a beer with chicks,i Promise no cheating...
Not sure what you mean there. ARM works exactly the same as any other code, except for the endiness (it types backwards instead of forwards) and it's unique ability to store the value that was there to begin with and reset it back to what it was when you turn the code off.If there're too many characters in line we may need an ARM code to get it.
In games there is a program processing self-side and enemy-side's HP. So if it worked, we would only need a few lines adding onto the command it will work for all characters.Not sure what you mean there. ARM works exactly the same as any other code, except for the endiness (it types backwards instead of forwards) and it's unique ability to store the value that was there to begin with and reset it back to what it was when you turn the code off.