Hacking VitaCheat/FinalCheat Database

tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
test Code

# Title: Romancing Saga 3 US
# ID: PCSE01337

_V0 inf.max Money
$B200 00000001 00000000
$3204 07001210 FFFFF0EC
$0000 00000000 FFFFF2C8
$0000 00000000 FFFFFCFC
$0000 00000000 00000120
$0000 00000000 0076ADF1

_V0 inf.HP all Players
$B200 00000001 00000000
$7203 00C79758 00001498
$0000 00000000 00000014
$0000 00000000 FFFFEB70
$7703 00000000 00012FD1
$0005 0000029C 00000000

I found out that it is possible to get stable codes for this game, but you need a very powerful computer. My computer hangs when I search level 4 pointers (negative) because this search needs too much power so I had to go down to level 3.

In short;
The game requires level 4 pointers but all negatives and that takes a lot of computing power.

Useful settings are:
-B200 1 (Negative)
-Range 1000-3000
-Pointer Level 4
-X Address (Dump 81-93) (XY Pattern)
-Y Address (Dump 81-93)
-use 93xxxxxx Pointers..

I'm not sure if it could help for the HP code if you create dumps from 81-8b that probably wouldn't take down my computer.... but the money code above should be always Stable its Level fucking 4 Negative...

I wouldn't be surprised if my theories above are all wrong because Vita-Cheat is always unpredictable but vulnerable...
 
Last edited by tomberyx,
  • Like
Reactions: Kur0shitsuji
N

NFSMW

Well-Known Member
Newcomer
Level 1
Joined
Aug 10, 2022
Messages
52
Trophies
0
Age
21
Location
UK
XP
85
Country
United Kingdom
Hi guys, does anyone know how to put a speed hack in a game? (To speed up in game time by x2, x5, x100 etc)

Haven't seen it mentioned before.

Is that possible? Want to try it out on nfs mw 2012.

Thanks.
 
wangtao03

wangtao03

Member
Newcomer
Level 1
Joined
Jan 3, 2021
Messages
6
Trophies
0
Age
37
XP
74
Country
China
# Title: Eiyuu Densetsu Sora no Kiseki FC Evolution / The Legend of Heroes: Trails in the Sky FC Evolution
# ID: PCSG00488, PCSH00178, PCSH00179
# Region: JPN, HK, CHN
# Version: 1.02, 1.01, 1.00
# Type: NoNpDrm
# Note: Tested code works when ASLR is running
# only for VitaCheat z06 and FW 3.65+
# Code Author: wangtao03

# PCSG00488

_V0 Mira 99999999
$B200 00000001 00000000
$3202 0000D478 0000AE88
$3200 00000000 00002098
$3300 00000000 05F5E0FF

_V0 Sepith 9999
$B200 00000001 00000000
$7202 0000D478 0000AE88
$7200 00000000 000020A0
$7702 00000000 0000270F
$0007 00000004 00000000

_V0 Infinite HP in battle
$B200 00000001 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00000230
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 0000022E
$8900 00000000 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00002634
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00002632
$8900 00000000 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00004A38
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00004A36
$8900 00000000 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00006E3A
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00006E3C
$8900 00000000 00000000

_V0 Infinite EP in battle
$B200 00000001 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00000234
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00000232
$8900 00000000 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00002638
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00002636
$8900 00000000 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00004A3C
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00004A3A
$8900 00000000 00000000
$8103 0000D010 00062DA4
$8100 00000000 000796F8
$8100 00000000 00006E40
$8800 00000000 00000000
$8503 0000D010 00062DA4
$8500 00000000 000796F8
$8500 00000000 00006E3E
$8900 00000000 00000000

_V0 Infinite CP in battle
$B200 00000001 00000000
$7103 0000D010 00062DA4
$7100 00000000 000796F8
$7100 00000000 00000236
$7703 00000000 000000C8
$0004 00002404 00000000

_V0 All Characters HP Maximum
$B200 00000001 00000000
$8102 0000D478 0000AE88
$8100 00000000 0000026C
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000026A
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000002A0
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000029E
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000002D4
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000002D2
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 00000308
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 00000306
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 0000033C
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000033A
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 00000370
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000036E
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000003A4
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000003A2
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000003D8
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000003D6
$8900 00000000 00000000

_V0 All Characters EP Maximum
$B200 00000001 00000000
$8102 0000D478 0000AE88
$8100 00000000 00000270
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000026E
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000002A4
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000002A2
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000002D8
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000002D6
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 0000030C
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000030A
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 00000340
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 0000033E
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 00000374
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 00000372
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000003A6
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000003A8
$8900 00000000 00000000
$8102 0000D478 0000AE88
$8100 00000000 000003DA
$8800 00000000 00000000
$8502 0000D478 0000AE88
$8500 00000000 000003DC
$8900 00000000 00000000

_V0 All Characters CP Maximum
$B200 00000001 00000000
$7102 0000D478 0000AE88
$7100 00000000 00000272
$7702 00000000 000000C8
$0008 00000034 00000000
# PCSG00178

_V0 Mira 99999999
$B200 00000001 00000000
$3202 0000F058 0000AE88
$3200 00000000 00002098
$3300 00000000 05F5E0FF

_V0 Sepith 9999
$B200 00000001 00000000
$7202 0000F058 0000AE88
$7200 00000000 000020A0
$7702 00000000 0000270F
$0007 00000004 00000000

_V0 Infinite HP in battle
$B200 00000001 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00000230
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 0000022E
$8900 00000000 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00002834
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 00002832
$8900 00000000 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00004E38
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 00004E36
$8900 00000000 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 0000743C
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 0000743A
$8900 00000000 00000000

_V0 Infinite EP in battle
$B200 00000001 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00000234
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 00000232
$8900 00000000 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00002838
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 00002836
$8900 00000000 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00004E3C
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 00004E3A
$8900 00000000 00000000
$8103 0000EBF0 00062DA4
$8100 00000000 000798F8
$8100 00000000 00007440
$8800 00000000 00000000
$8503 0000EBF0 00062DA4
$8500 00000000 000798F8
$8500 00000000 0000743E
$8900 00000000 00000000

_V0 Infinite CP in battle
$B200 00000001 00000000
$7103 0000EBF0 00062DA4
$7100 00000000 000798F8
$7100 00000000 00000236
$7703 00000000 000000C8
$0004 00002604 00000000

_V0 All Characters HP Maximum
$B200 00000001 00000000
$8102 0000F058 0000AE88
$8100 00000000 0000026C
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000026A
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000002A0
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000029E
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000002D4
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000002D2
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 00000308
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 00000306
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 0000033C
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000033A
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 00000370
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000036E
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000003A4
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000003A2
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000003D8
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000003D6
$8900 00000000 00000000

_V0 All Characters EP Maximum
$B200 00000001 00000000
$8102 0000F058 0000AE88
$8100 00000000 00000270
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000026E
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000002A4
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000002A2
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000002D8
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000002D6
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 0000030C
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000030A
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 00000340
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 0000033E
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 00000374
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 00000372
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000003A6
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000003A8
$8900 00000000 00000000
$8102 0000F058 0000AE88
$8100 00000000 000003DA
$8800 00000000 00000000
$8502 0000F058 0000AE88
$8500 00000000 000003DC
$8900 00000000 00000000

_V0 All Characters CP Maximum
$B200 00000001 00000000
$7102 0000F058 0000AE88
$7100 00000000 00000272
$7702 00000000 000000C8
$0008 00000034 00000000
# PCSG00179

_V0 Mira 99999999
$B200 00000001 00000000
$3202 0000F0CC 0000AE88
$3200 00000000 00002098
$3300 00000000 05F5E0FF

_V0 Sepith 9999
$B200 00000001 00000000
$7202 0000F0CC 0000AE88
$7200 00000000 000020A0
$7702 00000000 0000270F
$0007 00000004 00000000

_V0 Infinite HP in battle
$B200 00000001 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00000230
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 0000022E
$8900 00000000 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00002834
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 00002832
$8900 00000000 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00004E38
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 00004E36
$8900 00000000 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 0000743C
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 0000743A
$8900 00000000 00000000

_V0 Infinite EP in battle
$B200 00000001 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00000234
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 00000232
$8900 00000000 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00002838
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 00002836
$8900 00000000 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00004E3C
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 00004E3A
$8900 00000000 00000000
$8103 0000EC64 00062DA4
$8100 00000000 000798F8
$8100 00000000 00007440
$8800 00000000 00000000
$8503 0000EC64 00062DA4
$8500 00000000 000798F8
$8500 00000000 0000743E
$8900 00000000 00000000

_V0 Infinite CP in battle
$B200 00000001 00000000
$7103 0000EC64 00062DA4
$7100 00000000 000798F8
$7100 00000000 00000236
$7703 00000000 000000C8
$0004 00002604 00000000

_V0 All Characters HP Maximum
$B200 00000001 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 0000026C
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000026A
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000002A0
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000029E
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000002D4
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000002D2
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 00000308
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 00000306
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 0000033C
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000033A
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 00000370
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000036E
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000003A4
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000003A2
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000003D8
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000003D6
$8900 00000000 00000000

_V0 All Characters EP Maximum
$B200 00000001 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 00000270
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000026E
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000002A4
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000002A2
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000002D8
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000002D6
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 0000030C
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000030A
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 00000340
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 0000033E
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 00000374
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 00000372
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000003A6
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000003A8
$8900 00000000 00000000
$8102 0000F0CC 0000AE88
$8100 00000000 000003DA
$8800 00000000 00000000
$8502 0000F0CC 0000AE88
$8500 00000000 000003DC
$8900 00000000 00000000

_V0 All Characters CP Maximum
$B200 00000001 00000000
$7102 0000F0CC 0000AE88
$7100 00000000 00000272
$7702 00000000 000000C8
$0008 00000034 00000000

I haven't tested it, but I'm guessing the code works on the English patch version
 

Attachments

  • PCSG00488.zip
    641 bytes · Views: 51
  • PCSH00178.zip
    640 bytes · Views: 40
  • PCSH00179.zip
    642 bytes · Views: 36
Last edited by wangtao03,
  • Like
Reactions: ILuvGames, protoye76, MichaelWilliams1234 and 1 other person
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
Nice catch you have made.
Is it really true that these codes only work with ASLR !
Or do you mean noaslr.skprx ?

If you have noaslr.skprx installed then it doesn't mean that everyone has to install it (only for creating codes it is important but not as user)
 
wangtao03

wangtao03

Member
Newcomer
Level 1
Joined
Jan 3, 2021
Messages
6
Trophies
0
Age
37
XP
74
Country
China
tomberyx said:
Nice catch you have made.
Is it really true that these codes only work with ASLR !
Or do you mean noaslr.skprx ?

If you have noaslr.skprx installed then it doesn't mean that everyone has to install it (only for creating codes it is important but not as user)
Click to expand...

My English is very poor, I used the machine translation, I hope you can read it

I mean, the code works with ASLR
noaslr.skprx plugin does not work in this game
Step 1:Recording and Dumping
I recorded the data and dumped memory multiple times with ASLR, like this
微信图片_20221204095612.png


Step 2:Moving Segment
Normal,Seg0 starts at 0x81000000
Seg0 ends followed by Seg1,
Seg1 ends followed by Memory data,
with ASLR Seg0 and Seg1 addresses are random,memory data is relatively fixed,
微信图片_20221204105144.png

So we move the random Seg0 and SEG1 to the fixed position,keep memory data,
multiple dumps can be compared.
I am referring to eboot.bin to determine the fixed address of Seg0 and Seg1
微信图片_202212041253181.png


Step 3: (important) Fix Pointer
record dump Seg0 and Seg1 shift offsets
subtract the corresponding offsets from the pointers to Seg0 and Seg1
For example in dump0
pointer 0x825BCAD4 points to 0x81040DC8
address 0x81040DC8 in the range of Seg0
Seg0 was moved from 0x81071FD0 to 0x81000000 when repairing,shift offset is 0x71FD0
the pointer 0x825BCAD4 should point from 0x81040DC8 to 0x80FCEDF8 (0x81040DC8-0x71FD0)

Finally, We eliminated the impact of ASLR on dumps by fixing,
make it possible to search for pointers belonging to Seg0 and Seg1 between multiple dumps to create B200 type code
微信图片_202212041253182.png
 
Last edited by wangtao03,
  • Like
Reactions: ILuvGames
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
# Title: Urban Trial Freestyle
# ID: PCSB00038
# Region: EU
# Version: 1.00
# Type: NoNpDrm
# Note: [noaslr.skprx] Plugin
# only for VitaCheat z06 and FW 3.65+
# Code Author: tomberyx
# PCSB00038

_V0 Hold UP to Fly
$B200 00000001 00000000
$C201 00000001 00000110
$3201 00247278 00000114
$0000 00000000 43C4BABE
$C201 00000001 00000210
$3201 00247278 00000114
$0000 00000000 43C4BABE
$C201 00000001 00000010
$3201 00247278 00000114
$0000 00000000 43C4BABE

_V0 Mega Speed 1 [push Right]
$B200 00000001 00000000
$C201 00000001 00000020
$3201 00247278 00000110
$0000 00000000 C5000000
$C201 00000001 00000020
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Mega Speed 2 [use D-PAD]
$B200 00000001 00000000
$C201 00000001 00000080
$3201 00247278 000009CC
$0000 00000000 C3000000
$C201 00000001 00000020
$3201 00247278 000009CC
$0000 00000000 43200000
$C201 00000001 00000080
$3201 00247278 000000DC
$0000 00000000 3F800000
$C201 00000001 00000020
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Instant Brake [hold Down]
$B200 00000001 00000000
$C201 00000001 00000040
$3201 00247278 00000110
$0000 00000000 00000000
$C201 00000001 00000040
$3201 00070BA8 000000DC
$0000 00000000 3F800000

_V0 Time-Freeze
$B200 00000001 00000000
$3202 00070B1C 000007B8
$0000 00000000 0000001C
$0000 00000000 00000000

_V0 Light-Speed [push Select]
$B200 00000001 00000000
$C101 00000001 00000001
$3201 00247278 00000110
$0000 00000000 C6000000

_V0 Low Gravity [hold X
$B200 00000001 00000000
$C201 00000001 00004000
$3201 00247278 00000114
$0000 00000000 42480000

_V0 Super-Flip [push UP-Down]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 00247278 0000011C
$0000 00000000 41A00000
$C201 00000001 00000040
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Player-Size [use D-Pad]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 00247278 00001A7C
$0000 00000000 3FD00BAD
$C201 00000001 00000040
$3201 00247278 00001A7C
$0000 00000000 3F38C000
$C201 00000001 00000020
$3201 00247278 00001A7C
$0000 00000000 40800000
$0000 00000000 00000000
$B200 00000001 00000000
$C201 00000001 00000080
$3201 00247278 00001A7C
$0000 00000000 3F800000

_V0 Bike-Size [Long-Bike] A
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 3F800000
$3201 00070B10 000001FC
$0000 00000000 40000000

_V0 Bike-Size [Big 1] B
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 40000000

_V0 Bike-Size [Big 2]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9A8C 0000006C
$0000 00000000 40000000

_V0 Bike-Size [Reset A-B]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 3F800000
$3201 00070B10 000001FC
$0000 00000000 3F800000

_V0 Tire-Mod 1
$B200 00000001 00000000
$3201 00247278 00000BE4
$0000 00000000 C36F0000

_V0 Tire-Mod 2
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BE8
$0000 00000000 C3600000

_V0 Tire-Mod Onewheel
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BE4
$0000 00000000 42900000

_V0 Tire-Mod Brocken
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BF0
$0000 00000000 41B00000

_V0 Driver No-Driver
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 00000064
$0000 00000000 447A0000

_V0 Driver ASS-Driver
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 0000006C
$0000 00000000 40600000

_V0 Driver Yokozuna
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 0000007C
$0000 00000000 BFAA0000

_V0 Driver MegaPhone
$B200 00000001 00000000
$0000 00000000 00000000
$3202 000B9DD4 00000008
$0000 00000000 0000016C
$0000 00000000 41400000

_V0 Driver Big Head
$B200 00000001 00000000
$3201 000B9DD0 0000034C
$0000 00000000 40400000
$3201 000B9DD0 0000044C
$0000 00000000 41400000

_V0 [after-Crash] Brake Dance [use D-PAD]
$B200 00000001 00000000
$C201 00000001 00000010
$3202 0024704C 000002CC
$0000 00000000 000002A4
$0000 00000000 40200000
$C201 00000001 00000080
$3202 0024704C 000002CC
$0000 00000000 00000740
$0000 00000000 C2200000
$C201 00000001 00000020
$3202 0024704C 000002CC
$0000 00000000 00000740
$0000 00000000 42700000
$0000 00000000 00000000
$C201 00000001 00000040
$3202 0024704C 000002CC
$0000 00000000 00000C04
$0000 00000000 42340000

_V0 Big Exhaust
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9A8C 0000008C
$0000 00000000 40A00000

_V0 Mega Suspension [Note]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000024
$0000 00000000 3B000000

_V0 Broken Suspension [Note]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000024
$0000 00000000 41500000

_V0 No Crash [Bug] [hold X]
$B200 00000001 00000000
$C201 00000001 00004000
$3201 00070B10 00000050
$0000 00000000 BCBE66A1

_V0 Suprise [Fun]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 0000150C
$0000 00000000 40A00000
$3201 00247278 000017DC
$0000 00000000 40800000
$3201 00247278 0000127C
$0000 00000000 40800000
$3201 00247278 00000FDC
$0000 00000000 40800000

_V0 Camera Zoom-Out
$B200 00000001 00000000
$3201 000B9F8C 00000060
$0000 00000000 C4950000

_V0 Camera Excitebike
$B200 00000001 00000000
$3201 000B9F8C 00000060
$0000 00000000 00000000
$3201 000B9F8C 00000184
$0000 00000000 B0100000

_V0 Counter-Crash 0
$B200 00000001 00000000
$3002 00070B1C 000007B8
$0000 00000000 00000020
$0000 00000000 00000000

_V0 max.Points
$B200 00000001 00000000
$0200 00154DFC 45F30800

_V0 Multiplicator 77x
$B200 00000001 00000000
$0200 00154E00 429A0000
$0200 00154E04 44558000

_V0 Unlock all Tasks [Challenges]
$B200 00000001 00000000
$4201 00154EC8 00F00000
$0029 00000004 00000000

_V0 Deactivate Fog [ON-LSelect OFF-RSelect]
$B200 00000001 00000000
$C201 00000001 00000101
$0200 00064EB8 70600000
$C201 00000001 00000201
$0200 00064EB8 70500000

_V0 inf.max Money
$B200 00000001 00000000
$0200 00154DD4 4797E880

_V0 -------------------
$0000 00000000 00000000

_V0 [Note] some codes are not perfect and work after restart.
$0000 00000000 00000000

_V0 -------------------
$0000 00000000 00000000
 

Attachments

  • PCSB00038.rar
    1.3 KB · Views: 41
  • Like
  • Love
Reactions: protoye76, Drizpeach, MichaelWilliams1234 and 1 other person
Smoker1

Smoker1

Well-Known Member
Member
Level 16
Joined
Feb 17, 2015
Messages
5,035
Trophies
1
Location
California
XP
6,028
Country
United States
tomberyx said:
# Title: Urban Trial Freestyle
# ID: PCSB00038
# Region: EU
# Version: 1.00
# Type: NoNpDrm
# Note: [noaslr.skprx] Plugin
# only for VitaCheat z06 and FW 3.65+
# Code Author: tomberyx
# PCSB00038

_V0 Hold UP to Fly
$B200 00000001 00000000
$C201 00000001 00000110
$3201 00247278 00000114
$0000 00000000 43C4BABE
$C201 00000001 00000210
$3201 00247278 00000114
$0000 00000000 43C4BABE
$C201 00000001 00000010
$3201 00247278 00000114
$0000 00000000 43C4BABE

_V0 Mega Speed 1 [push Right]
$B200 00000001 00000000
$C201 00000001 00000020
$3201 00247278 00000110
$0000 00000000 C5000000
$C201 00000001 00000020
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Mega Speed 2 [use D-PAD]
$B200 00000001 00000000
$C201 00000001 00000080
$3201 00247278 000009CC
$0000 00000000 C3000000
$C201 00000001 00000020
$3201 00247278 000009CC
$0000 00000000 43200000
$C201 00000001 00000080
$3201 00247278 000000DC
$0000 00000000 3F800000
$C201 00000001 00000020
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Instant Brake [hold Down]
$B200 00000001 00000000
$C201 00000001 00000040
$3201 00247278 00000110
$0000 00000000 00000000
$C201 00000001 00000040
$3201 00070BA8 000000DC
$0000 00000000 3F800000

_V0 Time-Freeze
$B200 00000001 00000000
$3202 00070B1C 000007B8
$0000 00000000 0000001C
$0000 00000000 00000000

_V0 Light-Speed [push Select]
$B200 00000001 00000000
$C101 00000001 00000001
$3201 00247278 00000110
$0000 00000000 C6000000

_V0 Low Gravity [hold X
$B200 00000001 00000000
$C201 00000001 00004000
$3201 00247278 00000114
$0000 00000000 42480000

_V0 Super-Flip [push UP-Down]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 00247278 0000011C
$0000 00000000 41A00000
$C201 00000001 00000040
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Player-Size [use D-Pad]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 00247278 00001A7C
$0000 00000000 3FD00BAD
$C201 00000001 00000040
$3201 00247278 00001A7C
$0000 00000000 3F38C000
$C201 00000001 00000020
$3201 00247278 00001A7C
$0000 00000000 40800000
$0000 00000000 00000000
$B200 00000001 00000000
$C201 00000001 00000080
$3201 00247278 00001A7C
$0000 00000000 3F800000

_V0 Bike-Size [Long-Bike] A
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 3F800000
$3201 00070B10 000001FC
$0000 00000000 40000000

_V0 Bike-Size [Big 1] B
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 40000000

_V0 Bike-Size [Big 2]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9A8C 0000006C
$0000 00000000 40000000

_V0 Bike-Size [Reset A-B]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 3F800000
$3201 00070B10 000001FC
$0000 00000000 3F800000

_V0 Tire-Mod 1
$B200 00000001 00000000
$3201 00247278 00000BE4
$0000 00000000 C36F0000

_V0 Tire-Mod 2
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BE8
$0000 00000000 C3600000

_V0 Tire-Mod Onewheel
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BE4
$0000 00000000 42900000

_V0 Tire-Mod Brocken
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BF0
$0000 00000000 41B00000

_V0 Driver No-Driver
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 00000064
$0000 00000000 447A0000

_V0 Driver ASS-Driver
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 0000006C
$0000 00000000 40600000

_V0 Driver Yokozuna
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 0000007C
$0000 00000000 BFAA0000

_V0 Driver MegaPhone
$B200 00000001 00000000
$0000 00000000 00000000
$3202 000B9DD4 00000008
$0000 00000000 0000016C
$0000 00000000 41400000

_V0 Driver Big Head
$B200 00000001 00000000
$3201 000B9DD0 0000034C
$0000 00000000 40400000
$3201 000B9DD0 0000044C
$0000 00000000 41400000

_V0 [after-Crash] Brake Dance [use D-PAD]
$B200 00000001 00000000
$C201 00000001 00000010
$3202 0024704C 000002CC
$0000 00000000 000002A4
$0000 00000000 40200000
$C201 00000001 00000080
$3202 0024704C 000002CC
$0000 00000000 00000740
$0000 00000000 C2200000
$C201 00000001 00000020
$3202 0024704C 000002CC
$0000 00000000 00000740
$0000 00000000 42700000
$0000 00000000 00000000
$C201 00000001 00000040
$3202 0024704C 000002CC
$0000 00000000 00000C04
$0000 00000000 42340000

_V0 Big Exhaust
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9A8C 0000008C
$0000 00000000 40A00000

_V0 Mega Suspension [Note]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000024
$0000 00000000 3B000000

_V0 Broken Suspension [Note]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000024
$0000 00000000 41500000

_V0 No Crash [Bug] [hold X]
$B200 00000001 00000000
$C201 00000001 00004000
$3201 00070B10 00000050
$0000 00000000 BCBE66A1

_V0 Suprise [Fun]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 0000150C
$0000 00000000 40A00000
$3201 00247278 000017DC
$0000 00000000 40800000
$3201 00247278 0000127C
$0000 00000000 40800000
$3201 00247278 00000FDC
$0000 00000000 40800000

_V0 Camera Zoom-Out
$B200 00000001 00000000
$3201 000B9F8C 00000060
$0000 00000000 C4950000

_V0 Camera Excitebike
$B200 00000001 00000000
$3201 000B9F8C 00000060
$0000 00000000 00000000
$3201 000B9F8C 00000184
$0000 00000000 B0100000

_V0 Counter-Crash 0
$B200 00000001 00000000
$3002 00070B1C 000007B8
$0000 00000000 00000020
$0000 00000000 00000000

_V0 max.Points
$B200 00000001 00000000
$0200 00154DFC 45F30800

_V0 Multiplicator 77x
$B200 00000001 00000000
$0200 00154E00 429A0000
$0200 00154E04 44558000

_V0 Unlock all Tasks [Challenges]
$B200 00000001 00000000
$4201 00154EC8 00F00000
$0029 00000004 00000000

_V0 Deactivate Fog [ON-LSelect OFF-RSelect]
$B200 00000001 00000000
$C201 00000001 00000101
$0200 00064EB8 70600000
$C201 00000001 00000201
$0200 00064EB8 70500000

_V0 inf.max Money
$B200 00000001 00000000
$0200 00154DD4 4797E880

_V0 -------------------
$0000 00000000 00000000

_V0 [Note] some codes are not perfect and work after restart.
$0000 00000000 00000000

_V0 -------------------
$0000 00000000 00000000
Click to expand...
Going to test and see if they work with the PCSE00051 Build. A lot of the Codes will be awesome! :D
 
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
# Title: Urban Trial Freestyle
# ID: PCSE00051
# Region: US
# Version: 1.00
# Type: NoNpDrm
# Note: [noaslr.skprx] Plugin
# only for VitaCheat z06 and FW 3.65+
# Code Author: tomberyx
# PCSE00051

_V0 Hold UP to Fly
$B200 00000001 00000000
$C201 00000001 00000110
$3201 00247278 00000114
$0000 00000000 43C4BABE
$C201 00000001 00000210
$3201 00247278 00000114
$0000 00000000 43C4BABE
$C201 00000001 00000010
$3201 00247278 00000114
$0000 00000000 43C4BABE

_V0 Mega Speed 1 [push Right]
$B200 00000001 00000000
$C201 00000001 00000020
$3201 00247278 00000110
$0000 00000000 C5000000
$C201 00000001 00000020
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Mega Speed 2 [use D-PAD]
$B200 00000001 00000000
$C201 00000001 00000080
$3201 00247278 000009CC
$0000 00000000 C3000000
$C201 00000001 00000020
$3201 00247278 000009CC
$0000 00000000 43200000
$C201 00000001 00000080
$3201 00247278 000000DC
$0000 00000000 3F800000
$C201 00000001 00000020
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Instant Brake [hold Down]
$B200 00000001 00000000
$C201 00000001 00000040
$3201 00247278 00000110
$0000 00000000 00000000
$C201 00000001 00000040
$3201 00070BA8 000000DC
$0000 00000000 3F800000

_V0 Time-Freeze
$B200 00000001 00000000
$3202 00070B1C 000007B8
$0000 00000000 0000001C
$0000 00000000 00000000

_V0 Light-Speed [push Select]
$B200 00000001 00000000
$C101 00000001 00000001
$3201 00247278 00000110
$0000 00000000 C6000000

_V0 Low Gravity [hold X
$B200 00000001 00000000
$C201 00000001 00004000
$3201 00247278 00000114
$0000 00000000 42480000

_V0 Super-Flip [push UP-Down]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 00247278 0000011C
$0000 00000000 41A00000
$C201 00000001 00000040
$3201 00247278 000000DC
$0000 00000000 3F800000

_V0 Player-Size [use D-Pad]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 00247278 00001A7C
$0000 00000000 3FD00BAD
$C201 00000001 00000040
$3201 00247278 00001A7C
$0000 00000000 3F38C000
$C201 00000001 00000020
$3201 00247278 00001A7C
$0000 00000000 40800000
$0000 00000000 00000000
$B200 00000001 00000000
$C201 00000001 00000080
$3201 00247278 00001A7C
$0000 00000000 3F800000

_V0 Bike-Size [Long-Bike] A
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 3F800000
$3201 00070B10 000001FC
$0000 00000000 40000000

_V0 Bike-Size [Big 1] B
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 40000000

_V0 Bike-Size [Big 2]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9A8C 0000006C
$0000 00000000 40000000

_V0 Bike-Size [Reset A-B]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00070B10 0000006C
$0000 00000000 3F800000
$3201 00070B10 000001FC
$0000 00000000 3F800000

_V0 Tire-Mod 1
$B200 00000001 00000000
$3201 00247278 00000BE4
$0000 00000000 C36F0000

_V0 Tire-Mod 2
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BE8
$0000 00000000 C3600000

_V0 Tire-Mod Onewheel
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BE4
$0000 00000000 42900000

_V0 Tire-Mod Brocken
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000BF0
$0000 00000000 41B00000

_V0 Driver No-Driver
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 00000064
$0000 00000000 447A0000

_V0 Driver ASS-Driver
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 0000006C
$0000 00000000 40600000

_V0 Driver Yokozuna
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9DD0 0000007C
$0000 00000000 BFAA0000

_V0 Driver MegaPhone
$B200 00000001 00000000
$0000 00000000 00000000
$3202 000B9DD4 00000008
$0000 00000000 0000016C
$0000 00000000 41400000

_V0 Driver Big Head
$B200 00000001 00000000
$3201 000B9DD0 0000034C
$0000 00000000 40400000
$3201 000B9DD0 0000044C
$0000 00000000 41400000

_V0 [after-Crash] Brake Dance [use D-PAD]
$B200 00000001 00000000
$C201 00000001 00000010
$3202 0024704C 000002CC
$0000 00000000 000002A4
$0000 00000000 40200000
$C201 00000001 00000080
$3202 0024704C 000002CC
$0000 00000000 00000740
$0000 00000000 C2200000
$C201 00000001 00000020
$3202 0024704C 000002CC
$0000 00000000 00000740
$0000 00000000 42700000
$0000 00000000 00000000
$C201 00000001 00000040
$3202 0024704C 000002CC
$0000 00000000 00000C04
$0000 00000000 42340000

_V0 Big Exhaust
$B200 00000001 00000000
$0000 00000000 00000000
$3201 000B9A8C 0000008C
$0000 00000000 40A00000

_V0 Mega Suspension [Note]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000024
$0000 00000000 3B000000

_V0 Broken Suspension [Note]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 00000024
$0000 00000000 41500000

_V0 No Crash [Bug] [hold X]
$B200 00000001 00000000
$C201 00000001 00004000
$3201 00070B10 00000050
$0000 00000000 BCBE66A1

_V0 Suprise [Fun]
$B200 00000001 00000000
$0000 00000000 00000000
$3201 00247278 0000150C
$0000 00000000 40A00000
$3201 00247278 000017DC
$0000 00000000 40800000
$3201 00247278 0000127C
$0000 00000000 40800000
$3201 00247278 00000FDC
$0000 00000000 40800000

_V0 Camera Zoom-Out
$B200 00000001 00000000
$3201 000B9F8C 00000060
$0000 00000000 C4950000

_V0 Camera Excitebike
$B200 00000001 00000000
$3201 000B9F8C 00000060
$0000 00000000 00000000
$3201 000B9F8C 00000184
$0000 00000000 B0100000

_V0 Counter-Crash 0
$B200 00000001 00000000
$3002 00070B1C 000007B8
$0000 00000000 00000020
$0000 00000000 00000000

_V0 max.Points
$B200 00000001 00000000
$0200 00154DFC 45F30800

_V0 Multiplicator 77x
$B200 00000001 00000000
$0200 00154E00 429A0000
$0200 00154E04 44558000

_V0 Unlock all Tasks [Challenges]
$B200 00000001 00000000
$4201 00154EC8 00F00000
$0029 00000004 00000000

_V0 Deactivate Fog [ON-LSelect OFF-RSelect]
$B200 00000001 00000000
$C201 00000001 00000101
$0200 00064EB8 70600000
$C201 00000001 00000201
$0200 00064EB8 70500000

_V0 inf.max Money
$B200 00000001 00000000
$0200 00154DD4 4797E880

_V0 -------------------
$0000 00000000 00000000

_V0 [Note] some codes are not perfect and work after restart.
$0000 00000000 00000000

_V0 -------------------
$0000 00000000 00000000
 

Attachments

  • PCSE00051.rar
    1.3 KB · Views: 38
  • Like
  • Love
Reactions: protoye76, faythdus, Drizpeach and 2 others
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
wangtao03 said:
My English is very poor, I used the machine translation, I hope you can read it

I mean, the code works with ASLR
noaslr.skprx plugin does not work in this game
Step 1:Recording and Dumping
I recorded the data and dumped memory multiple times with ASLR, like this
View attachment 341345

Step 2:Moving Segment
Normal,Seg0 starts at 0x81000000
Seg0 ends followed by Seg1,
Seg1 ends followed by Memory data,
with ASLR Seg0 and Seg1 addresses are random,memory data is relatively fixed,
View attachment 341346
So we move the random Seg0 and SEG1 to the fixed position,keep memory data,
multiple dumps can be compared.
I am referring to eboot.bin to determine the fixed address of Seg0 and Seg1
View attachment 341347

Step 3: (important) Fix Pointer
record dump Seg0 and Seg1 shift offsets
subtract the corresponding offsets from the pointers to Seg0 and Seg1
For example in dump0
pointer 0x825BCAD4 points to 0x81040DC8
address 0x81040DC8 in the range of Seg0
Seg0 was moved from 0x81071FD0 to 0x81000000 when repairing,shift offset is 0x71FD0
the pointer 0x825BCAD4 should point from 0x81040DC8 to 0x80FCEDF8 (0x81040DC8-0x71FD0)

Finally, We eliminated the impact of ASLR on dumps by fixing,
make it possible to search for pointers belonging to Seg0 and Seg1 between multiple dumps to create B200 type code
View attachment 341348
Click to expand...

I have studied your work a bit, really good job. Everything is not new for me but certainly useful for newcomers. I want to tell you that this game has the typical pattern XYZ where only one number changes in the address but you know that already.

These patterns may not appear in certain ranges Sometimes the range 83-8F is not affected that means to find a correct pointer with TempAr is much more difficult but if the range 81-8F should always show the pattern XYZ then it is very easy to find stable codes.

Sometimes (most) several numbers can change not just one Number or completely change the address, but it will still be X Y or Z, just more complicated.)

These patterns XYZ are not avoidable and are active in almost all games.

Can these patterns help inside dumps? Yes, they are important to find the right code provided you have noaslr.skprx installed without this plugin you won't get a match in TempAr. But....

What does noaslr.skprx?
It keeps Seg0 and Seg1 stable so that always the same address remains otherwise it does nothing.

What is Aslr ?
This is a stab in the ass only noaslr.skprx can pull it out.

Again !
noaslr.skprx is only important for codes to find but not for consumers:-)
 
Last edited by tomberyx,
wangtao03

wangtao03

Member
Newcomer
Level 1
Joined
Jan 3, 2021
Messages
6
Trophies
0
Age
37
XP
74
Country
China
tomberyx said:
I have studied your work a bit, really good job. Everything is not new for me but certainly useful for newcomers. I want to tell you that this game has the typical pattern XYZ where only one number changes in the address but you know that already.

These patterns may not appear in certain ranges Sometimes the range 83-8F is not affected that means to find a correct pointer with TempAr is much more difficult but if the range 81-8F should always show the pattern XYZ then it is very easy to find stable codes.

Sometimes (most) several numbers can change not just one Number or completely change the address, but it will still be X Y or Z, just more complicated.)

These patterns XYZ are not avoidable and are active in almost all games.

Can these patterns help inside dumps? Yes, they are important to find the right code provided you have noaslr.skprx installed without this plugin you won't get a match in TempAr. But....

What does noaslr.skprx?
It keeps Seg0 and Seg1 stable so that always the same address remains otherwise it does nothing.

What is Aslr ?
This is a stab in the ass only noaslr.skprx can pull it out.

Again !
noaslr.skprx is only important for codes to find but not for consumers:-)
Click to expand...
You're absolutely right.
noaslr.skprx is really useful for code makers
unfortunately noaslr.skprx does not work in PCSG00488
I have read the source code of noaslr.skprx
noaslr.skprx plugin can only handle ASRL when the module is loaded by using SceKernelModulemgr
PCSG00488 uses the sceKernelAllocMemBlock to load the module
微信截图_20221206084539.png

that's why I wanted to share the method to help other coders
create code when noaslr.skprx plugin does not work

I also hope that other code makers will share new methods
Instead of simply saying "I'm using XXX, YYYY and ZZZZZ."
making it difficult for other coders to understand

by the way, I would like to ask,
is it allowed to show the process of decompiling and creating Arm code?
is there anything that is prohibited?
 
Last edited by wangtao03,
  • Like
Reactions: ILuvGames
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
Coming Soon !
Real Boxing (EU)
with deep Kick-Ass Code
3.png
1.png
4.png


Progress:
- Right Arm of Dead [push X]
Post automatically merged:

wangtao03 said:
You're absolutely right.
noaslr.skprx is really useful for code makers
unfortunately noaslr.skprx does not work in PCSG00488
I have read the source code of noaslr.skprx
noaslr.skprx plugin can only handle ASRL when the module is loaded by using SceKernelModulemgr
PCSG00488 uses the sceKernelAllocMemBlock to load the module
View attachment 341608
that's why I wanted to share the method to help other coders
create code when noaslr.skprx plugin does not work

I also hope that other code makers will share new methods
Instead of simply saying "I'm using XXX, YYYY and ZZZZZ."
making it difficult for other coders to understand

by the way, I would like to ask,
is it allowed to show the process of decompiling and creating Arm code?
is there anything that is prohibited?
Click to expand...
About XYZ ;
I have discussed this topic X times in this thread. But because you have potential I will explain it again. It is very simple to understand but very hard to see it.....

XYZ is the same as 81111111
81211111 81311111 (X1,Y2,Z3) here you can see that only one number changes up or down this number 1,2,3 I personally called XYZ to make it easier to understand ...(These numbers never go further than 1,2,3 (XYZ) but they often appear very complicated and unrecognizable..more below )

These numbers change by themselves and you have no influence.

But there are more possibilities how XYZ can appear, for example;
81356789 X
81345678 Y
81367890 Z
Or also
81567890 X
84234567 Y
86078z86 Z

Now the question is what is X and Y ?

(I would ignore the last letter Z in all games because it rarely appears and is just as useful as Xor Y).

It is almost impossible to tell what X or Y is unless it changes to ONE (1,2,3)number as described above, then you will know very quickly.

The last possibility is to have a second Psvita where one creates only X and the other Y so you have two dumps one with X and the other with Y so the chance is greater to find the right code with TempAr.

About PCSG0048
I can't imagine that it is not possible to find codes here, I have found B200 codes level 1 (3201...) in this game in the past without TempAr only with Vitacheat alone.


Last Part;
Yes it is allowed to show the process of decompiling and creating Arm codes.

Just do it and kick everything in the Ass ;-)
 

Attachments

  • 2.png
    2.png
    692 KB · Views: 29
Last edited by tomberyx,
  • Like
  • Love
Reactions: ILuvGames and Drizpeach
wangtao03

wangtao03

Member
Newcomer
Level 1
Joined
Jan 3, 2021
Messages
6
Trophies
0
Age
37
XP
74
Country
China
tomberyx said:
Coming Soon !
Real Boxing (EU)
with deep Kick-Ass Code
View attachment 341745View attachment 341746View attachment 341747

Progress:
- Right Arm of Dead [push X]
Post automatically merged:


About XYZ ;
I have discussed this topic X times in this thread. But because you have potential I will explain it again. It is very simple to understand but very hard to see it.....

XYZ is the same as 81111111
81211111 81311111 (X1,Y2,Z3) here you can see that only one number changes up or down this number 1,2,3 I personally called XYZ to make it easier to understand ...(These numbers never go further than 1,2,3 (XYZ) but they often appear very complicated and unrecognizable..more below )

These numbers change by themselves and you have no influence.

But there are more possibilities how XYZ can appear, for example;
81356789 X
81345678 Y
81367890 Z
Or also
81567890 X
84234567 Y
86078z86 Z

Now the question is what is X and Y ?

(I would ignore the last letter Z in all games because it rarely appears and is just as useful as Xor Y).

It is almost impossible to tell what X or Y is unless it changes to ONE (1,2,3)number as described above, then you will know very quickly.

The last possibility is to have a second Psvita where one creates only X and the other Y so you have two dumps one with X and the other with Y so the chance is greater to find the right code with TempAr.

About PCSG0048
I can't imagine that it is not possible to find codes here, I have found B200 codes level 1 (3201...) in this game in the past without TempAr only with Vitacheat alone.


Last Part;
Yes it is allowed to show the process of decompiling and creating Arm codes.

Just do it and kick everything in the Ass ;-)
Click to expand...
I think because of the language translation problem
We may not have understood each other's meaning

I read your previous discussion
I'm sure I know exactly what you mean by XYZ mode

what I'm sharing is converting a Y or Z dump to an X dump
The converted dump makes it easier to use the tool to search for useful pointers
 
Smoker1

Smoker1

Well-Known Member
Member
Level 16
Joined
Feb 17, 2015
Messages
5,035
Trophies
1
Location
California
XP
6,028
Country
United States
VitaCheat will work with the following Android ---> Vita Ports

GTA - Chinatown Wars (However a Known Search Attempt will crash the Game)
Bad Piggies (Also has a Cheat Menu Built In....my Copy does at least)
Mass Effect - Infiltrator (Has Cheat Menu Built In)
ShadowGun (for those that have the Chinese Build of it out there *Google is your Friend* )
==== Unknown Search seems to work. So Cheats should be able to get made.
==== Performing a Known Search, will cause Game to Crash
 
  • Like
Reactions: ILuvGames and tomberyx
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
Smoker1 said:
VitaCheat will work with the following Android ---> Vita Ports

GTA - Chinatown Wars (However a Known Search Attempt will crash the Game)
Bad Piggies (Also has a Cheat Menu Built In....my Copy does at least)
Mass Effect - Infiltrator (Has Cheat Menu Built In)
ShadowGun (for those that have the Chinese Build of it out there *Google is your Friend* )
==== Unknown Search seems to work. So Cheats should be able to get made.
==== Performing a Known Search, will cause Game to Crash
Click to expand...
I was not able to Open VitaCheat on Gta China. do you have any idea?
 
Smoker1

Smoker1

Well-Known Member
Member
Level 16
Joined
Feb 17, 2015
Messages
5,035
Trophies
1
Location
California
XP
6,028
Country
United States
tomberyx said:
I was not able to Open VitaCheat on Gta China. do you have any idea?
Click to expand...
I think it might be because I am using a Mod Version of the Game. Modded APKs can work. If it is not coming up for the Normal Build of it, either it wont work with Normal Builds, or the TitleID is incorrect. However.....
What I did was go into my ur0:tai/config.txt File, and under where all Plugins are Listed with the TitleIDs, I listed

*GTACTW000
ur0:tai/vitacheat.suprx

then Restart the System to take effect. Comes up with no Issues except if you do a Known Search
 
tomberyx

tomberyx

Well-Known Member
Member
Level 14
Joined
Jan 9, 2020
Messages
1,657
Trophies
2
XP
4,377
Country
Germany
I must say I have more than 20 games where I have no idea how to make stable codes. These games are something that do not harmonize with my logic.

It was not possible for me to scratch the ceiling, nothing worked. I wonder what is going wrong here....
One of the games is Helldiver, here is the end of Tomberyx...
I think here exists an unknown pattern that nobody knows without this unknown pattern it is not possible to get stable codes.

Probably the solution is in front of the nose but invisible...
Post automatically merged:

Smoker1 said:
I think it might be because I am using a Mod Version of the Game. Modded APKs can work. If it is not coming up for the Normal Build of it, either it wont work with Normal Builds, or the TitleID is incorrect. However.....
What I did was go into my ur0:tai/config.txt File, and under where all Plugins are Listed with the TitleIDs, I listed

*GTACTW000
ur0:tai/vitacheat.suprx

then Restart the System to take effect. Comes up with no Issues except if you do a Known Search
Click to expand...

ur0:tai/config.txt

*ALL
ur0:tai/InfiniteNet.suprx
ur0:tai/WDNR.suprx
ur0:Plugins/GoHANmem.suprx
ur0:tai/vitacheat.suprx

This is the right entry so you can launch Vita-Cheat on any game.

Unfortunately, you will soon find out that many games do not work properly with Vita cheat..

It is not possible to save cheats with Vita-cheat here you have to write down everything yourself and save everything manually.

Edit:
Not Possible to find codes, crap. Seems like it does not work in all ports...
 
Last edited by tomberyx,
  • Like
Reactions: Smoker1

Site & Scene News

Go to forum More news

Popular threads in this forum

Manhunt 2 PSP ALPHA 0.01 Build - proplem over Adrenalin VITA/PSTV

Hacking  Extract song from a Vita theme

PS Vita Battery Won't Charge Past 81%

Unpacking/Extracting .arc files

Gaming Homebrew  Cave Story PS Vita port (based on CSE2)

For All Of Us That Own A PS Vita, What Kind Of Case Do You Have For It, If Any At All???

PSTV henkaku: Vitashell 2.04 Select button only uses FTP, refuses to switch to USB mode

Misc Translation  TRANSLATION HELP: Re:Zero kara Hajimeru Isekai Seikatsu -Death or Kiss

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: https://youtu.be/MddR6PTmGKg?si=mU2EO5hoE7XXSbSr