Hacking VitaCheat/FinalCheat Database

eighthdayregret · May 19, 2020

16mpx said:
Hi,

for the game Unit 13, invincibility is a pointer value. For the first mission, with three dumps I managed to find it. But strange enough, this pointer is not working for the other levels. So, how should I understand this ? Do I really need to find a pointer for each level (which is a bit difficult) or can there be another solution, any suggestions ?

If it's anything like a Rockstar game, you might actually have a whole lot of pointers you might need to work with. Or multiple levels.
It's a good sign that the pointer you do have doesn't freeze the game. It means it could potentially be part of the equation.

16mpx · May 19, 2020

Yohoki said:
1 pointer should be enough, but you need better data. Make dumps from a few different levels to add variety to the dumps, then find 1 pointer that works for all of the levels.

let me try this approach, thanks for the suggestion.

--------------------- MERGED ---------------------------

eighthdayregret said:
If it's anything like a Rockstar game, you might actually have a whole lot of pointers you might need to work with. Or multiple levels.
It's a good sign that the pointer you do have doesn't freeze the game. It means it could potentially be part of the equation.

this is what I am afraid of, and yes pointer I found does not freeze the game for different levels.

Yohoki · May 19, 2020

16mpx said:
let me try this approach, thanks for the suggestion.

--------------------- MERGED ---------------------------

this is what I am afraid of, and yes pointer I found does not freeze the game for different levels.

You don't normally need several pointers if done correctly. But he is right that it may require another level deeper. If you didn't go to level 2 pointers, you'll probably need to.

Tartaros · May 20, 2020

Cheats for [PCSE01416] Thy Sword, Please?? '-'

eighthdayregret · May 21, 2020

Tartaros said:
Cheats for [PCSE01416] Thy Sword, Please?? '-'

Working on them as we speak.

Darkmaestro · May 21, 2020

# PCSB00408 Dragon Crown Eur 1.09

_V0 Infinite Durability Weapon Slot 1
$3201 81EFE578 000001F8
$3300 00000000 0006DDD0
$3201 81EFE578 000001FC
$3300 00000000 0006DDD0

eighthdayregret · May 21, 2020

Yohoki said:
You don't normally need several pointers if done correctly. But he is right that it may require another level deeper. If you didn't go to level 2 pointers, you'll probably need to.

Eh... No. If you look at previous generation cheat programs, games like GTA, God of War, Red Dead Redemption, the Batman Arkham games, etc have some pretty monstrous codes. Some GTA codes are 30-something lines long with lots of different pointers, not just the multi-level kind.

Also, if you're trying to make codes for a game, such as Thy Sword, that uses 64-bit values, make sure you don't be a f**king dumbass like I have been.

You'll probably make a code that's 32-bit (since the second half of the value is gonna be all series anyway) but make sure to search for the origination address, not what you're modifying.
So, like for The Sword, if this is one of your addresses:
_V0 Inf Health
$0200 85213768 401C0000

Remember that when you search for the pointer use the address 4h lower, which would be 85213764, since that's where the value actually starts.

I've known this for two years, but have forgotten and given up like a bajillion times.

Also, this:

Code:

# PCSE00463
# Title: Soldner-X 2: Final Prototype
# Region: USA
# Version: 1.00
# Type: PSN/NoNpDrm
# Code Author: eighthdayregret
# Credits: eighthdayregret, monodevil for info on memory segmentation
# Source: https://eighthsregrets.blogspot.com/2020/05/pcse00463-soldner-x-2-final-prototype.html
# Note: Requires VitaCheat version z06beta and 3.65+ firmware.



_V0 Infinite Lives
$B200 00000001 00000000
$0000 018C1A40 00000006

_V0 Infinite Ship Health
$B200 00000001 00000000
$0200 018C1A44 00000400
$0200 018C1A48 00000400

_V0 All Weapons Maxed
$B200 00000001 00000000
$4200 018C1A44 00000400
$000F 00000004 00000000

_V0 Always Have Shock Wave
$B200 00000001 00000000
$0000 018C1C4F 00000001

_V0 Limit Attack Always Ready
$B200 00000001 00000000
$0000 018C1C12 00000003

_V0 Always S-Rank
$B200 00000001 00000000
$0100 018C1C58 00003800

_V0 Max Multiplier
$B200 00000001 00000000
$0100 018C1B8C 0000270F

_V0 S-Rank at End of Level
$B200 00000001 00000000
$4201 018C1BDC 00003A98
$0005 000000004 00000000

_V0 Chain Clock Doesn't Decrease
$B200 00000001 00000000
$0100 018C1B50 00008000

_V0 SELECT to Fill Chain Meter
$C202 00000000 00000001
$B200 00000001 00000000
$0200 018C1B60 00000400

CrossOut · May 24, 2020

Is there anyone that can find codes for Minecraft, PAL, version 1.84, nonpdrpm. I am having a lot of trouble finding the right values and it may be something beyond my skill level. Any help would be fantastic.

Yohoki · May 25, 2020

eighthdayregret said:
Eh... No. If you look at previous generation cheat programs, games like GTA, God of War, Red Dead Redemption, the Batman Arkham games, etc have some pretty monstrous codes. Some GTA codes are 30-something lines long with lots of different pointers, not just the multi-level kind.]

I took a loot at the GoW and another game that used a 61 level pointer a while back. They don't actually need 30+ line pointers or super high offsets.... Looking at some of these codes in HxD I realized that they were stuck in pointer loops. It was a pointer that kept pointing back to itself over and over and then finally jumped out of the loop to a correct area... Like, sure, it worked, but the bulk of the code was actually useless... Most every code can be made with pointer levels 1-3 with offsets of between -4000 - +4000

eighthdayregret · May 25, 2020

Tartaros said:
Cheats for [PCSE01416] Thy Sword, Please?? '-'

Alright, so Thy Sword is a no-go for me.
After a total of 18 dumps, I found one green pointer that doesn't work.
But the value you're looking for are easy to find, level by level (and they DO change level by level).

The values are actually 64-bit float values, but you can search for them as 32.
Depending on your HP (starting amount is 6, I believe), your first search should be for 40180000. If your starting HP is 7, it's 401C0000.
Here are the values for possible searches after taking damage:

Code:

1 = 3FF00000
2 = 40000000
3 = 40080000
4 = 40100000
5 = 40140000
6 = 40180000
7 = 401C0000

All values in the game should take no more than two searches.
For help with other values, like money and arrows, use this page here to convert the value to 64-bit values:
https://babbage.cs.qc.cuny.edu/IEEE-754.old/Decimal.html

Yohoki · May 25, 2020

eighthdayregret said:
Alright, so Thy Sword is a no-go for me.
After a total of 18 dumps, I found one green pointer that doesn't work.
But the value you're looking for are easy to find, level by level (and they DO change level by level).

The values are actually 64-bit float values, but you can search for them as 32.
Depending on your HP (starting amount is 6, I believe), your first search should be for 40180000. If your starting HP is 7, it's 401C0000.
Here are the values for possible searches after taking damage:

Code:

1 = 3FF00000 2 = 40000000 3 = 40080000 4 = 40100000 5 = 40140000 6 = 40180000 7 = 401C0000

All values in the game should take no more than two searches.
For help with other values, like money and arrows, use this page here to convert the value to 64-bit values:
https://babbage.cs.qc.cuny.edu/IEEE-754.old/Decimal.html

is it a b200 thing?

eighthdayregret · May 25, 2020

Yohoki said:
is it a b200 thing?

If it is (which by the value locations, it doesn't seem to be), then it's gonna be a combination of B200 codes and pointers that point outside of that data seg. That's the only thing I can think of, unless it's going to be disgusting high-level pointers.

EDIT: truth be told, I've found no working pointers for any game that uses 64-bit values, whether I use the first 8 digits as my search, or the second 8.

Yohoki · May 25, 2020

That kind of issue (only finding broken green pointers) is usually either b200 codes are needed, or it's that weird DMA again and you actually need 2 different pointers...

eighthdayregret · May 25, 2020

Yohoki said:
That kind of issue (only finding broken green pointers) is usually either b200 codes are needed, or it's that weird DMA again and you actually need 2 different pointers...

One thing I haven't tried is searching and dumping in different sessions.
What I mean is, the values change any time you change setpieces. Each stage is 5 (or more ) days, and the value changes every day. So I searched and dumped every day, but in the same session.
Maybe I need to search/dump then close the game and do it again?
How do you think I should proceed?

There are too many games that seem to do this. I think Shantae is another. You have some values that (I believe) you can get working with B200 codes (like number of items in inventory), but health and magic are regular pointers, it seems.
If the pointer to health and other dynamic values is in one of the segs and itself requires a B200 code, that's above my skill level to find, and based on Last Blade 2 (which uses pointers and seg1), the TempAR and Universal Pointer Searcher can't seem to find them, even if you just dump seg1 by itself.

Yohoki · May 25, 2020

eighthdayregret said:
One thing I haven't tried is searching and dumping in different sessions.
What I mean is, the values change any time you change setpieces. Each stage is 5 (or more ) days, and the value changes every day. So I searched and dumped every day, but in the same session.
Maybe I need to search/dump then close the game and do it again?
How do you think I should proceed?

There are too many games that seem to do this. I think Shantae is another. You have some values that (I believe) you can get working with B200 codes (like number of items in inventory), but health and magic are regular pointers, it seems.
If the pointer to health and other dynamic values is in one of the segs and itself requires a B200 code, that's above my skill level to find, and based on Last Blade 2 (which uses pointers and seg1), the TempAR and Universal Pointer Searcher can't seem to find them, even if you just dump seg1 by itself.

Pointers inside a seg section would be impossible to scan for in TempAR or UPS.... sorta.... As I was reading your post, I was absolutely certain I was going to say that's just not hackable.......... But now I'm thinking it might be possible to hack.....

In Cheat engine, we can load the dumps and use Cheat Engine's tools to help us... One of the tools that's probably the most helpful in this case is the "Dissect data/structures" tool. With that, we could set the area to be dissected as the beginning of seg0/seg1. CE will then make a list of all addresses in that area, and "usually" can pick out pointers. That would give us a list of pointers in that area and we could compare that to the code we need and see if any of them are pointing nearby.... I don't see any reason why that wouldn't work, but I haven't tried it.

God dammit, I hate when you guys give me ideas that completely change everything I've ever thought about life. XD

eighthdayregret · May 25, 2020

Yohoki said:
Pointers inside a seg section would be impossible to scan for in TempAR or UPS.... sorta.... As I was reading your post, I was absolutely certain I was going to say that's just not hackable.......... But now I'm thinking it might be possible to hack.....

In Cheat engine, we can load the dumps and use Cheat Engine's tools to help us... One of the tools that's probably the most helpful in this case is the "Dissect data/structures" tool. With that, we could set the area to be dissected as the beginning of seg0/seg1. CE will then make a list of all addresses in that area, and "usually" can pick out pointers. That would give us a list of pointers in that area and we could compare that to the code we need and see if any of them are pointing nearby.... I don't see any reason why that wouldn't work, but I haven't tried it.

God dammit, I hate when you guys give me ideas that completely change everything I've ever thought about life. XD

Well, minus the Cheat Engine part, I DID do that. If you use the Unsafe Cross Memory dumping option, you can actually dump seg1 EXACTLY. Down to the byte.
That did not produce any results in any game I've tried that uses seg1 and pointers. One idea I kinda had was, okay...
So seg1 codes mean you have to subtract the starting address. 81526570 minus 812000DC0 becomes 003257B0 or whatever. So you'd think, "Okay, so it's gonna point to a 00325### address," but it actually points to a 815##### address, somehow. Still in the same data segment, but not represented the same way, therefore not throwing out results.

I dunno. I dunno shit about f**k when it comes to this stuff.

PSP was so f**king much easier...

Also, I find that a lot pf the games that use seg1 games are ports from other systems, like Neo Geo.
Also, a LOT of games published by NIS America use them, which tells me that their use of seg1 probably stems solely from localization, and nothing more. All data is the same, just the text has to be loaded from somewhere else.

One last thing... There is one more thing we haven't account for, and I dunno how to use: B200
Those zeroes don't Have to be zeroes. They can be used to point to different modules loaded in memory.

Yohoki · May 25, 2020

eighthdayregret said:
Well, minus the Cheat Engine part, I DID do that. If you use the Unsafe Cross Memory dumping option, you can actually dump seg1 EXACTLY. Down to the byte.
That did not produce any results in any game I've tried that uses seg1 and pointers. One idea I kinda had was, okay...
So seg1 codes mean you have to subtract the starting address. 81526570 minus 812000DC0 becomes 003257B0 or whatever. So you'd think, "Okay, so it's gonna point to a 00325### address," but it actually points to a 815##### address, somehow. Still in the same data segment, but not represented the same way, therefore not throwing out results.

I dunno. I dunno shit about f**k when it comes to this stuff.

PSP was so f**king much easier...

Also, I find that a lot pf the games that use seg1 games are ports from other systems, like Neo Geo.
Also, a LOT of games published by NIS America use them, which tells me that their use of seg1 probably stems solely from localization, and nothing more. All data is the same, just the text has to be loaded from somewhere else.

I wouldn't use the unsafe dump for this. Cheat engine can isolate the seg0/seg1 from a whole dump if you tell it to... and then it still has access to the whole dump for other things... Like this:

Here, I've used an entire dump (81 thru 8d), and loaded it all into Cheat Engine. From there, I opened the "Dissect structures/data" and set the starting point to dissect as seg1's address and the amount to dissect to seg1's size. That let me see everything in seg1 and still follow pointers easily.

In fact, for this game, it DOES look like this particular dump has 1 pointer.... seg1+77D4 -> +3870 -> +F04. So, I could try this code:

Code:

_V0 Adol Inf HP
$B200 00000001 00000000
$3202 000077D4 00003870
$3200 00000000 00000F04
$3300 00000000 FFFFFFFF

So, even though the pointer starts in Seg1 and seg1 moves around, a pointer can still be found.

--------------------- MERGED ---------------------------

........ I hate you right now...... do you know how long I've been working on Ys VIII?

eighthdayregret · May 25, 2020

Yohoki said:
I wouldn't use the unsafe dump for this. Cheat engine can isolate the seg0/seg1 from a whole dump if you tell it to... and then it still has access to the whole dump for other things... Like this:
View attachment 210558
Here, I've used an entire dump (81 thru 8d), and loaded it all into Cheat Engine. From there, I opened the "Dissect structures/data" and set the starting point to dissect as seg1's address and the amount to dissect to seg1's size. That let me see everything in seg1 and still follow pointers easily.

In fact, for this game, it DOES look like this particular dump has 1 pointer.... seg1+77D4 -> +3870 -> +F04. So, I could try this code:

Code:

_V0 Adol Inf HP $B200 00000001 00000000 $3202 000077D4 00003870 $3200 00000000 00000F04 $3300 00000000 FFFFFFFF

So, even though the pointer starts in Seg1 and seg1 moves around, a pointer can still be found.

...you might hafta make a tutorial for that, haha.
Might give it a try.

Why do you hate me, haha?

Yohoki · May 25, 2020

I released codes in march 2019 for Ys VIII and EVERYONE said they didn't work..... I couldn't figure out why and I just tried that Adol code in 3 of my own dumps and 2 from other people and they just all work now.... A pointer rooted in seg1 just fixed it all.

I literally gave up on these codes and didn't even finish the game, because I'd start playing and be like, "What if I tried this???"

Now I'mma have to start hacking it again. XD

I'll def have to make a tutorial. Pictures needed for sure.

--------------------- MERGED ---------------------------

It works.... I can't freaking believe it. I was all ready to tell you "No, we can't find a pointer in the Seg0/1 area. That's impossible."

And yet, here I am on the Vita with a code working. You really can do a B200 code + Pointer... And it was actually fairly simple.... Although, I did have a little cheat sheet from codes I had already made. But, for a proof of concept, I'd say we did it.

eighthdayregret · May 25, 2020

Yohoki said:
I released codes in march 2019 for Ys VIII and EVERYONE said they didn't work..... I couldn't figure out why and I just tried that Adol code in 3 of my own dumps and 2 from other people and they just all work now.... A pointer rooted in seg1 just fixed it all.

I literally gave up on these codes and didn't even finish the game, because I'd start playing and be like, "What if I tried this???"

Now I'mma have to start hacking it again. XD

I'll def have to make a tutorial. Pictures needed for sure.

--------------------- MERGED ---------------------------

It works.... I can't freaking believe it. I was all ready to tell you "No, we can't find a pointer in the Seg0/1 area. That's impossible."

And yet, here I am on the Vita with a code working. You really can do a B200 code + Pointer... And it was actually fairly simple.... Although, I did have a little cheat sheet from codes I had already made. But, for a proof of concept, I'd say we did it.

I'm fucking awesome.
Well, my STUPIDITY is fucking awesome.
I knew it. I knew there was a seg1/pointer... thing. I was talking to @monodevil about it a while back, but I couldn't figure out how to implement what I was thinking.
If your strategy can be consistently successful, you just totally broke apart the main issue in Vitacheat code hacking.

Hacking VitaCheat/FinalCheat Database

fnerrrrrrrrrr!

Member

Well-Known Member

Well-Known Member

fnerrrrrrrrrr!

Member

fnerrrrrrrrrr!

Well-Known Member

Well-Known Member

fnerrrrrrrrrr!

Well-Known Member

fnerrrrrrrrrr!

Well-Known Member

fnerrrrrrrrrr!

Well-Known Member

fnerrrrrrrrrr!

Well-Known Member

fnerrrrrrrrrr!

Well-Known Member

fnerrrrrrrrrr!

Similar threads

Popular threads in this forum