Hacking VitaCheat/FinalCheat Database

Yohoki said:

https://gbatemp.net/search/2790648/?q=resogun&t=post&c[thread]=485343&o=relevance
There IS a search button.

Click to expand...

Yohoki said:

I'm quite confident in my answer, that it is NOT there in at least one dump, but present in the other 5. I typically use HxD or Cheat Engine to inspect pointers. But that requires getting comfortable with HEX and raw data, which I'm aware not everyone is going to have fun with. If you have noASLR installed for all of those dumps, find a different pointer. It's probably not a good one. It's highlighted, so it IS in the seg1 range, but it's not a valid pointer in one of your dumps, meaning it's going to fail at times.

I get that "sometimes" these bad pointers work most of the time, and may even seem to work 100% of the time when we check it. But, you've no idea what the pointer is and what it's doing when that pointer isn't right. Maybe it's doing nothing. Maybe it writes to a useless part of memory, but also just as likely is maybe it's writing to a part of your savegame (corrupt save data)
or maybe it writes to a system file (game crash or worse).

It's better to find a good pointer if you have the option. I'd rather dig a bit better and explore other options than release a code that I already know isn't perfect.


It's probably possible, but it's not currently coded into vitacheat. But if you want more options, I don't think there's a limit to how many buttons you use in a code. Like, you should be able to make it L+R+[ ]+X.... Nothing's stopping you, that I know of.



......Are you trying to temp me? XD

If you're going to do one, I found a list here that has some Top 10 (really more like 15) of their games on Vita. Unless you had a better idea, these would be a good place to start.

Specifically, this "Super Destronaut DX".... It should be possible to make a code that lets you scroll through weapon types. I did something similar on a few games, like "Plants vs Zombies" and "Birth of Isaac"..... The method was like this:

I hacked a value into a code cave,
Tracked that value
Used b200 to target vitacheat's Seg1
Made Changed the value part of the code in seg1
Use b200 to switch back to the game's seg0/1
Write the new, Changed value to the game

It's pretty complex, but can do some really cool stuff if done right. I detailed it on my PvZ PSV file: https://github.com/r0ah/vitacheat/blob/master/db/PCSE00064.psv

Spoiler: Item Select Code

Code:

_V0 --Square plus DPad Swaps Plants
### Initialize
#Check if 81888000 is blank
$D201 81888000 00000000
#Write normal data to 81888000 (05000100)
$0200 81888000 00010005
##End
#
### Controller Combo
#Check LB is 0
$D003 81888003 00000000
#Check Controller for R+Sq
$C202 00000001 00008020
#Mov single bit left
$5000 81888001 81888002
#Set LB to 1
$0000 81888003 00000001
##End
#
### Controller Combo
#Check LB is 0
$D003 81888003 00000000
#Check Controller for L+Sq
$C202 00000001 00008080
#Mov single bit right
$5000 81888001 81888000
#Set LB to 1
$0000 81888003 00000001
##End
#
#
### Apply Selection
#Check LB is 1
$D007 81888003 00000001
#Check S1 for 0x00
$D006 81888001 00000000
#Apply Set 0 to P.Compression
$7002 815FC1F0 00000E9C
$7200 00000000 00000090
$7702 00000000 00000000
$0008 00000074 00000001
#Set Normal Data to Set 0
$0000 81888000 00000005
$0000 81888002 00000001
##End
### Apply Selection
#Check LB is 1
$D007 81888003 00000001
#Check S1 for 0x00
$D006 81888001 00000001
#Apply Set 0 to P.Compression
$7002 815FC1F0 00000E9C
$7200 00000000 00000090
$7702 00000000 00000008
$0008 00000074 00000001
#Set Normal Data to Set 0
$0000 81888000 00000000
$0000 81888002 00000002
##End
### Apply Selection
#Check LB is 1
$D007 81888003 00000001
#Check S1 for 0x00
$D006 81888001 00000002
#Apply Set 0 to P.Compression
$7002 815FC1F0 00000E9C
$7200 00000000 00000090
$7702 00000000 00000010
$0008 00000074 00000001
#Set Normal Data to Set 0
$0000 81888000 00000001
$0000 81888002 00000003
##End
### Apply Selection
#Check LB is 1
$D007 81888003 00000001
#Check S1 for 0x00
$D006 81888001 00000003
#Apply Set 0 to P.Compression
$7002 815FC1F0 00000E9C
$7200 00000000 00000090
$7702 00000000 00000018
$0008 00000074 00000001
#Set Normal Data to Set 0
$0000 81888000 00000002
$0000 81888002 00000004
##End
### Apply Selection
#Check LB is 1
$D007 81888003 00000001
#Check S1 for 0x00
$D006 81888001 00000004
#Apply Set 0 to P.Compression
$7002 815FC1F0 00000E9C
$7200 00000000 00000090
$7702 00000000 00000020
$0008 00000074 00000001
#Set Normal Data to Set 0
$0000 81888000 00000003
$0000 81888002 00000005
##End
### Apply Selection
#Check LB is 1
$D007 81888003 00000001
#Check S1 for 0x00
$D006 81888001 00000005
#Apply Set 0 to P.Compression
$7002 815FC1F0 00000E9C
$7200 00000000 00000090
$7702 00000000 00000028
$0008 00000074 00000001
#Set Normal Data to Set 0
$0000 81888000 00000004
$0000 81888002 00000000
##End
#
#
### Reset to normal State
#Check LB is 1
$D002 81888003 00000001
#Check Controller for Sq alone
$C201 00000001 00008000
#Set LB to 0
$0000 81888003 00000000
##End
### Reset to normal State
#Check LB is 1
$D002 81888003 00000001
#Check Controller for L alone
$C201 00000001 00000080
#Set LB to 0
$0000 81888003 00000000
##End
### Reset to normal State
#Check LB is 1
$D002 81888003 00000001
#Check Controller for R alone
$C201 00000001 00000020
#Set LB to 0
$0000 81888003 00000000
##End

Click to expand...

monodevil said:

Feels like finding pointers now went from finding a needle in a hay tack to finding a speck of dirt in a hay stack. Back to Freedom Wars and using noaslr.skprx.

Spoiler: Search

View attachment 329566

I pulled all nighters trying to find just "something" even with 100k offsets and still nothing. So my only clue was that maybe a couple of my dumps are bad seeing as I can only find pink/purple ones but I found that strange because I'm usually careful when it comes to making dumps.

So before I decided to make more dumps I took a peek with hxd and noticed that things were a complete mess of addresses. While I did have the right addresses and the dumps were "correct", the addresses above and below were all random strings in various sizes with no kind of pattern or anything in each dump. I then categorized the bad dumps(3 and 5) with the good dumps to see if I could get all 6 matching dumps and sure enough I did but took me 4 more dumps just to get 2 more good dumps.

Spoiler: Search 2

View attachment 329641

So either:
1) this game is still swapping memory sections even with ASLR off and still needs a condition. The old condition I had been using probably isn't it anymore since ASLR is off and have to find a new one.

2) vitacheat jumbles up the addresses when its searching or creating dumps.

For 1) I tried seeing if the bad dumps would match in tempAR but so far I haven't found anything yet. I still need to dig deeper though. For 2) Freedom Wars is really strange with it address where sometimes when making dumps during missions, enemies and party members would randomly fly or drop in random places on the map. Basically weird things start to happen when you make dumps during missions.

I worked with this game with @Yohoki years ago and end the end, it still feels like I'm doing the same thing we did with the previous codes done with ASLR on. Just fewer results to look for.

Code:

# PCSA00147 Freedom Wars US

# Version 1.22 + all the DLC

_V0 Infinite Max Ammo 2nd weapon slot
$B200 00000001 00000000
$3203 003D72BC 00000048
$3200 00000000 00000028
$3200 00000000 000003BC
$3300 00000000 000003E7

I haven't done much testing with that code as I'm burned out at the moment, plus carpel tunnel but this is the Infinite Max Ammo I was going to make years ago and never got around to it. I made an Infinite current Ammo years ago but that ended up crashing the game after using it for too long. I don't think the game could handle shooting that much ammo for too long so it could crash. Infinite Max Ammo should be a better code. Hate that I still need to do this for the 1st slot.

Click to expand...

XMYDL said:

That's a bit weird! I was learning using offsets specifying program code's location in eboot.bin.

In eboot.bin, it shows that (for example) 0x808 is the right offset, while it only appeared 3 times(I guess) in TempAR. I'd already ignored +-1 address and used the other addresses.

Click to expand...

Yohoki said:

hmm... I take it you're searching in IDA or something?

If that's the case, the pointer should be right. I did something similar in Ghidra with one of the lego games. I don't know why it would disappear in the dumps sometimes.

Where do you have noASLR plugin installed? I've put it directly under *KERNEL, so it's the first plugin loaded. Maybe if you put it last some programs will still load with ASLR enabled?

Click to expand...

Yohoki said:

Remind me where dlc is stored? I know I still have v1.22 installed, but I don't remember how to tell if I have any DLC installed or not.

I'll probably start with DLC off for initial testing anyway. I just can't remember if I have the DLC on currently... It's been a few years since i've touched my vita. lol Mainly my kids have played on it.

Click to expand...

monodevil said:

In the folder that contains the "app" folder, there should be a "addcont" folder where all of your DLC's are stored. Just look for PCSA00147 in that folder. As for how many DLC's, it seems like there's 45 folders so 45 DLCs I'm guessing. I just picked up whatever was on NPS_Browser.

Click to expand...

monodevil said:

Feels like finding pointers now went from finding a needle in a hay tack to finding a speck of dirt in a hay stack. Back to Freedom Wars and using noaslr.skprx.

Spoiler: Search

View attachment 329566

I pulled all nighters trying to find just "something" even with 100k offsets and still nothing. So my only clue was that maybe a couple of my dumps are bad seeing as I can only find pink/purple ones but I found that strange because I'm usually careful when it comes to making dumps.

So before I decided to make more dumps I took a peek with hxd and noticed that things were a complete mess of addresses. While I did have the right addresses and the dumps were "correct", the addresses above and below were all random strings in various sizes with no kind of pattern or anything in each dump. I then categorized the bad dumps(3 and 5) with the good dumps to see if I could get all 6 matching dumps and sure enough I did but took me 4 more dumps just to get 2 more good dumps.

Spoiler: Search 2

View attachment 329641

So either:
1) this game is still swapping memory sections even with ASLR off and still needs a condition. The old condition I had been using probably isn't it anymore since ASLR is off and have to find a new one.

2) vitacheat jumbles up the addresses when its searching or creating dumps.

For 1) I tried seeing if the bad dumps would match in tempAR but so far I haven't found anything yet. I still need to dig deeper though. For 2) Freedom Wars is really strange with it address where sometimes when making dumps during missions, enemies and party members would randomly fly or drop in random places on the map. Basically weird things start to happen when you make dumps during missions.

I worked with this game with @Yohoki years ago and end the end, it still feels like I'm doing the same thing we did with the previous codes done with ASLR on. Just fewer results to look for.

Code:

# PCSA00147 Freedom Wars US

# Version 1.22 + all the DLC

_V0 Infinite Max Ammo 2nd weapon slot
$B200 00000001 00000000
$3203 003D72BC 00000048
$3200 00000000 00000028
$3200 00000000 000003BC
$3300 00000000 000003E7

I haven't done much testing with that code as I'm burned out at the moment, plus carpel tunnel but this is the Infinite Max Ammo I was going to make years ago and never got around to it. I made an Infinite current Ammo years ago but that ended up crashing the game after using it for too long. I don't think the game could handle shooting that much ammo for too long so it could crash. Infinite Max Ammo should be a better code. Hate that I still need to do this for the 1st slot.

Click to expand...

tomberyx said:

Can Somebody test this Code ?

# Title: Dragon Quest Heroes II
# ID: PCSG00820
# Region: Jap
# Version: 1.09

_V0 Tomberyx Army of Dead [push LRX]
$B200 00000001 00000000
$C201 00000001 00004300
$3201 000081F0 04E53C0C
$0000 00000000 00000002

Click to expand...

tomberyx said:

Codes for Ys8
From XMYDL Member

_V0 Inf.HP&LV99&STR/DEF9999
$B200 00000000 00000000
$A200 00133B64 F82CF205
$A200 00338BC0 0054F8D4
$A100 00338BC4 00002801
$A100 00338BC6 0000D116
$A100 00338BC8 00002063
$A200 00338BCA 0EFCF8C4
$A200 00338BCE 5070F45F
$A200 00338BD2 601CF2C4
$A200 00338BD6 0F00F8C4
$A200 00338BDA 0F04F8C4
$A200 00338BDE 0F08F8C4
$A200 00338BE2 0F0CF8C4
$A200 00338BE6 30F0F242
$A200 00338BEA 1074F6C4
$A200 00338BEE 0F24F8C4
$A200 00338BF2 0EFCF9B4
$A100 00338BF6 00004770

_V0 SP skill Inf.
$B200 00000000 00000000
$A100 0013A5B2 0000BF00

_V0 Skill EXP Inf.
$B200 00000000 00000000
$A100 0013A680 0000BF00

_V0 Item MAX
$B200 00000000 00000000
$A100 001ADEFE 0000BF00
$A100 001ADF00 00000003

Would like to see if these codes have anything in common with our....

I am sending these codes just to have a comparison.
Maybe it is possible to learn something...

I have the feeling that Seg 0 is very important more than Seg1 I try to recognize patterns,...
we are now used to work with Seg1 but totally forget about Seg0 and the possibilities....
I have not had a good experience with Seg0 but would like to know why it is so... I think we should pay more attention to Seg0 and maybe we can benefit from it...

Click to expand...

If (PlayerIsHit)
{ PlayerHP = PlayerHP-1 }

If (PlayerIsHit)
{ PlayerHP = PlayerHP}

Povos said:

I get an error, when I open Vitacheat in the game, all the memory is xxxxxxxxx and I try to search data, after returning to the game, the game immediately force closes, and the not paused.

Btw I'm playing MS Gundam ExvF PCSE00915View attachment 330038

Click to expand...

tomberyx said:

Do not activate codes permanent! Deactivate every code and save it.
Do not play with red XXX its only for adults you are not prepared for it.

Send codes here to check.

Click to expand...

Povos said:

There is no code, the game not paused when i use vitacheat, and get error when i come back from vitacheat.

Click to expand...