#FEGecko: Trainer GUI for Tokyo Mirage Sessions #FE

Discussion in 'Wii U - Hacking & Backup Loaders' started by MiMiCAX, Jul 11, 2016.

  1. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    Some of you may know XCXGecko. Well, I've begun some work towards a similar tool for #FE, called SFEGecko. You can get the latest release here (look for version number starting with sfe###, e.g. sfe0.2).

    Q: how to run this?
    A: please read through forum posts on XCXGecko

    Q: does this work with / without Loadiine?
    A: I had successfully tested it with Loadiine v3 and GX2 v0.3 on 5.3.2. GX2 version on 5.3.2 will require a different offset (0x1140 I think). It SHOULD work with disc too (but see next Q).

    Q: why are the codes not working?
    A: you will need to choose an appropriate offset for all code address that works for your Wii U OS + Loadiine version + game region. There's a 'Offset:' dropdown combobox in the top toolbar where you can choose different offsets.

    Q: but what if none of those offsets work?
    A: You can use "Global Address Offset" tab or another tool like Gecko.NET to find the appropriate offset for your setup. See instructions here.

    Q: can you make a code for X?
    A: maybe... I have limited time these days, so it'll be better if you PM me the code for X and I can add it to the list.

    Q: I want to help you add more codes
    A: PM me and we can talk :)

    Q: I added an item/performa item/clothing, but it's not working with Tiki / showing a blank icon?
    A: you need to get at least 1 of said item legally in-game first.

    Q: what are your planned features?
    A: I'll try to implement some of the following features every weekend:
    - actual character tab (like XCXGecko)
    - fix Melmark
    - find max legit value for Stage Rank Exp
    - mapping out all items/performa items/key items
    - look for ways to obtain weapon, increase their +#, and update their experience
    - accessories

    Enjoy!
     
    Last edited by MiMiCAX, Jul 16, 2016
    Darcia, Pachee, Phantom90 and 6 others like this.
  2. VinLark

    VinLark This machine kills bourgeois sentimentality.

    Member
    4,165
    4,953
    Jun 11, 2016
    Trinidad and Tobago
    Psychosystem Denomination
    Woah this is pretty awesome Not if I only had a SD card big enough to hold Tokyo Mirage. There only needs to be a Sm4sh trainer now.
     
  3. Mandikiri

    Mandikiri GBAtemp Regular

    Member
    121
    45
    Feb 11, 2016
    Rainbow Land
    So these codes do work, yes?

    Because I connected with Gecko.NET and the editor, but I can't see to get the codes to activate. I pick them, but when I look into the game. I see no changes made.

    Maybe I am doing something wrong?
     
    Last edited by Mandikiri, Jul 11, 2016
  4. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    You probably need to adjust the global address offset for all codes (see "Payload: [...]" dropdown at top of GUI + "Global Address Offset" tab).
    The default offset assumes WiiU OS 5.3.2, Loadiine v3, and US version of game.
    If you don't have this setup, then you will need to find the offset for your version. Here's one way how:
    1. load into your save game on #FE
    2. find how much Yen (money) you have by going into the main menu
    3. on SFEGecko, click on the "Global Address Offset" tab
    4. if you have US/EU version of the game, set the "Scan From/To" fields to 0x49000000 and 0x49FFFFFF; if you have the JP version, set them to 0x4E000000 and 0x4EFFFFFF
    5. in the "Current Value" field, enter the amount of Yen that you see in game
    6. press the "Scan" button (magnifying glass)
    7. wait for a while, until the table in the GUI populates with entries (if you use a smaller memory range it'll go faster, but you might not find the proper offset)
    8. if there is one entry, click on it, then click on the "Accept" button (checkmark, near the bottom-right corner of the window)
    9. if there are more than one entry, find a way in-game to change your money amount (e.g. buy/sell at He Ho Mart / win fight), then go to step 5
    10. if there are no entries, then you need to choose a different memory scanning range
    Some of the codes do not change what's displayed on-screen immediately, so you should enter battle / exit and re-enter menu / re-talk to Tiki / etc. to see it being reflected

    P.S.: I thought that the Gecko code handler on the Wii U only accepts one client connection at a time, so I'm not sure what you meant when you said you "connected with Gecko.NET and the editor"
     
  5. Mandikiri

    Mandikiri GBAtemp Regular

    Member
    121
    45
    Feb 11, 2016
    Rainbow Land
    Alright. I will try those steps you mentioned. I do have the disc version, but thanks for showing me those steps. I'll try it and see if it works.

    Regarding the connecting to two clients. I meant it in the sense that I first connect to Gecko.NET to see if it connected and then disconnect to then connect to the editor.
     
  6. Mandikiri

    Mandikiri GBAtemp Regular

    Member
    121
    45
    Feb 11, 2016
    Rainbow Land
    So I tried the steps that you mentioned, but when I get to the part that I have to hit the scan button, I get this error; "Specified upper bound (0x49FFFFFF) must be within 4-multiple of orig. code address".

    Sorry for the bother, but I do appreciate lots the help you're giving me.
     
  7. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    Ah that's right, I added that check. Okay, first try these ranges:
    US/EU: 0x49AE0000 to 0x49B00000
    JP: 0x4C200000 to 0x4C400000

    If those don't work, try the following (wider) ranges:

    US/EU: 0x49000000 to 0x4A000000
    JP: 0x4C000000 to 0x4D000000
     
  8. Mandikiri

    Mandikiri GBAtemp Regular

    Member
    121
    45
    Feb 11, 2016
    Rainbow Land
    Thank you for the reply.

    Well I entered the first ranges and although they didn't give me the error that I was getting, it couldn't find any candidates.

    Now the second ranges ended up giving me the error of "READ BLOCK failed: timed out". Not sure what that one means.
     
  9. ness151

    ness151 GBAtemp Fan

    Member
    314
    65
    Jun 2, 2008
    United States
    D:\virus.exe
    Thanks for creating this tool, however, I'm unable to search any of the address ranges you recommended for the offset I need for my setup. They either find 0 results or time out during the search period..
     
  10. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    Those address ranges were merely my guesses. I have a 5.3.2 US WiiU, with all regions of the game available, so if you have a compatible setup then let me know and I can try to find the address offset.

    However, I know that most people probably are on 5.5.1. In that case, ideally you should use gecko dot net or jgeckou to scan for the yen code's address within the entire memory range (0x10000000-0x50000000 at least; beware that depending on setup the WiiU might crash around 0x4B000000, in which case you should stop scanning before that.)

    I'm dead certain that regardless of the WiiU os or pygecko setup or loadiine vs disc, the yen value will be stored somewhere in memory (since we are all using the same game code, but our memory blocks are possibly shifted compared to each other). To get the offset value, subtract your yen address from the one in sfegecko (labelled Base Addr in Global Address Offset tab), and convert the result into a signed hex value.

    If you find the yen address or offset for your setup, please share it here along with details of your setup: WiiU OS, disc or eshop or loadiine, loadiine version, game region, pygecko payload type, ...
     
  11. Laucian

    Laucian Member

    Newcomer
    10
    1
    Dec 9, 2004
    United States
    I'm having the same issue.

    I've tried this as well, even if I search the entire memory it comes back as "0 results". People are having the same issue over here. For reference my setup is:

    WiiU OS: 5.5.1
    disc or eshop or loadiine: Loadiine
    loadiine version: Gx2 v0.3
    game region: US
    pygecko payload type: I'm not sure how to find this, I just use the one that runs through Loadiine.
     
  12. sleepymanakete

    sleepymanakete GBAtemp Regular

    Member
    124
    39
    Mar 10, 2016
    United States
    Going to use. Thank you for this tool ^^
    WiiU FW: 5.5.1
    disc or eshop or loadiine: Disc
    loadiine version: Not sure
    game region: US
    pygecko payload type: N/A
     
    Last edited by sleepymanakete, Jul 12, 2016
  13. ness151

    ness151 GBAtemp Fan

    Member
    314
    65
    Jun 2, 2008
    United States
    D:\virus.exe
    I'm on WiiU 5.3.2 spoofed to 5.5.1. I'm using the same Loadiine setup you are, the only difference is I'm using the reincarnation patch.
     
  14. sleepymanakete

    sleepymanakete GBAtemp Regular

    Member
    124
    39
    Mar 10, 2016
    United States
    I got it connected but it says "time out" when I scan. I used both US ranges.
     
    Last edited by sleepymanakete, Jul 12, 2016
  15. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    @ all: the offset address scan feature in #FEGecko is very primitive (I coded it up in less than 1h). This is probably why it fails when a large memory range (since it's asking pyGecko to return a single char array containing all the bytes in that range, as opposed to multiple smaller-sized chunks). Therefore, you should consider scanning for the code initially using Gecko.NET or JGeckoU.

    @ness151: I'm also using the reincarnation patch... Try using an offset of +0x1140 or -0x1140 (enter it on the bottom field in the "Global Address Offset" tab, click on the checkmark button, then try to read the value of some of the codes in the "Other Codes" tab.

    I continue to firmly stand by my belief that the only difference between different WiiU OS versions is a single, static memory offset. Nevertheless, there is a small chance that this offset is not word-aligned. Here are the steps to test out this theory:
    1. load save game, and buy items until you have less or equal to 255 yen
    2. in Gecko.NET, specify a wide memory range, then scan for your money amount as an 8-bit value
    3. in the game, buy/sell items / fight enemies until you have a different money amount, but is still <= 255
    4. repeat steps 2-3 until you find a single address
    5. if you don't find the address, go back to step 2 and try a different / wider memory range (widest being 0x10000000 to 0x50000000)
    6. when you find the address, convert hex to decimal, minus 3 (bytes), convert back to hex, and that will be the code address for your setup
    7. the offset to use in SFEGecko is computed as [your address] - 0x49AEF468, specified as a signed hex value
    8. share your success by replying to this thread
     
  16. sleepymanakete

    sleepymanakete GBAtemp Regular

    Member
    124
    39
    Mar 10, 2016
    United States
    I did in jGecko, the search said "Not implemented" and doesn't do anything.
     
  17. Laucian

    Laucian Member

    Newcomer
    10
    1
    Dec 9, 2004
    United States
    Just tried it, after the second "Refine" it came back as no results.

    Try using the TCPGecko Client, not jGecko U.
     
    Last edited by Laucian, Jul 13, 2016
  18. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    Well that's a big bummer... I'm not willing to upgrade from 5.3.2 (maybe even more so now), so here are some possibilities that I can think of:

    a) it's stored elsewhere in memory? e.g. 0x01000000, ... (see http://wiiubrew.org/wiki/Cafe_OS)

    b) it's not byte-aligned? validating this theory would require more complex set of test sets, e.g. to test if code is 1-bit rshifted, only scan when money changes by a multiple of 2; also this may require searching via inequalities (e.g. "Greater or Equal to") rather than only "Equal to"

    c) I have to accept the possibility, no matter how small, that memory is truly different between 5.3.2 and 5.5.1; perhaps this game has some memory obfuscating techniques that is only applicable on 5.5.1

    Here's an interesting request for some1 with 5.5.1 and US version of game: start a new game, play until the VERY FIRST instance that you can save, save, then and make a memory dump between 0x10000000 to 0x4B000000 (or 0x50000000 if it doesn't crash your game). Zip it and upload it somewhere, so I can compare against my own dump. Please also specify some key in-game stats: yen amount, Itsuki's lvl, max HP, max MP, str, ..., remaining exp to next lvl.
     
  19. MiMiCAX
    OP

    MiMiCAX Advanced Member

    Newcomer
    98
    81
    Dec 24, 2006
    Canada
    Seems like these codes might be from 5.5.1 OS w/ US version. Try scanning the range 4C3305A8-4C3305AC, or a bit broader, like 4C330000-4C340000
     
  20. Laucian

    Laucian Member

    Newcomer
    10
    1
    Dec 9, 2004
    United States
    Ask and yea shall receive: LINK I made 2 dumps, one at the very start of the game(with only a yen value) and one after the first fight(with some other stats). There's a file with the values in the zip.
     
    MiMiCAX likes this.