Thread Status:
Not open for further replies.
  1. Zetta_x

    OP Zetta_x The Insane Statistician
    Member

    Joined:
    Mar 4, 2010
    Messages:
    1,844
    Country:
    United States
    <u><!--sizeo:4--><span style="font-size:14pt;line-height:100%"><!--/sizeo--><b>Free Cheat Guide</b><!--sizec--></span><!--/sizec--></u>

    One of the exclusive features of the Super Card: DSTwo is a free cheat support for NDS games.



    <b>What you will need:</b>

    -Knowledge*

    -Nintendo DS

    -Super Card: DSTwo

    -Nintendo DS Rom

    *This guide has lots of knowledge



    <b>Contents:</b>

    -Preparation

    -The Secrets of Free Cheat

    -Introduction to Binary

    -Hexadecimal and converting binary to hexadecimal

    -Free Cheat Basic

    -Free Cheat Intermediate

    -Free Cheat Advanced

    -Examples (Invincible and Infinite Jump)



    <b>Preparation</b>

    -Turn on your DS and load up the DSTwo on the main menu

    -Click DS_GAME to load your DS games

    -Configure your Hot Keys by clicking on the bottom left button, then click “Hot Key” (It is recommended that you do something easy like ‘L’ and ‘R’)

    -Load up your game



    <b>The Secrets of Free Cheat</b>

    Free Cheat is not only fun, but also challenging. The challenging part is that you have to think like the game in order to find cheats; the fun part is messing with the game using your cheats. (It is recommended that you do not use existing save games as you may break the story line so you cannot continue). This guide will train you to ultimately think like the game and find some of the most difficult addresses with the Free Cheat function. You may skip sections that you are familiar with!



    An Introduction to Binary:

    Binary is the "True" "False" type otherwise known as Boolean

    Generally:

    1 = True
    0 = False

    A game address is a location for a specific value. The game uses these addresses to conduct specific routines. Our goal is to find these addresses using what we have for Free Cheat

    A lot of game addresses work as a true/false Boolean type variable. Some common games are the Megaman X series for SNES where 1 means you can jump and 0 means you cannot jump.

    Eight binary digits (also known as bits) are equal to one byte.

    One byte has the maximum number of 256 values. This is very important to game hacking. If you understand how binary and bytes work, then the easier you can develop unique codes. This is the format of one byte:

    xxxxxxxx (eight numbers from the set [0,1])

    A perfect example is 01010000.

    The way you calculate this, is the first number (Starting from the left) is the first bit. You get calculations like this:

    first bit = 2 to the 0th power (1)
    second bit = 2 to the 1st power (2)
    third bit = 2 to the 2nd power (4)
    fourth bit = 2 to the 3rd power (8)
    fifth bit = 2 to the 4th power (16)
    sixth bit= 2 to the 5th power (32)
    seventh bit = 2 to the 6th power (64)
    eighth bit = 2 to the 7th power (128)

    If you had added that up, you'll notice that equals 255 and previously I said that there are 256 different values. Well, I hadn't lied- 0 is also known as a value!

    So using the previous example, 01010000 we have:

    first bit = 0 False (Do not include)
    second bit = 1 True (Include)
    third bit = 0 False (Do not include)
    fourth bit = 1 True (Include)
    fifth bit = 0 False (Do not include)
    sixth bit = 0 False (Do not include)
    seventh bit = 0 False (Do not include)
    eighth bit = 0 False (Do not include)

    Since the second and fourth bit is equal to true, we have 2 + 8 = 10.

    The byte 01010000 = 10

    Now onto two bytes, this is calculated much similar, but instead extends to much more possibilities:

    One Byte: 255 (2 to the 8th power - 1)
    Two Bytes: 65,535 (2 to the 16th power - 1)
    Three Bytes (Generally not used often): 16,777,215 (2 to the 24th power - 1)
    Fourth Bytes: 4,294,967,295 (2 to the 32nd power - 1)

    You will want to remember the maximum first 4 byte values, they are essential to how the game functions and helpful for free cheat!


    Hexadecimal and converting binary to hexadecimal:

    This section is not important to using Free Cheat. I would recommend reading it but you do not have to know this material to use Free Cheat. While using free cheat, the SCDS2 has algorithms built in to convert everything for you; it is still helpful to know!

    The main thing to keep in mind is that Decimal has a base of 10, otherwise it uses the following numbers:

    0 = 0
    1 = 1
    2 = 2
    3 = 3
    4 = 4
    5 = 5
    6 = 6
    7 = 7
    8 = 8
    9 = 9

    Decimal is your basic numbering system. If you want a value of 255, you will require entering "255" simple as that.

    Hexadecimal is a bit more complicated, it has a base of 16. The numbering system looks like this:

    0 = 0
    1 = 1
    2 = 2
    3 = 3
    4 = 4
    5 = 5
    6 = 6
    7 = 7
    8 = 8
    9 = 9
    A = 10
    B = 11
    C = 12
    D = 13
    E = 14
    F = 15
    G = Nothing, no G or beyond.

    So, how do you convert 255 into Hexadecimal?

    The first thing you have to realize is how many bytes do you need for 255? The answer is 1 byte or 8 bits. Since you are only using one byte, you will only require this space in Hex format in the brackets of a typical game address:

    xxxxxx[xx]

    Similar:

    xxxx[xxxx] = 2 bytes
    xx[xxxxxx] = 3 bytes
    [xxxxxxxx] = 4 bytes.

    The way I learned to convert a decimal to hex is dividing by 16. So you have 50,000,000 if you divide by 16. 50,000,000 divided by 16 is 3125000 with a remainder of 0. Keep the remainders in mind:

    0

    3125000 divided by 16 is equal to 195312 with 8 remaining. Keeping the remainders you have in mind:

    0 and 8

    195312 divided by 16 is equal to 12207 with 0 remaining. Keeping the remainders you have in mind:

    0, 8, and 0

    12207 divided by 16 is equal to 762 with 15 remaining. Since 15 is equivalent to F, you include that with the list of remainders:

    0, 8, 0, and F

    762 divided by 16 is equal to 47 with 10 remaining. Since 10 is equal to A, you include that with the list of remainders:

    0, 8, 0, F, and A

    47 divided by 16 is equal to 2 with 15 remaining. Since 15 is equal to F, you include that with the list of remainders:

    0, 8, 0, F, A, and F

    The only thing remaining is 2. Since 16 does not go into 2, 2 is assumed to be an automatic remainder:

    0, 8, 0, F, A, F, and 2

    We have 7 remainders. Since the number 50,000,000 is greater than 3 bytes and less than 4, it makes sense to have either 8 or 7 remainders!

    The last thing that needs to be done, is to reverse the order of the remainders:

    02FAF080

    The value 02faf080 (hex) = 50,000,000 (deci) Pretty complicated? Then there are many converters on the internet if you don't want to do the math.




    <u><b>Finally, Free Cheat</b></u>



    <b>Basic Level Findings: </b>

    If you are new to hacking, the first thing you will want to do is learn how to use free cheat.

    Look for a number that can easily be manipulated: Health, Ammo, or lives.



    Some DSTwo terminology:

    Specific Search: Exact value searches. Use this option for values explicitly seen.

    Fuzzy Search: “Unknown” search. Use this option if you cannot see values such as health bars.


    Here is the general pattern when creating a code:

    1) Come up with an idea of what you want to do. (EX: infinite health)

    2) Come up with a pattern to figure out how to do this (Ex: Use specific searches, get hit, use specific search again, and get hit again)

    3) Eliminate as many addresses as you can (The game is full of them, try narrowing it down to no more than 10)

    4) Change the values of your narrowed down search to verify that you found the right address. If your health does not change, then you have not found the right address. Start over from step 2.

    5) If you have found the right address. Finalize it by adding it as a code.

    Example 1:

    Let’s say you have 100 as a health value. First do an exact search of 100. Take some damage and then re-search an exact value according to your new health (example you got hit 4 and then you have 96). This method will take about 2-4 searches and you will have your address, easy as ordering from the dollar menu. If you cannot find the right address, try again. If you still can’t find the right address, move onto a different code as the game may be doing some trickery (different output then what the game is processing, I will cover this more in detail below). You can practice these types of codes in many RPG games with stats.

    Let’s say you can't see any values of your health bar, it is just a bar or some other representative figure. Then you can no longer use exact searches, or can you? The first thing I would do, is assume that the max health has a value of 255 and point where you die is 0. With these assumptions, do specific searches as it will be faster than fuzzy search.

    **Note: If the above method does not work, try making new assumptions or use fuzzy search.

    <b>Intermediate Level Findings: </b>


    Some values are not as truthful as you may thing. Using the game, Milon's Secret Castle (Old NES game) I will explain what I mean.

    During the game, you will collect little money icons to increase your score. By experience, I have figured out that the max you can carry is 999 of them. Of course, you are thinking 999 is above 1 byte but below 2 bytes, so I must use a 2 byte search. Wrong!

    Hudson Soft actually designed this to be unique, it uses 3 bytes. If you haven't figured out why yet, it is designed so that each digit carries a byte. Which means, if you searched for 29 when you had $29, you wouldn't find the correct addresses thus making it much difficult than the average code. The 8 bit Nintendo system has to use this to pass values > 255.

    Just simply find the first digit of money address (easiest to manipulate) and the other two addresses should be near it (Game designers usually place values that relate to each other right next to each other).



    One is equal to Ten? How???

    Some games that have insanely large scores use a method to enlarge the scores. They will calculate the numbers, but times it by 10 for the output only.

    Since you can't change the output, the number you would be looking for is the number that has been processed. How to solve this?

    You will notice that the score is semi-large. In actuality, when you kill a monster, you are seeing you get 100 points; however, the game only processes it as 1 point. So if you search for 100, you will get no results, instead you have to search for 1.

    How do you tell when the game designers do this? It is quite simple, you find the lowest possible of points you can possibly gain from anything in the game. In this case, it is 100. Then you divide the overall score by the number you received and you will get the process number that can be found.


    <b>Advanced Level Findings :</b>


    These are the unique codes that are hard to even think of, they are things in the game that are hidden so well, that it would take a pro to find. The basic keys to finding these things are assumptions. You cannot possibly find these things without assuming values for everything.

    The "Invincible" codes:

    Not sure why, but many people think that if you have infinite life, then you must be invincible. However, if you had infinite life in "The New Super Mario Brothers", you can still be killed by the spikes, you can still be squashed, many possible things can still happen!

    How can you prevent this? I do not mean editing the game to the point where that stuff is not meant to kill you, I mean taking what is there and using it to your advantage. One thing you can use to your advantage is the 2 second invincible period you get when you get hit.

    Restart your search things when you are not in the flashy invincible state. You must assume that when you are not flashy, you have the address value of 0 and when you get hit, this address starts from 255 (or it can even be a low number) and quickly rushes down and stops when that value hits 0.

    Since it is nearly impossible to stop that value at 255, the only real thing you can assume is that the address equals 0 when it is off. So your first move would be to start a fuzzy search (make sure you are not flashing invincible).

    Once you have started this search, grab a mushroom so you can endure a hit. Once you endure a hit, quickly use the Hotkey to search for a greater value (we are assuming when you do not have an invincible timer then the address is equal to 0. By getting hit, the invincible timer shoots up to 255 which is why you search for ‘greater than’) . Un-pause the game for a second then search for ‘less than.’ Once you stop flashing, get another mushroom so you can endure another hit.

    Repeat this until you find the address (try narrowing it down to at least 10 addresses)

    Once you have narrowed down to a small list of addresses, change all of their values to random things. When you continue the game, if you flash for a second, then one of the addresses must hold the value for the invincible timer. Isolate that address by setting only one of them to 255 then un-pause the game to see if Mario has the invincibility period on. Then finalize your code by ‘create code.’

    AHHHH, you are gone!?!?! If you un-pause the game and Mario is not there then don't panic, this is actually the frame when the invincibility is when it is at 255 (Max). Experiment with a value where you can actually see yourself. Try the value of 99 or something until Mario reappears!

    Once the code is completely finalized, you can run through spikes and enjoy an almost un-killable life! (Watch out for those pits)

    *Note: Make sure you test codes before distributing them. Sometimes codes will cause a contradiction in the game causing it to crash.

    ----

    Infinite Jumping!

    Who needs moon jump when you can jump as many times as you want?

    I have created a code for Super Mario 64 DS that does this the exact thing. The code is actually only one line as I didn't mask it, but here it is:

    02169df6 00000000

    The code only works because the jumping values have multiple addresses. With this one line, you can jump any amounts of times in the place where you first start the game. This code is untested, but I am pretty sure it won't affect game play or freeze anything up (Maybe if you go too high).

    First assume that the address takes the value 0 when you are on the ground enabling you to jump. When you jump, the value 1 takes place disabling you to jump. If you keep doing specific searches, you will eventually narrow down to this address: 0x02169df6

    To verify the right address I had jumped, edited the current value of 1 to 0, and un-paused the game. Tada, you are able to jump in mid-air.

    To finalize the code, we took the found address and freeze it at the value 0. When you enable the code, you can jump an infinite amount of times!

    If you have 20 different lines that control the number of times you can jump, put that all in one code, and it will work at any place.

    It takes a lot of analyze and critical thinking to reverse how a game works. Remember to make assumptions to narrow down time, just be cautious because wrong assumptions will throw you off track.

    Good luck!
     
  2. jurassicplayer

    jurassicplayer Completionist Themer
    Member

    Joined:
    Mar 7, 2009
    Messages:
    4,448
    Country:
    United States
    Just a small little tag-on, the iSmart Multimedia also has the same feature included with it's in-game menu so FreeCheat is actually specific to two carts (both were coded by the SCteam so the similarities are...strikingly similar xD).
     
  3. SamAsh07

    SamAsh07 GBAtemp Addict
    Member

    Joined:
    Jan 27, 2009
    Messages:
    2,696
    Country:
    Bosnia and Herzegovina
    I think I've seen this posted somewhere.... [​IMG]

    EDIT: Yep.
     
  4. Zetta_x

    OP Zetta_x The Insane Statistician
    Member

    Joined:
    Mar 4, 2010
    Messages:
    1,844
    Country:
    United States
    SamAsh, can you please tell me where?

    I written a little guide on the GBAtemp forums a while ago but I expanded on it and made it more local to the DS2 itself vs the trainer toolkit which what was the original guide was intended for.
     
  5. SamAsh07

    SamAsh07 GBAtemp Addict
    Member

    Joined:
    Jan 27, 2009
    Messages:
    2,696
    Country:
    Bosnia and Herzegovina
  6. Depravo

    Depravo KALSARIKÄNNIT
    Former Staff

    Joined:
    Oct 13, 2008
    Messages:
    5,361
    Country:
    United Kingdom
     
Loading...

Hide similar threads Similar threads with keywords - Cheat, Guide,

Thread Status:
Not open for further replies.