Hacking Free Cheat Help Thread

  • Thread starter Thread starter Zetta_x
  • Start date Start date
  • Views Views 1,652
  • Replies Replies 8

Zetta_x

The Insane Statistician
Member
Joined
Mar 4, 2010
Messages
1,844
Reaction score
260
Trophies
0
Age
36
XP
574
Country
United States
With the addition of free cheat to the DS two, no doubt many users who have not had any experience in doing such of thing has had questions. This thread is to not only encourage users to participate in using the free cheat feature, but request help to finding some codes from experienced members.

Here are a few things I wrote up a while ago in regards to this topic:

<b>Introduction to Binary</b>
If you are new to game hacking and programming, you probably don't know Hexadecimal and when using the the free cheat function, you will want to know at least some background information before proceeding the free cheat function.

A short introduction:

Binary is the "True" "False" type otherwise known as boolean.

1 = True
0 = False


Eight binary digits (also known as bits) is equal to one byte.

One byte has the maximum number of 256 values. This is very important to game hacking. If you understand how Binary works, then the easier you can develop unique codes. This is the format of one byte:

xxxxxxxx (eight numbers from the set [0,1])

A perfect example is 01010000.

The way you calculate this, is the first number (Starting from the left) is the first bit. You get calculations like this:

first bit = 2 to the 0th power (1)
second bit = 2 to the 1st power (2)
third = 2 to the 2nd power (4)
fourth = 2 to the 3rd power (8)
fifth = 2 to the 4th power (16)
sixth = 2 to the 5th power (32)
seventh = 2 to the 6th power (64)
eighth bit = 2 to the 7th power (128)

If you had added that up, you'll notice that equals 255 and previously I said that there are 256 different values. Well, I hadn't lied- 0 is also known as a value!..

So using the previous example, 01010000 we have:

first bit = 0 False (Do not include)
second bit = 1 True (Include)
third bit = 0 False (Do not include)
fourth bit = 1 True (Include)
fifth bit = 0 False (Do not include)
sixth bit = 0 False (Do not include)
seventh bit = 0 False (Do not include)
eighth bit = 0 False (Do not include)

Since the second and fourth bit is equal to true, we have 2 + 8 = 10.

The byte 0101(0000) = 10

Now onto two bytes, this is calculated much similar, but instead extends to much more possibilities:

One Byte: 255 (2 to the 8th power - 1)
Two Bytes: 65,535 (2 to the 16th power - 1)
Three Bytes (Generally not used often): 16,777,215 (2 to the 24th power - 1)
Fourth Bytes: 4,294,967,295 (2 to the 32nd power - 1)

You will want to remember the first 4 byte values, they are essential to how the game functions and helpful for free cheat!


<b>Hexidecimal and converting binary to hexidecimal</b>
No doubt if you are new to hacking or the free cheat system, you will want to know hexidecimal as the game processes numbers in hexidecimal. While using free cheat, the SCDS2 has algorithms built in to convert everything for you, it is still helpful to know!

The main thing to keep in mind is that Decimal has a base of 10, otherwise it uses the following numbers:

0 = 0
1 = 1
2 = 2
3 = 3
4 = 4
5 = 5
6 = 6
7 = 7
8 = 8
9 = 9

Decimal is your basic numbering system. If you want a value of 255, you will require to enter "255" simple as that.

Hexadecimal is a bit more complicated, it has a base of 16. The numbering system looks like this:

0 = 0
1 = 1
2 = 2
3 = 3
4 = 4
5 = 5
6 = 6
7 = 7
8 = 8
9 = 9
A = 10
B = 11
C = 12
D = 13
E = 14
F = 15
G = Nothing, no G or beyond.

So, how do you convert 255 into Hexadecimal?

Well, this one is actually easy. The first thing you have to realize is how many bytes does 255 need? The answer is 1 byte or 8 bits. Since you are only using one byte, you will only require this space in Hex format In the brackets of a typical game address:

xxxxxx[xx]

Similar:

xxxx[xxxx] = 2 bytes
xx[xxxxxx] = 3 bytes
[xxxxxxxx] = 4 bytes.

The way I learned to convert a decimal to hex is dividing by 16. So you have 50,000,000 if you divide by 16. 50,000,000 divided by 16 is 3125000 with a remainder of 0. Keep the remainders in mind:

0

3125000 divided by 16 is equal to 195312 with 8 remaining. Keeping the remainders you have in mind:

0 and 8

195312 divided by 16 is equal to 12207 with 0 remaining. Keeping the remainders you have in mind:

0, 8, and 0

12207 divided by 16 is equal to 762 with 15 remaining. Since 15 is equal to F, you include that with the list of remainders:

0, 8, 0, and F

762 divided by 16 is equal to 47 with 10 remaining. Since 10 is equal to A, you include that with the list of remainders:

0, 8, 0, F, and A

47 divided by 16 is equal to 2 with 15 remaining. Since 15 is equal to F, you include that with the list of remainders:

0, 8, 0, F, A, and F

The only thing remaining is 2. Since 16 does not go into 2, 2 is assumed to be an automatic remainder:

0, 8, 0, F, A, F, and 2

We have 7 remainders. Since 50,000,000 is greater than 3 bytes and less than 4, it makes sense to have either 8 or 7 remainders!

The last thing that needs to be done, is to reverse the order of the remainders:

02FAF080

So the value 02faf080 (hex) = 50,000,000 (deci) Pretty complicated? Then there are many hex to dec and dec to hex converters on the internet if you don't want to do the math <img src="style_emoticons/<#EMO_DIR#>/wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" />



<b>Now onto the training</b> (This guide was made for Datel training toolkit, ignore any thing not on the SCDS2!)
I am very experienced when finding game addresses. Please note, the "0x" in-front of the address is to show that number is an address and not a value, not all addresses requires you to put the "0x" in front of it.

These are my tips to finding some addresses:



<b>Basic Level Findings</b>

If you are new to hacking, the first thing you will want to do is learn how to use free cheat.

Look for a number that can easily be manipulated: Health, Ammo, or lives.

1) For the SCDS2, the specific value function will be for beginners and for values that explicitly seen.

*here is a guide on how to narrow down addresses by fastest to slowest*

Exact Matches (Fastest)
^
Inside/Outside Range Searches
^
Greater Than/ Less Than
^
Greater or Equal/ Less Than or Equal
^
Not Equal To (Slowest)


3)Eliminate to the lowest possible results as you can, perform rollbacks if needed or messed up on your searches. (Not a feature in SCDS2)

4)Poke memory to verify your response.

5)Create your "code"

---

Lets say you have 100 health. First do an exact search of 100. Get damaged a bit and then re-search an exact value according to your new health. This method will take about 2-4 searches and you will have your address, easy as ordering from the dollar menu.

Lets say the you can't see any values of your health bar, it is just a bar or some other representative figure. Then you can no longer use exact searches, or can you? The first thing I would do, is assume that the max health has a value of 255 and point where you die is 0. First start your search with u8 (Unsigned 8 bits). At max health, put in an exact search of 255 to eliminate much unnecessary results. Next, lower the bar and re-search with less than "Previous Values" (Make sure you check the box). Keep doing that until you die. If you can, pause it when your health bar is all the way down. If done right, you can eliminate almost to the top 5 addresses with values of 0. Unpause it and continue, poke the memory until your health bar changes, easier.

**Note: If the above method does not work, use the less than and greater than options with the Previous Values box checked**



Intermediate Level Findings

Some values are not as truthful as you may thing. Using the game, Milon's Secret Castle (Old NES game) I will explain what I mean.

During the game, you will collect little money icons to increase your score. By experience, I have figured out that the max you can carry is 999 of them. Of course, you are thinking 999 is above 1 byte but below 2 bytes, so I must use a 2 byte search. Wrong!

Hudson Soft actually designed this to be unique, it uses 3 bytes. If you haven't figured out why yet, it is designed so that each digit carries a byte. Which means, if you searched for 29 when you had $29, you wouldn't find the correct addresses thus making it much difficult than the average code. The 8 bit nintendo system has to use this to pass values > 255.

Just simply find the first digit of money address (easiest to manipulate) and the other two addresses should be near it (Game designers usually place values that relate to each other right next to each other).

----

one is equal to ten? How???

Some games that have insanely large scores use a method to enlarge the scores. They will calculate the numbers, but times it by 10 for the output only.

Since you can't change the output, the number you would be looking for is the number that has been processed. How to solve this?

I will use RoboWarrior (Another old NES game) as an example: You will notice that the score is semi-large. In actuality, when you kill a monster, you are seeing you get 100 points, however, the game only processes it as 1 point. So if you search for 100, you will get no results, instead you have to search for 1.

How do you tell when the game designers do this? It is quite simple, you find the lowest possible of points you can possibly gain from anything in the game. In this case, it is 100. Then you divide the overall score by the number you received and you will get the process number that can be found.



Advanced Level Findings

These are the unique codes that are hard to even think of, they are things in the game that are hidden so well, that it would take a pro to find. The basic key to finding these things are assumption. You can not possibly find these things without assuming values for everything.

The "Invincible" codes:

Not sure why, but many people think that if you have infinite life, then you must be invincible. However, if you had infinite life in "The New Super Mario Brothers", you can still be killed by the spikes, you can still be squashed, many possible things can still happen!

How can you prevent this? I do not mean editing the game to the point where that stuff is not meant to kill you lol, I mean taking what is there and using it to your advantage. One thing you can use to your advantage is the 2 second invincible period you get when you get hit.

Restart your search things when you are not in the flashy invincible state. You must assume that when you are not flashy, you have the address value of 0 and when you get hit, this address starts from 255 (or it can even be a low number) and quickly rushes down and stops when that value hits 0.

Since it is nearly impossible to stop that value at 255, the only real thing you can assume is that the address equals 0 when it is off. So, once you have started an 8 bit unsigned search, search for all address that equals 0.

Once you have this list, grab a mushroom so you can endure a hit. Once you endure a hit, pause the game and find all addresses that have "Greater than Previous Values". Unpause the game and let the flashy state wear off. Search for exact values of 0.

Repeat this until you find the address: 0x021b7178

Open up your runlist and put in "021b7178" as the address (Remember to take out the "0x") then put in 000000FF as the value one space away from the address.

AHHHH, you are gone!?!?!

Don't panic, this is actually the frame when the invincibility is when it is at 255 (Max). To fix this, experiment with a value where you can actually see yourself. I think the value 99 works or 00000063 in hex. Notice you aren't flashing, but tadaa, you can never die! (Unless you fall off a clift).


----

Infinite Jumping!

Who needs moon jump when you can jump as many times as you want?

I have created a code for Super Mario 64 DS that does this the exact thing. The code is actually only one line as I didn't mask it, but here it is:

02169df6 00000000

The code only works because the jumping values have multiple addresses. With this one line, you can jump any amounts of times in the place where you first start the game. This code is untested, but I am pretty sure it won't affect game play or freeze anything up (Maybe if you go too high).

The way me and my brother figured this out.

We assumed that the value 0 exist when you are on the ground enabling you to jump. When you drop, the value 1 takes place disabling you to jump. We were correct in our theory. With much searching for 1's and 0's, we finally found the address:

0x02169df6

We then jumped into the air, paused the game. Edited the current value of 1 to 0, and unpaused the game. Tada, you are able to jump in mid-air.

So we added the code 02169df6 00000000 to the run list, and magically we were able to jump as many times as you wanted to.

However, you must re-do the searching over and over again to actually find all the memory locations, but you get the point.

If you have 20 different lines that control the number of times you can jump, put that all in one code, and it will work at any place.

That is all I have to offer for advice, unless you need it!



Happy Gaming!


<b>Different Data Types</b>
If you recently bought the Trainer Toolkit and the first thing you notice is that there are multiple data types. Which ones do you pick?

There are 10 possibilities of data types, use this guide to figure out which one you should use:

signed 8 bits
unsigned 8 bits
signed 16 bits
unsigned 16 bits
signed 32 bits
unsigned 32 bits
signed 64 bits
unsigned 64 bits
float (32 bits)
double (32 bits)

Signed and Unsigned
The difference between signed and unsigned are negative numbers. Generally, most addresses you'll be searching for are unsigned.

A unsigned data type is only for positive numbers. You'll be using these data types when searching for scores, health, ammo, and anything else that does not deal with negative numbers.

A signed data type shares the possible values, half negative and half positive. This isn't used commonly because it limits your possibilities, however, it is a must if it is to deal with negative numbers. Scores that go below 0 will use these data types.


Float and Doubles
Numbers that deal with decimal places will require a float search. It is impossible for a game to process a decimal number without it being a float data type. O

Doubles is the same thing, but it uses much more space for larger values.


The size of a data type
This is actually extremely important. Please refer to my topic about binary digits if you do not know the possibilities of values of 1, 2, 3, or 4 bytes.

The safest thing to do is search for 8 bits (or one byte).

An example is Metroid Prime. Let say you don't know if the score is based on a 8 bit or 16 bit system. The main question is to ask, how fast does your score increase? If you are gaining 100 points per kill, then it isn't wise to think it is 8 bits. However, if you find the address for score and you "poke" it up to 255 and you continue to gain points, then it is safe to assume it is a 16 bit data type. Do this as many times as necessary until you hit a limit cap or overflow it. Please keep in mind that overflowing will almost guarantee a system crash.

Let us know if you have any questions about free cheat. Like I said, I re-wrote most of my guide I created a while ago for Datel Training toolkit (which is a bit more advanced then SCDS2 but less advanced then some other training software) so ignore any misconceptions!

Thanks in advance,
Z
 
All the training you need is just following the tutorial in Cheat Engine, but still a good guide.

Though, why was binary/hexidecimal needed? Hexidecimal will only be used for the address names in Free Cheat. I suppose they do need it to know which type to search, but you could easily just tell them the max size for each instead of going through the lengthy and confusing process of teaching new number systems (it's for noobs to make cheats, so they really don't need to know the in depth knowledge just the basic stuff, i.e. the max values for each type).

Also:

"Otherwise, decimal numbers are rounded towards the nearest whole number (correct me if I am wrong)."

I think it just rounds down (in other words, it just drops the decimal data and keeps the whole number). That's how it is in most C based languages (and I would assume NDS games are coded in C++).
 
I wrote this guide like 4 years ago when I started a group that used datel training toolkit. The software end of the training toolkit was a bit more advanced then what we see for the SuperCard DS 2. Plus, I think everyone should know hexidecimal and binary, that's ultimately how the game processes values and it is good background information before proceeding to training. It was required to know hexidecimal to use datel's training toolkit if you really wanted to get anywhere.

While there is a guide on how to use the DS two software, no where in the guide tells people how to create moonjump codes, how to do level selects for specific games, what values to look for especially with values not explicitly seen. This thread sort of extends to people who get stuck trying to find a code in a specific game
 
Well, if you have a bit of smarts, binary-hexadecimal conversion is not hard at all, you only need to exercise a bit and you'll be able to do it before you even know!

Anyways, nice guide overall, I hope to see more of you!
smile.gif
 
Overlord Nadrian said:
Well, if you have a bit of smarts, binary-hexadecimal conversion is not hard at all, you only need to exercise a bit and you'll be able to do it before you even know!

Anyways, nice guide overall, I hope to see more of you!
smile.gif

Thanks! I have enjoyed creating NES, SNES, N64, Gameboy advance, Gamecube, DS, and Wii codes since I was like 12 haha. Especially the older NES games, they are limited to one byte values per address, it is amazing how they are able to bypass some of the limiting values. It's even more amazing to exploit their setup. For example, the original Final Fantasy, they have multi-addresses for experience. If you create the code right, it's possible to get chunks of 256 experience per experience gained. So a monster giving 4 experience ultimately gives 1024 experience. Similarly, it's possible to do the same thing but with multipliers of 65535. It works similar to the New Super Mario game on the DS with coins. If you freeze the value at 99, every coin you get will get an extra life. But if you freeze it at 98, you will never see an extra life.

I have created hundreds of codes for hundreds of games. I posted some only a marginal of them on gecko codes (I wish I posted more because my entire cheat database was on a harddrive that was fried in a power outage). I do it for fun though, I don't usually share anything I make. A lot of the times, it's to exploit the game too from a non cheating perspective. For example, in the original zelda game, every floor of any dungeon (even the world map) works on a coordinate system. Using a real time cheat engine, it's super easy to teleport any place in the game, in any dungeon in any square on the map. I nearly developed a code that lets you walk across water using the raft exploit. Lots of bugs and wasn't getting desired results. I was able to access areas in the game that were not meant to be accessed and it's very strange how the developers developed that part of the game.

Cheating is more then simply having advantages, you can use it to access parts of the game that have never had any intentions of reaching. It's all interesting stuff.

I just finished a number of codes for Megaman Zero collection for Zero4. Two of the codes are always charged up and the boss has no invincible timer (when they get hit, you don't need to wait until you can hit them again). When you have the buster equipped (not the saber or grab because that keeps you from moving), you are continuously firing fast charged shots (but you are limited to 3-4 bullets per screen, I can probably find an address that contols that) and you can pwn the bosses with those combination of cheats. I want to find a multi-jump code, maybe a code that emulates the affects of the equipment without having to equipment. It would be possible to have all of the effects of the armor on at the same time. Really fun stuff!
 
Zetta_x said:
Overlord Nadrian said:
Well, if you have a bit of smarts, binary-hexadecimal conversion is not hard at all, you only need to exercise a bit and you'll be able to do it before you even know!

Anyways, nice guide overall, I hope to see more of you!
smile.gif

Thanks! I have enjoyed creating NES, SNES, N64, Gameboy advance, Gamecube, DS, and Wii codes since I was like 12 haha. Especially the older NES games, they are limited to one byte values per address, it is amazing how they are able to bypass some of the limiting values. It's even more amazing to exploit their setup. For example, the original Final Fantasy, they have multi-addresses for experience. If you create the code right, it's possible to get chunks of 256 experience per experience gained. So a monster giving 4 experience ultimately gives 1024 experience. Similarly, it's possible to do the same thing but with multipliers of 65535. It works similar to the New Super Mario game on the DS with coins. If you freeze the value at 99, every coin you get will get an extra life. But if you freeze it at 98, you will never see an extra life.

I have created hundreds of codes for hundreds of games. I posted some only a marginal of them on gecko codes (I wish I posted more because my entire cheat database was on a harddrive that was fried in a power outage). I do it for fun though, I don't usually share anything I make. A lot of the times, it's to exploit the game too from a non cheating perspective. For example, in the original zelda game, every floor of any dungeon (even the world map) works on a coordinate system. Using a real time cheat engine, it's super easy to teleport any place in the game, in any dungeon in any square on the map. I nearly developed a code that lets you walk across water using the raft exploit. Lots of bugs and wasn't getting desired results. I was able to access areas in the game that were not meant to be accessed and it's very strange how the developers developed that part of the game.

Cheating is more then simply having advantages, you can use it to access parts of the game that have never had any intentions of reaching. It's all interesting stuff.

I just finished a number of codes for Megaman Zero collection for Zero4. Two of the codes are always charged up and the boss has no invincible timer (when they get hit, you don't need to wait until you can hit them again). When you have the buster equipped (not the saber or grab because that keeps you from moving), you are continuously firing fast charged shots (but you are limited to 3-4 bullets per screen, I can probably find an address that contols that) and you can pwn the bosses with those combination of cheats. I want to find a multi-jump code, maybe a code that emulates the affects of the equipment without having to equipment. It would be possible to have all of the effects of the armor on at the same time. Really fun stuff!
Hmmm... maybe you could make a tutorial on that...? I'd like to try something advanced like that too, however, I never got really far.
 
I was thinking about making a quick tutorial using a specific game. I will do some of the harder cheats, ones that do not have values that are explicitly seen, and what you want to think and assume when you try making these cheats.

The key to making cheats is to make assumptions, you want to guess how the game handles these values and act accordingly to narrow down the addresses. Maybe I'll find a random popular DS game to do it. The training software on the SCDS2 is actually really basic, I do not have as much to conquer codes but shouldn't be too much longer/harder to figure stuff out
 
Zetta_x said:
I wrote this guide like 4 years ago when I started a group that used datel training toolkit. The software end of the training toolkit was a bit more advanced then what we see for the SuperCard DS 2. Plus, I think everyone should know hexidecimal and binary, that's ultimately how the game processes values and it is good background information before proceeding to training. It was required to know hexidecimal to use datel's training toolkit if you really wanted to get anywhere.

While there is a guide on how to use the DS two software, no where in the guide tells people how to create moonjump codes, how to do level selects for specific games, what values to look for especially with values not explicitly seen. This thread sort of extends to people who get stuck trying to find a code in a specific game

I think I'd rather use an emulator to find advanced cheats such as moonjump and level select.
 
DeltaBurnt said:
Zetta_x said:
I wrote this guide like 4 years ago when I started a group that used datel training toolkit. The software end of the training toolkit was a bit more advanced then what we see for the SuperCard DS 2. Plus, I think everyone should know hexidecimal and binary, that's ultimately how the game processes values and it is good background information before proceeding to training. It was required to know hexidecimal to use datel's training toolkit if you really wanted to get anywhere.

While there is a guide on how to use the DS two software, no where in the guide tells people how to create moonjump codes, how to do level selects for specific games, what values to look for especially with values not explicitly seen. This thread sort of extends to people who get stuck trying to find a code in a specific game

I think I'd rather use an emulator to find advanced cheats such as moonjump and level select.

Heck yeah, the super card has an extremely basic functions. I'll totally release a guide soon on what the basic thought process is when making codes and what kind of assumptions you want to make.
 

Site & Scene News

Popular threads in this forum