Hacking Post your WiiU cheat codes here!

[CosmoCortney]

awesome

 

[moops44]

Child of Light EUR/Eshop [Moops44]
Aurora Skill Points
19819797 FFFF



Rubella Skill Points
1981D7A7 FFFF


More will come cause i aint got all characters

 

[Mr. Mysterio]

reduce the memory range from 30 to 40 and as soon as you've got an item pause the game (or be careful not to lose/use it) and do a 32bit unknown value search. waste the item and get another one. if it's another item do an unequal to search. if it's the same do an equal to search. repeat this until you a left with a few lines. then change the value until you have swapped your item

I tried that, and I got about 14 addresses. I reset each one to the previous item's value, but only the item display window changed. The player still held the unchanged item, and when I used the item, it was still unchanged. I even tried searching with 16 bit data size over 10000000 to 40000000. Does anybody know why it's not working?

 

[MiZ J0K3R]

I tried that, and I got about 14 addresses. I reset each one to the previous item's value, but only the item display window changed. The player still held the unchanged item, and when I used the item, it was still unchanged. I even tried searching with 16 bit data size over 10000000 to 40000000. Does anybody know why it's not working?

What game is talking about?
Sometime is impossible idk why too :l

 

[diddy81]

I started to search code for ZombiU
I also tried to find infinite HP/Light, but it didn't work.
I found how to edit the "amount of item I own" but it's not real value.
for example, if I have 20 Ammo, I can edit the displayed text to 99. but I still have 20 ammo.

after you edit the pistol ammo just swap from you pistol to the bat then back to the pistol and it will have 99 ammo
you can get up to 255 ammo

 

[Onion_Knight]

I started to search code for ZombiU (pal/Fr), but I crashed the game many time
I'm not sure I found the correct addresses.

I managed to change amount and type of items.
I can "get" any item or weapon, but I can't use the weapon I never found in the game. so I think I only found the stash item, not the "found and usable item".

I also tried to find infinite HP/Light, but it didn't work.
I found how to edit the "amount of item I own" but it's not real value.
for example, if I have 20 Ammo, I can edit the displayed text to 99. but I still have 20 ammo.
Maybe it needs a reset (opening/closing the bag, or moving items around to let the game register that item/amount using its own functions)

If I work on it more and find code, don't worry I will post them here

The only thing I found (reaaaly random, it might even be pointers address so maybe it will not work). Don't add anything to the first post

Spoiler

ZombieU
-------

items stash:
gun munition displayed        242EA5AC    0000000C
displayed weapon         242EA5A8    01 = flingue, 2=fusil, 4 arbalette

in the item stash, each items have this structure :
000000AA 000000BB 000000CC    AA = itemID BB = amount   CC = display ON/OFF (1OFF >1 ON)
000000DD 000000EE POINTER
000000FF            FF = 01 if "hovering" the selected slot with an item

Note: maybe it's a good idea to crash the game while testing, it prevent saving bugged savegame.
don't die or it will autosave with your random item and codes enabled. You don't know if it will have effect on your current save.

Note2: I never completed that game, it was hard and not funny.
More HP will be more fun.

Cyan,

Just got my copy of ZombiU out US/NTSC.

Heres what I got and maybe it will help:

#Shit ton of ammo 268,435,455 rounds
243661B4  0fffffff [Ammo cartridges in backpack] Part of the Structure  (its a signed 32 bit int)
32637558  0fffffff [# of ammo in backpack]

#255 rounds in the gun..didn't check the max size (probably a signed int)
243661EC  000000ff [Weapon Display Ammo] L9A1 Pistol
31203A9C  000000ff [Ammo in Gun]
32637554  000000ff[Ammo in Gun]

So, you dont even need the ammo cartridges in the backpack if you use the three bottom codes, unless you like reloading. I needed to adjust the three addresses with the same value for the ammo code to work. If the offsets are the same for the game despite the region, than you could check.

mine yours difference
243661EC - 242EA5AC = 7bc40

31203A9C - 7bc40 = 31187e5c
32637554 - 7bc40 = 325bb914

 

[CosmoCortney]

I tried that, and I got about 14 addresses. I reset each one to the previous item's value, but only the item display window changed. The player still held the unchanged item, and when I used the item, it was still unchanged. I even tried searching with 16 bit data size over 10000000 to 40000000. Does anybody know why it's not working?

wait, i will have a look at it on my own, now. however, you can expect the right address to be somewhere close to the address which value changed the item's icon

 

[Cyan]

I did some search yesterday, but it ended where I couldn't connect gecko anymore.
I just reboot the computer, it probably had issue with the opened port.

ZombiU is using pointers, I couldn't use Bully's pointer tool, so I searched them manually with HexWorkshop.
I think I found it, but I still need to test it to be sure I found the correct pointer.
The start of the player's info (or backpack?) is :
[111B16F0]+8EC

8EC is the position of the top-left usable item. (slot 30, see below)

Edit:
it seems it's a pointer of pointer, on my third dump, the pointer wasn't at [111B16F0] but at [[111B16F0]+8]+8EC
111B16F0 is probably not the start pos of the pointer.


Items are sorted like that in the structure, numbers are in decimal :

(decimal)
0 to 29 <-- chest slots

0 2 4 6 8 10 12 14  <-- backpack slot
1 3 5 7 9 11 13 15

16 17 18 19 20 21 22  <-- unused slots ? maybe usable if moving the slot to a visible area.
23 24 25 26 27 28 29

30 31       32 33  <-- usable item slots
34             35


struct slot{
	struct item,
	u32 unknown, // 0x00000000
	u32 unknown, // 0x00000000
	u32 unknown, // some fixed value (touchscreen slot position in the frame buffer ?)
	u32 Hover,   // usually 0x00000000, value OR'd 0x010000000 if stylus is over that slot. It's probably not a u32 but a struct of binary flags.
 }

struct item{
	s32 ItemID,  // -1 = unassigned
	s32 Amount,  // currently hold amount of item
	s32 Max,    // maximum amount of item holdable on that slot
}

[]+538 Should be the size of the backpack (max 15, or 0x0F)
It seems the chest has 30 slots, and the usable items are continuation of the chest slot number (30 to 35).
so there probably two different pointers for backpack and chest+usable

that game is long to reload and tcpgecko is not always working, even after successfully installing the exploit.

I know the start of the address pointed by the pointer, but not the pointer's position itself (I can see the pointer, but it's not fixed).
I'll fill the missing pointer address when I find it.
[]+ 538 = backpack size (max = 0x0E)
[]+ 54C = s32 clicked slot (backpack + usable)
[]+ 550 = s32 clicked slot (chest)
[] + 5A4 = START of backpack (slot structure x 15)
[] + 72C= START of second backpack? (slot structure x 15) (unused?)
[]+ 8EC = START of usable item (slot structure x 6)

Next I'll try to find address for HP, stats and upgrades.

 

[Onion_Knight]

I did some search yesterday, but it ended where I couldn't connect gecko anymore.
I just reboot the computer, it probably had issue with the opened port.

ZombiU is using pointers, I couldn't use Bully's pointer tool, so I searched them manually with HexWorkshop.
I think I found it, but I still need to test it to be sure I found the correct pointer.
The start of the player's info (or backpack?) is :
[111B16F0]+8EC

8EC is the position of the top-left usable item. (slot 30, see below)

Items are sorted like that in the structure, numbers are in decimal :

0 2 4 6 8 10 12 14  <-- backpack slot
1 3 5 7 9 11 13 15

30 31       32 33  <-- usable item slots
34             35

struct Backpack{ // Not sure yet, I need more tests. you said it's signed32?
    u32 ItemID,
    s32 Amount,
    s32 DispText,
    u32 unknown,
    u32 unknown,
    u32 unknown,
    u32 Hover, // becomes 1 is stylus is over that slot
}

[]+538 Should be the size of the backpack (max 15, or 0x0F)

Yes,
Backpack amount is a signed int 32. Maxx the number to fffffff and its negative. TCPGecko doesn't properly close down, it starts retrying to connect. I modified the gecko codehandler. The default one closes the socket so once the client breaks the conection you can't reconnect without redoing the whole thing. I made it rebindable so it would listen again after being torn down. It has made the process somewhat easier.

 

[Cyan]

please, share your version

 

[Onion_Knight]

please, share your version

GeckoDotNet will still kill it with unhandled error exceptions, but pygecko works like a champ. Let me know how it works for you.

 

[Muskusrat]

Quick question, can you activate a cheat (for example an Amiibo custom in Mario Kart). Then save the game and play at a later time, or is the cheat gone then and you need to activate it again?

 

[Cyan]

it depends how the game work, and how the cheat works.

For example, if the cheat only affect the "currently loaded model" or if it affect the "list of unlocked characters".
the first one is only redirecting the model used for the player at load time (instead of loading file_A.bin it loads file_B.bin)
the second one edit the memory so the game has the information that you unlocked it, saving the progress will keep it unlocked for next time you launch without cheats.


Onion : I tried your handler, and I can't connect TCPGecko. (or maybe the issue is on my router/firewall?)
I think pyGecko could connect, but I never used it, I don't know how to search codes with it.
I'll wait for pyGUI.

 

[Muskusrat]

it depends how the game work, and how the cheat works.

For example, if the cheat only affect the "currently loaded model" or if it affect the "list of unlocked characters".
the first one is only redirecting the model used for the player at load time (instead of loading file_A.bin it loads file_B.bin)
the second one edit the memory so the game has the information that you unlocked it, saving the progress will keep it unlocked for next time you launch without cheats.

Ok that sounds great for Mii customs in Mario Kart, normaly I do not use cheat (not really needed with current generation game difficulty), but buying all Amiibo is to expensive . Now I just wait for someone to find the Mii custome codes.

 

[Deathwolf1000]

Sometimes TCPGecko won't connect at all after running the kernel exploit + pyGecko. Even when the IP address is correct. It that still a little bug? Get the same result when the firewall is disabled..

 

[Cyan]

yeah, it seems I can't connect anymore.
I tried 3 times, rebooted the PC, tried Onion's handler, tried Fix's handler and wj44 handler. none worked.
I don't know if it's an issue on the console or PC's side.

 

[Onion_Knight]

yeah, it seems I can't connect anymore.
I tried 3 times, rebooted the PC, tried Onion's handler, tried Fix's handler and wj44 handler. none worked.
I don't know if it's an issue on the console or PC's side.

If you haven't rebooted your computer you need to. The TCPGeckoDotNet application will constantly send a SYN packet to your Wii U after it crashes. This causes your TCPGecko connection to terminate before you ever get into a game. Its why I prefer pyGecko.

To see if it your computer or the Wii U. Run the Kxploit, than the Pygecko codehandler. cd into the pyGecko folder and type,

python -i tcpgecko.py # drops you into a python shell with tcpgecko already imported
>>> rpc = TCPGecko('yourip')
>>> import struct
>>> addr = rpc.readmem(0x10000000, 4)
>>> print(struct.unpack('>I', addr)[0])
>>> exit()

this will print the 1st 4 bytes of the memrange and than exit. If your using my codehandler, you can exit this session and than run GeckoDotNet, I use this to troubleshoot which side is having issues.

 

[CosmoCortney]

it appears to be a bit tricky to swap the items in mk8.
probably because the character already holds the item in their hand..

 

[BullyWiiPlaza]

Sometimes TCPGecko won't connect at all after running the kernel exploit + pyGecko. Even when the IP address is correct. It that still a little bug? Get the same result when the firewall is disabled..

If you didn't close a connection properly before, it will block any further connection attempts so you have to close all TCP Gecko.NET instances in Task Manager and restart your Wii U

 

[Deathwolf1000]

I'll leave a few right here

Spoiler: Super Smash Bros 4 PAL v1.0

Character

P1
109353F7 000000XX

P2
10935477 000000XX

P3
109354F7 000000XX

P4
10935577 000000XX

P5
109355F7 000000XX

P6
10935677 000000XX

P7
109356F7 000000XX

P8
00FF01F7 000000XX

xx Values:
04 - mario
0C Luigi
0F Peach
10 Bowser
08 Yoshi
25 Rosalina
2C Bower JR.
17 Wario
05 Donkey Kong
1C Diddy Kong
14 Mr. Game and Watch
27 Little Mac
06 Link
11 Zelda
12 Sheik
15 Ganondorf
21 Toon Link
07 Samus
1A Zero Suit Samus
19 Pit
29 Palutena
13 Marth
1E Ike
2A Robin
2B Duck Hunt Duo
0D Captain Falcon
0E Ness
20 Rob
31 Geninja
2E Jigglypuff
1F Lucario
22 Charizard
0B Pikachu
16 Falco
0A Fox
18 Meta Knight
1D King Dedede
09 Kirby
28 Villager
1B Olimar
26 Wii Fit Trainer
2D Shulk
24 DR. Mario
30 Dark Pit
2F Lucina
32 Pac Man
33 Mega Man
23 Sonic

Color
P1
109353F4 000000XX

P2
10935474 000000XX

P3
109354F4 000000XX

P4
10935574 000000XX

P5
109355F4 000000XX

P6
10935674 000000XX

P7
109356F4 000000XX

P8
00FF01F4 000000XX



Stage
1093544C 0000XXXX
*also work on 8 player smash*

0101 Battle Field
2F2F Big Battle Field
0202 Final Destination
0404 Mushroom Kingdom U
0303 Mario Galaxy
0707 Delfion Plaza
0505 Mario Circuit
0808 Mario Circuit (Brawl
0606 Luigis Manson
0909 Junge Hijinx
0A0A Kongo Jungle
1717 Port Town Aero Drive
0E0E Norfair
2C2C Duck Hunt sideroll
2E2E Online Training Room
3333 All Star Mode Stage
.... more stage values coming soon

Play on Allstar Mode Stage (Example)
1093544C 00003333