TCP gecko memory poking unkown value for item location

Discussion in 'Wii U - Hacking & Backup Loaders' started by manpccore, Jan 31, 2016.

  1. manpccore

    manpccore Advanced Member

    Jan 25, 2016
    United States
    according to

    I've partially decoded how gear is stored in memory. Here are some findings for XCX v1.0.1E/U:

    Addr range forRangedWeapons:1C3AC6B8 to 1C3B2448(24 bytes per)Addr range forMeleeWeapons:1C3B2460 to 1C3B81F0(24 bytes per)Addr range forArmor:1C3A6910 to 1C3AC6A0(24 bytes per)Addr range forSkellWeapons:1C3A0B68 to 1C3A68F8(24 bytes per)Addr range forSkellArmor:1C39ADC0 to 1C3A0B50(24 bytes per)

    Format: wwwwxxxx yyyyyyyy zzzzpppq aaaabbbb cccc1111 22223333
    w:2-byte unknown; includes gear ID (with embedded maker + specs)
    x:2-byte unknown; ranged wep=0xC008/0xC009, melee wep=0xE008/0xE009
    y:4-byte unknown; possibly indicates item purchase / found locations; only seen \0 inlast6 bits
    z:2-byte unknown; only seen 0x0000
    p:10-bit placement index (incl upper 2 bits of 3rdbyte)
    q:6-bit unknown; only seen 0b000000
    a-c: gear/skell skill ID 1-3: subformat yyyi
    y:12-bit (packed); skill type +base lvl (if applicable); see codes/gear_id_v1.0.1e.txt
    i:4-bit skill level incr (+0 to +15)1-3: augment slot 1-3:0xFFFF=no slot,0x0000= empty slot, other values = possibly augment slot ID
    Addr range forAugments:1C3B8208 to 1C3BB0D0(12 bytes per)Format: unknown
    Note that randomly poking 'w' or 'x' often leads to XCX crashing back to title screen.

    Using this data, I can modify the skills on a particular gear slot, and add/remove augment slots. You will need to find which slot your target gear is located; I suggest using tcpGecko to scan for changes while you equip/swap your target gear around. Once found, here are some useful skill mods (poke into the latter 3 words):

    PotentialUp XX,PotentialBoost XX,TreasureSensor XX,3 empty slots
    0A001400 DE000000 00000000

    MeleeAttackUp XX,MeleeAccuracyUp XX,MeleeAttackBoost XX,3 empty slots0780118003C0000000000000


    i have few noob questions:
    when i start TCP gecko how do i search for the targeted gear location? so i can poke the

    codes u mentioned?

    in search process what data types number should i choose 32bit? and drop list with : 01:10 etc numbers which should i pick?
    another weird thing is when i go to ram viewer section nothing updates when i change items - menu - gear etc i kept clicking on update but am not seeing alot of memory blocks like video

    i read the tutorial on and

    thanks in advance, simple step by step guide would be nice for newb like me on how to do those codes to gear
  2. manpccore

    manpccore Advanced Member

    Jan 25, 2016
    United States
    anyone ?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice