Hacking VitaCheat/FinalCheat Database

0x3000027E

Well-Known Member
Member
Joined
Mar 14, 2018
Messages
341
Trophies
0
Age
42
XP
1,326
Country
United States
Hi fellas I've been wondering if there is any cheats for Tales of the Hearts R (PCSE00429) been dying to play this game with cheats. A save file editor would be very welcome as well. On a side note I've been trying to search the addresses on my own but i seem to get a different address every time even if i get 1 result of the value I'm looking for. Thanks in advance
There is a "pointer" re-assigning the address each time.
I've found most of these Vita games have multi-level DMA that are difficult to crack without debuggers/software. Many of us are waiting for a solution. It seems a few people have an efficient way to find the pointers, but they won't share the method.

--------------------- MERGED ---------------------------

Hi, is there any other cheats for digimon cyber sleuth except for money?
The only one i found is money.
Have you tried using the fuzzy search option? With Vita games, you are much better off starting with an unknown initial value and going from there. Exact value searches are rarely useful.
 

Smoker1

Well-Known Member
Member
Joined
Feb 17, 2015
Messages
4,364
Trophies
1
Location
California
XP
4,594
Country
United States
There is a "pointer" re-assigning the address each time.
I've found most of these Vita games have multi-level DMA that are difficult to crack without debuggers/software. Many of us are waiting for a solution. It seems a few people have an efficient way to find the pointers, but they won't share the method.

Look at Speedfly. You know they have a way of finding Pointers, but instead of Sharing it, they want to keep it to themselves. You have to Pay in order to get the more Advanced Codes. But they only do a few Games at a time. Could be 1-3 Games a Month or every few Months. I say, until they release the How-to and Tools in order to find them, just Bug them with Request, since they want to be the only ones to know how to do it.
I got a few Advanced Codes I am highly considering Leaking...... For example, Call of Duty.....there is a Sub-Ammo Code, like Grenades or Flash-Bang Grenades, that Code has around 32 Address Lines!!!!!!!! Any normal Search would only give up 1 Line, then will go to another Address. All Addresses of this Code have $A200 in it, except the 31st Line which has $A100 . There is a "Hit Rate 100%" Code that has 5 Address Lines in it, and all the $#### Indicators are different. They are D504, 8201, 8800, 8601, and 8900. So yeah, they have a Tool that figures this out with the Memory Dumps. They just want to be Greedy about it.
 

aos10

Yuuki chan
Member
Joined
Apr 10, 2012
Messages
4,738
Trophies
1
Age
36
XP
3,787
Country
Saudi Arabia
There is a "pointer" re-assigning the address each time.
I've found most of these Vita games have multi-level DMA that are difficult to crack without debuggers/software. Many of us are waiting for a solution. It seems a few people have an efficient way to find the pointers, but they won't share the method.

--------------------- MERGED ---------------------------


Have you tried using the fuzzy search option? With Vita games, you are much better off starting with an unknown initial value and going from there. Exact value searches are rarely useful.
i could do that, but modifying each item alone will take time.
 

Smoker1

Well-Known Member
Member
Joined
Feb 17, 2015
Messages
4,364
Trophies
1
Location
California
XP
4,594
Country
United States
Here are 2 Messages I got from Speedfly about finding Pointers. If you understand this, awesome. But for a Noob like me..........:hateit:

psv pointer can use TempAR to find last level pointer,but not sure is real point
use decrypter eboot file and ida to guess breakpoint,then throw eboot to find is real point,but it's difficult
eboot need delete head 0x1000 data then use ida to analyzing

tempar only use find last pointer,need set mode to other then base address is 0x81000000,you need dump ram file from 0x81000000 to find
&A200 &A100 is assembly code,it's use eboot to find,eboot address is static address
for example
if game money max value is 0x98967f
use ida open edited eboot file then find 0x98967f or 0x967f and near have movt.w 0x98 use same register,you will find money write assembly code,change that code will effect in game,but you need know arm assembly code and know how find assembly,that's difficult and need long time to find
 
  • Like
Reactions: 0x3000027E

0x3000027E

Well-Known Member
Member
Joined
Mar 14, 2018
Messages
341
Trophies
0
Age
42
XP
1,326
Country
United States
I got a few Advanced Codes I am highly considering Leaking...... For example, Call of Duty.....there is a Sub-Ammo Code, like Grenades or Flash-Bang Grenades, that Code has around 32 Address Lines!!!!!!!! Any normal Search would only give up 1 Line, then will go to another Address. All Addresses of this Code have $A200 in it, except the 31st Line which has $A100 . There is a "Hit Rate 100%" Code that has 5 Address Lines in it, and all the $#### Indicators are different. They are D504, 8201, 8800, 8601, and 8900. So yeah, they have a Tool that figures this out with the Memory Dumps. They just want to be Greedy about it.

Another example: Silent Hill BOM has a breakpoint every instance an item or weapon is picked up. This can only mean moving pointers, and it just would't make much sense to try to sort that out with standard cheat engine search methods. For most of these games, we need to dump the memory and use a debugger to define and categorize the breakpoints. I'll start bugging them on Speedfly, but as long as they are making money I doubt we will get anywhere.

(Where is raing3? TempAR cheat engine and his pointer searcher were just fantastic for the PSP).
 
  • Like
Reactions: Smoker1

Smoker1

Well-Known Member
Member
Joined
Feb 17, 2015
Messages
4,364
Trophies
1
Location
California
XP
4,594
Country
United States
Exactly. I will be busy Moving the next Week or 2. If there is nothing by then, I am going to Post the Codes in their designated Files on a certain Site I am helping keep up to date *Cough* Git *Cough* Excuse me. Been Coughing a little lately. LOL
 
  • Like
Reactions: 0x3000027E

0x3000027E

Well-Known Member
Member
Joined
Mar 14, 2018
Messages
341
Trophies
0
Age
42
XP
1,326
Country
United States
Here are 2 Messages I got from Speedfly about finding Pointers. If you understand this, awesome. But for a Noob like me..........:hateit:

psv pointer can use TempAR to find last level pointer,but not sure is real point
use decrypter eboot file and ida to guess breakpoint,then throw eboot to find is real point,but it's difficult
eboot need delete head 0x1000 data then use ida to analyzing

tempar only use find last pointer,need set mode to other then base address is 0x81000000,you need dump ram file from 0x81000000 to find
&A200 &A100 is assembly code,it's use eboot to find,eboot address is static address
for example
if game money max value is 0x98967f
use ida open edited eboot file then find 0x98967f or 0x967f and near have movt.w 0x98 use same register,you will find money write assembly code,change that code will effect in game,but you need know arm assembly code and know how find assembly,that's difficult and need long time to find


Ah, okay, so I was using raing3's pointer searcher correctly for Vita memory dumps.

So, here's the tool:

http://raing3.gshi.org/forum/index.php?topic=1314.0

...and it does okay at finding some pointers, (although there are many phantom pointers and you have to manually sort them out). The other problem has been brought up in that second comment. I just don't know assembly code well enough, and in the past have relied on other software to handle that. That's the piece that is missing for me.

I'm going to try to work with ida a little more.
 
  • Like
Reactions: Smoker1

DocKlokMan

Plugin Dev
Member
Joined
Apr 20, 2007
Messages
3,013
Trophies
1
Age
34
XP
4,370
Country
United States
Here are 2 Messages I got from Speedfly about finding Pointers. If you understand this, awesome. But for a Noob like me..........:hateit:

psv pointer can use TempAR to find last level pointer,but not sure is real point
use decrypter eboot file and ida to guess breakpoint,then throw eboot to find is real point,but it's difficult
eboot need delete head 0x1000 data then use ida to analyzing

tempar only use find last pointer,need set mode to other then base address is 0x81000000,you need dump ram file from 0x81000000 to find
&A200 &A100 is assembly code,it's use eboot to find,eboot address is static address
for example
if game money max value is 0x98967f
use ida open edited eboot file then find 0x98967f or 0x967f and near have movt.w 0x98 use same register,you will find money write assembly code,change that code will effect in game,but you need know arm assembly code and know how find assembly,that's difficult and need long time to find
Basically, TempAR can be used to find pointers, but unlike more advanced tools such as Cheat Engine, it only finds the upper most level pointer. Most games have multi-level pointers, some going as far as 5-6 deep. The problem with this is like so:

Imaginary base pointer: 0x81345678 (this is what we're trying to find)

In memory dump 1 it goes 0x81345678 -> 0x81F12D3A -> 0x82AC9830 -> 0x83D7BF00

But in memory dump 2 it goes: 0x81345678 -> 0x81F12D3A -> 8x82CA2364 -> 0x86F765A0

In TempAR you will see 0x83D7BF00 or 0x86F765A0 but because they differ between the two dumps it won't be highlighted as green. And you won't get green results until you go 3-4 levels deep. This makes it VERY time consuming to check all the black results multi-levels deep.

What they do instead is dump a decrypted eBoot, remove the SELF header (first 0x1000 bytes) and then they decompile that eBoot in a reverse engineering application like IDA Pro. Then they find the function that controls what they want to cheat (Ammo usage) and they write a new function to do something different (no Ammo usage) covert it into assembly and use the $AXXX code type to overwrite the game's function with their own custom one.

Basically, they don't have access to any special pointer finding program. They're just reading the eBoot's decrypted data and rewriting it. Now, if TempAR got multi-level pointer searching like Cheat Engine does or if Cheat Engine allowed us to define a starting address offset for memory dumps like TempAR does, then we would likely be able to find pointers much easier.
 
Last edited by DocKlokMan,

BadBaneCat

New Member
Newbie
Joined
Mar 25, 2018
Messages
3
Trophies
0
Age
22
XP
28
Country
Philippines
Digimom hackers memory (USA)
_V0 item Memory Modifier 99
$0200 82FC599C 000000xx
$0000 82FC59A4 00000063

5B Memory Dx
38 Friendship Dx
06 HP Spray A
0B SP Spray Dx
0D Medical Spray Dx

DIgifarm item
C9 Best Meat
CA Vigor Mushroom
CB Mental Melon
CC Power Pine
CD Aegis Apple
CE Clever Carrot
CF Boost Banana
 

0x3000027E

Well-Known Member
Member
Joined
Mar 14, 2018
Messages
341
Trophies
0
Age
42
XP
1,326
Country
United States
Not all search works, for example i can't make a cheat to double my speed movement, or 1 hit KO.

For some of the cheats you have to get creative in how you go about the search.

For one hit KO, I always start with a boss. At the start of the fight he will have full health, so I start the initial fuzzy search with initial value unknown. Then, each time I hit the boss I apply a decrease search against the latest value. Keep up this procedure and you will be left with a handful of possible address. At least one of these address will define the bosses health, so you have to modify each address individually while returning to the game to see if any changes occur. Once you find the correct address (or addresses), you are golden.
In Ninja Gaiden Sigma plus 2 for example, the address for boss health is found to be 81D4EC9C. We can than use a "Pad" function to assign the Vita buttons to perform a certain action:

_V0 1 Hit Kill Boss
$C201 00000001 00000300
$0200 81D4EC9C 00000000

The code starts at $C201 and states "when ps vita buttons (00000001) R1 and L1 (00000300) are pressed, set the value at address 81D4EC9C to zero".

The process is similar for regular enemies, as their health values are also stored in an address somewhere. In this case, it's best to use the weakest weapons against the strongest enemies to find the address, since this will give you the most searches. If you already have a cheat for health, this will help you here.

Speed movement is a little more difficult because you have to find section of the game that speed up or slow down the character. (This is made much easier if you can find an item that modifies your speed, for example). Once you find one of these areas, you have to again start with unknown initial value and use "increase", "decrease" or "equal to" repeatedly, (using the appropriate search type depending on how the time is shifting). You also may have to reload the game several times, keeping your search results intact, to give you more opportunity to weed out the incorrect address.

Just play around with the searches a little bit and come up with creative ways to find address. You'll be surprised at what you will stumble on!
 
Last edited by 0x3000027E,
  • Like
Reactions: BadBaneCat

Conan179

Well-Known Member
Member
Joined
Mar 21, 2015
Messages
140
Trophies
0
Age
33
XP
758
Country
Germany
# PCSB00861

_V0 Money
$0200 8406F490 05F5E0FF

_V0 Usable Item To All Slot
$4001 83F51934 00000063
$0020 00000020 00000000

This might solve your troubles if you haven't had it sorted already.

_V0 Max Items All Slots
$4001 84023444 00000063
$0020 00000020 00000000

This is for the EU version of the Nonpdrm version.

Also to my knowledge I can't credit anyone as I haven't seen it around anywhere else and i've looked lol

all 3 cheats donst wokring on my vita. can any buddy helping?
 

KoRnBoy82

Member
Newcomer
Joined
Nov 27, 2008
Messages
15
Trophies
0
XP
211
Country
Canada
Anyone have anything for Dragon Quest Builders?

I'm working of a file but here are the offsets for Dragon Quest Builders. The codes are changing if you change the device language.

Item English French
BELT SLOT 1 x80 84AFA69A 84ADB3CA
BELT SLOT 2 x80 84AFA69E 84ADB3CE
BELT SLOT 3 x80 84AFA6A2 84ADB3D2
BELT SLOT 4 x80 84AFA6A6 84ADB3D6
BELT SLOT 5 x80 84AFA6AA 84ADB3DA
BELT SLOT 6 x80 84AFA6AE 84ADB3DE
BELT SLOT 7 x80 84AFA6B2 84ADB3E2
BELT SLOT 8 x80 84AFA6B6 84ADB3E6
BELT SLOT 9 x80 84AFA6BA 84ADB3EA
BELT SLOT 10 x80 84AFA6BE 84ADB3EE
BELT SLOT 11 x80 84AFA6C2 84ADB3F2
BELT SLOT 12 x80 84AFA6C6 84ADB3F6
BELT SLOT 13 x80 84AFA6CA 84ADB3FA
BELT SLOT 14 x80 84AFA6CE 84ADB3FE
BELT SLOT 15 x80 84AFA6D2 84ADB402
Infinite HP 84AE333E 84AC406E
Max Hunger 84AE3344 84AC4074
Max Attack 84AF6A18 84AD7748
Max Defense 84AF6A1A 84AD774A
Best Sword Slot15 84AFA70C 84ADB43C
Best Hammer Slot16 84AFA710 84ADB440
Set Days Elapsed To 1 Part1 84AE333C 84AC406C
Set Days Elapsed To 1 Part2 84AE334C 84AC407C
 
General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Fleshlight Musical instrument.... Lol