ARM means in this situation you attacking the boot-file (Main-Source) not plugins like i do (half).
If you can not change A100 to A200 the reason could be BF at the end because this is a function and not a Value . But i could be also wrong.. what happend if you like to set the Value for money manualy
1111 instead of BF does it work? ,i think not!
Last edited by tomberyx,
Sometimes you will need more Lines for just one Effect. It is just a hint not more.
hi can you make all item code for "atelier escha & logy" ?? i badly need it so much bc i don't have the time to play and looking for the items lol
it's okay if u don't want to do it, i can understand
Now I've found the inf ammo code. You're right! There'd be two lines of codes but I found it by a really hard way. Here's the code.
_V0 Inf ammo
$B200 00000000 00000000
$A100 0002132E 00001E29
$A200 0002150C E24E0000
Even if I found the code, I still don't think the process is even acceptable. It's too hard by searching many codes. What I 've done is search regular expression in IDA with (SUB.?.? .., .., #1), it mathces sth like (SUBS R1, R5, #1) which means r1=r5-1, r5 is the primary ammo value and r1 would be the current ammo value. Then search them with lines (CMP r5, #0) which means r5(primary ammo value) is not 0. (Accurately it means compare r5 to 0, then process next step.) Following this I found ~10 values and tried them one by one. Also as you mentioned there were two lines so I search the lines that correspond a function twice or more. At last I modify the two correct (SUB.?.? .., .., #1) to (SUB.?.? .., .., #0), which means no ammo was used.
However I think this could be done much more easier and formally. Not by searching regular expressions. Also the certain two lines may be usable with nop(BF00), but I kinda not figured out.
Last edited by XMYDL,
Thank you for explaining! I've checked some games and found out the difference between A100 and A200.(Might possibly wrong but this is what I thought.) Both A100 and A200 could use BF00 codes, but occasionally A200 may not be usable(prefer$A100 00000000 0000BF00 to $A200 00000000 BF00BF00). So always use A100 to describe BF00 stuffs. A200's certain function is to descirbe (b #0x37280 etc.) which means int(jump) the address above as 0x37280 etc. Only if the value is more than four numbers we should use A200 codes. For example:
$A100 00000000 00001E07(only 4 numbers, use A100)
$A200 00000000 0003E7F0(5 numbers, use A200)
In online code converter, generate the code like this:
With $A100 codes, input your ARM code in ARM to HEX and look at Thumb Big Endian(ticking GDB/LLDB). That's the code you need to input .
With $A200 codes, input your ARM code in ARM to HEX and look at ARM Big Endian(ticking GDB/LLDB). That's the code you need to input .
Contradictly, disassembling any $A100 codes by inputing your hex code in HEX to ARM and look at Thumb Big Endian. That's the ARM code.
With $A200 codes, input your hex code in HEX to ARM and look at ARM Big Endian. That's the ARM code.
Specifically, when you generate code like 0000AE28, this is an $A200 code. 0000 also refers to ARM codes. While AE28 is an $A100 code.
Also, use 0000BF00 only in $A100 codes. In $A200 it seems to be E320F000 but it's not like this. It's BF00BF00. Even though sometimes it doesn't work properly.(which I didn't figure out why)
Last edited by XMYDL,
Fantastic man you did it !
Your Ammo Code works awsome but sadly the Money Code not it doesent matter because we got Ammo and this is a big win to create A100.
You wrote many interesting Stuff so i can not study everything at the moment(Vacation).
Im very impressed about your work. and hope we keep working together until we kick Vita-Cheat's ass and burn down everything that can be burned.
Your Ammo Code works awsome but sadly the Money Code not it doesent matter because we got Ammo and this is a big win to create A100.
You wrote many interesting Stuff so i can not study everything at the moment(Vacation).
Im very impressed about your work. and hope we keep working together until we kick Vita-Cheat's ass and burn down everything that can be burned.
Thank you so much.
Money code worked on my vita and it's only a NOP code. I'm using nnd 1.00 version of Bullet Girls S2.
Now I'm facing the biggest problem in ARM codes, which is finding HP address. We could make one hit/inf HP with this. However i's abnormally difficult and I have no idea about it.
For example in Bullet Girls S2, I tried over hundreds of codes but none of them worked. I tried searching maximum value of it, which might be 1000(I'm not sure). And I tried search items add hp(first-aid) for the sake of referring HP address. But still I can't figure it out. Might you give me a hand for it?
If it's not possible for it to find HP address in Bullet Girls, then I need to try PCSG00632(Valkyrie Bikhuni). Someone already did the ARM code but somehow its not capable with the version now. I'll put it down here.
Code:
# PCSG00632
_V0 BP Max
$B200 00000000 00000000
$A100 0013A914 00001C00
$A100 0013B98C 00001C00
$A200 0013B98E 01FFF24E
$A200 0013B992 51F5F2C0
_V0 HP always the same
$B200 00000000 00000000
$A200 00515FE0 EE608A80
$A200 00515FE4 E5971CDC
$A200 00515FE8 E3510000
$A200 00515FEC 0E788AE8
$A200 00515FF0 E5971000
$A200 00515FF4 E51FF004
$A200 00515FF8 8105FB1D
$A100 0005FB16 00004778
$A200 0005FB18 EA12D930
_V0 one hit
$B200 00000000 00000000
$A200 00515FE0 E0870000
$A200 00515FE4 E5971CDC
$A200 00515FE8 E3510000
$A200 00515FEC 1EF08A40
$A200 00515FF0 EE300A68
$A200 00515FF4 E51FF004
$A200 00515FF8 8105FB79
$A100 0005FB72 00004778
$A200 0005FB74 EA12D919
_V0 HP+one hit
$B200 00000000 00000000
$A200 00515FE0 E0870000
$A200 00515FE4 E5971CDC
$A200 00515FE8 E3510000
$A200 00515FEC 0E788AE8
$A200 00515FF0 1EF08A40
$A200 00515FF4 EE300A68
$A200 00515FF8 E51FF004
$A200 00515FFC 8105FB79
$A100 0005FB72 00004778
$A200 0005FB74 EA12D919
_V0 scroll max
$B200 00000000 00000000
$A100 000CAEEC 0000E000
_V0 combo 999
$B200 00000000 00000000
$A100 0005D874 00001C00I did the BP and Combo myself, it's usable like this.
Code:
_V0 BP Max
$B200 00000000 00000000
$A100 0013A914 0000BF00
_V0 combo 999
$B200 00000000 00000000
$A100 0005D874 0000BF00However I can't really understand how he found HP address.
About HP code;
If the HP bar is not available or hidden then only fuzzy search helps in this case.
1.when you are looking for HP code then always avoid a loading screen because loading may reset the game memory and you will never find the code. Applies to every game except it does not change the memory ram (easy to find out)
For Bullet Girls 2 I had already found HP code but didn't get interesting for me in the past because of invincible code.
Lesson 1 (for all games)
Before you look after difficult codes for example HP,Invincible or walk speed....
You must always look first for something that can be found quickly,for example Money-Code if you have this code and it is between 89-8A always look here first no matter what code it should be and if you are not lucky change Range to 8A-8B and so on.
i prefer always 81-85 on most of the games (many Results...but im fine with that).
There are games out there which uses 8A-8F or even 90-93(very rar) keep it in mind.
--Instruction HP Code Bullet Girls 2--
1. First use Fuzzy Search/ get a hit and search </ get a hit and search </ and so on..
if you use HP-Potion ,search > with fuzzy. Avoid a Loading Screen;-)
In some games HP (hidden)will be refill automatically you have to know this (Important).
If you get some HP-Code Results (Avoid 8XXXXXX -Values are useless ) set everything to Zero ,if Character suddendly dies you got the right code if game-crash wrong code;-) but do not forget, a Loading Screen can make your new-HP code useless. In this case a dump would help if you are looking for pointers.
I think it is important for you (A100) to know the default value of the HP code Dec,Hex,or Float and how high it is set.
You can find this value according to my instructions above, but unfortunately you must have set all values (results) to zero (if HP is hidden) in order to find the HP code at all. But don't panic, I'm sure you know how to find out something cheap like that;-)
About HP and One Hit Code A100;
In this case we should ask ourselves why someone puts HP and One hit codes together on one line, that doesn't make sense I wouldn't do something like that.
1. Is it possible that HP and One Hit Code does together harmonize, 2Effects
with one code?
2.Who harmonizes with whom, who is alpha? (probably one hit code)
3.Or did this Code-Author put both codes on one line for his private purposes.... It's not that important, but it could still be interesting.
It's a pity that I don't have a PC at the moment, I would enjoy experimenting;-)
If the HP bar is not available or hidden then only fuzzy search helps in this case.
1.when you are looking for HP code then always avoid a loading screen because loading may reset the game memory and you will never find the code. Applies to every game except it does not change the memory ram (easy to find out)
For Bullet Girls 2 I had already found HP code but didn't get interesting for me in the past because of invincible code.
Lesson 1 (for all games)
Before you look after difficult codes for example HP,Invincible or walk speed....
You must always look first for something that can be found quickly,for example Money-Code if you have this code and it is between 89-8A always look here first no matter what code it should be and if you are not lucky change Range to 8A-8B and so on.
i prefer always 81-85 on most of the games (many Results...but im fine with that).
There are games out there which uses 8A-8F or even 90-93(very rar) keep it in mind.
--Instruction HP Code Bullet Girls 2--
1. First use Fuzzy Search/ get a hit and search </ get a hit and search </ and so on..
if you use HP-Potion ,search > with fuzzy. Avoid a Loading Screen;-)
In some games HP (hidden)will be refill automatically you have to know this (Important).
If you get some HP-Code Results (Avoid 8XXXXXX -Values are useless ) set everything to Zero ,if Character suddendly dies you got the right code if game-crash wrong code;-) but do not forget, a Loading Screen can make your new-HP code useless. In this case a dump would help if you are looking for pointers.
I think it is important for you (A100) to know the default value of the HP code Dec,Hex,or Float and how high it is set.
You can find this value according to my instructions above, but unfortunately you must have set all values (results) to zero (if HP is hidden) in order to find the HP code at all. But don't panic, I'm sure you know how to find out something cheap like that;-)
About HP and One Hit Code A100;
In this case we should ask ourselves why someone puts HP and One hit codes together on one line, that doesn't make sense I wouldn't do something like that.
1. Is it possible that HP and One Hit Code does together harmonize, 2Effects
with one code?
2.Who harmonizes with whom, who is alpha? (probably one hit code)
3.Or did this Code-Author put both codes on one line for his private purposes.... It's not that important, but it could still be interesting.
It's a pity that I don't have a PC at the moment, I would enjoy experimenting;-)
Last edited by tomberyx,
Oh! I forgot to point out I was using version 1.00 for editing the code. I'll try for 1.01 if there'd be some time. I was just totally confused by valkyrie bikhuni's code cause I can't get HP and one hit codes run on my vita with any version! I doubt it's because I'm using z05 vitacheat but who knows! INSTALLING VALKYRIE BIKHUNI IS A KIND OF TORTURE 'CAUSE IT'S ENORMOUSLY HUGE!! I've tried mai version and some other things but it just don't work.
You're absolutely right. We need the address in RAM to be able to find it in ARM. I've searched a sketchy instruction for finding this. It could be translated as this:
First, check the HP address with vitacheat, and rewrite the instruction that is written to the offset from the address that is thought to be the base address before the HP address to the assembly that does nothing as NOP (BF00) above.
This one depends on the offset, but there are few corresponding assembly, and the risk of freezing or crashing is small even if it is rewritten.
We can now not only search the maximum value, but also the offset. However I miss the point what base address and offset means. I can imagine there is a base address using offset distinguishing characters but I have question about finding it out.
# Title: Valkyrie Drive Bhikkhuni
# ID: PCSB01011
# Region: EU
# Version: 1.01
# Type: NoNpDrm
# Code Author: tomberyx
_V0 inf.HP
$C201 00000000 00000000
$3202 82A55C5C 00000008
$0000 00000000 00002EA4
$0000 00000000 44424000
_V0 max.Attack-Gauge
$3002 82A55C5C 00000008
$0000 00000000 00003988
$0000 00000000 00000004
_V0 inf.max Syncro-Gauge
$3202 82A55C5C 00000008
$0000 00000000 00003944
$0000 00000000 00000000
_V0 inf.max Scrolls
$3002 82A55C5C 00000008
$0000 00000000 00003948
$0000 00000000 00000003
_V0 Hold X to Fly
$C201 00000001 00004000
$3202 82A55C5C 00000008
$0000 00000000 000023C4
$0000 00000000 41B0BABE
Codes from the Past ,could help you..
# ID: PCSB01011
# Region: EU
# Version: 1.01
# Type: NoNpDrm
# Code Author: tomberyx
_V0 inf.HP
$C201 00000000 00000000
$3202 82A55C5C 00000008
$0000 00000000 00002EA4
$0000 00000000 44424000
_V0 max.Attack-Gauge
$3002 82A55C5C 00000008
$0000 00000000 00003988
$0000 00000000 00000004
_V0 inf.max Syncro-Gauge
$3202 82A55C5C 00000008
$0000 00000000 00003944
$0000 00000000 00000000
_V0 inf.max Scrolls
$3002 82A55C5C 00000008
$0000 00000000 00003948
$0000 00000000 00000003
_V0 Hold X to Fly
$C201 00000001 00004000
$3202 82A55C5C 00000008
$0000 00000000 000023C4
$0000 00000000 41B0BABE
Codes from the Past ,could help you..
For games that have different versions, THEY DON'T READ EBOOT.BIN IN /APP/PCSGXXXX, THEY READ EBOOT.BIN IN /PATCH/PCSGXXXX.
I need to reconsider the money code in Bullet Girls S2. But it would be easier to find out. By copying the HEX VALUE of the previous version code and search it in new version of eboot.bin. But I'll need some time for doing it 'cause now I'm focusing on the HP code.
That's a very good hint (patch files) didn't think that this area is also important,good work.
I noticed if the address is within Seg1 then you don't need to create an A100 but a B200 is enough and it's very quick. All addresses outside of Seg1 need pointers and B200++ or A100 but with (maybe) two lines. B-Girls 2 money code is inside Seg1 and you made an A100 code with one line. This is only marginal information, I don't know if it's correct for the A100, but it almost looks like it.
Everything outside of Seg 1 needs two or more Lines of Code,my theory could also be wrong ;-)
I noticed if the address is within Seg1 then you don't need to create an A100 but a B200 is enough and it's very quick. All addresses outside of Seg1 need pointers and B200++ or A100 but with (maybe) two lines. B-Girls 2 money code is inside Seg1 and you made an A100 code with one line. This is only marginal information, I don't know if it's correct for the A100, but it almost looks like it.
Everything outside of Seg 1 needs two or more Lines of Code,my theory could also be wrong ;-)
Last edited by tomberyx,
Forgot who it is, but there is a User here that is trying to make a Cheat Engine like VitaCheat, and hopefully, will work with Homebrew. Wish the Dev of VC would release the Source, so others who are Knowledgeable, can improve upon it.
Similar threads
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
K3Nv2:
Aw shit sonics got that orange cloud circle whatever the hell they call it out rip cholesterol -
@
Psionic Roshambo:
I think the Mister is cool and all, but honestly I have seen some video's exploring the difference between hardware and software emulation and the advantages of both.... I would pick software over FPGA, wouldn't mind some sort of hybrid approach but I can only imagine how complex that would be and how expensive. -
-
-
-
-
-
-
-
