Hacking VitaCheat/FinalCheat Database

MNero · Sep 16, 2022

tomberyx said:
Yes but be patient ;-)
At the Moment inf.Skill Points

I will, thank you very much.

XMYDL · Sep 16, 2022

Yohoki said:
Here's a quick example...

You load up a game and vitacheat says seg0 is at 0x8100000. You find a cheat, and dump the address to pointer search.

You load the game up again, and vitacheat now say seg0 is at 0x81100000. You find a cheat, repeat.

When you go to pointer search, Let's say it finds a pointer in dump1 at 0x81001337. That pointer is still there on dump2, but the pointer searcher can't see it, because it's at 81101337.... That's the issue. The shift has hidden the pointer in the searches, because the base location has moved.

I worked around this in Ys VIII, by making a b200 code + a lvl2 pointer... But that required a lot of REALLY understanding the data structures, and manually reading the raw data in hxD and Cheat Engine.... I never got a valid pointer in TempAR, simply because of the randomized memory.

But, this plugin should stop the randomized memory allocation. If the game loads at 0x81000000, it should always load at 0x81000000. That means TempAR will always find the pointer in the second dump and upgrade it to green. Add more dumps, and it will stick out like a sore thumb. Or, use more powerful pointer searchers like Cheat Engine, and it'll single it out completely.

At least, that's the theory. Needs tested. I'm currently transferring jobs and prob won't be able to do anything this weekend while I transition into the new position. But if no one tests it until then, I'll give it a go soon.

A couple troublesome games I can remember that would be good to test on:
Ys VIII - Fairly easy to get the float values, but the game used 2-4 different "Zones" for it's random memory allocation.
Criminal Girls 2: Party Favors - If I remember right, this game was a piece of crap. It moved locations in memory every time you went to a different map. Tomberyx seems to have found values with a b200 and no pointer, though, so maybe not as tough as I thought it was.

Mods: Sorry for double post. I could have sworn this forum had an auto merge.. Haven't been in a few years.

Thank you Yohoki!!

I'm a newcomer learning ARM assembly for A100&A200 codes. So far I've learned quite a bit knoledge. Here comes the question. May I request your answer to my question? You may find it in PM.

In a game(specifically PENNY PUNCHING PRINCESS/プリンセスは金の亡者/PCSG00946), when I'm trying searching its in-battle money address, I've tried 8/16/32 fuzzy search and 0 results show out. I'd even tried ASCII storage format for searching the address but still nothing. May you give me any suggestion finding the address?

MNero · Sep 16, 2022

Smoker1 said:
OK, so thanks to Yohoki and the TempAR VE Mod, I decided to work on Spy Hunter (US) again. I got the Inf Boost Code.......just take your Pick. LOL. All work as far as I can tell, except on Water. Will need to get a different Code for that. Will also be working on Weapon Amounts and Weapon Ready Gauges. Then Vehicle Health Cores (a bitch to find), and the Mission Clock (Float Values, Counting Upwards in Seconds). Thought I found the ACTUAL Mission Timer, but after 5 Minutes (300 Seconds), Mission Failed. Thinking it might take 2 Codes (Float Counting Upwards, and Float Counting Downwards)

Here are the Inf Boost Codes

Edit - Added Inf (8) Flash Stunners/Swarm Missiles

# PCSE00068

_V0 Funds - Probably have to test again
$0200 811C22DC 000F423F

_V0 Inf Boost-1st Stage
$0200 81ED95F8 42C80000

_V0 Infinite Boost 1
$3201 811BD564 00000AA8
$3300 00000000 42C80000

_V0 Infinite Boost 2
$3201 811BD5BC 00000AA8
$3300 00000000 42C80000

_V0 Infinite Boost 3
$3201 811BF6E0 00000AA8
$3300 00000000 42C80000

_V0 Infinite Boost 4
$3201 817D7584 00000AA8
$3300 00000000 42C80000

_V0 Infinite Boost 5
$3201 818609D4 FFFFFE28
$3300 00000000 42C80000

_V0 Infinite Boost 6
$3201 81860BCC FFFFFBC8
$3300 00000000 42C80000

_V0 Infinite Boost 7
$3201 81860C3C FFFFF5D8
$3300 00000000 42C80000

_V0 Inf Flash-Swarm 1
$3001 81860A5C 00000350
$3300 00000000 00000008

_V0 Inf Flash-Swarm 2
$3001 81860BDC FFFFFFC0
$3300 00000000 00000008

can you use this one?

tomberyx · Sep 16, 2022

Yohoki said:
Lol. I make no promises to being back. Just wanted to drop some sage advice that I just happened upon while hacking a diff system on my spare time. This info's been out there for a long time, just none of us knew what is was called or how to stop it. Since there's a way now, if no one's noticed the connection yet, then you're welcome. XD

But really tho, the info's been out there... Like the Henkaku Vita Dev Wiki:

Or in theFlow's writeup of H-Encore:

The answer has been in our faces for years, we just didn't know it. We've got a name for it now, and a plugin to stop it.

XMYDL said:
Thank you Yohoki!!

I'm a newcomer learning ARM assembly for A100&A200 codes. So far I've learned quite a bit knoledge. Here comes the question. May I request your answer to my question? You may find it in PM.

In a game(specifically PENNY PUNCHING PRINCESS/プリンセスは金の亡者/PCSG00946), when I'm trying searching its in-battle money address, I've tried 8/16/32 fuzzy search and 0 results show out. I'd even tried ASCII storage format for searching the address but still nothing. May you give me any suggestion finding the address?

You have to find this Code with one Search ,beacuse a Loading screen is the issue and destroy your search if you search twice. The next issue is to know if you select the right Code.
For a100 codes i would take as much as you can the results and set it of Maximum, the next step is yours;-)

Us- version

# Title: Penny-Punching Princess
# ID: PCSE01143
# Region: US
# Version: 1.00
# Type: NoNpDrm
# Code Author: tomberyx

# PCSE01143

_V0 Walk Speed 3x
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000839
$0000 00000000 00000005

_V0 Untouchable
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000888
$0000 00000000 BAD0C0DE

_V0 inf.max HP
$3104 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000818
$0000 00000000 00000309
$3104 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000828
$0000 00000000 00000309

_V0 Walk thru Walls [ON-Up OFF-Down]
$C201 00000001 00000010
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000000
$C201 00000001 00000040
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000001

_V0 Hold Triangle to Fly
$C201 00000001 00001000
$3204 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 0000066C
$0000 00000000 4100BABE

_V0 inf.Money [Castle]
$0200 82A6B108 2E5BF271

_V0 --Alternative Codes below--
$0000 00000000 00000000

_V0 Walk Speed 3x
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000839
$0000 00000000 00000005

_V0 Untouchable
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000888
$0000 00000000 BAD0C0DE

_V0 inf.max HP
$3104 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000818
$0000 00000000 00000309
$3104 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000828
$0000 00000000 00000309

_V0 Walk thru Walls [ON-Up OFF-Down]
$C201 00000001 00000010
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000000
$C201 00000001 00000040
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000001

_V0 Hold Triangle to Fly
$C201 00000001 00001000
$3204 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 0000066C
$0000 00000000 4100BABE

NeoGranzon · Sep 16, 2022

XMYDL said:
Thank you Yohoki!!

I'm a newcomer learning ARM assembly for A100&A200 codes. So far I've learned quite a bit knoledge. Here comes the question. May I request your answer to my question? You may find it in PM.

In a game(specifically PENNY PUNCHING PRINCESS/プリンセスは金の亡者/PCSG00946), when I'm trying searching its in-battle money address, I've tried 8/16/32 fuzzy search and 0 results show out. I'd even tried ASCII storage format for searching the address but still nothing. May you give me any suggestion finding the address?

@XMYDL ,maybe this is like Ray Gigant and Assassin's Creed Chronicles,whatever search you do 8/16/32 normal or fuzzy also float the result is always 0,it is Vitacheat's fault that it is incomplete and don't have certain functions or don't adapt to certain games.

XMYDL · Sep 16, 2022

tomberyx said:
You have to find this Code with one Search ,beacuse a Loading screen is the issue and destroy your search if you search twice. The next issue is to know if you select the right Code.
For a100 codes i would take as much as you can the results and set it of Maximum, the next step is yours;-)

Us- version

# Title: Penny-Punching Princess
# ID: PCSE01143
# Region: US
# Version: 1.00
# Type: NoNpDrm
# Code Author: tomberyx

# PCSE01143

_V0 Walk Speed 3x
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000839
$0000 00000000 00000005

_V0 Untouchable
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000888
$0000 00000000 BAD0C0DE

_V0 inf.max HP
$3104 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000818
$0000 00000000 00000309
$3104 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000828
$0000 00000000 00000309

_V0 Walk thru Walls [ON-Up OFF-Down]
$C201 00000001 00000010
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000000
$C201 00000001 00000040
$3004 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000001

_V0 Hold Triangle to Fly
$C201 00000001 00001000
$3204 8FA642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 0000066C
$0000 00000000 4100BABE

_V0 inf.Money [Castle]
$0200 82A6B108 2E5BF271

_V0 --Alternative Codes below--
$0000 00000000 00000000

_V0 Walk Speed 3x
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000839
$0000 00000000 00000005

_V0 Untouchable
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000888
$0000 00000000 BAD0C0DE

_V0 inf.max HP
$3104 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000818
$0000 00000000 00000309
$3104 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 00000828
$0000 00000000 00000309

_V0 Walk thru Walls [ON-Up OFF-Down]
$C201 00000001 00000010
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000000
$C201 00000001 00000040
$3004 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 000006CF
$3300 00000000 00000001

_V0 Hold Triangle to Fly
$C201 00000001 00001000
$3204 8FB642A0 0000000C
$0000 00000000 000002B0
$0000 00000000 00000068
$0000 00000000 0000066C
$0000 00000000 4100BABE

Well! Is that means money&other codes are in the range 8FXXXXXX?

I've tested and it workedーーthey 'are' actually in range 8F~90. That's kinda' creepy.

tomberyx · Sep 16, 2022

I got a game in Range 90-91 but that is very very Rar 1or2 of 500..

tomberyx · Sep 16, 2022

# Title: Deception IV Blood Ties
# ID: PCSB00499
# Region: EU
# Version: 1.00
# Type: NoNpDrm
# Code Author: tomberyx

# PCSB00499

_V0 inf.HP
$B200 00000001 00000000
$3001 000052A4 00EAC6E4
$0000 00000000 000000FA

_V0 Player Walk Speed 2x
$B200 00000001 00000000
$3201 000052A4 00EACAA4
$0000 00000000 40000000

_V0 Player Speed 2x
$B200 00000001 00000000
$3201 000052A4 00EACA58
$0000 00000000 40000000

_V0 Player Speed [Slow-Motion]
$B200 00000001 00000000
$3201 000052A4 00EACA58
$0000 00000000 3D800000

_V0 Breast Speed 3x [Fun]
$B200 00000001 00000000
$3201 000052A4 00EACAB0
$0000 00000000 3DE0BABE

_V0 Player Freeze [hold X]
$B200 00000001 00000000
$C201 00000001 00004000
$3201 000285C0 00053F00
$0000 00000000 05000000

_V0 Player Size [use D-Pad]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 000052A4 00EAD5CC
$0000 00000000 3FC00000
$B200 00000001 00000000
$C201 00000001 00000040
$3201 000052A4 00EAD5CC
$0000 00000000 3EB00000
$B200 00000001 00000000
$C201 00000001 00000080
$3201 000052A4 00EAD5CC
$0000 00000000 40800000
$B200 00000001 00000000
$C201 00000001 00000020
$3201 000052A4 00EAD5CC
$0000 00000000 3F800000

_V0 Kill yourself [hold R-Select]
$B200 00000001 00000000
$C201 00000001 00000201
$3201 000285C0 00053EFC
$0000 00000000 00040000

_V0 No Status Effect
$B200 00000001 00000000
$3001 000285C0 00053DC8
$0000 00000000 00000000

_V0 max.Ability-Charge [semi]
$B200 00000001 00000000
$3201 000052A0 0029114C
$0000 00000000 0000012C
$B200 00000001 00000000
$3201 000052A0 00291154
$0000 00000000 0000012C
$B200 00000001 00000000
$3201 000052A0 00291168
$0000 00000000 0000012C

_V0 [Enemies] Freeze [hold X]
$B200 00000001 00000000
$C201 00000001 00004000
$7201 000052A4 00EB68E0
$7701 00000000 05000000
$0003 00009F00 00000000

_V0 [Enemies] Instant-Kill [push Select]
$B200 00000001 00000000
$C201 00000001 00000001
$7201 000285C0 0005DDFC
$7701 00000000 00040000
$0003 00009F00 00000000

_V0 [Enemies] Slow-Motion
$B200 00000001 00000000
$7201 000052A4 00EB6958
$7701 00000000 3CF00000
$0003 00009F00 00000000

_V0 [Enemies] Size [use D-Pad]
$B200 00000001 00000000
$C201 00000001 00000010
$7201 000052A4 00EB74CC
$7701 00000000 40400000
$0003 00009F00 00000000
$B200 00000001 00000000
$C201 00000001 00000040
$7201 000052A4 00EB74CC
$7701 00000000 3EB00000
$0003 00009F00 00000000
$B200 00000001 00000000
$C201 00000001 00000080
$7201 000052A4 00EB74CC
$7701 00000000 40E00000
$0003 00009F00 00000000
$B200 00000001 00000000
$C201 00000001 00000020
$7201 000052A4 00EB74CC
$7701 00000000 3F800000
$0003 00009F00 00000000

_V0 [Enemies] Bad Status
$B200 00000001 00000000
$7001 000285C0 0005DCC8
$7701 00000000 0000000F
$0003 00009F00 00000000

_V0 Instant Win [hold Select-UP]
$B200 00000001 00000000
$C201 00000001 00000011
$3001 000052A0 000D14B4
$0000 00000000 00000002

_V0 max.Raff.Sad.Blam [after Win]
$B200 00000001 00000000
$7201 000052A0 00291170
$7701 00000000 000BDE31
$0004 00000004 00000000

_V0 max.ARK & WAR
$B200 00000001 00000000
$3201 000052A0 000D1A50
$0000 00000000 0076ADF1
$0000 00000000 00000000
$B200 00000001 00000000
$3201 000052A0 000D202C
$0000 00000000 0076ADF1

_V0 Unlock Everything [Main-Menu]
$B200 00000001 00000000
$3201 000052A0 000D2024
$0000 00000000 02020202
$B200 00000001 00000000
$7001 000052A0 000D3A9C
$7701 00000000 00000001
$00A6 00000010 00000000
$B200 00000001 00000000
$7001 000052A0 000D1B99
$7701 00000000 00000001
$0064 00000001 00000000
$B200 00000001 00000000
$7001 000052A0 000D1E66
$7701 00000000 00000002
$0004 00000001 00000000

_V0 Head-Rotation [Fun]
$B200 00000001 00000000
$3201 000052A4 00EACAB0
$0000 00000000 BAD0BABE

_V0 Brocken-Neck [Fun]
$B200 00000001 00000000
$3201 000285C0 0005D420
$0000 00000000 C1740000

_V0 Crazy-Stairs [Fun]
$B200 00000001 00000000
$3201 000285C0 000538F4
$0000 00000000 41220000

_V0 Deform-Body [Focus Enemy]
$B200 00000001 00000000
$3201 000285C0 0005D45C
$0000 00000000 40400000

_V0 Walking-Blood [Fun] [get a Hit]
$B200 00000001 00000000
$4001 00034A60 00000001
$0003 00000030 00000000
$4001 00034A64 00000003
$0003 00000030 00000000

_V0 Camera Vertical [ON-Up OFF-Down]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 000052A4 00F9FA60
$0000 00000000 40700000
$B200 00000001 00000000
$C201 00000001 00000040
$3201 000052A4 00F9FA60
$0000 00000000 00000000

_V0 Camera Wide
$B200 00000001 00000000
$3201 000285C0 0014708C
$0000 00000000 3F800000

_V0 Camera Stretch [use D-Pad]
$B200 00000001 00000000
$C201 00000001 00000010
$3201 0000031C 000E9A48
$0000 00000000 3F31E000
$B200 00000001 00000000
$C201 00000001 00000040
$3201 0000031C 000E9A48
$0000 00000000 3FE1E1E2
$B200 00000001 00000000
$C201 00000001 00000080
$3201 0000031C 000E9A48
$0000 00000000 4051E000
$B200 00000001 00000000
$C201 00000001 00000020
$3201 0000031C 000E9A48
$0000 00000000 3EE0BABE

_V0 Freeze Game [ON-R OFF-L]
$B200 00000001 00000000
$C201 00000001 00000100
$0000 000346A4 00000000
$0000 00000000 00000000
$C201 00000001 00000200
$0000 000346A4 00000001
$0000 00000000 00000000

_V0 Background Green
$B200 00000001 00000000
$3201 000052A0 002583F0
$0000 00000000 C0000000

_V0 Instant see Ending [Note 1]
$B200 00000001 00000000
$C201 00000001 00000001
$0200 00035C6C 00000016

_V0 Tomberyx hidden Message [go and find it]
$B200 00000001 00000000
$3201 000CDA14 00000A20
$0000 00000000 006F0050
$B200 00000001 00000000
$3201 000CDA14 00000A22
$0000 00000000 0072006F
$B200 00000001 00000000
$3201 000CDA14 00000A24
$0000 00000000 006E0072
$B200 00000001 00000000
$3201 000CDA14 00000A26
$0000 00000000 0050006E
$B200 00000001 00000000
$3201 000CDA14 00000A28
$0000 00000000 00690050
$B200 00000001 00000000
$3201 000CDA14 00000A2A
$0000 00000000 00670069
$B200 00000001 00000000
$3201 000CDA14 00000A2C
$0000 00000000 00000067
$B200 00000001 00000000
$3201 000CDA14 00000A00
$0000 00000000 00650052
$B200 00000001 00000000
$3201 000CDA14 00000A02
$0000 00000000 00640065
$B200 00000001 00000000
$3201 000CDA14 00000A04
$0000 00000000 00530064
$B200 00000001 00000000
$3201 000CDA14 00000A06
$0000 00000000 006F0053
$B200 00000001 00000000
$3201 000CDA14 00000A08
$0000 00000000 006E006F
$B200 00000001 00000000
$3201 000CDA14 00000A0A
$0000 00000000 006A006E
$B200 00000001 00000000
$3201 000CDA14 00000A0C
$0000 00000000 0061006A
$B200 00000001 00000000
$3201 000CDA14 00000A0E
$0000 00000000 00160061
$B200 00000001 00000000
$3201 000CDA14 00000A10
$0000 00000000 00000016
$B200 00000001 00000000
$3201 000CDA14 00000A40
$0000 00000000 00650050
$B200 00000001 00000000
$3201 000CDA14 00000A40
$0000 00000000 00650050

_V0 -------------------
$0000 00000000 00000000

_V0 [Note 1] Use Code only in Language-Settings
$0200 8145AC6C 00000000

_V0 push-Select to activate.
$0200 81000000 00000000

_V0 -------------------
$0000 00000000 00000000

MNero · Sep 16, 2022

Kendy819 said:
Pls help cheat game 99 vidas Us version!

got?

tomberyx · Sep 16, 2022

MNero said:
got?

Yes use my Link below
Edit:
I think its EU

MNero · Sep 16, 2022

tomberyx said:
Yes use my Link below
Edit:
I think its EU

I apologize but I couldn't find any version of the game in your folder.

monodevil · Sep 17, 2022

Yohoki said:
Here's a quick example...

You load up a game and vitacheat says seg0 is at 0x8100000. You find a cheat, and dump the address to pointer search.

You load the game up again, and vitacheat now say seg0 is at 0x81100000. You find a cheat, repeat.

When you go to pointer search, Let's say it finds a pointer in dump1 at 0x81001337. That pointer is still there on dump2, but the pointer searcher can't see it, because it's at 81101337.... That's the issue. The shift has hidden the pointer in the searches, because the base location has moved.

I worked around this in Ys VIII, by making a b200 code + a lvl2 pointer... But that required a lot of REALLY understanding the data structures, and manually reading the raw data in hxD and Cheat Engine.... I never got a valid pointer in TempAR, simply because of the randomized memory.

But, this plugin should stop the randomized memory allocation. If the game loads at 0x81000000, it should always load at 0x81000000. That means TempAR will always find the pointer in the second dump and upgrade it to green. Add more dumps, and it will stick out like a sore thumb. Or, use more powerful pointer searchers like Cheat Engine, and it'll single it out completely.

At least, that's the theory. Needs tested. I'm currently transferring jobs and prob won't be able to do anything this weekend while I transition into the new position. But if no one tests it until then, I'll give it a go soon.

A couple troublesome games I can remember that would be good to test on:
Ys VIII - Fairly easy to get the float values, but the game used 2-4 different "Zones" for it's random memory allocation.
Criminal Girls 2: Party Favors - If I remember right, this game was a piece of crap. It moved locations in memory every time you went to a different map. Tomberyx seems to have found values with a b200 and no pointer, though, so maybe not as tough as I thought it was.

Mods: Sorry for double post. I could have sworn this forum had an auto merge.. Haven't been in a few years.

I had to dust off my vita and give it a go. Its gonna take me some time to see how all this goes.

Yohoki · Sep 17, 2022

tomberyx said:
You have to find this Code with one Search ,beacuse a Loading screen is the issue and destroy your search if you search twice. The next issue is to know if you select the right Code.
For a100 codes i would take as much as you can the results and set it of Maximum, the next step is yours;-)

The loading screen is causing the ASLR to kick in and memory is randomly re-allocated. The noASLR program might nuke this and give static addresses. Pointer searching should be simple after that.

NeoGranzon said:
@XMYDL ,maybe this is like Ray Gigant and Assassin's Creed Chronicles,whatever search you do 8/16/32 normal or fuzzy also float the result is always 0,it is Vitacheat's fault that it is incomplete and don't have certain functions or don't adapt to certain games.

If you cannot search in vitacheat, using a dump and running that in Cheat Engine should still work. It has much more robust searches, like 64bit floats and Array of Byte scans. If you have the BGFTP app, you can make a dump and transfer it in-game, run a search in Cheat Engine, and then make a new dump to repeat the searches.

XMYDL said:
Well! Is that means money&other codes are in the range 8FXXXXXX?

I've tested and it workedーーthey 'are' actually in range 8F~90. That's kinda' creepy.

If it's in the 8F-90 range, it's probably needing a pointer. Unless that's just how high the SEg0/1 goes. I do recall a couple with absurdly high Seg1 numbers.

monodevil said:
I had to dust off my vita and give it a go. Its gonna take me some time to see how all this goes.

Hopefully, very well, old friend. Again, I haven't tested it. But, I have high hopes.

monodevil · Sep 17, 2022

Alright so far I'm doing an Infinite HP for a game called Natural Doctrine. This was the last game I was working on until I took a break due to annoying pointer searching. Comparing my old dumps to new ones done with noASLR and I honestly don't see a difference. Its a game that doesn't use segments so I have to look for pointers. Before I could only find up to reds, now I can only find up reds still so nothing really changed. Nothing too different in the memory addresses either.

I don't know, maybe I installed noASLR wrong. Its been awhile since I messed with my Vita. Just to make sure the noaslr.skprx goes into the tai folder in the ur0: folder right? And you add
ur0:tai/noaslr.skprx
under KERNEL in the config.txt in the tai folder then restart your Vita right?

This also just might not be one of those games that randomly changes its pointer addresses.

tomberyx · Sep 17, 2022

i tried the same as monodevil but on 2 psvitas one always has the pattern 81100000
and the other 81200000

after that i used the same game with pointer codes (codes made without noaslr)

_V0 inf.HP X
$3004 85A804F4 0000000C
$0000 00000000 000000D4
$0000 00000000 00000010
$0000 00000000 000001A4
$0000 00000000 0000004E

_V0 inf.HP Y
$3004 86A804F4 0000000C
$0000 00000000 000000D4
$0000 00000000 00000010
$0000 00000000 000001A4
$0000 00000000 0000004E

I thought if noaslr worked then the game would have to work on both Psvitas either X or Y but unfortunately it's not
one use X and the other Y.

WARNING!!! do not make the mistake
and set the path to "ALL" vita will not boot..

---------------------------------------
*ALL
ur0:tai/noaslr.skprx
ur0:tai/InfiniteNet.suprx
ur0:tai/WDNR.suprx
ur0

lugins/GoHANmem.suprx
-------------------------------------

Important Information!
The pattern XYZ does change only if you restart Game but never in game itself.

Yohoki · Sep 17, 2022

monodevil said:
Alright so far I'm doing an Infinite HP for a game called Natural Doctrine. This was the last game I was working on until I took a break due to annoying pointer searching. Comparing my old dumps to new ones done with noASLR and I honestly don't see a difference. Its a game that doesn't use segments so I have to look for pointers. Before I could only find up to reds, now I can only find up reds still so nothing really changed. Nothing too different in the memory addresses either.

I don't know, maybe I installed noASLR wrong. Its been awhile since I messed with my Vita. Just to make sure the noaslr.skprx goes into the tai folder in the ur0: folder right? And you add
ur0:tai/noaslr.skprx
under KERNEL in the config.txt in the tai folder then restart your Vita right?

This also just might not be one of those games that randomly changes its pointer addresses.

ASLR shouldn't affect pointers at all. That's a separate issue. I think the main thing to look for is the seg0/1 locations. Are they static now? because a lot of games have the locations move sometimes, either on boot, or switching map levels, etc. You have installed it correctly, though. It would require a reboot of the vita, and it might also now show up under the TXT file in your dumps. I think the plugins are also loaded in order from top to bottom, so putting it higher on the list may also have an effect.

tomberyx said:
i tried the same as monodevil but on 2 psvitas one always has the pattern 81100000
and the other 81200000

after that i used the same game with pointer codes

_V0 inf.HP X
$3004 85A804F4 0000000C
$0000 00000000 000000D4
$0000 00000000 00000010
$0000 00000000 000001A4
$0000 00000000 0000004E

_V0 inf.HP Y
$3004 86A804F4 0000000C
$0000 00000000 000000D4
$0000 00000000 00000010
$0000 00000000 000001A4
$0000 00000000 0000004E

I thought if noaslr worked then the game would have to work on both Psvitas either X or Y but unfortunately it's not
one use X and the other Y.

WARNING!!! do not make the mistake
and set the path to "ALL" vita will not boot..

---------------------------------------
*ALL
ur0:tai/noaslr.skprx
ur0:tai/InfiniteNet.suprx
ur0:tai/WDNR.suprx
ur0lugins/GoHANmem.suprx
-------------------------------------

Important Information!
The pattern XYZ does change only if you restart Game but never in game itself.

This IS the kind of thing that i think the plugin should help with. Are those pointers based in seg0/1?

Also, ya, it's a sKprx (K for Kernel) plugin, not a sUprx (U for User) plugin. I haven't touched my vita in a few years, but I'm pretty sure skprx plugins can only be installed under kernel.

tomberyx · Sep 17, 2022

New Report!
It works!!!! Seg1 does not shift i tried it on both psVitas.
Now i ask my selfe what can i do now with it....

Yohoki · Sep 17, 2022

YES!!!!

Yohoki · Sep 17, 2022

SORRY FOR DOUBLE POST BUT THATS IT!!!! GIVE ME A FEW MINUTES TO EXPLAIN!

Yohoki · Sep 17, 2022

OK. This is great news!

So, think about this for a second. Seg0/seg1 are the game's CODE, not just variables and such, but actual running, programming, code. In that code includes references to stored data, like your HP and what not. Those references are the pointers. Now, if we know where those pointers are in seg0, for instance, we can make a b200 code, to always use that location inside the seg0 to find the pointer. Makes sense, the b200 codes are basically pointers to inside the seg0/1 areas. Since the useful areas of seg0 are programming code, they need to always be the same, so the offset for pointers rooted in seg0 are always going to be there.

The issue comes with pointer searching. TempAR doesn't know where Seg0 starts. So, it doesn't see that seg0 in one dump is at 8100, and at 8200 in another. Since they're shifted, tempAR will NEVER find a useful ROOTED pointer inside that segment. But if we turn ASLR off, then suddenly the segments are now STATIC, not dynamic.

So, now EVERY dump will have seg0 at 8100 (or whatever vitacheat shows). Which means TempAR can find useful pointers rooted inside the static seg0. Find a useful working pointer in seg0. Once you have that, find it's offset from seg0 and make a b200 code for it. It should now work on all vitas, even if they don't have noASLR installed, because it's a b200 code.

Hacking VitaCheat/FinalCheat Database

Member

Well-Known Member

Member

Well-Known Member

シュウ 「グラビトロンカノン 発射!」

Well-Known Member

Well-Known Member

Well-Known Member

Attachments

Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Attachments

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum

シュウ「グラビトロンカノン発射!」