Hacking Tutorial

ok, I went to cmp, and it looks awsome, but there is one problem.

it leaves out alot of stuff in the hacking tutorial, like for instance, here is what people would say; "where did you get this address, you didn't show this at all!", and stuff like that....

Here is a new code I am working on, it has to do somehting with "beast". like the beast.

0037b8d0 6b7d0000

syntax is "ldl sp, $0000(k1)

 

I'm gonna hack some more GBA, then we'll touch quickly on N64, then PS1, then PS2. There will be an update tomorrow. I'm going to bed now. Thanks for this opportunity, Evil.

 

sweet, cant wait

 

ok, guys, I found some sweet codes, but I didn't do something. the command "1".

0037b8d0 6b7d0000 - does nothing because the beggining of the address is "0", which is the command.

we want it to be one.

so........it comes out like this.

1037b8d0 6b7d0000

I think it will do something, so I am going to check it out.

see ya, and thinks evil man for telling me about CMP (where I got the info)

 

why do you guys act like working from a lower consoles makes it easier than from starting from newer one? learning MIPS wise you'll be going through hell since each consoles runs under a different type (no, consoles from the same geration don't run on the same the same mips. example: PS1 runs in R3000a and N64 runs in R40000) which means some codes are found differently depending on the mips it uses. which will make you learning how to make certain codes more difficult because you will get confused

plus you guys are using emulators which takes away looking through dumps problem. why not just go straight to the console you wanna hack? it will make all of this ALOT easier

i thought the same thing when i started, so i started learning PSX hacking before i started PS2 hacking. it confused me till i realised that

 

ok, I can't believe this, but nothing is working!

I tried one of the tutorials and I came up with this:

1016ee4c 00000001
1016ee50 00000001

nothing happened!

and the beast cheat......nothing happened!

stinks.......CMP teaches crap

wait...I think I did something....my bad....I think (well I think it is supposed to be 1 in the front since the values are lower than 000000ff.)

anyway, how do you get to the "find string" thing in ps2dis? I tried pressing ctrl + f, but it did nothing but sent me to another thing. help me please!

here is the guide I am using - http://www.codemasters-project.net/...al/cmp_plugins/content/content.php?content.55

 

your codes set up wrong, it should look like this since it's 8-bit
0016EE4C 00000001
0016EE50 00000001

what games is this?
and what type of label did you you try to hack (string, quote etc.)

 

thanks, but can you explain the bit thing for me?

anyway, it was a quote label (duh, because all but 5 are quote labels in kingdom hearts 2!), oh, and it is kingdom hearts 2! (american)

EDIT: I got I got the bit thing!

0 - equal to or under 000000ff

1 - equal to or between 00000100 - 0000ffff

2 - equal to or between 00010000 - ffffffff

W00T!

by the way, here is all the codes that need testing!

2011A630 42000039

1011A630 00000812

2011A630 80808080

203788f8 42000039

103788f8 00000812

203788f8 80808080

2037c00c 3c1d001

2037c010 3c1d001

0037c014 00000001

2037a2f0 17534f42

2037b8d0 6b7d0000 (or 6b7d0001) - beast code

0016ee4c 00000001

0016ee50 00000001




Thanks in advance!

P.S.- does anyone still know how to do the "find string" thing? I tried, but when I pressed ctrl + f, it sent me to another thing.

 

click "G" :D...

and your kinda confused with the bit thing, u got it right, but you should say:

8 bit = 2 digits = comamnd "0"
16 bit = 4 digits = command "1"
32 bit = 8 digits = command "2"

and i shoud point out that even if a code is something like XXXXXXXX 01000002
it should be a 2 even though there are only 2 digits... but you know this...

For anyone who didnt know, heres what the syntax in PS2DIS means:

Code:

[COLOR=Black][FONT=Arial] ADD -- Add 
Description: Adds two registers and stores the result in a register 
Operation: $d = $s + $t; advance_pc (4); 
Syntax: add $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 0000 

ADDI -- Add immediate 
Description: Adds a register and a signed immediate value and stores the result in a register 
Operation: $t = $s + imm; advance_pc (4); 
Syntax: addi $t, $s, imm 
Encoding: 0010 00ss ssst tttt iiii iiii iiii iiii 

ADDIU -- Add immediate unsigned 
Description: Adds a register and an unsigned immediate value and stores the result in a register 
Operation: $t = $s + imm; advance_pc (4); 
Syntax: addiu $t, $s, imm 
Encoding: 0010 01ss ssst tttt iiii iiii iiii iiii 

ADDU -- Add unsigned 
Description: Adds two registers and stores the result in a register 
Operation: $d = $s + $t; advance_pc (4); 
Syntax: addu $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 0001 

AND -- Bitwise and 
Description: Bitwise ands two registers and stores the result in a register 
Operation: $d = $s & $t; advance_pc (4); 
Syntax: and $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 0100 

ANDI -- Bitwise and immediate 
Description: Bitwise ands a register and an immediate value and stores the result in a register 
Operation: $t = $s & imm; advance_pc (4); 
Syntax: andi $t, $s, imm 
Encoding: 0011 00ss ssst tttt iiii iiii iiii iiii 

BEQ -- Branch on equal 
Description: Branches if the two registers are equal 
Operation: if $s == $t advance_pc (offset << 2)); else advance_pc (4); 
Syntax: beq $s, $t, offset 
Encoding: 0001 00ss ssst tttt iiii iiii iiii iiii 

BGEZ -- Branch on greater than or equal to zero 
Description: Branches if the register is greater than or equal to zero 
Operation: if $s >= 0 advance_pc (offset << 2)); else advance_pc (4); 
Syntax: bgez $s, offset 
Encoding: 0000 01ss sss0 0001 iiii iiii iiii iiii 

BGEZAL -- Branch on greater than or equal to zero and link 
Description: Branches if the register is greater than or equal to zero and saves the return address in $31 
Operation: if $s >= 0 $31 = PC + 8 (or nPC + 4); advance_pc (offset << 2)); else advance_pc (4); 
Syntax: bgezal $s, offset 
Encoding: 0000 01ss sss1 0001 iiii iiii iiii iiii 

BGTZ -- Branch on greater than zero 
Description: Branches if the register is greater than zero 
Operation: if $s > 0 advance_pc (offset << 2)); else advance_pc (4); 
Syntax: bgtz $s, offset 
Encoding: 0001 11ss sss0 0000 iiii iiii iiii iiii 

BLEZ -- Branch on less than or equal to zero 
Description: Branches if the register is less than or equal to zero 
Operation: if $s <= 0 advance_pc (offset << 2)); else advance_pc (4); 
Syntax: blez $s, offset 
Encoding: 0001 10ss sss0 0000 iiii iiii iiii iiii 

BLTZ -- Branch on less than zero 
Description: Branches if the register is less than zero 
Operation: if $s < 0 advance_pc (offset << 2)); else advance_pc (4); 
Syntax: bltz $s, offset 
Encoding: 0000 01ss sss0 0000 iiii iiii iiii iiii 

BLTZAL -- Branch on less than zero and link 
Description: Branches if the register is less than zero and saves the return address in $31 
Operation: if $s < 0 $31 = PC + 8 (or nPC + 4); advance_pc (offset << 2)); else advance_pc (4); 
Syntax: bltzal $s, offset 
Encoding: 0000 01ss sss1 0000 iiii iiii iiii iiii 

BNE -- Branch on not equal 
Description: Branches if the two registers are not equal 
Operation: if $s != $t advance_pc (offset << 2)); else advance_pc (4); 
Syntax: bne $s, $t, offset 
Encoding: 0001 01ss ssst tttt iiii iiii iiii iiii 

DIV -- Divide 
Description: Divides $s by $t and stores the quotient in $LO and the remainder in $HI 
Operation: $LO = $s / $t; $HI = $s % $t; advance_pc (4); 
Syntax: div $s, $t 
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1010 

DIVU -- Divide unsigned 
Description: Divides $s by $t and stores the quotient in $LO and the remainder in $HI 
Operation: $LO = $s / $t; $HI = $s % $t; advance_pc (4); 
Syntax: divu $s, $t 
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1011 

J -- Jump 
Description: Jumps to the calculated address 
Operation: PC = nPC; nPC = (PC & 0xf0000000) | (target << 2); 
Syntax: j target 
Encoding: 0000 10ii iiii iiii iiii iiii iiii iiii 

JAL -- Jump and link 
Description: Jumps to the calculated address and stores the return address in $31 
Operation: $31 = PC + 8 (or nPC + 4); PC = nPC; nPC = (PC & 0xf0000000) | (target << 2); 
Syntax: jal target 
Encoding: 0000 11ii iiii iiii iiii iiii iiii iiii 

JR -- Jump register 
Description: Jump to the address contained in register $s 
Operation: PC = nPC; nPC = $s; 
Syntax: jr $s 
Encoding: 0000 00ss sss0 0000 0000 0000 0000 1000 

LB -- Load byte 
Description: A byte is loaded into a register from the specified address. 
Operation: $t = MEM[$s + offset]; advance_pc (4); 
Syntax: lb $t, offset($s) 
Encoding: 1000 00ss ssst tttt iiii iiii iiii iiii 

LUI -- Load upper immediate 
Description: The immediate value is shifted left 16 bits and stored in the register. The lower 16 bits are zeroes. 
Operation: $t = (imm << 16); advance_pc (4); 
Syntax: lui $t, imm 
Encoding: 0011 11-- ---t tttt iiii iiii iiii iiii 

LW -- Load word 
Description: A word is loaded into a register from the specified address. 
Operation: $t = MEM[$s + offset]; advance_pc (4); 
Syntax: lw $t, offset($s) 
Encoding: 1000 11ss ssst tttt iiii iiii iiii iiii 

MFHI -- Move from HI 
Description: The contents of register HI are moved to the specified register. 
Operation: $d = $HI; advance_pc (4); 
Syntax: mfhi $d 
Encoding: 0000 0000 0000 0000 dddd d000 0001 0000 

MFLO -- Move from LO 
Description: The contents of register LO are moved to the specified register. 
Operation: $d = $LO; advance_pc (4); 
Syntax: mflo $d 
Encoding: 0000 0000 0000 0000 dddd d000 0001 0010 

MULT -- Multiply 
Description: Multiplies $s by $t and stores the result in $LO. 
Operation: $LO = $s * $t; advance_pc (4); 
Syntax: mult $s, $t 
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1000 

MULTU -- Multiply unsigned 
Description: Multiplies $s by $t and stores the result in $LO. 
Operation: $LO = $s * $t; advance_pc (4); 
Syntax: multu $s, $t 
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1001 

NOP -- no operation 
Description: Performs no operation. 
Operation: advance_pc (4); 
Syntax: nop 
Encoding: 0000 0000 0000 0000 0000 0000 0000 0000 

Note: The encoding for a NOOP represents the instruction SLL $0, $0, 0 which has no side effects. In fact, nearly every instruction that has $0 as its destination register will have no side effect and can thus be considered a NOOP instruction. 
OR -- Bitwise or 
Description: Bitwise logical ors two registers and stores the result in a register 
Operation: $d = $s | $t; advance_pc (4); 
Syntax: or $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 0101 

ORI -- Bitwise or immediate 
Description: Bitwise ors a register and an immediate value and stores the result in a register 
Operation: $t = $s | imm; advance_pc (4); 
Syntax: ori $t, $s, imm 
Encoding: 0011 01ss ssst tttt iiii iiii iiii iiii 

SB -- Store byte 
Description: The least significant byte of $t is stored at the specified address. 
Operation: MEM[$s + offset] = (0xff & $t); advance_pc (4); 
Syntax: sb $t, offset($s) 
Encoding: 1010 00ss ssst tttt iiii iiii iiii iiii 

SLL -- Shift left logical 
Description: Shifts a register value left by the shift amount listed in the instruction and places the result in a third register. Zeroes are shifted in. 
Operation: $d = $t << h; advance_pc (4); 
Syntax: sll $d, $t, h 
Encoding: 0000 00ss ssst tttt dddd dhhh hh00 0000 

SLLV -- Shift left logical variable 
Description: Shifts a register value left by the value in a second register and places the result in a third register. Zeroes are shifted in. 
Operation: $d = $t << $s; advance_pc (4); 
Syntax: sllv $d, $t, $s 
Encoding: 0000 00ss ssst tttt dddd d--- --00 0100 

SLT -- Set on less than (signed) 
Description: If $s is less than $t, $d is set to one. It gets zero otherwise. 
Operation: if $s < $t $d = 1; advance_pc (4); else $d = 0; advance_pc (4); 
Syntax: slt $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 1010 

SLTI -- Set on less than immediate (signed) 
Description: If $s is less than immediate, $t is set to one. It gets zero otherwise. 
Operation: if $s < imm $t = 1; advance_pc (4); else $t = 0; advance_pc (4); 
Syntax: slti $t, $s, imm 
Encoding: 0010 10ss ssst tttt iiii iiii iiii iiii 

SLTIU -- Set on less than immediate unsigned 
Description: If $s is less than the unsigned immediate, $t is set to one. It gets zero otherwise. 
Operation: if $s < imm $t = 1; advance_pc (4); else $t = 0; advance_pc (4); 
Syntax: sltiu $t, $s, imm 
Encoding: 0010 11ss ssst tttt iiii iiii iiii iiii 

SLTU -- Set on less than unsigned 
Description: If $s is less than $t, $d is set to one. It gets zero otherwise. 
Operation: if $s < $t $d = 1; advance_pc (4); else $d = 0; advance_pc (4); 
Syntax: sltu $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 1011 

SRA -- Shift right arithmetic 
Description: Shifts a register value right by the shift amount (shamt) and places the value in the destination register. The sign bit is shifted in. 
Operation: $d = $t >> h; advance_pc (4); 
Syntax: sra $d, $t, h 
Encoding: 0000 00-- ---t tttt dddd dhhh hh00 0011 

SRL -- Shift right logical 
Description: Shifts a register value right by the shift amount (shamt) and places the value in the destination register. Zeroes are shifted in. 
Operation: $d = $t >> h; advance_pc (4); 
Syntax: srl $d, $t, h 
Encoding: 0000 00-- ---t tttt dddd dhhh hh00 0010 

SRLV -- Shift right logical variable 
Description: Shifts a register value right by the amount specified in $s and places the value in the destination register. Zeroes are shifted in. 
Operation: $d = $t >> $s; advance_pc (4); 
Syntax: srlv $d, $t, $s 
Encoding: 0000 00ss ssst tttt dddd d000 0000 0110 

SUB -- Subtract 
Description: Subtracts two registers and stores the result in a register 
Operation: $d = $s - $t; advance_pc (4); 
Syntax: sub $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 0010 

SUBU -- Subtract unsigned 
Description: Subtracts two registers and stores the result in a register 
Operation: $d = $s - $t; advance_pc (4); 
Syntax: subu $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d000 0010 0011 

SW -- Store word 
Description: The contents of $t is stored at the specified address. 
Operation: MEM[$s + offset] = $t; advance_pc (4); 
Syntax: sw $t, offset($s) 
Encoding: 1010 11ss ssst tttt iiii iiii iiii iiii 

SYSCALL -- System call 
Description: Generates a software interrupt. 
Operation: advance_pc (4); 
Syntax: syscall 
Encoding: 0000 00-- ---- ---- ---- ---- --00 1100 

XOR -- Bitwise exclusive or 
Description: Exclusive ors two registers and stores the result in a register 
Operation: $d = $s ^ $t; advance_pc (4); 
Syntax: xor $d, $s, $t 
Encoding: 0000 00ss ssst tttt dddd d--- --10 0110 

XORI -- Bitwise exclusive or immediate 
Description: Bitwise exclusive ors a register and an immediate value and stores the result in a register 
Operation: $t = $s ^ imm; advance_pc (4); 
Syntax: xori $t, $s, imm 
Encoding: 0011 10ss ssst tttt iiii iiii iiii iiii[/FONT][/COLOR]

 

about wat khkid said early, i agree. cloud told me the same thing. gba hacking is completly different then using ps2dis. so y not start at ps2. ill barly hack gba codes, i dont even play snes anymore, and psx is kinda just, well not interesting, now im more than willing to learn. ill download w/e i need and give it my all. even if it takes me a year

 

Khkid is right. We're doing PS2 then. Update after I eat lunch in a couple of hours.

 

alright, but please start wit kh2. i hate wen people use other games, and i will be testing those codes u sent me in an hour or so, ill give u results later

 

Everything in KH2 has pretty much been made. I think I'm gonna use Jak 3 to begin. I need to make a dump code for it though.

 

but thats a good thing, id rather hack codes that were already made so i get the hang of hacking, u know wat i mean...

 

But the thing is, I have no idea what was going on in the hacker's head when he made the code.

 

yah, I know all about the syntax, but thanks for puting here for all of us.

but hold, "g" is only to find a specific address, not to find a string.....

anyway, has anyone tested any of my codes?

 

Listen, your codes aren't gonna work because you don't know what you're doing. I will update the tut in a little while. After lunch.

 

actually I know what I am doing............

I went to the "beast" address and went to the first code thing, and changed the offset to "0000" so the syntax looked like "ldl sp, $0000"

I added the "sp" in there so it would point to the last part of the block.


I DO know what I am doing.....kind of.

but seriouly, I don't need any tutorials from you, no offence, but I have CMP to find tutorials on how to do this stuff.

now anyway, "g" just sends me to send to a specifies address, when I want to look up a a hex string. got it?

 

Epic failure. Totally wrong.

 

I've been looking at CMP and been trying to learn.

Anyways, not everything has been hacked in KH2 yet. I want to find a code to play as Org. Roxas (if you can play as Pajama Roxas, then why not this?).