Good tips for Unlocker Codes?

[Bully@Wiiplaza]

Hmm... it´s one of the hardest codes, because how should you go and find the adresses, which are holding the unlockable stuff? ???
Are there any good hints or anything related to find them easier? To unlock something and search for Equal, then load the save file with the thing locked again and search for Not Equal and so on can´t be the solution... it takes forever ::)
However, the Memory Viewer is VERY big, you can´t look through all pages to find it finally change...
So...?

[benny3t3]

search around 5 times for equal when you have it, and then load the save, then search for != when you don't have it.

you should find the adress a lot faster because many values change every .2 seconds.

[Skiller]

Hmm... it´s one of the hardest codes, because how should you go and find the adresses, which are holding the unlockable stuff? ???
Are there any good hints or anything related to find them easier? To unlock something and search for Equal, then load the save file with the thing locked again and search for Not Equal and so on can´t be the solution... it takes forever ::)
However, the Memory Viewer is VERY big, you can´t look through all pages to find it finally change...
So...?

what i normaly do is move my Save to my pc so i can look at it then i find the Save section in memory .. this will alow u to track were its pulling stuff that gets saved .
or u could dump the game compare the save to the dump and find Simler areas .. it is sometimes easyer to Compeare to saves then it is 2 Dumps . :P alot less changes :)

[dcx2]

I assume you mean unlockables at the start screen?  Not unlockables like skills or areas of the map etc?

If there's a GUI, you can scroll back and forth between two options and do search for equals/not-equals.  You should hopefully find something that indicates which option the cursor is on; if you use the Wiimote, then not pointing will probably be different from pointing at an item, so be careful with where you aim.

Then you have to sorta "feel" around the disassembly, and you might see something that checks what sort of options are allowed to show.  You can patch the check, and then the game will always think that the option is available, even if it's not in the save file.

[Bully@Wiiplaza]

what i normaly do is move my Save to my pc so i can look at it then i find the Save section in memory .. this will alow u to track were its pulling stuff that gets saved .
or u could dump the game compare the save to the dump and find Simler areas .. it is sometimes easyer to Compeare to saves then it is 2 Dumps . :P alot less changes :)

that´s reasonable but actually, sometimes the savegame is also VERY big... and how do I know, which adress in the save is the same as the one in the ram dump/memory viewer?
The save is like half of mem80 with always hexadecimal letters without paragraphs like 00000000 ...
there is a ton of data inside this save, and I know why... :rolleyes:

@dcx2: I meant the unlockable stuff in games, what you can get by doing special stuff (example: you win races to get more tracks)

[dcx2]

The basic principal that I suggested should still work.  equal/not-equal while you change tracks, until you find something that shows you what track you're pointing at.  Look around whoever is writing to it and maybe you'll see what decides which tracks are allowed.

[Bully@Wiiplaza]

The basic principal that I suggested should still work.  equal/not-equal while you change tracks, until you find something that shows you what track you're pointing at.  Look around whoever is writing to it and maybe you'll see what decides which tracks are allowed.

so, there is a value in the ram, which changes, when I am pointing at another track, but it isn´t a track modifier, when used with direct ram write?
Then I set a breakpoint write and if I change my pointed track, it obviously breaks and shows a stw.
Now, how can I see, which instruction decides which tracks are allowed or not?
The locked tracks are not "selectable/visible"

[dcx2]

When the "magic unlock value" is loaded from memory, there should be tests and conditional branches that determine what stages are allowed to show.  Once you find the "current stage value" in memory (and it will only exist when you're at the stage select screen; leave the screen and it may change), you will need to use the disassembly and look around to see who changes that value and how it decides how much the value should change.  It might take a lot of digging, though...however, the initial "bait" so to speak is the "current stage value", which you can control by selecting different stages.  My guess is that the value will be an index into an array of stage-preview-objects, but there are other ways to do it (linked lists, etc)

EDIT: in case it wasn't clear, the point is to work your way back from "current stage value" to something that looks like "max stage value".  Or, if you find the series of tests after the "read magic unlock value", unlock a stage or two and you'll see how the value changes...it probably sets a bit for each stage, so you set all the bits by changing it to 0xFF or 0xFFFF and all the tests will be true.

[Bully@Wiiplaza]

hmm that would explain why I often see unlocker codes with so many FFFF´s as value.
I once found a value, which was changing all the time, I selected another "stage/track". (on track one, it was 01, on track 2 it was 02...)
I´ll give it a go :p

[Bully@Wiiplaza]

here are my results in form of a video:

[spoiler]http://jafile.com/uploads/wiiplaza/attempt_on_an_unlocker_code.avi[/spoiler]

Which adress would you trust most? :p
Always as the value changed, I toggled through the "tracks".

To get these results, I did an unknown equal value search in mem80, when pointing at any colosseum.
Then I pointed at the next one, searching greater than.
first one again, less than. And so on.
After some searches, it went down to these adresses, which are somehow showing, which "track" I am pointing on. They may decide, if more tracks are allowed or not, but some poking, nothing useful happened.
I also did a few breakpoint code tests, with loading specific new values, but I couldn´t get further.
What to do next?

[Bully@Wiiplaza]

I thought you get some help at the wiird forum, where else should I go to get my answers??? :confused:

[Skiller]

note that alot of unlock codes are
00 = Closed
01 = open ..

Sometimes it might Stack them Bitwize

00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F

[Bully@Wiiplaza]

note that alot of unlock codes are
00 = Closed
01 = open ..

Sometimes it might Stack them Bitwize

00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F

but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.

[Skiller]

note that alot of unlock codes are
00 = Closed
01 = open ..

Sometimes it might Stack them Bitwize

00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F

but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.

THe address u seem to find are kinda like a menu option there just showing the one your pointing at u could try changing the 0008 part to something higher and it might alow u to point at the next unlocker or something .. on address 804811C8
see pointing at them like u did dont work to well alot of the times unless there Cheats as in Invicible on or off (in game cheat)

with unlocker codes u want to search fro them as u unlock them .. i was just messing with ToyStory 3 on the ps2 and working on there unlockers to find them all i did .. was take the save with them unlocked and compared them to on with locked and seen if i seen anything

i noticed a section of FFFFF so searched for it on Wiird and it happend to be my Unlockers . if i dont make sence its cuz im tired im goin to bed ..

[Bully@Wiiplaza]

note that alot of unlock codes are
00 = Closed
01 = open ..

Sometimes it might Stack them Bitwize

00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F

but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.

THe address u seem to find are kinda like a menu option there just showing the one your pointing at u could try changing the 0008 part to something higher and it might alow u to point at the next unlocker or something .. on address 804811C8

Lol, I set the last byte to 9 and i could go to the next icon in the list, but the bar was empty.
As I used this to play, it still gave me an old track, not one which would be normally there.
(I got the same track for number 10, 11 etc.) There are some more, I just didn´t unlock them because i am too lazy to do all the stuff. :-[

I can´t work with savegame mods since the game has 3,5 MB savegames and there are NO zero zones...
a lot is stored in the save, I also know why. can´t change this easily... (maybe with deleting all accounts and then comparing the empty save with my actual save and then with a perfect save from wiisave.com)
:rolleyes: