Text only | Text with Images

WiiRd forum

Wii & Gamecube Hacking => Wii Game hacking help => Topic started by: Bully@Wiiplaza on August 28, 2010, 08:28:49 PM

Title: Hack the amount of gained points?
Post by: Bully@Wiiplaza on August 28, 2010, 08:28:49 PM
I am trying to make a code for Mario Kart, which let´s you "choose" the amount of Versus Ranking Points you get after the race.
Normally, you get more if you do well and minus if you do bad. It´s calculated from the points of the other players and your ranking...
My idea was that I set a Write BP on the Points adress, to gain the instruction, which is executed, when I get some points in a race!
Is it possible? :confused:


Infos:
adress from the points in the Mem Viewer 90176BC2
r6 seems to be my total points
r4´s adress contained the value 02E2C580
In this race, I got 12 points, in hex 0C.
How can I modify the points, I should get after the race now?
It shouldn´t just write my new VR ;)

 CR:28200088  XER:00000000  CTR:00000002 DSIS:02400000
DAR:90176BC0 SRR0:8064F73C SRR1:0000B032   LR:8064F67C
 r0:00000000   r1:80398FE8   r2:8038EFA0   r3:00000000
 r4:9017DBA8   r5:00000000   r6:00002528   r7:9016DB70
 r8:0000004B   r9:00000017  r10:00000000  r11:80398E48
r12:8064FAF4  r13:8038CC00  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:809C1F18  r19:8102DE6C
r20:00000002  r21:000000F0  r22:81016A4C  r23:00000008
r24:00000018  r25:00000001  r26:809C0000  r27:808AF204
r28:00000000  r29:809C0000  r30:00000001  r31:81015308

 f0:C1DFFFFF   f1:C1AFAFAF   f2:00000000   f3:41400000
 f4:42DCD8C0   f5:59800000   f6:40400000   f7:3F800000
 f8:00000000   f9:59800004  f10:41422C9B  f11:40825623
f12:00000000  f13:3F7FFE1D  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:00000000

8064F73C:  B0C49018   sth   r6,-28648(r4)
8064F740:  48000090   b   0x8064f7d0
8064F744:  5460063E   rlwinm   r0,r3,0,24,31
8064F748:  3C80809C   lis   r4,-32612
8064F74C:  1C0000F0   mulli   r0,r0,240
8064F750:  80A4D728   lwz   r5,-10456(r4)
8064F754:  3C80808B   lis   r4,-32629
8064F758:  7CA50214   add   r5,r5,r0
8064F75C:  388432A0   addi   r4,r4,12960
8064F760:  A0050D00   lhz   r0,3328(r5)
8064F764:  90810008   stw   r4,8(r1)
8064F768:  2800270F   cmplwi   r0,9999
8064F76C:  B001000C   sth   r0,12(r1)
8064F770:  4081000C   ble-   0x8064f77c
8064F774:  3800270F   li   r0,9999
8064F778:  B001000C   sth   r0,12(r1)
8064F77C:  A001000C   lhz   r0,12(r1)
8064F780:  28000001   cmplwi   r0,1
8064F784:  4080000C   bge-   0x8064f790
8064F788:  38000001   li   r0,1
8064F78C:  B001000C   sth   r0,12(r1)
8064F790:  3C80809C   lis   r4,-32612
8064F794:  A0C1000C   lhz   r6,12(r1)
8064F798:  80E4D748   lwz   r7,-10424(r4)
8064F79C:  A8070036   lha   r0,54(r7)
8064F7A0:  2C000000   cmpwi   r0,0
8064F7A4:  41800020   blt-   0x8064f7c4
8064F7A8:  3C800001   lis   r4,1
8064F7AC:  5405063E   rlwinm   r5,r0,0,24,31
8064F7B0:  380493F0   subi   r0,r4,27664
8064F7B4:  7C0029D6   mullw   r0,r0,r5
8064F7B8:  7C870214   add   r4,r7,r0
8064F7BC:  38840038   addi   r4,r4,56
8064F7C0:  48000008   b   0x8064f7c8
8064F7C4:  38800000   li   r4,0
8064F7C8:  3C840001   addis   r4,r4,1
8064F7CC:  B0C49020   sth   r6,-28640(r4)
8064F7D0:  5460063E   rlwinm   r0,r3,0,24,31
8064F7D4:  38C00000   li   r6,0
8064F7D8:  1F6000F0   mulli   r27,r0,240
8064F7DC:  3B400000   li   r26,0
8064F7E0:  3FA0809C   lis   r29,-32612
8064F7E4:  3FE0808C   lis   r31,-32628
8064F7E8:  3FC0809C   lis   r30,-32612
8064F7EC:  5743063E   rlwinm   r3,r26,0,24,31
8064F7F0:  7C03E000   cmpw   r3,r28
8064F7F4:  41820198   beq-   0x8064f98c
8064F7F8:  80BE1E38   lwz   r5,7736(r30)
8064F7FC:  80050098   lwz   r0,152(r5)
8064F800:  7C601A14   add   r3,r0,r3
8064F804:  880302D8   lbz   r0,728(r3)
8064F808:  7C040775   extsb.   r4,r0
8064F80C:  41800180   blt-   0x8064f98c
8064F810:  80650000   lwz   r3,0(r5)
8064F814:  80630404   lwz   r3,1028(r3)
8064F818:  4BF83079   bl   0x805d2890
8064F81C:  809E1E38   lwz   r4,7736(r30)
8064F820:  80840000   lwz   r4,0(r4)
8064F824:  80040000   lwz   r0,0(r4)
8064F828:  2C000068   cmpwi   r0,104

there was no blr where I could stop the instructions :P
Idk if it is the right breakpoint, after one race it hit, then I set it again and it hit instantly. That´s what I posted here.
After that, it didn´t hit anymore... could be right.

I remember, what is *before* is more important, but what is after is still important :o
[spoiler](http://img90.imageshack.us/img90/1493/zwischenablage05.png)
[/spoiler]
Title: Re: Hack the amount of gained points?
Post by: Deathwolf on August 28, 2010, 08:34:32 PM
just change sth   r6,-28648(r4) to li rXX,0xXXXX
Title: Re: Hack the amount of gained points?
Post by: Bully@Wiiplaza on August 28, 2010, 08:45:42 PM
Quote from: Deathwolf on August 28, 2010, 08:34:32 PM
just change sth   r6,-28648(r4) to li rXX,0xXXXX

no!
Haven´t you read everything?
I want to modify the amount of points you gain after a race, not the points you have!
If I use li, like you said, it will write the new VR, but doesn´t change the points I will get after each race.
Title: Re: Hack the amount of gained points?
Post by: Deathwolf on August 28, 2010, 08:48:31 PM
oh sry

so it isn't the address of vr points?
bully you already made a code for this right?
Title: Re: Hack the amount of gained points?
Post by: Bully@Wiiplaza on August 28, 2010, 09:24:55 PM
Quote from: Deathwolf on August 28, 2010, 08:48:31 PM
oh sry

so it isn't the address of vr points?
bully you already made a code for this right?
wrong, this is VR and the GP points code is another thing.
Title: Re: Hack the amount of gained points?
Post by: dcx2 on August 29, 2010, 02:02:43 AM
Instead of taking a screenshot, you should right-click the Disassembly list box and click "Copy Function".  It will find the beginning and end of the function for you.  I wrote this feature so that people can easily provide all the disassembly.

I'm not sure you found the right value.  0x2528 = 9512 decimal.  That's a lot of points.
Title: Re: Hack the amount of gained points?
Post by: Bully@Wiiplaza on August 29, 2010, 03:26:12 PM
Quote from: dcx2 on August 29, 2010, 02:02:43 AM
Instead of taking a screenshot, you should right-click the Disassembly list box and click "Copy Function".  It will find the beginning and end of the function for you.  I wrote this feature so that people can easily provide all the disassembly.

I'm not sure you found the right value.  0x2528 = 9512 decimal.  That's a lot of points.
okay thanks for letting me know that.
Anyway the 9512 was right, because points go from 1 to 9999.
And I am a good player... that´s why I have so much :P Can you see anything, which adds the new points to your total points?
In this race I got 12 points... the breakpoint hit there. If not, I could try to get another breakpoint.
Title: Re: Hack the amount of gained points?
Post by: Nutmeg on August 29, 2010, 06:27:01 PM
At first glance, I see 41400000 in f3.  41400000 is a floating point of +12.  I would look through the disassembly until you find operations with f3. 
Title: Re: Hack the amount of gained points?
Post by: dcx2 on August 29, 2010, 07:43:58 PM
f3 is a parameter-passing float register (assuming this game actually obeys the PowerPC conventions).  Without a full disassembly, preferably one grabbed with "Copy Function", I can't tell you where anything came from or what is happening to it.

And I grow concerned about the potential for this code to be used online.  It's one thing to help you change your name, like the last code...but giving yourself more points in vs, when you're already pretty good...why would you want to do that?
Title: Re: Hack the amount of gained points?
Post by: Bully@Wiiplaza on August 29, 2010, 10:37:58 PM
Quote from: dcx2 on August 29, 2010, 07:43:58 PM
f3 is a parameter-passing float register (assuming this game actually obeys the PowerPC conventions).  Without a full disassembly, preferably one grabbed with "Copy Function", I can't tell you where anything came from or what is happening to it.

And I grow concerned about the potential for this code to be used online.  It's one thing to help you change your name, like the last code...but giving yourself more points in vs, when you're already pretty good...why would you want to do that?
ok, I´ll provide you the stuff! xD
This code is only for fun, even if it´s online. This hurts nobody. Because I could easily set my score to which I want and the gained points code would be JUST very funny to use. One friend of mine wanted to get this code so bad. :p

[VR / BR Modifier - Volderbeek - PAL]
48000000 809BD748
DE000000 90009380
5A010000 000XXXXX ->License
3A00000Y 0000ZZZZ -> Versus Race Points
1200000Y 0000ZZZZ -> Battle Race Points
E0000000 80008000

You see? It´s nothing bad.
If I wanted it this way, I could only use li on the VR breakpoint to make my points to 9999.

Back to the code, if you are still willing to help, dcx2 :(
[spoiler]
8064F65C:  9421FFD0   stwu   r1,-48(r1)
8064F660:  7C0802A6   mflr   r0
8064F664:  3C60809C   lis   r3,-32612
8064F668:  38800000   li   r4,0
8064F66C:  90010034   stw   r0,52(r1)
8064F670:  BF410018   stmw   r26,24(r1)
8064F674:  806320D8   lwz   r3,8408(r3)
8064F678:  4800A6E1   bl   0x80659d58
8064F67C:  3C80809C   lis   r4,-32612
8064F680:  7C7C1B78   mr   r28,r3
8064F684:  80841E38   lwz   r4,7736(r4)
8064F688:  80840000   lwz   r4,0(r4)
8064F68C:  80040000   lwz   r0,0(r4)
8064F690:  2C000068   cmpwi   r0,104
8064F694:  4180000C   blt-   0x8064f6a0
8064F698:  2C000069   cmpwi   r0,105
8064F69C:  40810018   ble-   0x8064f6b4
8064F6A0:  2C00006C   cmpwi   r0,108
8064F6A4:  4180012C   blt-   0x8064f7d0
8064F6A8:  2C00006D   cmpwi   r0,109
8064F6AC:  40810098   ble-   0x8064f744
8064F6B0:  48000120   b   0x8064f7d0
8064F6B4:  5460063E   rlwinm   r0,r3,0,24,31
8064F6B8:  3C80809C   lis   r4,-32612
8064F6BC:  1C0000F0   mulli   r0,r0,240
8064F6C0:  80A4D728   lwz   r5,-10456(r4)
8064F6C4:  3C80808B   lis   r4,-32629
8064F6C8:  7CA50214   add   r5,r5,r0
8064F6CC:  388432A0   addi   r4,r4,12960
8064F6D0:  A0050D00   lhz   r0,3328(r5)
8064F6D4:  90810010   stw   r4,16(r1)
8064F6D8:  2800270F   cmplwi   r0,9999
8064F6DC:  B0010014   sth   r0,20(r1)
8064F6E0:  4081000C   ble-   0x8064f6ec
8064F6E4:  3800270F   li   r0,9999
8064F6E8:  B0010014   sth   r0,20(r1)
8064F6EC:  A0010014   lhz   r0,20(r1)
8064F6F0:  28000001   cmplwi   r0,1
8064F6F4:  4080000C   bge-   0x8064f700
8064F6F8:  38000001   li   r0,1
8064F6FC:  B0010014   sth   r0,20(r1)
8064F700:  3C80809C   lis   r4,-32612
8064F704:  A0C10014   lhz   r6,20(r1)
8064F708:  80E4D748   lwz   r7,-10424(r4)
8064F70C:  A8070036   lha   r0,54(r7)
8064F710:  2C000000   cmpwi   r0,0
8064F714:  41800020   blt-   0x8064f734
8064F718:  3C800001   lis   r4,1
8064F71C:  5405063E   rlwinm   r5,r0,0,24,31
8064F720:  380493F0   subi   r0,r4,27664
8064F724:  7C0029D6   mullw   r0,r0,r5
8064F728:  7C870214   add   r4,r7,r0
8064F72C:  38840038   addi   r4,r4,56
8064F730:  48000008   b   0x8064f738
8064F734:  38800000   li   r4,0
8064F738:  3C840001   addis   r4,r4,1
8064F73C:  B0C49018   sth   r6,-28648(r4)
8064F740:  48000090   b   0x8064f7d0
8064F744:  5460063E   rlwinm   r0,r3,0,24,31
8064F748:  3C80809C   lis   r4,-32612
8064F74C:  1C0000F0   mulli   r0,r0,240
8064F750:  80A4D728   lwz   r5,-10456(r4)
8064F754:  3C80808B   lis   r4,-32629
8064F758:  7CA50214   add   r5,r5,r0
8064F75C:  388432A0   addi   r4,r4,12960
8064F760:  A0050D00   lhz   r0,3328(r5)
8064F764:  90810008   stw   r4,8(r1)
8064F768:  2800270F   cmplwi   r0,9999
8064F76C:  B001000C   sth   r0,12(r1)
8064F770:  4081000C   ble-   0x8064f77c
8064F774:  3800270F   li   r0,9999
8064F778:  B001000C   sth   r0,12(r1)
8064F77C:  A001000C   lhz   r0,12(r1)
8064F780:  28000001   cmplwi   r0,1
8064F784:  4080000C   bge-   0x8064f790
8064F788:  38000001   li   r0,1
8064F78C:  B001000C   sth   r0,12(r1)
8064F790:  3C80809C   lis   r4,-32612
8064F794:  A0C1000C   lhz   r6,12(r1)
8064F798:  80E4D748   lwz   r7,-10424(r4)
8064F79C:  A8070036   lha   r0,54(r7)
8064F7A0:  2C000000   cmpwi   r0,0
8064F7A4:  41800020   blt-   0x8064f7c4
8064F7A8:  3C800001   lis   r4,1
8064F7AC:  5405063E   rlwinm   r5,r0,0,24,31
8064F7B0:  380493F0   subi   r0,r4,27664
8064F7B4:  7C0029D6   mullw   r0,r0,r5
8064F7B8:  7C870214   add   r4,r7,r0
8064F7BC:  38840038   addi   r4,r4,56
8064F7C0:  48000008   b   0x8064f7c8
8064F7C4:  38800000   li   r4,0
8064F7C8:  3C840001   addis   r4,r4,1
8064F7CC:  B0C49020   sth   r6,-28640(r4)
8064F7D0:  5460063E   rlwinm   r0,r3,0,24,31
8064F7D4:  38C00000   li   r6,0
8064F7D8:  1F6000F0   mulli   r27,r0,240
8064F7DC:  3B400000   li   r26,0
8064F7E0:  3FA0809C   lis   r29,-32612
8064F7E4:  3FE0808C   lis   r31,-32628
8064F7E8:  3FC0809C   lis   r30,-32612
8064F7EC:  5743063E   rlwinm   r3,r26,0,24,31
8064F7F0:  7C03E000   cmpw   r3,r28
8064F7F4:  41820198   beq-   0x8064f98c
8064F7F8:  80BE1E38   lwz   r5,7736(r30)
8064F7FC:  80050098   lwz   r0,152(r5)
8064F800:  7C601A14   add   r3,r0,r3
8064F804:  880302D8   lbz   r0,728(r3)
8064F808:  7C040775   extsb.   r4,r0
8064F80C:  41800180   blt-   0x8064f98c
8064F810:  80650000   lwz   r3,0(r5)
8064F814:  80630404   lwz   r3,1028(r3)
8064F818:  4BF83079   bl   0x805d2890
8064F81C:  809E1E38   lwz   r4,7736(r30)
8064F820:  80840000   lwz   r4,0(r4)
8064F824:  80040000   lwz   r0,0(r4)
8064F828:  2C000068   cmpwi   r0,104
8064F82C:  4180000C   blt-   0x8064f838
8064F830:  2C000069   cmpwi   r0,105
8064F834:  40810018   ble-   0x8064f84c
8064F838:  2C00006C   cmpwi   r0,108
8064F83C:  4180007C   blt-   0x8064f8b8
8064F840:  2C00006D   cmpwi   r0,109
8064F844:  40810040   ble-   0x8064f884
8064F848:  48000070   b   0x8064f8b8
8064F84C:  5740063E   rlwinm   r0,r26,0,24,31
8064F850:  809DD728   lwz   r4,-10456(r29)
8064F854:  1C0000F0   mulli   r0,r0,240
8064F858:  7C840214   add   r4,r4,r0
8064F85C:  A0840D00   lhz   r4,3328(r4)
8064F860:  2804270F   cmplwi   r4,9999
8064F864:  40810008   ble-   0x8064f86c
8064F868:  3880270F   li   r4,9999
8064F86C:  5480043E   rlwinm   r0,r4,0,16,31
8064F870:  28000001   cmplwi   r0,1
8064F874:  40800008   bge-   0x8064f87c
8064F878:  38800001   li   r4,1
8064F87C:  B083001E   sth   r4,30(r3)
8064F880:  48000038   b   0x8064f8b8
8064F884:  5740063E   rlwinm   r0,r26,0,24,31
8064F888:  809DD728   lwz   r4,-10456(r29)
8064F88C:  1C0000F0   mulli   r0,r0,240
8064F890:  7C840214   add   r4,r4,r0
8064F894:  A0840D00   lhz   r4,3328(r4)
8064F898:  2804270F   cmplwi   r4,9999
8064F89C:  40810008   ble-   0x8064f8a4
8064F8A0:  3880270F   li   r4,9999
8064F8A4:  5480043E   rlwinm   r0,r4,0,16,31
8064F8A8:  28000001   cmplwi   r0,1
8064F8AC:  40800008   bge-   0x8064f8b4
8064F8B0:  38800001   li   r4,1
8064F8B4:  B0830020   sth   r4,32(r3)
8064F8B8:  80DE1E38   lwz   r6,7736(r30)
8064F8BC:  80860000   lwz   r4,0(r6)
8064F8C0:  80840000   lwz   r4,0(r4)
8064F8C4:  3804FF98   subi   r0,r4,104
8064F8C8:  2800000F   cmplwi   r0,15
8064F8CC:  418100BC   bgt-   0x8064f988
8064F8D0:  389F015C   addi   r4,r31,348
8064F8D4:  5400103A   rlwinm   r0,r0,2,0,29
8064F8D8:  7C84002E   lwzx   r4,r4,r0
8064F8DC:  7C8903A6   mtctr   r4
8064F8E0:  4E800420   bctr   
8064F8E4:  5740063E   rlwinm   r0,r26,0,24,31
8064F8E8:  80BDD728   lwz   r5,-10456(r29)
8064F8EC:  1C8000F0   mulli   r4,r0,240
8064F8F0:  38050028   addi   r0,r5,40
8064F8F4:  39050C18   addi   r8,r5,3096
8064F8F8:  7CA02214   add   r5,r0,r4
8064F8FC:  7CE0DA14   add   r7,r0,r27
8064F900:  7CC8DA14   add   r6,r8,r27
8064F904:  7C882214   add   r4,r8,r4
8064F908:  A0E700D8   lhz   r7,216(r7)
8064F90C:  A0C600DA   lhz   r6,218(r6)
8064F910:  A00400DA   lhz   r0,218(r4)
8064F914:  A0A500D8   lhz   r5,216(r5)
8064F918:  7C873050   sub   r4,r6,r7
8064F91C:  7C050050   sub   r0,r0,r5
8064F920:  7C040000   cmpw   r4,r0
8064F924:  4081000C   ble-   0x8064f930
8064F928:  4BECA0C1   bl   0x805199e8
8064F92C:  4800005C   b   0x8064f988
8064F930:  40800058   bge-   0x8064f988
8064F934:  4BECA09D   bl   0x805199d0
8064F938:  48000050   b   0x8064f988
8064F93C:  5740063E   rlwinm   r0,r26,0,24,31
8064F940:  809DD728   lwz   r4,-10456(r29)
8064F944:  1C0000F0   mulli   r0,r0,240
8064F948:  38840028   addi   r4,r4,40
8064F94C:  7CA4DA14   add   r5,r4,r27
8064F950:  7C840214   add   r4,r4,r0
8064F954:  80A500CC   lwz   r5,204(r5)
8064F958:  80E400CC   lwz   r7,204(r4)
8064F95C:  7C053800   cmpw   r5,r7
8064F960:  41820028   beq-   0x8064f988
8064F964:  80860098   lwz   r4,152(r6)
8064F968:  80040070   lwz   r0,112(r4)
8064F96C:  7C050000   cmpw   r5,r0
8064F970:  4082000C   bne-   0x8064f97c
8064F974:  4BECA075   bl   0x805199e8
8064F978:  48000010   b   0x8064f988
8064F97C:  7C070000   cmpw   r7,r0
8064F980:  40820008   bne-   0x8064f988
8064F984:  4BECA04D   bl   0x805199d0
8064F988:  38C00001   li   r6,1
8064F98C:  3B5A0001   addi   r26,r26,1
8064F990:  281A000C   cmplwi   r26,12
8064F994:  4180FE58   blt+   0x8064f7ec
8064F998:  2C060000   cmpwi   r6,0
8064F99C:  41820018   beq-   0x8064f9b4
8064F9A0:  3C60809C   lis   r3,-32612
8064F9A4:  80631E38   lwz   r3,7736(r3)
8064F9A8:  80630000   lwz   r3,0(r3)
8064F9AC:  80630404   lwz   r3,1028(r3)
8064F9B0:  4BF82805   bl   0x805d21b4
8064F9B4:  3C60809C   lis   r3,-32612
8064F9B8:  80631E38   lwz   r3,7736(r3)
8064F9BC:  80630090   lwz   r3,144(r3)
8064F9C0:  4BFD1A51   bl   0x80621410
8064F9C4:  BB410018   lmw   r26,24(r1)
8064F9C8:  80010034   lwz   r0,52(r1)
8064F9CC:  7C0803A6   mtlr   r0
8064F9D0:  38210030   addi   r1,r1,48
8064F9D4:  4E800020   blr   
[/spoiler]
Now you can look through it, like a hungry star luma is eating sarbits, yummy!
Title: Re: Hack the amount of gained points?
Post by: Bully@Wiiplaza on September 09, 2010, 01:39:52 AM
Anyone still willing to help?
As I said, it´s only a fun code and it´s not setting up people because they may not able to see your high/low increasing points!
I should try to modify the float, which Nutmeg mentioned though... but it isn´t stored with any of these instructions in the closeness!
Does it matter? :o
Text only | Text with Images