Hmm... it´s one of the hardest codes, because how should you go and find the adresses, which are holding the unlockable stuff? ???
Are there any good hints or anything related to find them easier? To unlock something and search for Equal, then load the save file with the thing locked again and search for Not Equal and so on can´t be the solution... it takes forever ::)
However, the Memory Viewer is VERY big, you can´t look through all pages to find it finally change...
So...?
search around 5 times for equal when you have it, and then load the save, then search for != when you don't have it.
you should find the adress a lot faster because many values change every .2 seconds.
Quote from: Bully@Wiiplaza on October 11, 2010, 12:56:39 PM
Hmm... it´s one of the hardest codes, because how should you go and find the adresses, which are holding the unlockable stuff? ???
Are there any good hints or anything related to find them easier? To unlock something and search for Equal, then load the save file with the thing locked again and search for Not Equal and so on can´t be the solution... it takes forever ::)
However, the Memory Viewer is VERY big, you can´t look through all pages to find it finally change...
So...?
what i normaly do is move my Save to my pc so i can look at it then i find the Save section in memory .. this will alow u to track were its pulling stuff that gets saved .
or u could dump the game compare the save to the dump and find Simler areas .. it is sometimes easyer to Compeare to saves then it is 2 Dumps . :P alot less changes :)
I assume you mean unlockables at the start screen? Not unlockables like skills or areas of the map etc?
If there's a GUI, you can scroll back and forth between two options and do search for equals/not-equals. You should hopefully find something that indicates which option the cursor is on; if you use the Wiimote, then not pointing will probably be different from pointing at an item, so be careful with where you aim.
Then you have to sorta "feel" around the disassembly, and you might see something that checks what sort of options are allowed to show. You can patch the check, and then the game will always think that the option is available, even if it's not in the save file.
Quote from: Skiller on October 17, 2010, 02:45:15 AM
what i normaly do is move my Save to my pc so i can look at it then i find the Save section in memory .. this will alow u to track were its pulling stuff that gets saved .
or u could dump the game compare the save to the dump and find Simler areas .. it is sometimes easyer to Compeare to saves then it is 2 Dumps . :P alot less changes :)
that´s reasonable but actually, sometimes the savegame is also VERY big... and how do I know, which adress in the save is the same as the one in the ram dump/memory viewer?
The save is like half of mem80 with always hexadecimal letters without paragraphs like 00000000 ...
there is a ton of data inside this save, and I know why... :rolleyes:
@dcx2: I meant the unlockable stuff in games, what you can get by doing special stuff (example: you win races to get more tracks)
The basic principal that I suggested should still work. equal/not-equal while you change tracks, until you find something that shows you what track you're pointing at. Look around whoever is writing to it and maybe you'll see what decides which tracks are allowed.
Quote from: dcx2 on October 17, 2010, 08:38:23 PM
The basic principal that I suggested should still work. equal/not-equal while you change tracks, until you find something that shows you what track you're pointing at. Look around whoever is writing to it and maybe you'll see what decides which tracks are allowed.
so, there is a value in the ram, which changes, when I am pointing at another track, but it isn´t a track modifier, when used with direct ram write?
Then I set a breakpoint write and if I change my pointed track, it obviously breaks and shows a stw.
Now, how can I see, which instruction decides which tracks are allowed or not?
The locked tracks are not "selectable/visible"
When the "magic unlock value" is loaded from memory, there should be tests and conditional branches that determine what stages are allowed to show. Once you find the "current stage value" in memory (and it will only exist when you're at the stage select screen; leave the screen and it may change), you will need to use the disassembly and look around to see who changes that value and how it decides how much the value should change. It might take a lot of digging, though...however, the initial "bait" so to speak is the "current stage value", which you can control by selecting different stages. My guess is that the value will be an index into an array of stage-preview-objects, but there are other ways to do it (linked lists, etc)
EDIT: in case it wasn't clear, the point is to work your way back from "current stage value" to something that looks like "max stage value". Or, if you find the series of tests after the "read magic unlock value", unlock a stage or two and you'll see how the value changes...it probably sets a bit for each stage, so you set all the bits by changing it to 0xFF or 0xFFFF and all the tests will be true.
hmm that would explain why I often see unlocker codes with so many FFFF´s as value.
I once found a value, which was changing all the time, I selected another "stage/track". (on track one, it was 01, on track 2 it was 02...)
I´ll give it a go :p
here are my results in form of a video:
[spoiler]http://jafile.com/uploads/wiiplaza/attempt_on_an_unlocker_code.avi[/spoiler]
Which adress would you trust most? :p
Always as the value changed, I toggled through the "tracks".
To get these results, I did an unknown equal value search in mem80, when pointing at any colosseum.
Then I pointed at the next one, searching greater than.
first one again, less than. And so on.
After some searches, it went down to these adresses, which are somehow showing, which "track" I am pointing on. They may decide, if more tracks are allowed or not, but some poking, nothing useful happened.
I also did a few breakpoint code tests, with loading specific new values, but I couldn´t get further.
What to do next?
I thought you get some help at the wiird forum, where else should I go to get my answers??? :confused:
note that alot of unlock codes are
00 = Closed
01 = open ..
Sometimes it might Stack them Bitwize
00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F
Quote from: Skiller on November 05, 2010, 10:54:36 PM
note that alot of unlock codes are
00 = Closed
01 = open ..
Sometimes it might Stack them Bitwize
00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F
but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.
Quote from: Bully@Wiiplaza on November 06, 2010, 12:00:25 AM
Quote from: Skiller on November 05, 2010, 10:54:36 PM
note that alot of unlock codes are
00 = Closed
01 = open ..
Sometimes it might Stack them Bitwize
00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F
but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.
THe address u seem to find are kinda like a menu option there just showing the one your pointing at u could try changing the 0008 part to something higher and it might alow u to point at the next unlocker or something .. on address 804811C8
see pointing at them like u did dont work to well alot of the times unless there Cheats as in Invicible on or off (in game cheat)
with unlocker codes u want to search fro them as u unlock them .. i was just messing with ToyStory 3 on the ps2 and working on there unlockers to find them all i did .. was take the save with them unlocked and compared them to on with locked and seen if i seen anything
i noticed a section of FFFFF so searched for it on Wiird and it happend to be my Unlockers . if i dont make sence its cuz im tired im goin to bed ..
Quote from: Skiller on November 06, 2010, 07:02:05 AM
Quote from: Bully@Wiiplaza on November 06, 2010, 12:00:25 AM
Quote from: Skiller on November 05, 2010, 10:54:36 PM
note that alot of unlock codes are
00 = Closed
01 = open ..
Sometimes it might Stack them Bitwize
00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F
but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.
THe address u seem to find are kinda like a menu option there just showing the one your pointing at u could try changing the 0008 part to something higher and it might alow u to point at the next unlocker or something .. on address 804811C8
Lol, I set the last byte to 9 and i could go to the next icon in the list, but the bar was empty.
As I used this to play, it still gave me an old track, not one which would be normally there.
(I got the same track for number 10, 11 etc.) There are some more, I just didn´t unlock them because i am too lazy to do all the stuff. :-[
I can´t work with savegame mods since the game has 3,5 MB savegames and there are NO zero zones...
a lot is stored in the save, I also know why. can´t change this easily... (maybe with deleting all accounts and then comparing the empty save with my actual save and then with a perfect save from wiisave.com)
:rolleyes:
Quote from: Bully@Wiiplaza on November 06, 2010, 01:06:21 PM
Quote from: Skiller on November 06, 2010, 07:02:05 AM
Quote from: Bully@Wiiplaza on November 06, 2010, 12:00:25 AM
Quote from: Skiller on November 05, 2010, 10:54:36 PM
note that alot of unlock codes are
00 = Closed
01 = open ..
Sometimes it might Stack them Bitwize
00 - Nothing
01 - Item
02 - item 1
04 - Item 2
08 - Item 3
and then if u have them all unlocked it be 0F
but you aren´t refering to the video, right?
Have I found something which is possible to use with assembly?
Setting any value didn´t work.
THe address u seem to find are kinda like a menu option there just showing the one your pointing at u could try changing the 0008 part to something higher and it might alow u to point at the next unlocker or something .. on address 804811C8
Lol, I set the last byte to 9 and i could go to the next icon in the list, but the bar was empty.
As I used this to play, it still gave me an old track, not one which would be normally there.
(I got the same track for number 10, 11 etc.) There are some more, I just didn´t unlock them because i am too lazy to do all the stuff. :-[
I can´t work with savegame mods since the game has 3,5 MB savegames and there are NO zero zones...
a lot is stored in the save, I also know why. can´t change this easily... (maybe with deleting all accounts and then comparing the empty save with my actual save and then with a perfect save from wiisave.com)
:rolleyes:
if your using the wiis normal save move function then the files are encryped .. if ur able to use Homebrew then use Save Manager GX this will alow u to pull the save unencrypted .. u might get lucky .. and it might spit out more then 1 file .. individuals for each Save u have in game im thinking is what i will give u . :)
yeah I can use all homebrews... :p
I guess that I just won´t ever find it. :o
This is an old topic but I figured I'd throw my 2 cents in. From my experiences from hacking these type of codes its best to have a save with nothing unlocked and a save with a few things unlocked for easier comparing once you find a suitable area of ram to watch. I normally assume 2 possible setups for these unlockable either they are a 0 for locked and 1 for unlocked (althou there are times the unlock value is something different) and the stacking like Skiller mentioned hence you see codes with many FFFF for the value.
So this is my general setup, I always do 32bit search because you can cover both methods previously mentioned by Skiller and myself, this is my logic behind it: many codes that use the 0 and 1 method generally have them side by side like so 01010101 (wow 32bits) or if they use the stack method are generally at least 16bit or more.
So do an initial search then unlock something and do a greater then search, after some results do equal to many times in various screens and menus to get the results down. Now try to unlock something else in sequence like if its a race game unlock the next track, most games that use the 0 and 1 method will have the unlockables right near each other and we will likely catch it in our 32bit value search and with the stacking method it might just increase the value and it still falls in our search parameters. Do another unlock and repeat, by now you should have a somewhat manageable list and scroll through the results to get an idea of what methods the game uses and start poking, you could also load the save with nothing unlocked and do some less then searches and also look through the memory viewer.
Hope this helps you or anyone looking to do these codes, not all games use this method but most do.
it´s still unhandly but thx for your help.
It seems to be a good way though.