Finding the Final Smash value

[Y.S.]

Nice to see the old code of mine is getting attention ;D

This code isn't directly writing final smash value. Instead, it's writing "Infinite final smash flag", which is used in an event match.
The game writes 0xF8 to a certain address to give infinite final smash to a player.
However, the actual flag is 0x40. i.e. writing 0x78 also gives infinite final smash (The default value of the address is 0x38).

> If the value in 31(r3) is 0xF8, skip to the very end, i.e. do not execute the stb!
If infinite final smash is already given by the game, skip the rest of the code.

>If it's not 0xF8, load r0 with 0x38.  Then, check r27 for 0x10C.
Load r0 with the default value, and check if the player is taunting.

>If r27 is not 0x10C, stb the 0x38.
If the player is not taunting, write default value in order not to give multiple final smash per taunt.

>If r27 is 0x10C, load r0 with 0x78 and stb the 0x78.
If the player is taunting, write the flag to give final smash.

The MEM2 check is to prevent the game from crashing, because final smash cannot be loaded in SSE mode.

0481C934 8803001F   anti-code(original instruction)
4A000000 90180F38   Set po to 0x90180F38
3A000002 FF00003D   Check if the game is NOT in SSE mode
C281C934 00000005
8803001F 2C0000F8
4182001C 38000038
2C1B010C 40820008
38000078 9803001F
48000004 00000000
E0000000 80008000

[dcx2]

So an enterprising hacker could use a read breakpoint on the address that has the "can final smash flag".  Then, look for a read breakpoint that is checking bits 6 or 7 (that is, 0x80 or 0x40, the first two bits in the 8-bit field).  There will probably be a branch near the read breakpoint.  There will probably be code that gives you final smash around there.

You could also set a write breakpoint on the final smash flag byte.  Then, try to get the game to give you a final smash.  This should give you a breakpoint where the game sets the final smash flag on its own.