Force Single Wii Remote Shake

Started by Bully@Wiiplaza, October 03, 2013, 05:59:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Bully@Wiiplaza

October 03, 2013, 05:59:33 PM Last Edit: October 03, 2013, 06:47:56 PM by Bully@Wiiplaza
Hey,

I was having troubles tracing the assembly on this for Mario Kart Wii.

In the game if one shakes, a 1 will be written to the memory for just one frame otherwise 0.

[spoiler]CR:22202088  XER:00000000  CTR:00000000 DSIS:00000000
DAR:00000000 SRR0:8051EBA0 SRR1:0000B032   LR:80745DC0
 r0:00000000   r1:80398F58   r2:8038EFA0   r3:90271234
 r4:00000000   r5:9026FB10   r6:80890000   r7:00000004
 r8:9029BB60   r9:00000028  r10:1CA2995C  r11:80398F58
r12:003ED303  r13:8038CC00  r14:BF800000  r15:00000000
r16:00000007  r17:00000000  r18:00000000  r19:808B2F2C
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:00000001  r25:00000001  r26:808CB6F8  r27:809C0000
r28:90271234  r29:902712C0  r30:00000000  r31:808A0000

8051EB68:  98830013    stb    r4,19(r3)
8051EB6C:  3CA0809C   lis   r5,-32612
8051EB70:  80A5D70C   lwz    r5,-10484(r5)
8051EB74:  88054155   lbz   r0,16725(r5)
8051EB78:  2C000000   cmpwi    r0,0
8051EB7C:  41820024   beq-   0x8051eba0
8051EB80:  2C040003   cmpwi    r4,3
8051EB84:  41820010   beq-   0x8051eb94
8051EB88:  2C040004   cmpwi   r4,4
8051EB8C:  41820010   beq-   0x8051eb9c
8051EB90:  48000010   b   0x8051eba0
8051EB94:  38800004   li   r4,4
8051EB98:  48000008   b   0x8051eba0
8051EB9C:  38800003   li   r4,3
8051EBA0:  98830012   stb   r4,18(r3) # Store
8051EBA4:  4E800020   blr   [/spoiler]
Required is an address which forces exactly one shake when modified and stays like that.
Basically like pushing the Wii Remote upwards and doing nothing else. I'm planning to remap the shake to e.g. a button using a conditional on it.
[spoiler]807467BC:  9421FFD0   stwu   r1,-48(r1)
807467C0:  7C0802A6   mflr   r0
807467C4:  90010034   stw   r0,52(r1)
807467C8:  39610030   addi   r11,r1,48
807467CC:  4B8DADCD   bl   0x80021598
807467D0:  3CC0808A   lis   r6,-32630
807467D4:  83A30004   lwz   r29,4(r3)
807467D8:  C0062BB8   lfs   f0,11192(r6)
807467DC:  2C040000   cmpwi   r4,0
807467E0:  3FE0808D   lis   r31,-32627
807467E4:  D001000C   stfs   f0,12(r1)
807467E8:  7C791B78   mr   r25,r3
807467EC:  7C9A2378   mr   r26,r4
807467F0:  D0010008   stfs   f0,8(r1)
807467F4:  3BFFB6F8   subi   r31,r31,18696
807467F8:  3BC00000   li   r30,0 # Shake spam (li r30, 1)
807467FC:  3B800001   li   r28,1
80746800:  3B600001   li   r27,1
80746804:  41820034   beq-   0x80746838
80746808:  C0250004   lfs   f1,4(r5)
8074680C:  C01F0068   lfs   f0,104(r31)
80746810:  FC200A10   fabs   f1,f1
80746814:  FC010040   fcmpo   cr0,f1,f0
80746818:  40810008   ble-   0x80746820
8074681C:  3B800000   li   r28,0
80746820:  C0250008   lfs   f1,8(r5)
80746824:  C01F006C   lfs   f0,108(r31)
80746828:  FC200A10   fabs   f1,f1
8074682C:  FC010040   fcmpo   cr0,f1,f0
80746830:  40810008   ble-   0x80746838
80746834:  3B600000   li   r27,0
80746838:  7FA3EB78   mr   r3,r29
8074683C:  38A1000C   addi   r5,r1,12
80746840:  38800000   li   r4,0
80746844:  4BFD5901   bl   0x8071c144
80746848:  2C030000   cmpwi   r3,0
8074684C:  4182005C   beq-   0x807468a8
80746850:  C001000C   lfs   f0,12(r1)
80746854:  2C1A0000   cmpwi   r26,0
80746858:  FC000210   fabs   f0,f0
8074685C:  4182000C   beq-   0x80746868
80746860:  C03F0050   lfs   f1,80(r31)
80746864:  48000008   b   0x8074686c
80746868:  C03F0040   lfs   f1,64(r31)
8074686C:  FC000840   fcmpo   cr0,f0,f1
80746870:  40810038   ble-   0x807468a8
80746874:  80190084   lwz   r0,132(r25)
80746878:  2C000000   cmpwi   r0,0
8074687C:  4082002C   bne-   0x807468a8
80746880:  2C1C0000   cmpwi   r28,0
80746884:  41820024   beq-   0x807468a8
80746888:  3C60808A   lis   r3,-32630
8074688C:  C021000C   lfs   f1,12(r1)
80746890:  C0032BB8   lfs   f0,11192(r3)
80746894:  FC010040   fcmpo   cr0,f1,f0
80746898:  4080000C   bge-   0x807468a4
8074689C:  3BC00003   li   r30,3
807468A0:  48000008   b   0x807468a8
807468A4:  3BC00004   li   r30,4
807468A8:  80190088   lwz   r0,136(r25)
807468AC:  2C000000   cmpwi   r0,0
807468B0:  4081001C   ble-   0x807468cc
807468B4:  3400FFFF   subic.   r0,r0,1
807468B8:  90190088   stw   r0,136(r25)
807468BC:  40820010   bne-   0x807468cc
807468C0:  83D9008C   lwz   r30,140(r25)
807468C4:  38000000   li   r0,0
807468C8:  9019008C   stw   r0,140(r25)
807468CC:  7FA3EB78   mr   r3,r29
807468D0:  38A10008   addi   r5,r1,8
807468D4:  38800001   li   r4,1
807468D8:  4BFD586D   bl   0x8071c144
807468DC:  2C030000   cmpwi   r3,0
807468E0:  4182005C   beq-   0x8074693c
807468E4:  C0010008   lfs   f0,8(r1)
807468E8:  2C1A0000   cmpwi   r26,0
807468EC:  FC000210   fabs   f0,f0
807468F0:  4182000C   beq-   0x807468fc
807468F4:  C03F0054   lfs   f1,84(r31)
807468F8:  48000008   b   0x80746900
807468FC:  C03F0044   lfs   f1,68(r31)
80746900:  FC000840   fcmpo   cr0,f0,f1
80746904:  38000000   li   r0,0
80746908:  90190088   stw   r0,136(r25)
8074690C:  9019008C   stw   r0,140(r25)
80746910:  4081002C   ble-   0x8074693c
80746914:  2C1B0000   cmpwi   r27,0
80746918:  41820024   beq-   0x8074693c
8074691C:  3C60808A   lis   r3,-32630
80746920:  C0210008   lfs   f1,8(r1)
80746924:  C0032BB8   lfs   f0,11192(r3)
80746928:  FC010040   fcmpo   cr0,f1,f0
8074692C:  4080000C   bge-   0x80746938
80746930:  3BC00001   li   r30,1
80746934:  48000008   b   0x8074693c
80746938:  3BC00002   li   r30,2
8074693C:  80790084   lwz   r3,132(r25)
80746940:  3403FFFF   subic.   r0,r3,1
80746944:  90190084   stw   r0,132(r25)
80746948:  4080000C   bge-   0x80746954
8074694C:  38000000   li   r0,0
80746950:  90190084   stw   r0,132(r25)
80746954:  39610030   addi   r11,r1,48
80746958:  7FC3F378   mr   r3,r30
8074695C:  4B8DAC89   bl   0x800215e4
80746960:  80010034   lwz   r0,52(r1)
80746964:  7C0803A6   mtlr   r0
80746968:  38210030   addi   r1,r1,48
8074696C:  4E800020   blr   [/spoiler]I only managed to spam shakes instead. Pretty cool, but it shouldn't do that. :/

After following the link register once:[spoiler]80745BE4:  9421FFB0   stwu   r1,-80(r1)
80745BE8:  7C0802A6   mflr   r0
80745BEC:  90010054   stw   r0,84(r1)
80745BF0:  39610050   addi   r11,r1,80
80745BF4:  4B8DB9A9   bl   0x8002159c
80745BF8:  8105000C   lwz   r8,12(r5)
80745BFC:  3CC0808A   lis   r6,-32630
80745C00:  80E50010   lwz   r7,16(r5)
80745C04:  3F40808D   lis   r26,-32627
80745C08:  90E10018   stw   r7,24(r1)
80745C0C:  7C9C2378   mr   r28,r4
80745C10:  C0062BBC   lfs   f0,11196(r6)
80745C14:  7C7B1B78   mr   r27,r3
80745C18:  91010014   stw   r8,20(r1)
80745C1C:  7CBD2B78   mr   r29,r5
80745C20:  3B5AB6F8   subi   r26,r26,18696
80745C24:  3BE00000   li   r31,0
80745C28:  80050014   lwz   r0,20(r5)
80745C2C:  38800000   li   r4,0
80745C30:  9001001C   stw   r0,28(r1)
80745C34:  38A00000   li   r5,0
80745C38:  90E1000C   stw   r7,12(r1)
80745C3C:  C021000C   lfs   f1,12(r1)
80745C40:  91010008   stw   r8,8(r1)
80745C44:  EC01002A   fadds   f0,f1,f0
80745C48:  90010010   stw   r0,16(r1)
80745C4C:  D001000C   stfs   f0,12(r1)
80745C50:  80630004   lwz   r3,4(r3)
80745C54:  4BFD6511   bl   0x8071c164
80745C58:  807B0004   lwz   r3,4(r27)
80745C5C:  38800000   li   r4,0
80745C60:  A8BA0048   lha   r5,72(r26)
80745C64:  A8DA004A   lha   r6,74(r26)
80745C68:  4BFD6589   bl   0x8071c1f0
80745C6C:  807B0004   lwz   r3,4(r27)
80745C70:  38800001   li   r4,1
80745C74:  A8BA0048   lha   r5,72(r26)
80745C78:  A8DA004A   lha   r6,74(r26)
80745C7C:  4BFD6575   bl   0x8071c1f0
80745C80:  807B0004   lwz   r3,4(r27)
80745C84:  38810008   addi   r4,r1,8
80745C88:  38A10014   addi   r5,r1,20
80745C8C:  4BFD6419   bl   0x8071c0a4
80745C90:  7F63DB78   mr   r3,r27
80745C94:  38A10008   addi   r5,r1,8
80745C98:  38800000   li   r4,0
80745C9C:  48000B21   bl   0x807467bc
80745CA0:  7C7E1B78   mr   r30,r3 # r3 into r30 | li r30, 1 (Shake Spam)
80745CA4:  A0BA0000   lhz   r5,0(r26)
80745CA8:  807D0000   lwz   r3,0(r29)
80745CAC:  7C602839   and.   r0,r3,r5
80745CB0:  41820008   beq-   0x80745cb8
80745CB4:  63FF0001   ori   r31,r31,1
80745CB8:  A0DA0002   lhz   r6,2(r26)
80745CBC:  7C643039   and.   r4,r3,r6
80745CC0:  4182000C   beq-   0x80745ccc
80745CC4:  63E00002   ori   r0,r31,2
80745CC8:  541F043E   rlwinm   r31,r0,0,16,31
80745CCC:  A01A0004   lhz   r0,4(r26)
80745CD0:  7C600039   and.   r0,r3,r0
80745CD4:  4182000C   beq-   0x80745ce0
80745CD8:  63E00004   ori   r0,r31,4
80745CDC:  541F043E   rlwinm   r31,r0,0,16,31
80745CE0:  A01A0006   lhz   r0,6(r26)
80745CE4:  7C600039   and.   r0,r3,r0
80745CE8:  4182000C   beq-   0x80745cf4
80745CEC:  63E00020   ori   r0,r31,32
80745CF0:  541F043E   rlwinm   r31,r0,0,16,31
80745CF4:  2C040000   cmpwi   r4,0
80745CF8:  41820024   beq-   0x80745d1c
80745CFC:  7C602839   and.   r0,r3,r5
80745D00:  4182001C   beq-   0x80745d1c
80745D04:  801D0004   lwz   r0,4(r29)
80745D08:  7C003039   and.   r0,r0,r6
80745D0C:  41820018   beq-   0x80745d24
80745D10:  38000001   li   r0,1
80745D14:  981B0010   stb   r0,16(r27)
80745D18:  4800000C   b   0x80745d24
80745D1C:  38000000   li   r0,0
80745D20:  981B0010   stb   r0,16(r27)
80745D24:  881B0010   lbz   r0,16(r27)
80745D28:  2C000000   cmpwi   r0,0
80745D2C:  4182000C   beq-   0x80745d38
80745D30:  63E00008   ori   r0,r31,8
80745D34:  541F043E   rlwinm   r31,r0,0,16,31
80745D38:  B3FC0004   sth   r31,4(r28)
80745D3C:  801D0000   lwz   r0,0(r29)
80745D40:  B01C0006   sth   r0,6(r28)
80745D44:  881D005D   lbz   r0,93(r29)
80745D48:  7C000774   extsb   r0,r0
80745D4C:  2C00FFFE   cmpwi   r0,-2
80745D50:  41820064   beq-   0x80745db4
80745D54:  3FE0808A   lis   r31,-32630
80745D58:  3F60809C   lis   r27,-32612
80745D5C:  C05F2BBC   lfs   f2,11196(r31)
80745D60:  7F83E378   mr   r3,r28
80745D64:  C03D0060   lfs   f1,96(r29)
80745D68:  C01B2C3C   lfs   f0,11324(r27)
80745D6C:  EC22082A   fadds   f1,f2,f1
80745D70:  EC010032   fmuls   f0,f1,f0
80745D74:  FC00001E   fctiwz   f0,f0
80745D78:  D8010020   stfd   f0,32(r1)
80745D7C:  80810024   lwz   r4,36(r1)
80745D80:  5484063E   rlwinm   r4,r4,0,24,31
80745D84:  4BDD8BDD   bl   0x8051e960
80745D88:  C05F2BBC   lfs   f2,11196(r31)
80745D8C:  7F83E378   mr   r3,r28
80745D90:  C03D0064   lfs   f1,100(r29)
80745D94:  C01B2C3C   lfs   f0,11324(r27)
80745D98:  EC22082A   fadds   f1,f2,f1
80745D9C:  EC010032   fmuls   f0,f1,f0
80745DA0:  FC00001E   fctiwz   f0,f0
80745DA4:  D8010028   stfd   f0,40(r1)
80745DA8:  8081002C   lwz   r4,44(r1)
80745DAC:  5484063E   rlwinm   r4,r4,0,24,31
80745DB0:  4BDD8CB1   bl   0x8051ea60
80745DB4:  7F83E378   mr   r3,r28
80745DB8:  7FC4F378   mr   r4,r30 # r30 into r4 | li r4, 1 (Shake Spam)
80745DBC:  4BDD8DAD   bl   0x8051eb68
80745DC0:  881C0014   lbz   r0,20(r28)
80745DC4:  39610050   addi   r11,r1,80
80745DC8:  60000080   ori   r0,r0,128
80745DCC:  981C0014   stb   r0,20(r28)
80745DD0:  4B8DB819   bl   0x800215e8
80745DD4:  80010054   lwz   r0,84(r1)
80745DD8:  7C0803A6   mtlr   r0
80745DDC:  38210050   addi   r1,r1,80
80745DE0:  4E800020   blr   
[/spoiler]
[spoiler]8071C144:  5480103A   rlwinm   r0,r4,2,0,29
8071C148:  7C630214   add   r3,r3,r0
8071C14C:  8083000C   lwz   r4,12(r3)
8071C150:  80640008   lwz   r3,8(r4)
8071C154:  C0030010   lfs   f0,16(r3)
8071C158:  D0050000   stfs   f0,0(r5)
8071C15C:  8864000C   lbz   r3,12(r4) # li r3 1 (Shake spam when shaked upwards until it is shaked downwards)
8071C160:  4E800020   blr   [/spoiler]
On the bright side, I found these addresses for all the buttons but gestures aren't so easy how it seems.

Thank you for helping!

EDIT:
Actually, using a one shot button activator is fine but solving it by tracing would be sweet too!
My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
Print
Go Up Pages1
User actions