Foxx
|
|
« on: August 29, 2008, 09:17:17 AM » |
|
Basic Guide to NES Ram Hacking Part 2 - BSoD Episode 5This is a follow up segment explaining new types of searching, how to utilize save states, and different forms of computer number systems including Boolean, BCD, and arranged memory addressing. This was clipped from BSoD Episode 5, however I did not make a new Intro. This is a good follow up, explaining how to use tools built into emulators to aid in your RAM hacking and address searching. I think this was the better of the segments I have released, both quality and content wise. A lot is explained on how one address can cause many results depending on the value, using the games we all grew up on and love, or at least come to known and love. Ill admit while doing the NES RAM Hacking on the Xbox, my girlfriend of near a decade would sit by my side and watch me dive into the hack, and at one point she giggled and said "... I have never seen you this happy in... ever!". 1st Corinthians 13:11 When I was a child, I spoke like a child, thought like a child, and reasoned like a child. When I became a man, I gave up my childish ways. (When I became a man, I realized I was a hacker.) When I was a child I played NES games, I was compelled to the adventure, the puzzle, the mystery. I was immersed in a new world my imagination could take me to, unlike books I can now interact. Now that i grow old, I put away childish things.... but I become a hacker. Now I still explore these games, but not at playing them, but religiously laying them down on the sacrifice stone and taking them apart to see how they work, and what new things are there to explore. Direct Download - Basic NES RAM Hacking Part 2 - 30:34 Minutes @ 193MBLow Quality - 30:34 minutes @ 111MB****ty Streaming version will be released soon
|
|
« Last Edit: August 29, 2008, 09:49:27 PM by Foxx »
|
Logged
|
|
|
|
memorris
Guest
|
|
« Reply #1 on: August 29, 2008, 09:42:16 AM » |
|
you re downloads are to big for me Foxx can you zip them and split them please!!!!!!!!
|
|
|
Logged
|
|
|
|
Nuke
Hacker
Hero Member
Karma: 53
Posts: 659
|
|
« Reply #2 on: August 29, 2008, 12:31:58 PM » |
|
nice video. love this stuff. 2 great games to game train also. Do you know about copy NES too? This is like the USB Gecko of the NES world. http://www.tripoint.org/kevtris/Projects/copynes/There is also a USB Version based on the same project at http://www.retrousb.com
|
|
|
Logged
|
0xFFFFFFuuuuuuu
|
|
|
Foxx
|
|
« Reply #3 on: August 29, 2008, 07:39:23 PM » |
|
Yeah Ive heard of them. I built a basic NES EEPROM cart many years ago, but with FCE Ultra and all of the features it has, including the realtime debugger, you cant get level with hardware. Well, at least not with the CopyNES and RetroUSB 'Power Pack'. I think those are more for piracy means than anything. To be honest, I dont like how RetroUSB whores off their products, most if not all of what they sell can be found elsewhere as either freeware, GPL, or open-source.
One thing I would like to do is increase the SRAM (both video and CPU) in the NES, but its so old I cant find a replacement. I dont care about having to rewire the pinout, but I cant find something that will match its specs'.
memorris: I will see what I can do, just for you buddy. Give me some time to work on it., I have a very busy week ahead of me.
|
|
|
Logged
|
|
|
|
shark2003
Hacker
Sr. Member
Karma: 24
Posts: 365
|
|
« Reply #4 on: October 09, 2008, 01:08:52 AM » |
|
Thanks Foxx,I went back and got a little more education on hacking thanks to your NES videos...have you done any moon jump video tutorials on any platform...doesnt matter which one... so I can get a little more of an understanding on how to find a default activator button press code etc...
|
|
|
Logged
|
No matter where you go...there you are...
|
|
|
Black_Wolf
Former PSP Hacker
Hacker
Full Member
Karma: 11
Posts: 129
|
|
« Reply #5 on: October 10, 2008, 08:51:45 AM » |
|
hmm i think i could help with that, first off you wanted the button right, well its pretty easy really, you can usually find the hex for button presses somewhere (ex on psp LTrigger = 0x0100) so if you DO know that, just hold that button and search the value, hold a different button and search its value.
If you CAN"T however, you can do an unknown value search, hold nothing, hold a button seach increase. Hold that button THEN another button, search increase, let go of the first button, search decrease etc. Remember generally the buttons ADD together when a combo is held.
Now there are 2 popular methods for a moon jump code, one is generally easier than the other, but the address is hard to find.
The first method is a simple button activated gravity mod. You hold a button, gravity is lessened. Now finding gravity can be a chore, generally it can be found as a float 1 value (0x3f800000) HOWEVER try finding co-ordinates and experimenting with the area around it.
Now the SECOND method is to use the Z co-ordinates (height) to make a custom "jump" routine in asm. I generally use this is I can't find the gravity modifier, but it nevertheless works in a similar manner.
Basically, you're going to need to inject a subroutine that does the following
Loads controller address's value Loads the value of the BUTTON you want Branches to the end if these are different Loads the Z Co-ordinates Loads what you want to ADD to them (try experimenting with pokes first, remember if you HOLD the button, it will continually increase, so a small value is usually good) Add them together Store the modded co-ords back at their address. In modern powerpc asm it would look like this. For this example the
-co-ordinates are at 0x80CC4584 -controller address is at 0x80496AC0 -The button we want to activate has a value of 0x00000200 -The subroutine ENDS at 0x80FF50C8 -We want to add 0x004C to the Z Co-ords
lis r0, $8049 //Loads first 2 bytes of Control address lwz r1, $6AC0(r0) //Loads the full value of the control address into r1 li r2, $00000200 //Loads the value for the button we want to be the activator into r2 lis r3, $80CC //Loads first 2 bytes of co-ords lwz r4, $4584(r3) //Loads the full value of the z-co-ords into r4 li r5, $0000004C //Loads the value we want to add to co-ords (jump speed) into r5 cmpw r1, r2 //Compares the BUTTON value and the CONTROLLER address (check if we are holding our activator or not) bne $80FF50C8 //If we are NOT holding the button activator, jump to the end i.e cancel add r6, r4, r5 // If we ARE, add 0x004C to our z-co-ord value (increase our height) stw r6, $4584(r3) //Store the modified co-ords back to their address!
And thats pretty much it lol. In theory this should increase our height if holding a button, therefore "jumping" into the air
|
|
|
Logged
|
|
|
|
shark2003
Hacker
Sr. Member
Karma: 24
Posts: 365
|
|
« Reply #6 on: October 10, 2008, 12:54:16 PM » |
|
Thanks Black_Wolf ...I think I understood about half of that...how about something closer to beginner intermediate level for me...just basically finding a "jump code" that will increase my height when pressing a button. I think really all I need to know for now is how to tie the codes together...like if I press button A which would be the default button press in the game for jump the result will be I go into the Air at a Max value of 2710 instead of 270F...I pretty much know how to find the height address' and values....I have actually gone back to using an SNES emulator on my laptop to practice searching on a jump code...I understand the searching methods...but really dont know how to put the codes together..
|
|
« Last Edit: October 10, 2008, 01:05:35 PM by shark2003 »
|
Logged
|
No matter where you go...there you are...
|
|
|
shark2003
Hacker
Sr. Member
Karma: 24
Posts: 365
|
|
« Reply #7 on: October 10, 2008, 01:18:29 PM » |
|
Can these 2 posts be moved over to the Hacking Help section....I think there is some good info here...
|
|
|
Logged
|
No matter where you go...there you are...
|
|
|
Black_Wolf
Former PSP Hacker
Hacker
Full Member
Karma: 11
Posts: 129
|
|
« Reply #8 on: October 10, 2008, 09:24:30 PM » |
|
oh lol thats absoloutly fine, basically you're going to want to use the button activator code type in wiird.
If you already know what you WANT to happen, you've done the hard bit already, the rest is just inserting it into the "template". Ok so you are going to still want the address that shows the BUTTONS you're pressing so do this method
Hold Z and 2 - Search 0x2100 Hold Z and L - Search 0x2001 Hold just Z - Search 0x2000
And repeat, if this doesn't work you're going to have to do an unknown search, for different button combo's (shown in my above post). Once you've done that, just do a simple check routine in wiird code types (0x28)
So lets say that the controller address for this example is 0x80AA6B4C(random number lol), and when you hold Z(+the default jump button), you want the jump height (0x8056AB40) to change to 270F, would look like this
28AA6B4C 00002000 0456AB40 0000270F E0000000 80008000 (universal reset for using ifs etc)
This means you can jump NORMALLY (just default jump button) BUT if you jump WHILE HOLDING Z, you will do a moon jump. You can also just change the button activator to the same button as jump, to make a "HOLD TO INCREASE HEIGHT" kind of jump.
Sorry for the inconvenience.
Also could a mod move these related posts to my post in the help section, I replicated the guide there! Thanks
|
|
« Last Edit: October 11, 2008, 04:17:35 AM by Black_Wolf »
|
Logged
|
|
|
|
shark2003
Hacker
Sr. Member
Karma: 24
Posts: 365
|
|
« Reply #9 on: October 11, 2008, 03:47:09 AM » |
|
Thanks Black_Wolf this is good info....I'll try it out this weekend and see what I come up with.....
|
|
|
Logged
|
No matter where you go...there you are...
|
|
|
shark2003
Hacker
Sr. Member
Karma: 24
Posts: 365
|
|
« Reply #10 on: October 11, 2008, 01:18:46 PM » |
|
oh lol thats absoloutly fine, basically you're going to want to use the button activator code type in wiird.
If you already know what you WANT to happen, you've done the hard bit already, the rest is just inserting it into the "template". Ok so you are going to still want the address that shows the BUTTONS you're pressing so do this method
Hold Z and 2 - Search 0x2100 Hold Z and L - Search 0x2001 Hold just Z - Search 0x2000
And repeat, if this doesn't work you're going to have to do an unknown search, for different button combo's (shown in my above post). Once you've done that, just do a simple check routine in wiird code types (0x28)
So lets say that the controller address for this example is 0x80AA6B4C(random number lol), and when you hold Z(+the default jump button), you want the jump height (0x8056AB40) to change to 270F, would look like this
28AA6B4C 00002000 0456AB40 0000270F E0000000 80008000 (universal reset for using ifs etc)
This means you can jump NORMALLY (just default jump button) BUT if you jump WHILE HOLDING Z, you will do a moon jump. You can also just change the button activator to the same button as jump, to make a "HOLD TO INCREASE HEIGHT" kind of jump.
Sorry for the inconvenience.
Also could a mod move these related posts to my post in the help section, I replicated the guide there! Thanks
Thats alot simpler than I thought it would be...I'll see if I can sucessfully make some jump codes....thanks again...
|
|
|
Logged
|
No matter where you go...there you are...
|
|
|
hetoan2
Guest
|
|
« Reply #11 on: October 12, 2008, 01:57:47 AM » |
|
i wish i could move the posts ...
*hint hint*
anyways @ Black_Wolf, what happens if it's not a button that makes you jump, i.e. a flick of wiimote in deBlob for example
|
|
|
Logged
|
|
|
|
Black_Wolf
Former PSP Hacker
Hacker
Full Member
Karma: 11
Posts: 129
|
|
« Reply #12 on: October 12, 2008, 07:20:03 AM » |
|
hmm thats actually an interesting question I hadn't thought of it. You could still, of course, use the other button method I guess, like not a remote flick, OR if you were REALLY tricky, you could actually find the jump FUNCTION and inject you're routine there, so that when you jump, it does the z - co-ords routine, thats quite complex stuff, especially seeing as its not actually a button hook, but a wiimote acceleration hook. Its new territory for me!
|
|
|
Logged
|
|
|
|
hetoan2
Guest
|
|
« Reply #13 on: October 12, 2008, 11:05:55 AM » |
|
oh well i'll just give up on it then >_< i had the value and when i was testing i got stuck in an area you have to die and I didn't save my search results and i was still using mem viewer and my other codes prevented me from dying, causing it to lockup and die
|
|
|
Logged
|
|
|
|
Black_Wolf
Former PSP Hacker
Hacker
Full Member
Karma: 11
Posts: 129
|
|
« Reply #14 on: October 12, 2008, 09:03:53 PM » |
|
haha I hate that. Happens to me ALL the time. Its worse if it was a dma code so you NEEDED a dump, and you forget the dump, find the second code, then you get to the pointer search and you're all like "OMG WHERE IS MY DUMP" lol and have to start again.
I feel you're pain
|
|
|
Logged
|
|
|
|
|