| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 36
» Latest member: Xerox
» Forum threads: 831
» Forum posts: 1,318
Full Statistics
|
| Online Users |
There are currently 7 online users.
» 0 Member(s) | 4 Guest(s)
Bing, Google, Yandex
|
|
|
| Change Character/Vehicle In Between Races Online |
|
Posted by: zak - 2 hours ago - Forum: Cheat Codes
- No Replies
|
 |
Change Character/Vehicle In Between Races Online
Code allows you to change character & vehicle in between races online. Press your activator(s) anytime from the VR results screen til before the lottery selects the track. Whatever character you started the WW session with will always be the character that shows on the course selection map screen.
NOTE: Setting KK/VV value to 00/00 will blackscreen everyone in WW, just like this code HERE
NOTE: Setting KK/VV value to FF/FF will stall the WW then D/C everyone, just like this code HERE
NTSC-U
2834XXXX YYYYZZZZ
C265881C 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 00000000
2834XXXX YYYYZZZZ
C265881C 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 80008000
PAL
2834XXXX YYYYZZZZ
C2660758 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 00000000
2834XXXX YYYYZZZZ
C2660758 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 80008000
NTSC-J
2834XXXX YYYYZZZZ
C265FDC4 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 00000000
2834XXXX YYYYZZZZ
C265FDC4 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 80008000
NTSC-K
2833XXXX YYYYZZZZ
C264EA70 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 00000000
2833XXXX YYYYZZZZ
C264EA70 00000002
388000KK 38A000VV
9883001C 00000000
E0000000 80008000
KK Values:
00 = Mario
01 = Baby Peach
02 = Waluigi
03 = Bowser
04 = Baby Daisy
05 = Dry Bones
06 = Baby Mario
07 = Luigi
08 = Toad
09 = Donkey Kong
0A = Yoshi
0B = Wario
0C = Baby Luigi
0D = Toadette
0E = Koopa
0F = Daisy
10 = Peach
11 = Birdo
12 = Diddy Kong
13 = King Boo
14 = Bowser Jr.
15 = Dry Bowser
16 = Funky Kong
17 = Rosalina
18 = S Mii AM
19 = S Mii AF
1A = S Mii BM
1B = S Mii BF
1C = S Mii CM
1D = S Mii CF
1E = M Mii AM
1F = M Mii AF
20 = M Mii BM
21 = M Mii BF
22 = M Mii CM
23 = M Mii CF
24 = L Mii AM
25 = L Mii AF
26 = L Mii BM
27 = L Mii BF
28 = L Mii CM
29 = L Mii CF
2A = M Mii
2B = S Mii
2C = L Mii
VV Values:
00 = Standard Kart S
01 = Standard Kart M
02 = Standard Kart L
03 = Booster Seat
04 = Classic Dragster
05 = Offroader
06 = Mini Beast
07 = Wild Wing
08 = Flame Flyer
09 = Cheep Charger
0A = Super Blooper
0B = Piranha Prowler
0C = Tiny Titan
0D = Daytripper
0E = Jetsetter
0F = Blue Falcon
10 = Sprinter
11 = Honeycoupe
12 = Standard Bike S
13 = Standard Bike M
14 = Standard Bike L
15 = Bullet Bike
16 = Mach Bike
17 = Flame Runner
18 = Bit Bike
19 = Sugarscoot
1A = Wario Bike
1B = Quacker
1C = Zip Zip
1D = Shooting Star
1E = Magikruiser
1F = Sneakster
20 = Spear
21 = Jet Bubble
22 = Dolphin Dasher
23 = Phantom
Source
li r4, 0x00KK #Load KK value (character) into Register 4
li r5, 0x00VV #Load VV value (vehicle) into Register 5
stb r4, 0x001C (r3) #Store the byte of Register 4 to address of Register 3 plus offset of 0x001C
Code created by: zak
|
|
|
| Room Message Spoofer (Host Only) |
|
Posted by: Star - 7 hours ago - Forum: Cheat Codes
- No Replies
|
 |
Room Message Spoofer (Host Only)
This code will spoof the messages you send in a private room.
(NTSC-U)
C2656A38 00000007
9421FFB0 BDC10008
3DC08000 61CE1654
988E0000 89CE0000
3C80MM00 6084PP00
7C847214 9083000C
B9C10008 38210050
60000000 00000000
(PAL)
C265AEC0 00000007
9421FFB0 BDC10008
3DC08000 61CE1654
988E0000 89CE0000
3C80MM00 6084PP00
7C847214 9083000C
B9C10008 38210050
60000000 00000000
(NTSC-J)
C265A52C 00000007
9421FFB0 BDC10008
3DC08000 61CE1654
988E0000 89CE0000
3C80MM00 6084PP00
7C847214 9083000C
B9C10008 38210050
60000000 00000000
(NTSC-K)
C26491D8 00000007
9421FFB0 BDC10008
3DC08000 61CE1654
988E0000 89CE0000
3C80MM00 6084PP00
7C847214 9083000C
B9C10008 38210050
60000000 00000000
[MM Values]
01 = Start an Event
# [PP Values]
# 00 = VS Race
# 01 = Team VS Race
# 02 = Ballon Battle
# 03 = Coin Runners
02 = "Player and I are friends now!" Message
# [PP Value]
# 00
03 = "Here I am!" Message
# [PP Value]
# 00
04 = Send a Room Message
# [PP Values]
# 00 = Hello!
# ...
# 5F = See you next time!
#####################################################
# Source
#####################################################
# r3 = ROOM Record Address
# r4 = ROOM Record
#####################################################
# r14 = ROOM Record Sequence Count
#####################################################
#####################################################
# 8065A52C (NTSC-J) : 9083000C stw r4, 12(r3)
#####################################################
stwu r1, -80(r1) # Make space for 18 registers
stmw r14, 8(r1) # Push r14-r31 onto the stack
lis r14, 0x8000 # Set the higher 16 bits of r14 (ROOM Record Sequence Count) to 0x8000
ori r14, r14, 0x1654 # Set the lower 16 bits of r14 (ROOM Record Sequence Count) to 0x1654
# typedef struct udp_room_t
# {
# /*00*/ u8 mode; // Record Mode: 1|2|3|4
# /*01*/ u8 unknown_01; // Always 0x00
# /*02*/ u8 param1; // Context dependent on mode
# /*03*/ u8 sequence_counter; // Increments by 1 for each message sent
#
# // mode == 0x01 : Start an event
# // param1 = Event type : 0x00 == VS Race, 0x01 == Team VS Race, 0x02 == Balloon Battle, 0x03 == Coin Runners
#
# // mode == 0x02 : "Player and I are friends now!" message
# // param1 = 0x00
#
# // mode == 0x03 : "Here I am!" message
# // param1 = 0x00
#
# // mode == 0x04 : Send a room message
# // param1 = Message ID : 00 == Hello! ... 5F == See you next time!
# }
# // Source: http://wiki.tockdom.com/wiki/MKWii_Netwo...tocol/ROOM
stb r4, 0(r14) # Store the byte in r4 (Current Sequence Count) to the address in r14
lbz r14, 0(r14) # Load the byte at the address in r14 (Current Sequence Count) and store it in r14
lis r4, 0xMM00 # Set the higher 16 bits of r4 (ROOM Record) to 0xMM00
ori r4, r4, 0xPP00 # Set the lower 16 bits of r4 (ROOM Record) to 0xPP00
add r4, r4, r14 # Add the value in r14 to the value in r4, and store the result in r4
stw r4, 12(r3) # Store the word in r4 to the address in r3 offset by 12
lmw r14, 8(r1) # Pop r14-r31 off the stack
addi r1, r1, 80 # Release the space
Code Creator: Star
|
|
|
|
Hall of Shame |
|
Posted by: zak - 08-13-2018, 11:03 PM - Forum: Hacking General
- No Replies
|
|
Hall of Shame
Currently, this is a work in progress. Others may be added on soon.
This list will include anybody of the cheating/hacking community who committed any of the following (but is not limited to) actions: Lied about making codes, falsely claims to be an actual code creator, stole credits from other ppl's work, released fake/non-working codes on purpose, and/or madde false claims of new discoveries (just more lies all around in general to trick their fanbase)
DarkFlare
- Released fake codes
- Claimed to have powerful codes and bragged about having them to himself privately, but all the claims were completely made up
- Called himself a code creator, yet he couldn't read nor write ASM, and didn't know how to port codes
- Made a forum/site specifically to have young kids beg him for his fake codes
- Was known to literally plug in random instructions in already made ASM codes to attempt to make them function differently
- Claimed that he discovered '2A33/2A34' controller address values (I lol'd IRL at this one)
- Had a USB Gecko but still never made one ASM code (what a shame, someone else could have actually used the gecko for great code making)
LecceKartWii
- Released fake codes (this dude made like 10 different take perfect timer codes, I shit you not)
- With ported codes, he claimed he did the ports manually, but he was actually using MKW Code Generator auto porter
- Stole credits from other people's work and codes
- Called himself a code creator, yet he couldn't read nor write ASM
- Co-ran a forum/site with the intent of having mkwii kiddies treat him like a Hacker GOD
- Also the forum/site that he co-runs, is full of so much fakery and bullshit, I don't even know where to start. That site is soooo much cancer.
|
|
|
|
| Read Your UDP Port During Race |
|
Posted by: zak - 08-13-2018, 09:11 PM - Forum: Cheat Codes
- No Replies
|
|
Read Your UDP Port During Race
When you connect online to the server, you use a UDP port for peer-to-peer protocol. It can be any number from 2 - 65535. This code will display your UDP port number in the milliseconds section of your timer. Keep in mind that your UDP port number will change every single time you connect online.
Instructions: Connect online. Join a WW/online race, or go back offline and do a VS race or TT. Your UDP Port will appear in the milliseconds second of your timer. It will auto rotate through its 2 bytes and repeat nonstop.
How to decipher the UDP Port Number--
Let's say you run the code and in the race you get the millisecond value of 251 then the value of 095. Take the value 251, convert it to hex. You will have FB. Take the value 095, convert it to hex. You will have 5F. Put those hex numbers together in order. Please note that you will see the value 000 happen for 2 seconds after your UDP port numbers. This is to help you not read your UDP port millisecond values backwards/flipped by accident.
Your UDP port number (in hex) is FB5F. Simply convert that to decimal now, and your UDP port number is 64351.
Code makes use of Gecko Register Address 8000175C, make sure no other codes are utilizing that address.
NTSC-U
C211130C 00000005
3861000C 9421FFB0
BDC10008 3F008000
6318157C B0B80000
B9C10008 38210050
60000000 00000000
C25310A0 0000000B
3E008000 6210157C
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
PAL
C21113AC 00000005
3861000C 9421FFB0
BDC10008 3F008000
6318157C B0B80000
B9C10008 38210050
60000000 00000000
C2535BE8 0000000B
3E008000 6210157C
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
NTSC-J
C21112CC 00000005
3861000C 9421FFB0
BDC10008 3F008000
6318157C B0B80000
B9C10008 38210050
60000000 00000000
C2535568 0000000B
3E008000 6210157C
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
NTSC-K
C2111424 00000005
3861000C 9421FFB0
BDC10008 3F008000
6318157C B0B80000
B9C10008 38210050
60000000 00000000
C2523C40 0000000B
3E008000 6210157C
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
Source (does NOT include Dea's ASM for Millisecond Cycler)
addi r3, sp, 12 #Add the values of 12 and Special Purpose Register. Result is stored in Register 3. (default ASM function of address)
stwu r1, -80(r1) #Make space for 18 registers
stmw r14, 8(r1) #Push r14-r31 onto the stack
lis r24, 0x8000 #Set first half address of Register 24 to 0x8000
ori r24, r24, 0x157C #Set second half address of Register 24 to 0x157C
sth r5, 0 (r24) #Store the halfword of Register 5 to address of Register 24 (udp port value is stored)
lmw r14, 8(r1) #Pop r14-r31 off the stack
addi r1, r1, 80 #Release the space
nop #Necessary nop for odd amount of ASM instructions
Code created by: zak
Code contributor(s): Dea (ASM millisecond cycler source code)
|
|
|
|
| Read Your Public IP During Race |
|
Posted by: zak - 08-13-2018, 08:23 PM - Forum: Cheat Codes
- No Replies
|
|
Read Your Public IP During Race
The code allows you to see your public IPv4 Address (in standard decimal format) in the milliseconds section of the timer during a race. You can also use this code to see if your VPN is actually working.
Instructions: Connect online. Join a WW/online race, or go back offline and do a VS race or TT. Your Public IP Address will appear in the milliseconds second of your timer. It will auto rotate through all 4 bytes of the IP and repeat nonstop.
Code makes use of Gecko Register Address 80001758, make sure no other codes are utilizing that address.
NTSC-U
C2111308 00000006
A0BB0108 811B0104
9421FFB0 BDC10008
3F208000 63391578
91190000 39000000
B9C10008 38210050
60000000 00000000
C25310A0 0000000B
3E008000 62101578
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
PAL
C21113A8 00000006
A0BB0108 811B0104
9421FFB0 BDC10008
3F208000 63391578
91190000 39000000
B9C10008 38210050
60000000 00000000
C2535BE8 0000000B
3E008000 62101578
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
NTSC-J
C21112C8 00000006
A0BB0108 811B0104
9421FFB0 BDC10008
3F208000 63391578
91190000 39000000
B9C10008 38210050
60000000 00000000
C2535568 0000000B
3E008000 62101578
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
NTSC-K
C2111420 00000006
A0BB0108 811B0104
9421FFB0 BDC10008
3F208000 63391578
91190000 39000000
B9C10008 38210050
60000000 00000000
C2523C40 0000000B
3E008000 62101578
88B00000 90A10024
3A310001 2C110040
4180000C 88B00001
90A10024 2C110080
4180000C 88B00002
90A10024 2C1100C0
4180000C 88B00003
90A10024 2C1100F0
41800008 3A200000
80A10024 00000000
Source (does NOT include Dea's ASM for Millisecond Cycler)
lhz r5, 0x0108 (r27) #Load the halfword of address of Register 27 plus offset 0x0108 into Register 5 (default ASM function of address)
lwz r8, 0x0104 (r27) #Load the word of address of Register 27 plus offset 0x0104 into Register 6 (grab your IP address)
stwu r1, -80(r1) #Make space for 18 registers
stmw r14, 8(r1) #Push r14-r31 onto the stack
lis r25, 0x8000 #Set first half address of Register 25 to 0x8000
ori r25, r25, 0x1578 #Set second half address of Register 25 to 0x1578
stw r8, 0 (r25) #Store the word of Register 8 to address of Register 25
li r8, 0 #Load 0 immediately into Register 8 (sets Register 8 back to its original value at the time when ASM first is executed to prevent bugs/faults in game)
lmw r14, 8(r1) #Pop r14-r31 off the stack
addi r1, r1, 80 #Release the space
nop #Necessary nop for odd amount of ASM instructions
Code created by: zak
Code contributor(s): Dea (ASM millisecond cycler source code)
|
|
|
|
| Tutorial on How to Make your own Cheat Codes on Dolphin |
|
Posted by: zak - 08-12-2018, 12:34 AM - Forum: Guides/How-To's
- Replies (2)
|
|
Tutorial on How to Make your own Cheat Codes on Dolphin
This guide will teach you how to become an actual real Code Creator. Many people in the MKWii community claim to be code creators, but they don't even know what ASM is. You cannot call yourself a code creator just because you nop'd a random address or modified a floating point value in the game. To be a code creator, you have to (from scratch), make an ASM code based on a breakpoint that effected a desired function of the game all done by yourself.
Now I got that monkey off my back, let's begin.
Chapter 1. Requirements
Before you can start creating ASM codes, you are going to need to be well familiar with the following items:
Homebrew Channel
Making GCT's (Ocarina Cheat Code manager)
USB Loaders
Wiimm's WIT & SZS Tools (be able to learn it easily if you haven't yet)
Gecko Codetype Documentation
Please note: THIS GUIDE IS NOT MEANT FOR NOOBS, SEMI NOOBS, BEGINNERS, etc!!!!
Basically here's the level you should already be at:
- Played at least a few months on mkwii with cheat codes
- Made/experimented with some 04-type (32bit) codes
- Can port codes, make activators, make deactivators, etc
- Know what bytes. half-words, and words are
- Know at least 50% of the gecko codetype documentation
- Know most of the terms/slang of hacking/cheating in MKWii
- Played quite a bit w/ USB Loaders (understand good amount of info with ISOs/WBFSs)
- At least is intuitive enough to learn WIT & SZS Tools easily if you don't already know how to use those Tools
Ok, once you are around that level that I described, then you are good to proceed in this guide. If not, don't even bother, you will have to absorb so much info too quickly, that you will simply not learn anything. You have to crawl before you can walk.
Chapter 2. Dolphin & Aldelaro5's RAM Viewer
While USB Geckos are superior, finding one is quite the challenge. Luckily, we have Dolphin and a RAM Viewer made by a person named Aldelaro5.
Windows Users:
Download the latest dev version of Dolphin - https://dolphin-emu.org/download/
You CANNOT use a public/stable release. Those versions are VERY outdated, making codes with those types of dolphins is simply not possible.
The download package will be in 7z format, you will need some third party archiver/extractor (such as WinRAR). Extract the download. You will see an application named Dolphin.exe. This is the application you would run to launch Dolphin.
Download the latest version of Aldelaro5's RAM Viewer- https://github.com/aldelaro5/Dolphin-mem...indows.zip
Unzip the download. You will see an application called Dolphin-memory-engine.exe. This is the application you would run to launch the RAM Viewer.
Linux Users:
Install the latest dev version of Dolphin from source code. Tutorial for that is HERE
You CANNOT use a public/stable release. Those versions are VERY outdated, making codes with those types of dolphins is simply not possible.
Install the RAM Viewer from source code, Guide for that is HERE
-----
Once you have both of those installed, you should follow this guide HERE so you can play online (with your own NAND) to test online codes when needed.
NOTE to Windows users reading the Guide to Inject NAND Backup and Play Online (Dolphin) thread: Just open Dolphin via the application file and follow all the steps after the Linux command - dolphin-emu.
Once you have done all 3 of those steps, you need to familiarize yourself with Dolphin and the RAM Viewer. Play some basic mkwii on Dolphin just to learn how Dolphin works. Nothing crazy.
Chapter 3. PowerPC Assembly
There's no way around it, you're going to have to learn how to read and write PowerPC ASM. This is needed because later on we will use a program to compile ASM into an actual cheat codes. How can you compile ASM if you can't read/write it?
When you read the links I'm about to provide, you MUST ACTUALLY READ THEM! Don't be inpatient and 'skim' through just looking for things that catch your eye. You have to buckle down and take the time to read everything.
Now here are the links I want you to read, read them in the order i listed. Do not proceed further in this guide until you are confident that you can pass a quiz if I were to give you one.
Link #1 - IBM HERE (an article about the basics of IBM's PowerPC)
Link #2 - WiiBrew HERE (an article going over quite a bit of the Wii's ASM)
Chapter 4. Overview of Dolphin
Dolphin comes with a debugger mode. It is needed to make cheat codes. The debug mode has many features allowing you to see what is actually happening at the lower levels of MKWii.
There are a variety of panels/tabs that come with the debug mode. However, we will only be focusing on the following three:
Breakpoints
Code (will be called Code View in this guide)
Registers
There is another tab/panel called Memory to view the game's memory, but we will use Aldelaro5's RAM Viewer instead because Dolphin's memory view is not live, it is simple garbage.
Launch Dolphin Debug Mode--
How to Launch the Debug Mode (Linux):
If you are on the latest dev version (or 8200 series and later), Dolphin is built with the Qt engine. This means you no longer need to manually boot the debug mode. It can be used when booting Dolphin normally, allowing you to use the debugging tabs/panels at any time. However if this fails, then type this command in your terminal -- dolphin-emu -d
How to Launch the Debug Mode (Windows):
All dev versions for Windows require manually starting the debug mode. Go to the folder where your Dolphin application file is at. Do Shift+Right click inside that folder. Command prompt will appear. Now just type --- Dolphin.exe -d
At the top, click on View, you will see a list of features including the ones I mentioned earlier. Select (to checkmark): Breakpoints, Code View, and Registers.
---
Breakpoints:
https://mkwii.org/pics/screenshots/Breakpoint.png
This is how all codes begin. A user sets a breakpoint thinking that breakpoint will effect a certain function of the game. If their guess is correct, the game will pause and they would work from there.
There are two main breakpoints: Instruction & Memory
Without going into too much detail too early...
Instruction Breakpoints are used when you are working on an existing ASM code (want to modify it, change it).
Memory Breakpoints are used when you are making a new code from scratch
Code View:
https://mkwii.org/pics/screenshots/CodeView.png
Dolphin should already be running, boot your MKWii ISO/WBFS. Once it has booted, pause the game. You can now see the Code View.
The Code View lets you view the game's assembly code. It takes the hex view of the games memory and decompiles it all to ASM, so you know what functions are being done for every address. You should be able to understand a lot of games functions since you have read up on ASM. The code view can only be seen when the game is paused.
Registers:
https://mkwii.org/pics/screenshots/Registers.png
Your game should still be paused (unless you un-paused it yourself). Take a good look at the Registers.
For all ASM functions, there are bytes/data stored, moved, added, loaded etc. The game does this on the PowerPC's Registers. Since you are required to know Gecko Code documentation, think of the Registers like Gecko Registers.
There are 32 Normal Integer Registers (numbers within any Register are always in hexadecimal). Starting at r0 all the way to r31. For basic coding, these are the only registers you need to be concerned with. There are other types such as Link Register, Floating Point Registers, etc. Don't worry about those until you have made quite a bit of simple ASM codes.
Whenever a change is done to a Register from the previous ASM function in the Code View, those Register(s) will be highlighted in RED.
Since these Registers work like gecko registers, you can load data into a Register, and use it for later. You can also set an address location for a Register, or add the values of two Registers. The possibilities are endless.
Every ASM code depends on the Registers. Get familiar with the Registers!
Chapter 5. Overview of RAM Viewer
Dolphin should already be opened with your game paused. Go ahead and open your RAM viewer.
Pic of RAM Viewer - https://mkwii.org/pics/screenshots/RAMViewer.png
The RAM Viewer is very helpful, you can see what changes are happening live in the game. This can help you find undiscovered functions, values that nobody has seen before. USB Geckos never had this feature, so there's still quite a bit left on the table to be done on code making.
Once your RAM viewer is opened, it should already be hooked to Dolphin. If not, hook it, and open the memory viewer. To keep confusion away during this guide, the term "memory viewer" will be the actual view of the game's memory from the RAM Viewer program; and 'RAM Viewer' is Aldelaro5's overall program itself. On the RAM Viewer, you will seem some options such as First Scan, a drop down menu with the word Byte on it, etc. These options allow you to narrow down a search for a desired value.
Pic of Memory Viewer w/ MKWii running - https://mkwii.org/pics/screenshots/LiveViewMemory.png
For example: You can use the drop down menu that says Byte on it, change it to Array of Bytes, and enter in a desired string of hex, then hit first scan. A list of matching results with their memory addresses will appear. You can then choose 'Add All' to add the results below. Once those list of addresses are at the bottom, you can right click one of them and choose 'browse at this address'. Once you do that, go back to the memory viewer, you will see that you were negatived to that desired address.
And that's how you basically use the RAM viewer. Theres other things such as "next scan", but I'm already overwhelming you enough.
Pic of many panels (game paused) - https://mkwii.org/pics/screenshots/AllPanels.png
Chapter 6. ASMWiiRD.exe
https://mkwii.org/pics/screenshots/ASMWiiRD.png
Unfortunately, dolphin doesn't come with an ASM compiler. There are only two programs that can compile PowerPC ASM. WiiRDGUI and DevKitpro. DevKitpro is a hassle to install and to use in general, so we always stick to WiiRDGui.
Download WiiRD GUI - HERE (Linux users will need the Wine emulator to run it. Do a quick google search to figure out how to install Wine on your Linux Machine)
Extract the download. In the contents of the folder, you will see asmwiird.exe. This is the compiler. Open it. If it is your first time using the compiler, you will be asked to set the directory. Obviously, set the directory of the one that contains asmwiird.exe.
The left hand box is where you would write your ASM from scratch!! The right hand box is the result of the ASM (the actual cheat code). If you have some ASM in the left hand box and hit the right arrow key, your code will be compiled. If there are any errors on your part, the code will not compile and the program will give a vague answer on why the compilation fail.
Obviously you can insert an already made ASM code in the righthand box, and then decompile it by hitting the left arrow button.
Finally address field is for your base address, So address of 80654320 with make a complied code start with C2654320.
Chapter 7. Pros and Cons of Dolphin vs USB Gecko
USB gecko is obviously better than Dolphin. There are many features than it can do that Dolphin can't.
- Pointer Searches
- Inject/Remove Codes Live
- Dump RAM beyond mem90 (such as hardware RAM for controllers, video/graphics RAM, etc)
The 'inject codes live' is the real issue here. Lets say you have a finalzied code, well you simply can't just inject it into dolphin and try it. The only codes you can try live in Dolphin are RAM-fill type (single liner codes). You can do this by clicking in on your memory viewer of the RAM viewer, so a cursor marker appears and type in the values you want to replace in RAM. Effects are instant.
So for all other codes you have some options:
If the testing of the code doesn't require you viewing live memory, then you can just make a GCT and test it on a physical Wii.
If the testing of the code REQUIRES the assistance of the memory viewer, then here's what you need to do:
You would need to make the GCT, then use WIT and SZS Tools to extract the ISO, patch the main.dol with GCT and, rebuild the ISO , so then you can run it on Dolphin.
Dolphin can add cheat codes, but you can only use the ones from geckocodes.org via download (i know right, wth were the dolphin devs thinking). I have heard there are ways of adding your own codes to the codes list in Dolphin itself but it can render some cheat codes inoperable. Patching the ISO via WIT/SZS Tools insures the correct VBI hooktype so if a code doesn't work, you know its the code thats wrong, and not Dolphin being screwy.
Chapter 8. Direction of Attack
Ok lets sum up the direction of attack when it comes to making codes, then we can actually get started. Here's a quick reference of what is done to make codes.
Dolphin Launched -> Game Launched -> RAM Viewer Launched, Memory viewer opened -> Searches/Scans preformed -> Desired value found -> Breakpoint set on address of desired value -> Game pauses, code view is viewed to see what address the function is at -> Registers are viewed to actually know what is going on in regards to the ASM function -> You know what ASM to write based on the Code and Registers view -> ASM written in compiler, code is made -> GCT made -> Codes are tested -> Tests successful, Ports to other regions are done, Code is officially created
And thats the gist of how this works. Ok before we begin, get something to eat and drink, get your insulin levels to full power (lol), lets get started.
Chapter 9. Making your first code
Alright for this guide, we want to make code to change our position online (Position Modifier Code). Let's pretend you have a friend who is ready to help you make your first code.
Launch dolphin debug mode (bring up the Code View, Breakpoints, and Registers tabs/panels), boot your game, launch the RAM viewer and open the memory viewer. You open a room, your friend joins, and a race is started.
For demo purposes, let's pretend you are on the USA game (RMCE01)
So we start the race in first place. Let's say we are going to guess that the game puts the value '01' for first place. Keep in mind that with code making, you will have to do a lot of guess work with trail and error. This is where intuition kicks in. You got to have the ability to think of something out of nothing, or to work on something with limited known factors.
On the RAM Viewer, make sure Byte is selected on the drop down menu. Change 'Base to Use' from Decimal to Hex. Enter 01 for the search field..
Click First Scan!
Let's say we end up with 1,226,594 results. Well thats no good, we need to narrow down the results. In fact, there's so many results, the RAM Viewer will not list them to prevent itself from crashing. Don't worry though, the RAM Viewer still actually knows all the results.
Alright so you tell your friend to go ahead of you, you are now in 2nd place. In your search field, change the byte value from 01 to 02.
Click Next Scan!
The Next Scan feature will use your current 1,226,594 results and rerun the search using 02 this time. Any results that don't match 02 will be removed from the results list thus narrowing down the results.
Now we are down to 98 results. At this point this is a small enough list for the RAM viewer to list the results on the lefthand box. Ok, get back into 1st place again, change the byte value back to 01. Hit Next Scan again!
17 results now, better. Do this procedure again to narrow down the results once more. You might be around 8 - 12 results at this moment. You can now stick with your current byte value (don't change positions while doing this ofc), and just hit Next Scan really fast repeatedly. Eventually you will get down to 5 results.
Let's pretend this is our list of memory addresses (5 results)
80E5C416
80E62214
80E6AB59
80E6B1E0
81008848
NOTE: Your list of memory addresses will be different! In fact, every time you 'make' this Position Modifier Code, the list of memory addresses will always be different. Because those addresses are known as 'dynamic', meaning they change per every race and/or game boot. I listed these random ones for demo purposes only.
Click the 'Add All' button to put all the addresses in the lower box.
Right click on your first address (80E5C416), and select 'Browse memory at this address'. Your memory viewer will auto navigate to that address. In your memory viewer, the byte (01/02) will be at that address.
Okay so you are probably thinking... Hey let's Breakpoint this address and get started! Wrong. PowerPC ASM functions in 32 bit strings. What does this mean? This means you can only breakpoint addresses that end in 0, 4, 8, or C. Well the address 80E5C416 ends in 6. This means we use the 0/4/8/C address that comes before. So our breakpoint address is 80E5C414.
Okay so now you are thinking again... Alright now we can Breakpoint! Wrong, but normally you would be right. Remember I told you there would be a lot of trail and error. I have already made this code myself and I know that the second address from our results list is the correct address. To save you time, don't bother breakpointing the first result address. I hope you understand now that code making takes patience and a willingness to deal with failure.
So the second result from our list of addresses was 80E62214. On the RAM Viewer, right click on the address and browse to in on the memory viewer. Feel free to swap positions with your friend and watch the memory viewer. The byte at the address in the memory viewer will swap between 01 and 02 accordingly when your position is being swapped in game. Dolphin's own memory viewer can't do this.
It's Breakpoint time!
Go to your Breakpoints tab. Click the New button (has a plus symbol on it).
Instruction Breakpoint will be auto selected. If you have been reading and paying attention, you will know we need the Memory Breakpoint instead. Select Memory Breakpoint. Address will be auto selected, while the other option is Range. Don't ever worry about Range until you have become a well seasoned code creator.
Set the address to 80E62214.
Condition will be auto selected on write. Let's talk about Read VS Write Breakpoints before continuing any further:
Which one do we set? Read or Write? Well this all depends on the scenario. Let's say you have a static value, and you know that the game reads said value later on during a certain event in the game. Well, you would use a Read Breakpoint because we want to know what address of the game (ASM functions) that's read the static value before utilizing it.
Let's say we have a value that changes while you are in the race, or changes periodically after certain events in the game, or a value that's constantly changing nonstop. We would use a Write Breakpoint because we need to figure out what address (ASM functions) is writing the value.
Just use some common sense, thats all. So obviously, we will set a Write Breakpoint to make our code.
---
Back to the Breakpoints Tab. Leave the condition to Write. Action will be auto selected on 'Write to Log and Break'. Unless you are an advanced code, we will only need to use 'Break'. Plus logging bogs down quite a bit on your computer's performance. Change Action to 'Break'.
CLICK OK!
The game will now pause. Obviously, this will allow us to see the Code View. If the game doesn't pause, your assumptions were incorrect and the Breakpoint failed. Remember, you will fail a lot when making codes!
Take a look at your Code View. The address that the game 'broke' on will be highlighted in GREEN.
This should be the address 8053A484 with the ASM: stb r7, 0x0020 (r3)
Address will be different if you weren't using the USA game.
You should know what this ASM instruction is. It is very basic. Let's break it down...
stb = Store Byte
So we know we will be storing a byte value, ok.
stb r7 = Store the Byte of Register 7
Ok the ASM function is wanting to store the byte of Register 7. But to where? Before continuing, look at your Registers tab. Take a look at Register 7. Let's say when the game paused from the breakpoint, you were in 2nd place, this meant that 01/02 byte value would obviously be 02. What does Register 7 say? 00000002
Starting to understand how this coding stuff works? Good, back to the ASM function.
stb r7, 0x0020 (r3) = Store the Byte of Register 7 into Register 3 plus offset of 20.
Whenever you have a store ASM function, the second Register (plus the offset) is the location of the memory address that the byte/halfword/word will be stored to.
Take a look at Register 3. It contains a Mem 80 Address. Now add 20 (in Hex ofc), and what do you get? You get our initail address from the list of results from the RAM Viewer (2nd result ofc): 80E62503
Now you understand how the Registers work? Good 
Please note that when bytes and halfwords are used in Registers for integer values, they start on the right side of the 32 bit string of said Register. So if a Register has a value 20002540. Sth (store halfword) would use the '2540' portion of the Register and stb (store byte) would use the '40' portion. When dealing with memory address locations of Registers, bytes and halfwords start at exactly the memory address location. So let's say a Register has a memory address of 80654100 and the 32 bit string/value at the address is 16739AA0, the byte of that address would be '16', and the halfword would be '1673'. This probably confused you more, but you will get use to it in due time.
---
Going back to our ASM function: stb r7, 0x0020 (r3)
We know the integer value of Register 7 and we know where the memory address of where it is being stored (written) to.
TIME TO WRITE SOME ASM!
Since we know how the game is writing our position value, let's manipulate it!
Obviously, we need to change the value of Register 7 before the ASM function stores/writes that value to memory address location of Register 3; offset 0x0020.
This is simple to do, we will do a Load Immediate command into Register 7.
li r7, X
Now X is the value that we want to have, let's say we want 1st (01) place.
li r7, 1
If desired, you can write the byte value in hex form: li r7, 0x0001
Its good to use hex when dealing with values of halfwords and words. But for using bytes, sticking to decimal will suffice.
Open up your ASMWiiRD.exe file! Time to compile!
Let's put in our first ASM instruction that we've come up with so far.
li r7, 1
Ok so we have our value of Register 7 set to what we want, now we can let the game use it's original ASM function to store that value to the proper memory address location. Simply add in the original ASM function after our Load Immediate function.
li r7, 1
stb r7, 0x0020 (r3)
CAUTION: in MOST codes you will need to have the address's original ASM function (aka deactivator), or else you could break some other function of the game or the code might not work at all.
Almost done, one final step. In any ASM, you need an odd amount of instructions. If you ASM has an odd amount, we are good to compile. If not, we just add a simple 'nop' command. Since we have 2 instructions, we have an even amount and need to add the nop.
li r7, 1
stb r7, 0x0020 (r3)
nop
In actuality, when using ASMWiiRD.exe, you don't ever need to add the nop. The program will do it for you. But it's good practice to naturally include the nop.
Now just add in your address (the one the game 'broke' on, highlighted in Green in the Code View)
8053A484
Click the right arrow button to compile the code!
C253A484 00000002
38E00001 98E30020
60000000 00000000
Take a look at your compilation. We see our '1' value from the ASM function li r7, 1.
You can remove the '01' and plug in an 'XX' value to allow you to choose any position you want. Remember the game is always in Hex. So 12th position would be 0C for the XX value.
Chapter 10. Testing/Porting Your Codes
For a code like this, we don't need the assistance of the memory viewer. So we can test this on a normal physical Wii Console. Make a standard GCT, add your code, and test it with your friend(s). If a code requires the memory viewer for assitance, you will need to do the WBFS/ISO patching to patch the GCT on your main.dol, and then you can test the WBFS/ISO w/ codes on Dolphin.
Test your code. If it works, success! If not... back to the drawing board. When a code fails, you always check your 'source' first. Source is another term for your ASM that you wrote for the compiler. If there's no mistakes there, then maybe your Breakpoints were off, or the results from the memory viewer search were not what you were needing to find.
Once your code is a success. Port your code to all the other regions. You should already know how to do this. Post your new code if desired. Remember to add credits to prevent others from taking credit in the future for your codes!
|
|
|
|
| Hacker of the Year |
|
Posted by: zak - 08-11-2018, 08:34 PM - Forum: Hacking General
- No Replies
|
|
This is a quick list of who I think was the best code creator/hacker/mkwii-based software programmer of each year since 2008. I would greatly appreciate anybody's input.
2008 - Volderbeek
2009 - Mdmwii
2010 - Mdmwii
2011 - XeR
2012 - Bully
2013 - Bully
2014 - Wiimm / Chadderz (co-champs)
2015 - Geeh
2016 - MrBean
2017 - MrBean
2018 (so far) - Star
If you have any input/suggestions, stay OBJECTIVE.
Honorable mentions and others that can be argued to be 'champ' of said year:
2009 - Guru (shared item code release)
2010 - Hamster (released mkw code generator)
2010 - NinArm (the first to port many codes to Korea, first to release Korea RAM Dump, made Full MAC Spoofer Code)
2013 - Anarion (made most of his codes in this year)
2015 - Chadderz (just because of CTGP)
2016 - Geeh (made a bit more rainbow/hud codes during beginning of this year)
2016 - Luis (made a shit ton of single-liner codes)
2016 - Wiimm (many improvements to Wiimmfi during this year)
2016 - Atlas (made some quality windows exe programs such as RKG Viewer, rksys.dat extractor, etc)
|
|
|
|
| Host Detector |
|
Posted by: zak - 08-11-2018, 07:26 PM - Forum: Cheat Codes
- No Replies
|
|
Host Detector
This code will let you know (via the millisecond section of your timer) whether or not you are the host of the room/WW.
NTSC-U
C2531174 00000002
3D808165 800C0008
60000000 00000000
C2654AD0 00000005
9421FFB0 BDC10008
A00400C0 830400C8
3FA08165 63BD0008
931D0000 B9C10008
38210050 00000000
PAL
C2535CBC 00000002
3D808165 800C0008
60000000 00000000
C2658F58 00000005
9421FFB0 BDC10008
A00400C0 830400C8
3FA08165 63BD0008
931D0000 B9C10008
38210050 00000000
NTSC-J
C253563C 00000002
3D808165 800C0008
60000000 00000000
C26585C4 00000005
9421FFB0 BDC10008
A00400C0 830400C8
3FA08165 63BD0008
931D0000 B9C10008
38210050 00000000
NTSC-K
C2523D14 00000002
3D808165 800C0008
60000000 00000000
C2647270 00000005
9421FFB0 BDC10008
A00400C0 830400C8
3FA08165 63BD0008
931D0000 B9C10008
38210050 00000000
Millisecond Values:
000 = Host
001 = Non-Host
Source (does not include timer asm code)
stwu r1, -80(r1) #Make space for 18 registers
stmw r14, 8(r1) #Push r14-r31 onto the stack
lhz r0, 0x00C0 (r4) #Load the half word at address of Register 4 offset 0x00C0 into Register 0
lwz r24, 0x00C8 (r4) #Load the word at address of Register 4 offset 0x00C8 into Register 24
lis r29, 0x8165 #Set the first half address of Register 29 to 0x8165
ori r29, r29, 0x0008 #Set the second half address of Register 29 to 0x0008
stw r24, 0 (r29) #Store the word of Register 24 into Register 29
lmw r14, 8(r1) #Pop r14-r31 off the stack
addi r1, r1, 80 #Release the space
Code created by: zak
Code contributor(s): Star (Used his BA because other BAs weren't working), Bully (Timer code)
|
|
|
|
|
![[Image: jp.png]](https://mkwii.org/pics/flags/jp.png)
Dea ![[Image: geckologo.jpg]](https://mkwii.org/pics/logos/geckologo.jpg)
![[Image: dolphinlogo.jpg]](https://mkwii.org/pics/logos/dolphinlogo.jpg)
![[Image: us.png]](https://mkwii.org/pics/flags/us.png)
Anarion ![[Image: devkitlogo.png]](https://mkwii.org/pics/logos/devkitlogo.png)
![[Image: de.png]](https://mkwii.org/pics/flags/de.png)
Bully ![[Image: gb.png]](https://mkwii.org/pics/flags/gb.png)
Chadderz ![[Image: it.png]](https://mkwii.org/pics/flags/it.png)
Mdmwii ![[Image: fr.png]](https://mkwii.org/pics/flags/fr.png)
XeR 