Don't Get Blued In 1st
#1
Don't Get Blued In 1st

This code greatly reduces the chances of you getting blued when you are in 1st place. Whenever you are in 1st, grab an item THEN hold it. It is impossible for anyone to now get a blue shell from an item box (unless they use something like a forced item code or always have item hack ofc). The key is to keep holding your item in inventory. As long as you are doing that, nobody can pickup the blue. There are multiple fail safes implemented in this code to prevent detection such as...

- 30 second timer track (to prevent item value 0x14, aka mushroom instead)
- position tracker (code will not execute if you are not in 1st)
- item trailing/circling spoofer
- item tail_mode spoofer

This code has one bug. Due to the trailing/circling spoofer plus tail_mode failsafes, when you grab an item in 1st place, KEEP it in inventory. Do NOT pull it out under any circumstances. Yes, this sucks. But if you pull out the item (such as a nana), on other people's screens, they see you didn't pull out anything. The two failsafes that cause this bug are needed. There are programs/detectors out there that can read your trailing/circling item (and/or tail_mode) and compare it to the item that you just had in inventory. With this code, since the item in inventory shows a blue shell, if the two failsafes aren't in this code, then this code becomes detectable.

This bug doesn't apply in any other position as this code won't execute at all if you are not in 1st when picking up a box. Bug also doesn't apply in the first 30 seconds of the race. If you 100% know that somebody is already holding the blue, when you pick up a box. Then it's okay for you to pull out your item from inventory.

Code makes use of the following memory addresses:
0x814A0000 thru 0x814A0003
0x81680193 thru 0x816801BF

Make sure no other codes in your GCT/Cheat Manager are using those addresses!

NTSC-U
C25310A0 00000002
3D80814A B38C0000
80A10024 00000000
C265D3A0 0000000D
3D80814A 896C0002
2C0B0001 40A20044
A16C0000 2C0B001F
41800038 7C0902A6
3D608168 616B018C
3BA0000C 7FA903A6
3BA00007 87CB0004
7C1EE800 41820014
4200FFF4 39600001
3BE00007 48000008
39600000 996C0003
7C0903A6 9BE50001
60000000 00000000
C265EE14 00000003
88030001 1D960004
3D8C8168 980C0193
60000000 00000000
C265EE30 00000003
88100011 1D960004
3D8C8168 980C0193
60000000 00000000
C265FCC8 00000004
3D80814A 896C0003
2C0B0001 40A2000C
3B800014 3BE00000
9B830002 00000000

PAL
C2535BE8 00000002
3D80814A B38C0000
80A10024 00000000
C265C718 0000000D
3D80814A 896C0002
2C0B0001 40A20044
A16C0000 2C0B001F
41800038 7C0902A6
3D608168 616B018C
3BA0000C 7FA903A6
3BA00007 87CB0004
7C1EE800 41820014
4200FFF4 39600001
3BE00007 48000008
39600000 996C0003
7C0903A6 9BE50001
60000000 00000000
C265E18C 00000003
88030001 1D960004
3D8C8168 980C0193
60000000 00000000
C265E1A8 00000003
88100011 1D960004
3D8C8168 980C0193
60000000 00000000
C265F040 00000004
3D80814A 896C0003
2C0B0001 40A2000C
3B800014 3BE00000
9B830002 00000000

NTSC-J
C2535568 00000002
3D80814A B38C0000
80A10024 00000000
C265BD84 0000000D
3D80814A 896C0002
2C0B0001 40A20044
A16C0000 2C0B001F
41800038 7C0902A6
3D608168 616B018C
3BA0000C 7FA903A6
3BA00007 87CB0004
7C1EE800 41820014
4200FFF4 39600001
3BE00007 48000008
39600000 996C0003
7C0903A6 9BE50001
60000000 00000000
C265D7F8 00000003
88030001 1D960004
3D8C8168 980C0193
60000000 00000000
C265D814 00000003
88100011 1D960004
3D8C8168 980C0193
60000000 00000000
C265E6AC 00000004
3D80814A 896C0003
2C0B0001 40A2000C
3B800014 3BE00000
9B830002 00000000

NTSC-K
C2523C40 00000002
3D80814A B38C0000
80A10024 00000000
C264AA30 0000000D
3D80814A 896C0002
2C0B0001 40A20044
A16C0000 2C0B001F
41800038 7C0902A6
3D608168 616B018C
3BA0000C 7FA903A6
3BA00007 87CB0004
7C1EE800 41820014
4200FFF4 39600001
3BE00007 48000008
39600000 996C0003
7C0903A6 9BE50001
60000000 00000000
C264C4A4 00000003
88030001 1D960004
3D8C8168 980C0193
60000000 00000000
C264C4C0 00000003
88100011 1D960004
3D8C8168 980C0193
60000000 00000000
C264D358 00000004
3D80814A 896C0003
2C0B0001 40A2000C
3B800014 3BE00000
9B830002 00000000



List of Sources:

Source Mini Guide
1st ASM = Second Dumper to Mem81
2nd ASM = Second Reader from Mem81; Position Reader from Mem81; Blue Shell Loop Checker of Items listed in Mem81; Anti-Item Spy Execution; Status Dumper to Mem81
3rd & 4th ASMs = Bully's USB Gecko Item Spies (Items dumped to Mem81)
5th ASM = Status Reader from Mem81; Trailing/Circling plus Tail_Mode Spoofer
6th ASM = Never Get Trip Nanas in 1st; Position Dumper to Mem81



1st ASM Source:
lis r12, 0x814A #Set first half address for data mem81 storage
sth r28, 0x0 (r12) #Store timer second halfword value to 0x814A0000
lwz r5, 0x0024 (sp) #Default instruction



2nd ASM Source:
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Notes About Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

##r0, r29 and r30 are safe for use as they get overwritten by later load functions##

#~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Mem81 Address Pre Config #
#~~~~~~~~~~~~~~~~~~~~~~~~~~#

lis r12, 0x814A #Set first half of address for data loading & storage

#~~~~~~~~~~~~~~~~~~~~~~~#
# Position Load & Check #
#~~~~~~~~~~~~~~~~~~~~~~~#

lbz r11, 0x0002 (r12) #Load position byte value from 0x814A0002
cmpwi r11, 0x1 #Compare current position to 1st place
bne+ no_go #If you are not in 1st, jump to no_go label

#~~~~~~~~~~~~~~~~~~~~~#
# Second Load & Check #
#~~~~~~~~~~~~~~~~~~~~~#

lhz r11, 0 (r12) #Load timer second halfword value from 0x814A0000
cmpwi r11, 0x1F #Compare timer second value to value of 31 seconds
blt- no_go #If less than 31 seconds, we don't want item 0x14 issue, jump to no_go label

#Value of 30 isn't used because this value can be 30 just a few frames before 30 is actually displayed on your timer, so it be extra#
#safe, 31 is used instead#

#~~~~~~~~~~~~~~~~~#
# Pre-Loop Config #
#~~~~~~~~~~~~~~~~~#

mfctr r0 #Backup OG CTR Value


lis r11, 0x8168 #Set Address (1st half) to read the values from Bully's Dolphin/USB Gecko Item Spy ASMs
ori r11, r11, 0x018C #Set Address, 2nd half, -0x4 away from address of slot 0's item

li r29, 0xC #Load 0xC into r29
mtctr r29 #Copy value of r29 to the CTR

li r29, 0x7 #Set Blue Shell Item Value

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Blue Shell Verification Loop #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

re_check:
lwzu r30, 0x4 (r11) #Load word (item) from current spot of Bully's mem81 area, update r11 after every occurence
cmpw r30, r29 #Compare the current loaded item to blue shell
beq- no_go #If item held is blue shell, jump to no_go label
bdnz+ re_check #if CTR is NOT zero, jump back to start of loop

li r11, 0x1 #Loop is over, nobody is holding Blue Shell; Set value to 1 (execute in other ASM)
li r31, 0x7 #Activate Anti-Item spy code, once you grab an item, it shows to others you got the blue, therefore they cannot grab one now!!
b finish_code #jump to finish_code label

#~~~~~~~~~~~~~#
# no_go Label #
#~~~~~~~~~~~~~#

no_go:
li r11, 0x0 #Set status byte value to 0 (don't execute other ASM that is responsible for trailing/circling plus spoofing)

#~~~~~~~~~~~~~~~~~~~#
# finish_code label #
#~~~~~~~~~~~~~~~~~~~#

finish_code:
stb r11, 0x0003 (r12) #Store status byte value to 0x814A0003
mtctr r0 #Restore OG CTR Value
stb r31, 0x0001 (r5) #Default instruction

#

#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#



3rd ASM Source:
lbz r0, 0x1 (r3) #Default instruction
mulli r12, r22, 0x4 #Multiple Player slot by 4, store in r12. Thus lower 16 bits of r12 will hold second half of mem81 address
addis r12, r12, 0x8168 #Add 0x8168 to upper 16 bits of r12, lower 16 bits are not effected. At this point, if r12 is added with 0x193, it will be the finalized address of where the current read player's item will be stored to in mem81
stb r0, 0x193(r12) #Store current read player's item to r12 plus offset 0x0193 (address for that player's item is now finalized)



4th ASM Source:
lbz r0, 0x0011 (r16) #Default instruction
mulli r12, r22, 0x4 #Multiple Player slot by 4, store in r12. Thus lower 16 bits of r12 will hold second half of mem81 address
addis r12, r12, 0x8168 #Add 0x8168 to upper 16 bits of r12, lower 16 bits are not effected. At this point, if r12 is added with 0x193, it will be the finalized address of where the current read player's item will be stored to in mem81
stb r0, 0x193 (r12) #Store current read player's item to r12 plus offset 0x0193 (address for that player's item is now finalized)



5th ASM Source:
lis r12, 0x814A #Set first half address for data mem81 loading
lbz r11, 0x3 (r12) #Load status byte from 0x814A0003, it will be either 0 (don't execute) or 1 (execute) from the first ASM code

cmpwi r11, 0x1 #Compare Mem80 address value to 1
bne+ finish_code #If value in r11 not equal to 1, jump to finish_code label
li r28, 0x14 #Activate Anti-Trailed Item Spy. If you pull out your item, it shows to others you launched the blue. Is in place to render cheat detectors useless

li r31, 0x0 #Activate Anti-Tail_Mode Item Spy. If you launch your item, it mimics the Tail_mode value of launching a blue. Is in place to render cheat detectors useless

finish_code:
stb r28, 0x0002 (r3) #Default instruction




Code creator: zak
Code credits: Mdmwii (address founder of 1st ASM); Bully (the two USB Gecko Item Spy ASMs); Star (address founder of 5th ASM; trailing/circling spoofer)
Reply
#2
Wow. Very interesting concept! Quick question though, why do you use the instructions for the register safety though? Like is it necessary to prevent game crashes, etc?
Reply
#3
(09-10-2018, 06:22 AM)420 Matt Wrote: Wow. Very interesting concept! Quick question though, why do you use the instructions for the register safety though? Like is it necessary to prevent game crashes, etc?

http://mkwii.org/showthread.php?tid=873

A small thread about Register Safety.

I probably didn't have to do the Register Safety ASM functions for the Anti-Trailed and Anti-Tail_Mode ASM codes, but I did anyway because I was lazy to check for available registers.

In fact, you don't have to always use the Register Safety ASM functions to allow you to use Registers 14 to 31. Whenever you set a Mem Breakpoint on Dolphin, any registers not in red are currently not being used by the Address or nearby Address's. Thus you can use a non-red Register 14 thru 31, you just have to set the default value back. However there are exceptions to this. So its safer to just push/pop the stack.

For example in Mdmwii's original MAC Spoofer code he uses Register 19.

li r19, 0xZZ
stb r19,5(r4)
li r19,0
li r5,6
nop

As you can see he sets r19 back to 0. I did a Instruction Breakpoint on the code's address and saw that Register 19 was NOT highlighted in Red and its value is 0.

Keep in mind, you can NEVER use Registers 2 and 13 no matter what. Also only use Register 1 for the Safety ASM functions.
Reply
#4
(09-10-2018, 04:52 PM)zak Wrote:
(09-10-2018, 06:22 AM)420 Matt Wrote: Wow. Very interesting concept! Quick question though, why do you use the instructions for the register safety though? Like is it necessary to prevent game crashes, etc?

http://mkwii.org/showthread.php?tid=873

A small thread about Register Safety.

I probably didn't have to do the Register Safety ASM functions for the Anti-Trailed and Anti-Tail_Mode ASM codes, but I did anyway because I was lazy to check for available registers.

In fact, you don't have to always use the Register Safety ASM functions to allow you to use Registers 14 to 31. Whenever you set a Mem Breakpoint on Dolphin, any registers not in red are currently not being used by the Address or nearby Address's. Thus you can use a non-red Register 14 thru 31, you just have to set the default value back. However there are exceptions to this. So its safer to just push/pop the stack.

For example in Mdmwii's original MAC Spoofer code he uses Register 19.

li r19, 0xZZ
stb r19,5(r4)
li r19,0
li r5,6
nop

As you can see he sets r19 back to 0. I did a Instruction Breakpoint on the code's address and saw that Register 19 was NOT highlighted in Red and its value is 0.

Keep in mind, you can NEVER use Registers 2 and 13 no matter what. Also only use Register 1 for the Safety ASM functions.

I see... Does this go for any ASM code or just certain instructions in an ASM code?
Reply
#5
I think you mean by code. Like I said it all depends. If you are making a code and want to play it safe (plus not worrying about restoring Register value defaults), then just do the ASM functions to push/pop the stack.
Reply
#6
(09-13-2018, 01:46 PM)zak Wrote: I think you mean by code. Like I said it all depends. If you are making a code and want to play it safe (plus not worrying about restoring Register value defaults), then just do the ASM functions to push/pop the stack.

Yeah. I get it. Thx.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)