[JorgeFFC]

Originally Posted by bungholio Well, I just tried making a package for Silent Hill Homecoming using CMP Auto Tools 5.1 and then tried decrypting the created eboot with both 5.1 and 6.2, and both had errors that prevented them from decrypting them. I then made a package for Disgaea 4 NTSC using CMP Auto Tools 6.2 and then tried decrypting the created eboot, and had the same errors. I then thought there might be some 1 in a million mistake I made so I replaced Disgaea 4's created eboot with the normal nodrm one and things were perfect, so I'm guessing that throws that hope out the window. Ignoring that, the links to those old packages for games seemed to be on megaupload, and that's gone so there's even less of a chance. Yes there is. CMP Auto Tools. It's very easy. Especially if you check the contents of the batch files after I stripped them of all stuff that required input on my part in this post. http://www.codemasters-project.net/v...959#post152959. Copy and paste that in a text file you give the extension ".bat" to, and change the red lines to your game and done. Just remember to download the ps3 keys and put them in the right folder. Grab them at http://www.sendspace.com/file/cej67a. Throwing 00002000 in front of posted memory addresses isn't converting. When I post codes I put both the address in the eboot, and a pattern to find it easily and is what CMP Auto Tools seems to use for adding codes to an eboot normally. I wasn't sure if I had to add 00010000 to the addresses of codes since the PS3 actually loads everything starting at that address, but I haven't heard any problems so it must work just fine? Sometimes others only post the pattern used to find the address. You guys can easily get the addresses. Find somebody that owns the game, have them decrypt it, open the EBOOT.Elf file in HxD, press CTRL + F, type in the pattern, set Datatype to Hex-values, press ENTER, and you'll be at the address that can be used with ps3usercheat/codeunique. Just remember to put the lines that are modified, since not all lines are always modified. For example for Disgaea 4, if you saw this: Unlimited Moves 002F6228 3D800000 002F6240 B19D055C ORIGINAL PATTERN: 60000000 5460063E 2C000000 40820718 38600D6E 4BD47529 60000000 PATTERN: 3D800000 5460063E 2C000000 40820718 38600D6E 4BD47529 B19D055C Say I only posted that pattern instead. You search for that and end up at address 002F6228, you have this: 002F6228 3D800000 002F622C 5460063E 002F6230 2C000000 002F6234 40820718 002F6238 38600D6E 002F623C 4BD47529 002F6240 B19D055C Mystery solved. If you only see a pattern, find somebody that owns the game and has custom firmware on their ps3 so they can get the EBOOT.BIN from the disk, decrypt it to EBOOT.Elf, find the pattern's address using HxD, done. Or if you are beyond lazier than a dead sloth, send the EBOOT.BIN to somebody that can do it for you. @DANNY G I see no use for IDA Pro for me. It didn't seem to index anything more for me on the 2 games I looked at, so I'm assuming it won't be telling me something I won't already find without it. It doesn't tell me anything hidden, I was hoping there was stuff I didn't notice like maybe text in the eboot that maybe had a referrer. It doesn't tell me a single address anything is stored to, so it's not helping me that way either. I have no idea of what I can use it for at the moment, so I haven't been bothering with it unless somebody knows something useful it can be used for.

And bungholio, you forgot to mention that for convert a code to usercheat u need to add 10.000 into the offset value, example: i have an eboot.elf with a code pattern, even if the code is for japanese, some codes can still be found in EUR Eboots(Saint Seya Vosman codes were an example), but with different offsets(but sometimes the code is the same, only testing to see if it will work), for the conversion, u need to know only this:
1 - 00002000 becomes first almost always in the codes(only in some rare cases is 00003000)
2 - What is add 10.000 in the Offset?
If you have 0025FD34 as a code offset and have the pattern there(something like 3C800000), u will do only this for turn it into Usercheat:
00002000 0025FD34+10000= 0026FD34 (And the Pattern for the Code that will replace the older one that was in the eboot before, for know what is the exactly offset, in Hex Editor select the Adress, press right click with mouse and click in Select Block, this will show you the exactly offset for the code in offset start and end...)
So, the usercheat would be:
00002000 0026FD34 60000000(this isn't a cheat, only an example of conversion)
3 - After this, you gave one command for replace the something like 3C800000 for 60000000. For the conversion, you only do this if the code already exist, that's because we need the original eboot for get the .elf file and the .txt file for get better results when try to convert them...
************* [ - Post Merged - ] *************
The Conversion Usercheat to Adress in eboot is the same, but u you remove 10.000 from the Offset(i've gave you this offset as example 0025FD34. If it is part of a usercheat and i want to convert to codes for a eboot.elf normal or pattern code, i have to remove 10.000 from the adress, 0025FD34-10.000 = 0024FD34
So, now i have the Offset, only press with Hex Editor Ctrl+G and put the offset there, the Hex Editor will leave you in the right adress u have to replace for the code work .-., only this.
************* [ - Post Merged - ] *************
For better conversions i would recommend these sites:
http://www.miniwebtool.com/hex-calcu...ate=1&number2=
This is for add or remove 10.000 from the Code Offsets

http://www.statman.info/conversions/hexadecimal.html
This is for code searching and another parameters(like what value you can put for replace the code and help with effects .-.), or you can use it to try and search for numerical codes in Eboot.elf(is a great help...)

@bungholio
I think it's impossible add the patterns in the program, cause it have a limiter in the codes and if it don't recognize the code as an usercheat, sometimes it auto-delete the numbers there .-.(in some cases, this occurs here)
And bungholio, another thing is, Saint Seya Senki or Battle Sanctuary, the Infinite CP Points Code Vosman created give Infinite CP like this:
I will distribute points in Seya, use some points and after finish max seya for example the points became negative, the same as the innocents code, could it be that he use a very big value and made the code going to negative form? .-., if so, help me here, what value do i replace in the code for perfectly work without it turns into a negative value(maybe something like nop, 60000000? or if it is like your innocent limit modifier, maybe FF in the End?

@gingerbread
I think Cross Edge codes were only for US version, cause the offsets for EUR Eboot are different(even if it is minimal), for a perceptive conversion, i need the Cross Edge EUR Original Eboot(i don't have it and can't find on internet, already tried, maybe someone here still have the game in EUR version and can share only the Eboot for lazy guys like me who don't wanna download the game all over again .-.)

[bungholio]

I'm surprised nobody confirmed the thing where you add 10000 to the address to make it work. At the very least, you add that to the addresses of codes I post since I just put the address from HxD which loads things at 00000000, unlike the PS3 doing 00010000. I don't think all users do that though, but I'm mostly certain hyper2k does.

I haven't seen much codes from other users, but the ones I saw weren't memory codes. Codes that start with 00003000 involve pointers which are for memory codes. Nobody was making those on their own. You can't easily make ASM code write to a specific location in memory, every time I tried games wouldn't start, probably some touchy permissions or access violation junk. Some codes are posted from other places that might be memory locations though, like some of the things xtatu finds from Japanese game blogs or wherever on the web. But they either already post it in the correct format, or they just post the address and value, and that just needs 00002000 in front of it. Technically, some codes I post could be 1 or 2 byte constant writes, but that's nothing important, all it does is save the cheat engine from executing 1 less line of code every cycle, and that's like what, 1/1000000000 or whatever of 1 second. Unless you are doing a billion codes at a time which isn't going to happen without the serial repeater or whatever that code type is, you won't be using it. There's no reason on Earth I could see somebody needing to do that. There's probably not even enough RAM on a PS3 to even do that anyhow, and most wrong things you modify just cause a game to freeze and not start, so fixing those to be minimally correct would be about as significant to change as only adding 1 droplet of water to the ocean instead of 2, nothing worth worrying about.

Originally Posted by JorgeFFC 2 - What is add 10.000 in the Offset?

Offset, address, about the same thing to me. Technically not the same if you talk about codes involving pointers. Address is the starting point only in memory, offset is what I usually call every address involved from beginning to end. Pointers involve places in memory that change for whatever reasons programmer's do, like maybe to chase away some people that modify games by making things get stored in a different random location in memory each time a game is started, somebody dies and restarts a level, a weapon is fired, or whatever reason a programmer chooses. As random as they try, there's always a starting point in memory somewhere that never changes, and anything involved in finding the final exact address of anything is the offset. A game might create a memory address at 3A00493C, store 4 bytes 0040 higher than the address at 3A00497C, load the 4 bytes which turns out to be an address (pretend it's 3A03FCC0), go to that address and load 4 bytes at offset 0AFC (that would then be at address 3A0407BC) and what's there might be another address, like 3A076200, then load another 4 bytes 6F08 (that would then be at address 3A0476C4), and then store some value at offset 0100 of that (at address 3A0477C4), and that might just be the location of your health. You'd then have 3A00493C + 0040, result + 0AFC, result + 6F08, result + 0100 that would work every time. Or you could just happen to find the ASM code for that last offset and have a simple 1 line code. The simple constant writes don't need that because something useful might not be randomized in memory. Health might be in the same exact place in memory every time, and all you will need is the 00002000 in front of it instead of 4 lines of code with the first 3 having the 00003000 and the last line being 00002000. You could have health at 3A00493C every single time throughout a game no matter what, or you could have the health at that address + whatever's 0040 above it + whatever's 0AFC above it + whatever's 6F08 above it + to whatever address is 0100 at it every single time without that sequence of address's that change always being known how to get to the end to get your health. 3A00493C, 3A03FCC0, 3A0407BC, 3A0476C4, and 3A0477C4 are addresses, and all addresses after 3A00493C could be any randomly generated address each time you play. 0040, 0AFC, 6F08, and 0100 are the exact offsets in order that won't every change unless developers get super paranoid and randomized the offsets, but even those offsets will be somewhere that can be located in memory somewhere that either never changes or calculated in a way that never changes, like maybe taking how many lives you have out of a max of 99 and making an offset based off of that number that always makes the same value depending on how many lives you have. Random makes things look disorganized, but there's always a certain path to things. Without memory scanning tools though, I'm as screwed as everyone else, I know nothing of reverse engineering. I can only luck out and hit the right line of ASM code that bypasses all of that crap.

[JorgeFFC]

Originally Posted by bungholio I'm surprised nobody confirmed the thing where you add 10000 to the address to make it work. At the very least, you add that to the addresses of codes I post since I just put the address from HxD which loads things at 00000000, unlike the PS3 doing 00010000. I don't think all users do that though, but I'm mostly certain hyper2k does. I haven't seen much codes from other users, but the ones I saw weren't memory codes. Codes that start with 00003000 involve pointers which are for memory codes. Nobody was making those on their own. You can't easily make ASM code write to a specific location in memory, every time I tried games wouldn't start, probably some touchy permissions or access violation junk. Some codes are posted from other places that might be memory locations though, like some of the things xtatu finds from Japanese game blogs or wherever on the web. But they either already post it in the correct format, or they just post the address and value, and that just needs 00002000 in front of it. Technically, some codes I post could be 1 or 2 byte constant writes, but that's nothing important, all it does is save the cheat engine from executing 1 less line of code every cycle, and that's like what, 1/1000000000 or whatever of 1 second. Unless you are doing a billion codes at a time which isn't going to happen without the serial repeater or whatever that code type is, you won't be using it. There's no reason on Earth I could see somebody needing to do that. There's probably not even enough RAM on a PS3 to even do that anyhow, and most wrong things you modify just cause a game to freeze and not start, so fixing those to be minimally correct would be about as significant to change as only adding 1 droplet of water to the ocean instead of 2, nothing worth worrying about.

xtatu said he was trying to learn how to use Memory Dump(it's something like the cheat engine, he put the Offsets to search in real time while changing, but nobody on internet knows how to do that, but he is certain that most codes that use 00003000 were created with this process .-., his codes were founded using IDA Pro in a local(every eboot has a local where have many program codes, he needs memory dump because of that, if he doesn't know exactly where the code is, he can't make separations like: Max Damager Code Only for Player(that's because his codes were created for both, enemy and player with jokers for active and deactivate), he said if he had knowledge about Memory Dump Process, he could know exactly where the code is without have this problem... following what he said, the local codes are normally after 4180xxxx(some floats with 2x format), and he said your floats 38F0xxxx(are something like 1x) .-.

[gingerbread]

@bungholio I am really sure what you are referring on "00000000 00000000 00000000". But I am taking note and writing a simple list of features request that aldo might add in his next update.

@JorgeFFC Thanks for the information on Cross Edge. I will reflect the status in the next update.

[JorgeFFC]

@bungholio
Even if don't consider adding 10.000 into the offsets, some codes make the ps3 frozen or break(or even don't have any effects), like Disgaea 4 Codes, if u don't add 10.000 when make their usercheat, they didn't work... the only code that didn't work here was unlimited actions, but i will try again, maybe an error in conversion... .-.(i've started using NPDRM Eboot for v1.00 cause v1.13 u can't make the dupe bug that can be used for copy items and equips in japanese game, that's why i've make almost everything to do in the game with only 65 hours of gameplay, duping my equips and itens, following tutorials and guides from some friends .-.). But the code didn't exist... is it only v1.13?
In my eboot, if i search for 002F6228(the first Offset for Unlimited Moves Code Disgaea 4), i find this:
4BD7F971
And if i search for Original Pattern, it can't find in my .elf file
60000000 5460063E 2C000000 40820718 38600D6E 4BD47529 60000000

But all other codes could be founded, this is what i couldn't understood .-.
That's why i've removed this code from the list, because the code didn't exist in NPDRM Eboot and makes the game have black screen always when i activated it.

[cabelokira]

Thank you all for these new cheats like to see in the next update if you can sengoku basara 3 Utage BLJM60389 even more friends

[bungholio]

Originally Posted by JorgeFFC xtatu said he was trying to learn how to use Memory Dump(it's something like the cheat engine, he put the Offsets to search in real time while changing, but nobody on internet knows how to do that, but he is certain that most codes that use 00003000 were created with this process .-., his codes were founded using IDA Pro in a local(every eboot has a local where have many program codes, he needs memory dump because of that, if he doesn't know exactly where the code is, he can't make separations like: Max Damager Code Only for Player(that's because his codes were created for both, enemy and player with jokers for active and deactivate), he said if he had knowledge about Memory Dump Process, he could know exactly where the code is without have this problem

I saw him asking about memory dumping at CMP. I'm also very certain people used that for the 00003000 codes too, that's the easy way unless you want to go through assembly hell, and who does that? The downfall of ASM codes is they can affect every certain thing instead of individual things. For the old Disgaea 1, you can modify 1 line of assembly code to make every character be at level 9999, or you can use individual memory codes that affect individual character's (like just your own). However, whatever difference there is from 1 character to another can be organized in different ways. Some units are only yours and others only enemies, some only monsters and others only human, some only a type of male fighter instead of 1 of the other 40 types of characters, some only tier 1 of that male fighter instead of the other 5 choices, some only having the enthusiastic voice style instead of the other 2 choices, if you find the correct data to compare you can make useful things using ASM code. For Disgaea, I found the byte that tells the game whether a character is one of mine, an enemy, a neutral character, or something else and made a code to make the game check whose side a character is on and if they are mine, they gain full HP and SP when attacked, and anything else instantly dies from anything that affects their HP and instantly loses all SP when they do a special move. Find the right bytes to compare to, and you could tell the game to do things if it's a monster, a fire skull, the unit is at level 26 or lower, the name is Jesus, has a gun equipped, or whatever because it's only what you find.

Memory code benefits:
-Can easily modify individual things instead of all things. But if pointers are involved you might just want to say screw it.
-Memory codes can have many effects created from 1 value, while the ASM might need to have an individual 10 things changed to get all of those effects. For Ratchet & Clank on the PS2 I found a code that affects the speed of many things, yet it seemed like there were over 1000 different things dependent on the value at that 1 address.

ASM code benefits:
Everything else. Everything can be separated somehow to modify individual things like memory codes, it's just a matter of finding space in memory that is never used. Even then it can take quite a bit of lines, but it can always be done. Even the thing where 1 memory address might affect a million different things at a time can still easily be done safely with 1 line to modify the stack, 2 lines to save 2 registers or whatever to the stack, a maximum of 5 lines to make an 8 byte value, 1 line to make half of the address, 1 line to store the value at the address, 2 lines to restore the 2 registers' previous values, 1 line to return the stack to where it was, and 1 more to return to the code it came from, and just needing to find the line of code of your choice to hook to the subroutine.

I'm guessing by local he's thinking of like a global pointer since that's what it was called in the PS2. By the looks of things, register r2 seems to function as a global pointer. I've been lazy at messing with that even though it might lead to many awesome codes and effects like it did for me on the PS2. Just find something executed often or triggered however you like, make a value, and store it at some offset of register r2. You can never be sure what you will find, but it can be insanely useful like a debug menu.

Originally Posted by JorgeFFC following what he said, the local codes are normally after 4180xxxx(some floats with 2x format), and he said your floats 38F0xxxx(are something like 1x) .-.

I'm guessing you interpreted that wrong. Float is just a confusing word for a number that has some decimal in it, like 240.0625. Float means a number that doesn't need to be a whole number that can be negative or positive, and computers do the decimals as different fractions of 2^whatevernumber. This is a handy float converter.
http://www.h-schmidt.net/FloatApplet/IEEE754.html
Many places teach how to convert our normal decimal numbers into floats. It's another math thing that's never taught in school since you are very unlikely to use it in a career unless you do something involving computer programming.
41800000 = 16 (Sixteen to us in the decimal system.)
3F800000 = Ignoring you mixed those up, it's 1 (one). One is probably the most commonly used float in ASM coding that I encounter by far. Many things are just 1, and then you change it an who knows. You might kill anything with 1 hit, move super fast, be the size of a building instead of other people, make a timer go very fast, modify your exact character's position coordinates in a level, jump super high, speed up the entire game, who knows. If you see a meter of some kind in a game, it's most likely a float. Got a health bar, stamina bar, energy bar, a clock ticking down, or anything instead of just a very predictable number that seems like it can change by a microscopic movement? It's a high chance it's a float value. At the same time, some things that would by far obviously not seem to be a float just might be if the game makers want to throw you off. I remember the amount of grenades you have on Area 51 for the PS2 is a float value. You can't have a negative amount of grenades, nor will you ever have a fraction of a grenade, yet it was still a float. It's uncommon though. One is also common enough for me to find some goodies in games. About half of the codes I found for Dead Space 2 were thanks to searching for the value 3F80 in it's elf file. It's kind of how I started. It lead me to half the things I found in inFamous too, and a few other things for other games.

Originally Posted by JorgeFFC And if i search for Original Pattern, it can't find in my .elf file 60000000 5460063E 2C000000 40820718 38600D6E 4BD47529 60000000

Any chance you are using the 1.00 nodrm eboot? Because it's perfect there. And if you happened to mod that by already using the can control anything code, that will prevent it from being found because they are in the same memory region so you will have changed something and then looked for something there that was supposedly not changed. If not the 1.00, you must have the update of 1.13 or whatever. There's a chance that changed it. People wouldn't normally spot it but these are the 2 most likely lines that would have changed if so:
40820718
4BD47529
The first branches a far distance away, the second branches and links to somewhere in memory over 16x farther than even that. Anything could change in that gap. All an update would need is to add or subtract 1 line between those distances and the pattern would no longer work.

Originally Posted by JorgeFFC Even if don't consider adding 10.000 into the offsets, some codes make the ps3 frozen or break(or even don't have any effects)

If that happens, the address I supplied isn't what the ps3 loaded it at. I just took a glance and loaded the game in IDA Pro, and it seems to start at address 00010200. I had them like this:
002F6228 3D800000
002F6240 B19D055C
So try adding 00010200 and you get these:
00306428 3D800000
00306440 B19D055C

If that fixes it, I think I've found my only use for IDA Pro at this point.

Originally Posted by JorgeFFC And bungholio, another thing is, Saint Seya Senki or Battle Sanctuary, the Infinite CP Points Code Vosman created give Infinite CP like this: I will distribute points in Seya, use some points and after finish max seya for example the points became negative, the same as the innocents code, could it be that he use a very big value and made the code going to negative form?

That depends on the value he created. If it was 00FF, change to 007F. If FFFF, change to 7FFF.

[haxxxen]

those 00003000 codes are most likely pointers, you can find with exact and very good reversing and using math. someone has showed me that live. he has found the very same codes like usercheat did on a specific game.
he also told me it is most times useless, to make usage of mem dumps, as ps3 mem region gets changed everytime. though there are some nice tools, but not for us "normalos"

so we "just" have to learn harder ppc asm...

edit
example taken from Star Ocean 4:

Code:

0x0026d4e4  blt cr7,0x0026D808                                         
0x007AD0CC: E8E4FFF9 ldu      r7,-0x8(r4)
0x007AD0D0: 38A5FFF8 addi     r5,r5,-0x8

these three lines determine the memory area for a specific code. but don't ask me how to calculate with these given addresses. i still have to learn and understand things myself

[TechnoDon]

anyone else having problems with assassin creed 2 cheat, i tried the europe version and it doesnt seem to work, also i renamed the .sfo to the japan version and installed japan update data, that didint work either.. i downladed the japan special edition, just trying it now

[haxxxen]

some codes need to be ported to work correctly on other regions...and problem with usercheat is, they have done some codes, which are only for rare and unavailable updates.