Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11

Thread: Make your Own CWCheat Codes

  
  1. #1
    cheewongken's Avatar
    cheewongken is offline -Hacks Veteran
    Join Date
    Jan 2008
    Location
    Sneak, sneak, sneak.
    Posts
    1,347
    Rep Power
    13

    Default Make your Own CWCheat Codes

    The original tutorial was done by hackerkts. It is now outdated, so I have taken the liberty of updating and maintaining the tutorial I posted here.

    Tutorials
    -Hacking fixed value non-DMA games
    -Getting to know more about bits
    -Hacking changing values in non-DMA games
    -Understanding more about CWCheat database
    -Hacking fixed value DMA games

    -------------------------------------------
    Spoiler for Hacking fixed value non-DMA games:

    Tutorial: Hacking fixed value non-DMA games
    Tool(s) used: CWCheat 0.2.2 REV.D

    What's non-DMA? This might be the first question you're going to ask. Ok, for this tutorial what you only need to know is, non-DMA games address will not change, their addresses are permanent.

    Objective: Hacking fixed values
    Game used: Harvest Moon: Boy & Girl [US]

    What do I mean by fixed values? Those values are visible and fixed, for example gold, time, attack and so on. Several UMD games use this method, but most homebrew uses this.

    Let's get started, run the game. Check your current gold, in this case I have 1000G, hold Select button for 3 seconds (that's the default setting) and the cheat menu will pop out.

    Scroll to "Cheat searcher" and press the X button, scroll to "Start a new search for a fixed value" and press the X button, press Square button and change the search bit to 16bit(8bit maximum value is 255, I wouldn't explain more about it). At the DEC put 1000, press X and wait for it to search.

    It found 145 address, yours might be different result. Now let's change the value of gold. Go buy or sell anything. In this case I have 800G, so let's search for it, the steps are the same, except now you choose "Continue a search for a fixed value". You should get lesser address, repeat the step until you found one address left.

    In rare cases, you will find that there are two or more addresses. Normally, one would be the address of the actual money, while the other would be the address for text, telling you the amount of money you have. Changing only the first one will result in both addresses changing, while changing the second one will only change one. It would be a safer approach to try the addresses one by one, rather than all in one time.

    In this case, the gold address is 0x001B2F0C.

    Spoiler for Getting to know more about bits:

    -------------------------------------------
    Tutorial: Getting to know more about bits
    Tool(s) used: -

    This tutorial will be short one, as my first tutorial I stated about the searching bit. Some people might not know why I choose 16bit for money, it's because of the range 16bit has. What you really need to know is,

    8bit = 0-255
    16bit = 0-65 535
    32bit = 0-4 294 967 295
    For more information about it, you can take a look at Integer (computer science) - Wikipedia, the free encyclopedia

    The rest you don't need to know, mostly you will just end up using 8 and 16 bits, let's take look at 8bit. In Harvest Moon: Boy & Girl the gold range is definitely more than 255, so 8bit is out of the question. 16bit is possible, that's why I choose it.

    Back to the first tutorial, the real money address is 0x001B2F0C, but in order for it to works in cwcheat, you have to put a 1 (because of 16bit) infront of the address. So it will looks like this, 0x101B2F0C.

    I will cover up more about it on my other tutorial understanding more about cwcheat database.

    Spoiler for Hacking changing values in non-DMA games:

    -------------------------------------------
    Tutorial: Hacking changing values in non-DMA games
    Tool(s) used: CWCheat 0.2.2 REV.D

    Objective: Finding the address for life bar (take note that I said life bar, it just show your character's life bar and no integer shown)
    Game used: Boxhead - PSP Style

    "How do we search the address of life bar? We don't even know the value of our life", alright it's pretty easy. First run the game on your PSP, start a battle and take note of your character life bar's marking.

    Hold down Select button button for 3 second, go to "Cheat searcher", and now go to "Start a new search for a difference" (this option is something like "Start a new search for unknown value").

    You will see this,
    First dump done!!
    Select databasetype and modify data then resume search
    Datatype: 8bit
    By now I believe you should know which search type to choose, for fighting games it's more likely to be 8bit. Let's continue. Went back to your game and make some changes to your life.

    After you make some changes with your life, go back to the cheat menu, "Cheat searcher", "Continue a search for a difference", if your life value is decreased then choose "less than before", if your life value is increase, then choose "greater than before". Or even better if you know the value that decreased/increased then you can simply choose "less by than before"/"greater by than before" respectively and put in the value (Press R and change the DEC amount).

    Sometimes if you search using "less by than before" or "greater by than before" it might take a long time to search, and there's a probability that the game is hanged. Don't worry, there's always a solution. For example, if the value is decreased by 20, instead of choosing "less by than before" 20, you choose "less than before" same goes to increase value. This method might take longer time, but it's worth it when you found the right address

    Just continue to change your character's life and search for the differences until you get a few addresses(just do some trial and error) or best, 1 address remain.

    Hopefully by now hacking non-DMA games is not a problem for you.

    Yes ofcourse you can search by "equal to before", I wouldn't recommend you to do that on the second search (first search -> start a new search, second search -> equal to before)

    The reason is because, most values you found on the first search are fixed value, you will get a lot of addresses when you choose equal to before.

    It's the same as you start searching for a fixed value (let's say 12), and you search again exact value 12. You will find yourself getting a lot of result.

    Spoiler for Understanding more about CWCheat database:

    -------------------------------------------
    Tutorial: Understanding more about CWCheat database
    Tool(s) used: -

    Now let's get into the database, understand the format and learn to read it.

    CWCheat database format:
    _S
    _G
    _C0 or _C1
    _L
    _S is the game unique id (you can get the id at the cheat menu), _G is the game name, _C0 and _C1 is the cheat description, "what's the different between that 0 and 1?" 0 = [N] and 1 = [Y], it's just the default setting, disable or enable the cheat, it makes no big different, just use _C0 will do. _L is the cheat code.

    Now let's have a look of non-DMA cheat format in the database,
    Quote:
    _S ID
    _G Game name
    _C0 Cheat description
    _L 0x#XXXXXXX 0xXXXXXXXX
    # is the bit,
    0 = 8bit (0-255)
    1 = 16bit (0-65 535)
    2 = 32bit (0-4 294 967 295)

    XXXXXXX is the address

    XXXXXXXX is the value in hexadecimal

    Now let's have a look of DMA cheat format in the database,
    Quote:
    _S ID
    _G Game name
    _C0 Cheat description
    _L 0x6XXXXXXX 0xXXXXXXXX
    _L0x000X0001 0xXXXXXXXX
    6 will always start with 6, because it's a pointer. Next time you saw it start with 6, you automatically should know that it's a pointer

    XXXXXXXis the pointer

    XXXXXXXX is the offset

    X is the code type,
    0 = 8bit write
    1 = 16bit write
    2 = 32bit write
    3 = 8bit inverse write
    4 = 16bit inverse write
    5 = 32bit inverse write

    1 is 1 because it's a normal pointer, for almost all the time it's a normal pointer so you just leave it as 1.

    XXXXXXXX is the value in hexadecimal

    Try to open up cheat.db and figure which is non-dma and dma code, by now you should be able to add new cheat yourself.

    Spoiler for Hacking fixed value DMA games:

    -------------------------------------------
    Tutorial: Hacking fixed value DMA games
    Tool(s) used: CWCheat 0.2.2 REV.D, Pointer Searcher OR DMA hunter from nitePR Rev K STABLE

    DMA stands for dynamic memory allocation, if a game is DMA, the address will change. "When will the address change?" It can be on when you go to different map, reload the game, load/save the game, bought someone in-game ects. DMA games are really a pain in the donkey if you don't know how to hack it, once you know how to find pointer and offset you can kick DMA games' donkey ;D

    "What's pointer and offset?" Well, you only need to know pointer and offset will point to the right address, maybe a story will helps you understand more about it. As the story goes...

    You had a crush with a girl(I will name her Grace) in your class, she sit on the front row first seat. The seat is the address. You don't dare to approach her and ask for her name and number, you only know where she seat.

    One day, she was transferred to another class which you don't know which. What you're going to do to locate her? First you will need to know her name, you went to ask your teacher the girl name, so now you have her name, Grace. The name is actually the pointer, now you know her name, and her precious class (her precious class is just some bits of information, which is the offset). Now with her name and some bits of information, you're able to find her even if next time she transfered to another location.

    Let's get started, I will use a easy dma game to hack
    Objective: Find the pointer and offset for instant win
    Game used: DownStream Panic [US] (ULUS-10322)
    Requirement(s): Make sure your memory stick has some space, at least 100mb. Change the time of the menu pop out to 0 second (instant), you can do that at "Setting", "Controller check delay".

    I assume at this step you already know how to hack a non-dma games(if you haven't read the previous tutorials, please do so before you continue), so let's get started. Start the game, search the address for the amount of fishes you saved.

    Ok, I have found the address, jot down the address!
    Level 1 - 0x00D88D88 (first address)

    Now you'll need to make a dump, go to the cheat menu, "Enable dump function", go back to the game and press Square button. The game will pause and wrote "Dumping", once it's done the game will start again. Now your have your first dump.

    Now you will need to make the address change, for this game each level has different address so let's proceed to level 2. Search for the address for the number of fishes you saved.

    I've found it, jot down the address!
    Level 2 - 0x00E88E68(second address)

    Make a dump again, now you have your second dump.

    Optional(but it's recommend to follow):
    Make the address change again by going to next level, search and jot down your third address, make your third dump.

    Let's check what you have in your hand now, you can find your dumps at your memory stick root,
    Code:

    first address - 0x00D88D88
    second address - 0x00E88E68
    third address - 0x00E802A8
    dump 1 - MEMDUMP0.dmp
    dump 2 - MEMDUMP1.dmp
    dump 3 - MEMDUMP2.dmp

    In the CWCheat archive (the one you downloaded from the website), there is a pointer searcher folder, along with the plugin itself. Choose your corresponding OS and open the executable. Take note that i'm still documenting on the CWCheat Pointer Searcher, please use the DMA hunter from nitePR Rev K STABLE method if you prefer it, but the CWCheat Pointer Searcher is much more automatic.

    Spoiler for nitePR_revK_STABLE.zip:

    Note: This is only for those who are still using the old CWCheat. Extract nitePR_revK_STABLE.zip to a folder, I will name it "nitePR revK", run DMAhunter.exe


    Press open and select dump 1 and dump 2, now enter your first address, followed by your second address.

    Wow, it found so many pointers, don't worry. That's why I asked you to make 3 dumps.

    Spoiler for nitePR_revK_STABLE.zip:

    Note: This is only for the DMAhunter.exe. Now save all the informations down. Right click on it, "Select All" and right click again. Now it's save to your clipboard, open up a notepad and paste everything in.

    Remove,
    Quote:
    SANiK's DMA code hunter

    Please get ready to select the two dumps
    (Press enter to start)

    Please enter the address of the cheat in RamDump #1
    Please enter hex only (0xEF123... etc.): 0x00D88D88

    Please enter the address of the cheat in RamDump #2
    Please enter hex only (0xEF123... etc.): 0x00E88E68

    Searching...
    and also,
    Quote:
    Press any key to continue . . .
    Save it as 1&2.txtdon't ask me why, just do it okay? You will know later.


    Now repeat the step, but this time we choose dump 2 and 3. And put in second and third address. It found one pointer, that's great!

    Spoiler for nitePR_revK_STABLE.zip:

    Save it as 2&3.txt


    Repeat it again, now use dump 1 and 3, first and third address.

    Spoiler for nitePR_revK_STABLE.zip:

    Save it as 1&3.txt

    Remember to remove those words I said, now proceed to Compare 3 Memory Dumps paste in all the informations in 1&2.txt, 2&3.txt and 1&3.txt and click "Submit"

    You should saw this
    Quote:
    Found 1 same pointers in all 3 dumps:
    0XDE040
    That script will helps you determine which pointer shown on all 3 dumps, now it's easy. We one pointer, so let's try to use it.

    Go back to any text file you made just now, copy the information down.
    Quote:
    Found, address 0XDE040, value changed from 0X9688E50 to 0X9680290
    0XDE040 is the pointer
    0X9688E50 is value 1
    0X9680290 is value 2

    Let's get to the calculation part

    Method 1:

    Step 1: Convert value 1 into cheat format, minus 0x08800000 from value 1
    0X9688E50 - 0x08800000 = 0x00E88E50

    Step 2: Calculate the offset, minus the address 1 with the result you found on Step 1(minus from bigger value to a smaller value).
    0x00E88E68 - 0x00E88E50 = 18

    Method 2:

    Step 1 : Convert value 2 into cheat format, minus 0x08800000 from value 2.
    0X9680290 - 0x08800000 = 0x00E80290

    Step 2: Calculate the offset, minus the address 2 with the result you found on Step 1(minus from bigger value to a smaller value).
    0x00E802A8 - 0x00E80290 = 18

    That's it, you found the pointer (0XDE040) and calculated out the offset (18).



    Now you can kick dma-games' donkey! ;D

    CWCHEAT 0.2.2 REV. D
    Integer (computer science) - Wikipedia, the free encyclopedia
    DMA hunter from nitePR Rev K STABLE

    Last edited by cheewongken; 10-23-2009 at 04:57 PM.

    >> Has left the PSP scene. (But still visits!)

  2. #2
    pinge8 is offline -Hacks Newbie
    Join Date
    Jun 2009
    Posts
    2
    Rep Power
    0

    Default

    I found your guide very helpful. I understood everything up to the point where you started going on about pointers and offset... this part wasn't too clear but thanks for trying.

  3. #3
    perfectsalah is offline -Hacks Newbie
    Join Date
    Oct 2009
    Posts
    1
    Rep Power
    0

    Default

    Its fucking fucking fucking work!!!!!! Thanks dude!!!!!!!!

  4. #4
    skoobz is offline -Hacks Newbie
    Join Date
    Oct 2009
    Posts
    2
    Rep Power
    0

    Default

    my eyes just glazed over. i'll just leave it to you number geeks. now get crackin' on my new cheats.

  5. #5
    maui454 is offline -Hacks Newbie
    Join Date
    Mar 2009
    Posts
    15
    Rep Power
    0

    Default

    After you find the cheat how do you apply it?

  6. #6
    cheewongken's Avatar
    cheewongken is offline -Hacks Veteran
    Join Date
    Jan 2008
    Location
    Sneak, sneak, sneak.
    Posts
    1,347
    Rep Power
    13

    Default

    Tutorial modified.. hopefully it won't be so painful to the eyes now.

    >> Has left the PSP scene. (But still visits!)

  7. #7
    Demonchild's Avatar
    Demonchild is offline #thatguy -Hacks Titan
    Join Date
    Dec 2007
    Posts
    10,033
    Rep Power
    295

    Default

    Moved to Tutorials


    Guide for M33 firmwares | Install DCv8 |PS3 Hacking Thread

    PSP: 6.60 PRO-B10 | PS3: 4.30 | Xbox: LT+ v3.0 [Li-On] | G2x: CM 7.2 Nightly
    Twitter

  8. #8
    Dexwin_10 is offline -Hacks Newbie
    Join Date
    Jun 2010
    Location
    Puerto Rico o.0
    Posts
    8
    Rep Power
    0

    Talking Kewl

    really nice. I understood everything very well. But just one more question whats "Start Text Search" I've been playing arround for it lately but I cant figure it out =[

  9. #9
    Rambokill's Avatar
    Rambokill is offline -Hacks Hacker
    Join Date
    Aug 2009
    Location
    Cyprussss
    Posts
    808
    Rep Power
    10

    Default

    It reminds me of cheat engine

  10. #10
    DrOstler is offline -Hacks Newbie
    Join Date
    Dec 2010
    Posts
    8
    Rep Power
    0

    Default

    Ok so, the fixed value searcher. You tell us how to do all the searching but not how to actually edit the final address. I don't know what im doing after that because it makes me exit after finding it then I can't do anything else.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •