Re: LETS get the ps2 hacking started

Simple enough, ehehe lets get this party started

Re: LETS get the ps2 hacking started

Universal master codes


the most common master code for codebreaker and Xploder are
F0100008 0000000E

and

F0100008 000001DF


basically all you have to do is open the elf with ps2dis, it will automatically open to the entry point and all you got to do it add 0000000E or 000001DF to the end of it.

Re: LETS get the ps2 hacking started

So with those Universal master Codes on you can Enter Lines of Code in Raw format? and they should work as normal Correct? like days of old and the Psx

Re: LETS get the ps2 hacking started

Hello, I am just a little German Game Hacker but I hope I can help ^^

O.K..

There are very simply methods and other methods witch are more heavily and sometimes nothing of this methods works!

Digets or Value:
There are 2 matters they the master code for the XP2 and free-switches AR2 and that is always same. (Raw/Hex)

1. possibility: 0000000E
2. possibility: 000001FD


So if you want to make a master code, you must load the "Sles"-File into the PS2Dis these can also vary from SCED or even Slus.

If the Sles is loaded, we can start.

At the example GTC Africa and for the XP2!!!

1. method, the cheapest ^^

Go to "Jump to Labels" and write "Entrypoint"
If you have found it make a double - "click"

so now, you are on the address, double-click does also again there and then, you see address and Digit/Value. with this example, however, only the address interests us!

Address is in the case = 00100008
We know this the master code in more purely does Hex/Raw and always normal-molds in the front a "F" stands. Therefore we take the first number of the address and replace it with the F! The address therefore now is called = F0100008.

from where do we get the Value/Digit now? Quite simply, with the method, we take a one of the possebilities of Digit/Value.
Our more completely first master code therefore is called = F0100008 0000000E or F0100008 000001FD

However, that now was the simplest method ^ ^



2. Method
Exactly the same plays, you go on Labels. There you look for "memcpy" and do a double-click on it!
Now, you are with the address! So if you marked it with the space bar, you first press Shift and then F3. Now, it work and looks for values witch are behind.
If it simply had done press the "Right-Bar" and then goes through every address and adding with 3 and then, one has the Digit/Value! example Smackdown 4.

Address is = 001155b4
Adding with 3 = 001155b7 = Digit/Value

Both (address and Digit) therefore compose, the code then is called
= 001155b4 001155b7

We know this a F in the front, first number therefore must stand again through F replaces = F01155b4 001155b7 = complete master code

Method 3
as always the same and with Labels this time "HandleCmdLineArgs" seeks. Then double-click the Lable. Then double-click to see the value and address. Example GTC Africa.

Address = 00109d94
for the first number, there have to be a F and as Digit/Value again one of the two possebilities.

Master code therefore then is = F0109D94 0000000E/000001FD

Method 4

as always the same and with Labels this time "MainGameLoop" seeks. Then double-click the Lable. Then double-click to see the value and address. Example GTC Africa.

Address = 0010a140
for the first number, there have to be a F and as Digit/Value again one of the two possebilities.

master code = F010A140 0000000E/000001FD


Only as hint! the master Code always stands in the normal case into a jal - file (GMO say to it the ultimate Mastercode ^^ but sometimes this codes doesn`t work ^^)


I hope, some people have understood my bad english

Re: LETS get the ps2 hacking started

Making Codes with PS2Dis

General info

First the Things that you see on Ps2 Dis from the Left to the Right

Address Digit Label systemcall Label2 descriptions


Systemcall is this in " () "
+0000 - RFU000_FullReset
+0001 - ResetEE
+0002 - SetGsCrt
+0003 - RFU003
+0004 - Exit
+0005 - RFU005

+0006 - LoadPS2Exe
+0007 - ExecPS2
+0008 - RFU008
+0009 - RFU009
+0010 - AddSbusIntcHandler
+0011 - RemoveSbusIntcHandler
+0012 - Interrupt2Iop
+0013 - SetVTLBRefillHandler
+0014 - SetVCommonHandler
+0015 - SetVInterruptHandler
+0016 - AddIntcHandler
+0017 - RemoveIntcHandler
+0018 - AddDmacHandler
+0019 - RemoveDmacHandler

+0020 - _EnableIntc
+0021 - _DisableIntc
+0022 - _EnableDmac
+0023 - _DisableDmac
+0024 - _SetAlarm
+0025 - _ReleaseAlarm
-0026 - _iEnableIntc
-0027 - _iDisableIntc
-0028 - _iEnableDmac
-0029 - _iDisableDmac
-0030 - _iSetAlarm
-0031 - _iReleaseAlarm
+0032 - CreateThread
+0033 - DeleteThread
+0034 - StartThread
+0035 - ExitThread
+0036 - ExitDeleteThread
+0037 - TerminateThread

+0039 - DisableDispatchThread
+0040 - EnableDispatchThread
+0041 - ChangeThreadPriority
-0042 - iChangeThreadPriority
+0043 - RotateThreadReadyQueue
-0044 - iRotateThreadReadyQueue
+0045 - ReleaseWaitThread
-0046 - iReleaseWaitThread
+0047 - GetThreadId
+0048 - ReferThreadStatus
-0049 - iReferThreadStatus

+0050 - SleepThread
+0051 - WakeupThread
-0052 - iWakeupThread
+0053 - CancelWakeupThread
-0054 - iCancelWakeupThread
+0055 - SuspendThread
-0056 - iSuspendThread
+0057 - ResumeThread
-0058 - iResumeThread
+0059 - JoinThread
+0060 - RFU060
+0061 - RFU061
+0062 - EndOfHeap
+0063 - RFU063
+0064 - CreateSema
+0065 - DeleteSema
+0066 - SignalSema
-0067 - iSignalSema
+0068 - WaitSema
+0069 - PollSema


So, now we making a Code ^^

Searching in Labels, that sounds useful for a Racing-Game,
for example "car, lap track, times, champion-hip, AI(artificial intelligence", etc
A Label looks very interesting: "CheatUnlockAll."
If the Label chooses. PS2DIS jumps to the routine:

CheatUnlockAll: , If you clicks on it, it jumps directly to the adress and you see 3 lines witch are colored red. This means that there are 3 Codes behind.


addiu a1, zero, 0x0001 #001aa660:24050001 a1=0x00000001
lui at, 0x0028 #001aa664:3c010028 at=0x00280000
sw a1 , 0xa588(at, #001aa668:ac25a588 [0027a588]
lui at, 0x0028 #001aa66c:3c010028 at=0x00280000
sw a1 , 0xa594(at, #001aa670:ac25a594 [0027a594]
lui at, 0x0028 #001aa674:3c010028 at=0x00280000
sw a1 , 0xa598(at, #001aa678:ac25a598 [0027a598]

At the beginning you see how the value 1 is stored in three addresses. (Red color)
In sum there are 3 Codes, sw = "store word" therefore 1xxxxxxx

a1 therefore always means in the case 00000001 (Digit) and sw = 1 at the beginning

Result:
1 027A588 00000001
1 027A594 00000001
1 027A598 00000001

If what happens tries out the codes one after the other in order to see.
Result:
Unlock universe Challenges
1027A588 00000001
Unlock universe Championships
1027A594 00000001
Unlock universe single Races
1027A598 00000001


One first-once simply must find the Labels and then must see something you can do with it. Unlock codes go something the cheapest, with RPGs like FFX or KH, it therefore is almost impossibly codes here to be found out without Dev Kit something us a clear border places!

Re: LETS get the ps2 hacking started

This is off-topic, i just noticed the new user Sephroth, and noticed he was from Berlin, and found it interesting, as i'm from germany too, but most of you know that already. hehe, just a thought, and a post, to keep things fresh. Also, MORE PPL NEED TO GO ON IRC!

...We now return you to your regularly schedule program. :muahaha:

Re: LETS get the ps2 hacking started

Holy shizzle, i read this topic Yesterday and thought it was Sephiron Posting theese methods, lol I prolly wouldnt have noticed for quite a while if Seph didnt mention it...... (/me feels uber stupid)

Re: LETS get the ps2 hacking started

Sorry...... I don`t know that because I did not find a post about making PS2 Codes in this Forum :cry:

Sorry!

Re: LETS get the ps2 hacking started

?? eh, i was just commenting on my stupidity, eheh feel free to post the methods you want, I am eager to learn all about ps2

Re: LETS get the ps2 hacking started

Oh...... ok, I have missunderstood your posts.

Re: LETS get the ps2 hacking started

Whoa! why didn't somebody tell me. Tell me more, BlackGoddess can help me get up to speed with the assembly. Didn't you post some Tekken tag or Tekken 4 codes at Gameshark.com a while back on the BB?

Re: LETS get the ps2 hacking started

Creating a Codebreaker Multi Elf Master Code

Lets put one together!
Todays Example will be the Infamous
007: Agent Under Fire

you have...
Slus_202.65
action elf
driving elf
movie elf

Lets start with the Elfs since people want to know whats the
deal with them. Lets start Hacking a master code.
what you want to do is Find the Scepadread and find the memcpy,
but dont add 3! sounds easy? cooL
2nd AL Mip under the Scepadread

1st elf... Action Elf
0034539C 0C04EC72

2nd elf... Driving Elf
00277E24 0C090ABB

3rd elf... Movie Elf
00133734 0C049877


ok, now its time for the slus 202.65!!!!
01F00008 - Entry Point
or you can use
01F000CC - main Jal
or ScepadRead (which this sles doesnt have)
looking for initaldapd
01F0976C (01F0976B)

Now you can Put your Master Code Together
first you need the slus 01F00008 01F0976B
put the F to make it Offical
01F00008 01F0976B becomes F1F00008 01F0976B

M Code So far..
F1F00008 01F0976B

now time to put the Elfs in!
F1F00008 01F0976B
0034539C 0C04EC72 - Action elf
00277E24 0C090ABB - Driving elf
00133734 0C049877 - Movie elf

instead of put in a F, you are going to put in 9's
F1F00008 01F0976B
0034539C 0C04EC72
00277E24 0C090ABB
00133734 0C049877

will become

F1F00008 01F0976B
9034539C 0C04EC72
90277E24 0C090ABB
90133734 0C049877

YOU ARE FINALLY DONE!
now convert it to Codebreaker/Xploder Format

Final M Code
FB75206E 31EE003D
9A242B73 18F711F9
9AAC5E06 187B06D5
9ADC4A5F 180EACD0

Alternate Final M Code
FB31206E 31AA003D
9A242B73 18F711F9
9AAC5E06 187B06D5
9ADC4A5F 180EACD0

Re: LETS get the ps2 hacking started

Condensing Multi-Line Codes

Condensing Multi-line codes
is a pretty easy task, especially if you
caught onto it early in the PS2 days.

your going to be taking
0xxxxxxx xxxxxxxx
and changes it to
2xxxxxxx xxxxxxxx

if you didnt understand that you are going to
be changing a Zero (0) to a Two (2)
and for the values thsi is where the
ASii Charts knowledge comes in handy


Im going to use Soul Caliber 2 (JAP) as an example
you want to take the folling codes

Unlock Characters...
Sophitia
003FBF60 00000003
Seung Mina
003FBF61 00000003
Yoshimitsu
003FBF62 00000003
Charade
003FBF63 00000003
Cervantes
003FBF64 00000003

and condense it to

All Characters
203FBF60 03030303
003FBF64 00000003


You are going to take the first line
003FBF60 00000003
and change the Zero to a Two
203FBF60 00000003

Now you are going to break up the value into
Four parts 00000003 becomes 00 00 00 03

if you noticed the pattern in the values of each code
you realize that each one ends in 03
now incorperate 03 into the broken up value to
give you 03 03 03 03,
bring it back together to give you 03030303.
you code now is 203FBF60 03030303
Test it out.
Testing....

TEsting Results...
the code 203FBF60 03030303 gives you
Sophitia, Seung Mina, Yoshimitsu, & Charade
but you still have Cervantes 003FBF64 00000003
which is only one line just add the one code
to the existing code you have.

Giving you Your Final Code
Unlock All Characters
203FBF60 03030303
003FBF64 00000003

Re: LETS get the ps2 hacking started

Condensing Multi-Line Codes (Advanced)

Todays lesson is Advanced condensing
using the 4xxxxxxx xxxxxxxx

Last time we used Soul Caliber as an example, why not again?
We will be using unlock all the movies in the Demo Theater Codes
Raphael
003FBF73 00000003

Talim
003FBF74 00000003

Yunsung
003FBF75 00000003

Cassandra
003FBF76 00000003

Mitsurugi
003FBF77 00000003

Taki
003FBF78 00000003

Voldo
003FBF79 00000003

Nightmare
003FBF7A 00000003

Astaroth
003FBF7B 00000003

Ivy
003FBF7C 00000003

Kilik
003FBF7D 00000003

Xiaghua
003FBF7E 00000003

Maxi
003FBF7F 00000003

Necrid
003FBF80 00000003

Heihachi
003FBF81 00000003

Sophitia
003FBF82 00000003

Seung Mina
003FBF83 00000003

Yoshimitsu
003FBF84 00000003

Charade
003FBF85 00000003

Cervantes
003FBF86 00000003


Whoa 19 Codes!!! lets see if we can lower that
lets see.. Whoa Code Master start with Talim
i'll use his code since its already up
003FBF73 00000003
403FBF74 00040001
03030303 00000000
103FBF84 00000303
003FBF86 00000003

Making adavanced Codes is pretty easy like the basics
you sumtimes have to deal with the extra line of coding,
but its a must if you want your results

Well Rafael is a given so lets just add it
003FBF73 00000003

ok your going to take Talim's Line 003FBF74 and turn it to
403FBF74 00040001 - why 00040001 as the value?
read on it at Hellion00 code guide!
so far you have
003FBF73 00000003
403FBF74 00040001

now there are 18 more characters to get! i know thats alot
that means 18 more 03s? nope
take the command & addressand incorperate the 03s in it
so you will have 03030303 00000000
Why so many Zeros? You cant add a value to a value!
Dont know if i said that right..

now test it
003FBF73 00000003
403FBF74 00040001
03030303 00000000

testing.....
Results..
003FBF73 00000003 gave you rafael
403FBF74 00040001
03030303 00000000 gave you
Talim
Yunsung
Cassandra
Mitsurugi
Taki
Voldo
Nightmare
Astaroth
Ivy
Kilik
Xiaghua
Maxi
Necrid
Heihachi
Sophitia
Seung Mina

you still have 3 more characters to go
Yoshimitsu
Charade
Cervantes

Since Yoshi address comes next in line we'll use it
003FBF84 00000003
CMX used Yoshimitsu & Charade in one line and forgot about
Cervantes, but o well life goes on.

Your going to use the Basic Condensing Guide from Earlier!
so you now have
103FBF84 00000303 - which gives you Yoshimitsu & Charade

so far your code is
003FBF73 00000003
403FBF74 00040001
03030303 00000000
103FBF84 00000303

and all you need is Cervantes. Just add is line 003FBF86 00000003
Final Code
003FBF73 00000003
403FBF74 00040001
03030303 00000000
103FBF84 00000303
003FBF86 00000003


P.S.
Yeah the code could of been made shorter!!!
you could combine Yoshi, Charde, and Cervantes in one line
103FBF84 00000303
003FBF86 00000003
would of become
203FBF84 00030303

and your final code would of been...
003FBF73 00000003
403FBF74 00040001
03030303 00000000
203FBF84 00030303

save you one more line of coding.

Original Soul Caliber 2 codes By CMX of CMGSCCC