Ok, thanks for the tips Lazy Bastard, I hope to be able to convert now to game shark

Do you have a GameShark, or are you intending to convert from XPloder to GameShark to share codes with those who have a GameShark?

Also, misfire: Would you happen to have a reference (written by yourself, I'd imagine, heh) for the four XPloder encryption schemes?

I just realised this is about converting codes to the Gameshark for the PSone (Or PSX). I have a PSone Gameshark Lite. I think this topic has some relevance to a code tester like me.

Gamebuster is NOT the same as far as I can tell. Here is a post I made at xploderfreax

This can explain better what I meant by Gamebuster codes being "encrypted". These are gamebuster codes from two different sites.

codes on left are encrypted and came from
http://www.mogelpower.de/cheats/Tomb...-PAL_9738.html

codes on right are NOT encrypted and came from
http://www.gamescan.de/database/chea...tation&id=8767

codes are for tomb raider I (PAL) deutsch

Stoppuhr 00:00:00

3424 0BF1 71B7 = 3001 F012 00A0


Moon Jump (alle Level)

742D 5B45 3683 = D008 A19E 7FEF
3426 B92D E159 = 3003 42FC 0000
942D 5B45 3683 = D108 A19E 7FEF
3426 B92D E15F = 3003 42FC 0006

Sudden Death

3426 C20C AC5E = 3003 39EE 0000

I want to be able to do the conversions and then try to port codes like walk in lava for tomb raiders 1,2, and 3. These codes have not been made for the NTSC-us versions on gameshark.

BTW, off topic, I have found a way to walk through walls for tomb raider games. Many have tried but none have succeded. I am working on perfecting it. Anyone who wishes to help with this lengthy project is invited to pm me.

I use epsxe with pec, but pec doesn't support xplorer codes. For the pal games i use mogelpower.de, but almost all are in xplorer format, and i need at least to convert this code, 3422 89E9 E5D9 [Infinite Energy] , then I later can convert the codes that are necessary me

I'd love to help, but if there are four encryption schemes, we're missing one. Three are detailed in Secrets of Professional GameShark Hacking, but in this case, none of those yield an output that makes sense. misfire is probably the best source in this endeavor, as he cracked them personally.

This is exactly why I've been trying to collect a lot of this sort of information in one place. Most of the stuff still up anywhere, is incomplete at best, and totally incorrect at worst. From what I had found, what I said was correct. But then, there's very little info out there, despite these things seeming to have been rather popular at one time.

Yes...there's a vast amount of knowledge that's going to completely disappear from the 'net if it's not rescued soon; I've noticed that plenty of old sites that were once the sole host of certain tools and information are now gone. And still, there are plenty of things that are still around, but difficult to find. I suppose I should begin hunting for a few things.

I thought that it was more easy, i will have to make it by myself with the pec
Thanks a lot again!!

No problem; I'll still endeavor to find the information required, and implement a PSX/N64 XPloder code decryption utility in MP. Also, if you do hack it yourself, let me know what the code is, and for what version of the game.

OK, I've found some old C source of misfire's encryption/decryption routines for the four XPloder schemes...I'll take a detailed look at them a little later.

I'm a little confused as to the truncation used in these routines. I know that if one of the operations performed on a set of two digits yields a number higher than FF, the first digit is dropped (eg, if the result was 108, the proper result would be 08). However, I'm not sure what happens when the operation yields a negative number. I'm only guessing that it works in reverse (eg, if the result were -F, the proper result would be F0). If this is correct, 3422 89E9 E5D9 would decrypt to 3007 73E2 E352, but all I'm entirely sure of is "3007 73". The rest is derived under the assumption that XOR can be properly performed on negative numbers in hex, and that reversing the sign gives a proper resultant.

To give you an idea of what I'm toying with, here's a copy of the C source misfire wrote:

/*
* Xploder PSX crypto routines
*
* All keys cracked by misfire
* Some help on 7K encryption by Parasyte
*/

void XPEncrypt(u8 *code, u8 key)
{
code[0] ^= key;

switch (key) {
case 4:
code[5] ^= (code[4] & 0x11) + (code[3] ^ 0x12) - 0xDA + code[2] + code[1];
code[4] ^= (code[3] & 0x11) + (code[2] ^ 0x12) - 0x82 + code[1];
code[3] ^= (code[2] & 0x11) + (code[1] ^ 0x12) - 0x40;
code[2] ^= (code[1] & 0x11) + 0xFA;
code[1] ^= 0x25;
break;
case 5:
code[1] -= 0x57;
code[2] -= 0x42;
code[3] -= 0x31;
code[4] -= 0x32;
code[5] -= 0x33;
break;
case 6:
code[1] = (code[1] ^ 0x01) - 0xAB;
code[2] = (code[2] ^ 0x02) - 0xAB;
code[3] = (code[3] ^ 0x03) - 0xAB;
code[4] = (code[4] ^ 0x04) - 0xAB;
code[5] = (code[5] ^ 0x05) - 0xAB;
break;
case 7:
code[1] -= (code[2] & 0x73) - (code[3] ^ 0x90) + 0xF5 + code[4] + code[5];
code[2] -= (code[3] & 0x73) - (code[4] ^ 0x90) + 0x16 + code[5];
code[3] -= (code[4] & 0x73) - (code[5] ^ 0x90) + 0x5A;
code[4] -= (code[5] & 0x73) - 0x35;
code[5] += 0x35;
break;
}
}

void XPDecrypt(u8 *code, u8 key)
{
if (!key) key = code[0] & 0x0F; // Auto process

code[0] ^= key;

switch (key) {
case 4:
code[1] ^= 0x25;
code[2] ^= (code[1] & 0x11) + 0xFA;
code[3] ^= (code[2] & 0x11) + (code[1] ^ 0x12) - 0x40;
code[4] ^= (code[3] & 0x11) + (code[2] ^ 0x12) - 0x82 + code[1];
code[5] ^= (code[4] & 0x11) + (code[3] ^ 0x12) - 0xDA + code[2] + code[1];
break;
case 5:
code[1] += 0x57;
code[2] += 0x42;
code[3] += 0x31;
code[4] += 0x32;
code[5] += 0x33;
break;
case 6:
code[1] = (code[1] + 0xAB) ^ 0x01;
code[2] = (code[2] + 0xAB) ^ 0x02;
code[3] = (code[3] + 0xAB) ^ 0x03;
code[4] = (code[4] + 0xAB) ^ 0x04;
code[5] = (code[5] + 0xAB) ^ 0x05;
break;
case 7:
code[5] -= 0x35;
code[4] += (code[5] & 0x73) - 0x35;
code[3] += (code[4] & 0x73) - (code[5] ^ 0x90) + 0x5A;
code[2] += (code[3] & 0x73) - (code[4] ^ 0x90) + 0x16 + code[5];
code[1] += (code[2] & 0x73) - (code[3] ^ 0x90) + 0xF5 + code[4] + code[5];
break;
}
}
__________________________________________





The only part we're concerned with for the moment is:

case 4:
code[1] ^= 0x25;
code[2] ^= (code[1] & 0x11) + 0xFA;
code[3] ^= (code[2] & 0x11) + (code[1] ^ 0x12) - 0x40;
code[4] ^= (code[3] & 0x11) + (code[2] ^ 0x12) - 0x82 + code[1];
code[5] ^= (code[4] & 0x11) + (code[3] ^ 0x12) - 0xDA + code[2] + code[1];
break;
___________________________________________

An easier way to look at this is:

0011 2233 4455 ("00", "11", "22", "33", "44", "55")

"00" = "00" XOR 04
"11" = "11" XOR 25
"22" = "22" XOR (("11" & 11) + FA)
"33" = "33" XOR (("22" & 11) + ("11" XOR 12) - 40)
"44" = "44" XOR (("33" & 11) + ("22" XOR 12) - 82 + "11")
"55" = "55" XOR (("44" & 11) + ("33" XOR 12) - DA + "22" + "11")

Or, in our case:

"00" = 34 XOR 04
"11" = 22 XOR 25
"22" = 89 XOR ((22 & 11) + FA)
"33" = E9 XOR ((89 & 11) + (22 XOR 12) - 40)
"44" = E5 XOR ((E9 & 11) + (89 XOR 12) - 82 + 22)
"55" = D9 XOR ((E5 & 11) + (E9 XOR 12) - DA + 89 + 22)

Using the built-in calculator in Windows, in Scientific mode, with Hex chosen, you can perform these bitwise operations fairly quickly. To perform 85 XOR 45, for example, simply enter 85, click XOR, enter 45, and click the Equals sign. As a note, in the Windows calc, as in many other instances, & is displayed as AND.

As you can see, "33", "44", and "55" all yield negative numbers (before one even gets to perform the bitwise XOR operation, for that matter). Perhaps misfire could shed some more light on this.

Incidentally, according to CodeJunkies, your code should be 30077354 0064 (well, they had 80077354 0064, but I doubt you'll need to set those first two digits to 00)

Note that this will only work on a PAL version of this game. If you're using an NTSC version of Hail to the King, we'll need to solve for an offset between PAL and NTSC versions.

It's always possible that this isn't an identical code, but assuming it is, I need to figure out how "33", "44", and "55" should've been handled...

Heh, that code should actually be 3007720C 0064 (the second code listed on CodeJunkies, incidentally). ugetab took a look, and, after some degree of bandying, noticed my error. Thanks go out to him. I'll begin implementing this either tonight or tomorrow.

GREAT!!,all here know a lot, you are true geniuses . I will try now to convert them for myself. Thanks a lot