Tweet
You don't need a cheat device to cheat (or use codes) on your games. This method has a bit more steps than to actually use a cheat device, but can be useful if you are too poor (or too cheap) to buy a cheat device (or something to exploit your PS2).
You need:
1) Game ( x 1 )
2) DVD +- R ( x 1)
3) Computer ( x 1)
4) DVD Burner ( x 1)
5) CodeDesigner v2 (or anything that lets you compile MIPS assembly and convert to raw data)
6) PS2Dis
7) Hex editor
8) DVD Decrypter (Or anything that lets you rip a disc image)
9) WinImage (Or anything that lets you modify a disc image)
Also, be sure you know a little bit on MIPS assembly, or have a friend that does.
First, you will need to take your game and insert it into your computer's DVD drive. From here you will look for a "SLUS_xxx.xx", "SCUS_xxx.xx", or anything related. This is the file we will be modifying. Copy that file to your desktop.
Now open the file in your hex editor. Look for any unused space (a large area of NULL data hex bytes: 0x00). Personally, I would prefer the area between the entry point and the end of the ELF header. Usually in commercial games there is a good amount of blank space there, and some of them you will have to modify the ELF header to allow loading from there (I will not explain the ELF header modifications in this).
Once you have found the space, you will need to either take the entry point or load the ELF in PS2Dis to find a hook. You can hook from anywhere, as long as where you are hooking from is called at least once.
Generally, it is easier to just modify the ELF header to perform the copy for us. However we will take a lazy way out this time.
We will need to write a routine now, this routine will copy our cheat engine to the portion of RAM we want. Also, we will need it to copy our list of codes if you choose to write your routine as a cheat engine.
In my example, I have it set to copy itself to 0x00080000, and a code list (if any) to 0x00081000. Since I am using SOCOM: Combined Assault for my example, and I like to make it go online, I have it set to clear it's former data (this game has a poor cheat detection system, and I like to avoid it
).
I have chosen the ELF's entry point as my hook, so I needed to force it to restore the entry values, and jump back to enter the ELF when it is done extracting itself so-to-speak.
I will not explain how to write the cheat engine or extraction function, but will provide an example. This is a simple tutorial on how to set up a modded disc to cheat with the use of actual codes. Meaning, what everyone told me was "impossible", a jokered mod disc.
It is easier to use CodeDesigner v2 to write our functions, since we can directly inject into the ELF file without moddifying it's size.
With your routines written, and ready to be used (meaning you have built your copy function and your cheat function), we now inject it using CodeDesigner v2 into the space you selected from the ELF.
You will have to use your hex editor to manually inject the hook, so open the ELF back up in the hex editor, navigate to where you wanted your hook, and manually inject the hook value into the ELF. This allows your routine to run when the ELF starts.
I strongly recommend building your extraction function to install a kernel hook, so you don't have to spend time trying to find a perfect game hook. I have this in the example code for you to look at and understand what I mean.
Once all the injections are completed in the ELF file, we are ready to make that disc. Make sure your game is still in the DVD drive, and use DVD Decrypter to rip an image (.iso file). Once it is completely ripped, open the image up with WinImage. With WinImage, replace the ELF file in the disc image with the one you just modded (as long as you injected by overwriting the data it should still be the same size and MUST be!).
Take your game disc out, and insert the blank DVD +- R. Open DVD Decrypter, and set it to burning a DVD, select your disc image (.iso file) and let 'er burn.
Once it is all finished, you are ready for playing it. However you can't just pop it in the PS2 and expect it to play, you need to swap.
You may need to mod your PS2 (not mod chip, just cover sensor - slim or take off top case - fat) to be able to swap discs while the game is spinning (I will not explain on that either), so ensure you are able to do that (simple task).
Insert your game (original store bought one), and boot up the PS2. Watch the laser, it will move down, the disc will start to speed up, and the laser will move slightly up.
This is the exact point when you need to grab it and swap it. Be quick! Once that motor speeds up and the laser moves up, that means it recognizes it as a PS2 format disc and is ready to read the booting ELF.
You must swap exactly at this point so it will load your modded ELF rather than the original one!
That's all there is to it, have fun.
Sorry if this tutorial seems pretty shitty and short, I honestly hate typing out explanations, someone else might explain this a bit better.
Example CD2 Source Code: http://cheaters-lounge.net/files/misc/SCA_SLUS_Mod.cds
If done right, and you have everything working with an actual cheat engine operating, you can always take commercial codes (for like CodeBreaker or ARMAX) and decrypt them with a utility and inject it in as a code list. You are basically building your own cheat system for a specific game, so you don't need a cheat device to load a code. The only downside is to add more to your list of codes you will have to burn another disc :/
~ Gtlcpimp
You need:
1) Game ( x 1 )
2) DVD +- R ( x 1)
3) Computer ( x 1)
4) DVD Burner ( x 1)
5) CodeDesigner v2 (or anything that lets you compile MIPS assembly and convert to raw data)
6) PS2Dis
7) Hex editor
8) DVD Decrypter (Or anything that lets you rip a disc image)
9) WinImage (Or anything that lets you modify a disc image)
Also, be sure you know a little bit on MIPS assembly, or have a friend that does.
First, you will need to take your game and insert it into your computer's DVD drive. From here you will look for a "SLUS_xxx.xx", "SCUS_xxx.xx", or anything related. This is the file we will be modifying. Copy that file to your desktop.
Now open the file in your hex editor. Look for any unused space (a large area of NULL data hex bytes: 0x00). Personally, I would prefer the area between the entry point and the end of the ELF header. Usually in commercial games there is a good amount of blank space there, and some of them you will have to modify the ELF header to allow loading from there (I will not explain the ELF header modifications in this).
Once you have found the space, you will need to either take the entry point or load the ELF in PS2Dis to find a hook. You can hook from anywhere, as long as where you are hooking from is called at least once.
Generally, it is easier to just modify the ELF header to perform the copy for us. However we will take a lazy way out this time.
We will need to write a routine now, this routine will copy our cheat engine to the portion of RAM we want. Also, we will need it to copy our list of codes if you choose to write your routine as a cheat engine.
In my example, I have it set to copy itself to 0x00080000, and a code list (if any) to 0x00081000. Since I am using SOCOM: Combined Assault for my example, and I like to make it go online, I have it set to clear it's former data (this game has a poor cheat detection system, and I like to avoid it
).I have chosen the ELF's entry point as my hook, so I needed to force it to restore the entry values, and jump back to enter the ELF when it is done extracting itself so-to-speak.
I will not explain how to write the cheat engine or extraction function, but will provide an example. This is a simple tutorial on how to set up a modded disc to cheat with the use of actual codes. Meaning, what everyone told me was "impossible", a jokered mod disc.
It is easier to use CodeDesigner v2 to write our functions, since we can directly inject into the ELF file without moddifying it's size.
With your routines written, and ready to be used (meaning you have built your copy function and your cheat function), we now inject it using CodeDesigner v2 into the space you selected from the ELF.
You will have to use your hex editor to manually inject the hook, so open the ELF back up in the hex editor, navigate to where you wanted your hook, and manually inject the hook value into the ELF. This allows your routine to run when the ELF starts.
I strongly recommend building your extraction function to install a kernel hook, so you don't have to spend time trying to find a perfect game hook. I have this in the example code for you to look at and understand what I mean.
Once all the injections are completed in the ELF file, we are ready to make that disc. Make sure your game is still in the DVD drive, and use DVD Decrypter to rip an image (.iso file). Once it is completely ripped, open the image up with WinImage. With WinImage, replace the ELF file in the disc image with the one you just modded (as long as you injected by overwriting the data it should still be the same size and MUST be!).
Take your game disc out, and insert the blank DVD +- R. Open DVD Decrypter, and set it to burning a DVD, select your disc image (.iso file) and let 'er burn.
Once it is all finished, you are ready for playing it. However you can't just pop it in the PS2 and expect it to play, you need to swap.
You may need to mod your PS2 (not mod chip, just cover sensor - slim or take off top case - fat) to be able to swap discs while the game is spinning (I will not explain on that either), so ensure you are able to do that (simple task).
Insert your game (original store bought one), and boot up the PS2. Watch the laser, it will move down, the disc will start to speed up, and the laser will move slightly up.
This is the exact point when you need to grab it and swap it. Be quick! Once that motor speeds up and the laser moves up, that means it recognizes it as a PS2 format disc and is ready to read the booting ELF.
You must swap exactly at this point so it will load your modded ELF rather than the original one!
That's all there is to it, have fun.
Sorry if this tutorial seems pretty shitty and short, I honestly hate typing out explanations, someone else might explain this a bit better.
Example CD2 Source Code: http://cheaters-lounge.net/files/misc/SCA_SLUS_Mod.cds
If done right, and you have everything working with an actual cheat engine operating, you can always take commercial codes (for like CodeBreaker or ARMAX) and decrypt them with a utility and inject it in as a code list. You are basically building your own cheat system for a specific game, so you don't need a cheat device to load a code. The only downside is to add more to your list of codes you will have to burn another disc :/
~ Gtlcpimp
Comment