Announcement

**Helder** · 07-10-2014, 11:13:56 PM

You need to scroll way up a bit so we can see that load but from what I see it looks like it loads that address in V0 and does some math till it gets to what is at that address in V0 ( I would look at that address to see what's there). So to forcibly change the value just change the line before the store aka sb a0,$2(v0) to something like: ori a0,$00?? the ?? is the value you want.

**jin299** · 07-12-2014, 08:33:32 AM

Helder I tired changing the line sb a0$2(v0) to ori a0,$0007 but it still doesn't load the values 0007 into the register? any ideas why it won't?

**Helder** · 07-12-2014, 02:03:42 PM

Change the line before it, if you change the store it will not save anything to the address so change the line before it.

**jin299** · 07-12-2014, 04:08:50 PM

I tried that but the register didn't change to what I wanted it to?

**Helder** · 07-12-2014, 08:43:06 PM

What is the ram code so I can take a look.

**jin299** · 07-12-2014, 08:55:55 PM

Sure thing man here's the ram code 301E7FD2

**Helder** · 07-13-2014, 06:47:29 PM

Your using shortcut mode? or are in Training mode because I had some other routines going on when I was in arcade mode. So anyways I traced up quite a bit putting some random break on loads of any kind to the a0 register since this is where the value for the character is and after some testing the breaks I found:

80105968 90640000 lbu a0,$0 (v1)

this is taking whatever is at register 1 and putting that value in register a0 (character value). and the address at v1 is 801003C0 which is part of the character value table. So now we have 2 options to change this to do what we want, we can go the easy route and change this load instruction to one we want so something like :

ori a0,$17 <-- or whatever value you want.

This affects both players atleast in Training Mode. The other method would be to go further up on the Assembly and change the address in v1 to always load the character value we want from the table which would involve more work.

**jin299** · 07-14-2014, 09:18:24 AM

So much information to take in so many questions to ask man, right so I'll begin by asking what did you mean when you said I was using shortcut mode, also are we always looking for a load value of some sort when tracing backwards when looking for the code,? and are we always looking to load a which in this case is a0 value to the address in register v1 0r v0?

**Helder** · 07-14-2014, 03:28:53 PM

Originally posted by jin299 View Post

So much information to take in so many questions to ask man, right so I'll begin by asking what did you mean when you said I was using shortcut mode, also are we always looking for a load value of some sort when tracing backwards when looking for the code,? and are we always looking to load a which in this case is a0 value to the address in register v1 0r v0?

1. The Shortcut Mode is an option that makes the game load quicker by using the Character Select screen used in Training Mode for the VS and Arcade modes.

2. You generally are looking for a load or some addition/subtraction that puts the value in the register that has the value, in this case the a0 register. You always look at the address we got the break for a clue to whats going on, so looking at the initial break on write which is what you and I used and we see the instruction:
sb a0,$2(v0)
This is where a little ASM knowledge helps or at least using some MIPS instruction list for reference, sb is storing a byte meaning 8bit which is 2 character value so naturally you are looking for a load with the byte since the store is a byte.

3. The address at v0 is always helpful to see what is being used to get the value or store the value so looking at the load instruction I posted above which we changed to get the desired result lbu a0,$0 (v1) this might be confusing to you and anyone not familiar with ASM so I will break it down as to how it's read so it becomes something that is understandable.

lbu a0,$0 (v1) is saying load the value at the address in ( ) then add the hex value $0 to that address and put it in register a0

sb a0,$2(v0) is saying store the value at register a0 into the value at address in ( ) that you also add $2 hex to the address.

I'll break it down further (v0 is the address below) :

sb a0,$2+801E7FD0 = sb a0,801E7FD2

hope this helps in understanding a bit.

**jin299** · 07-14-2014, 04:20:45 PM

Helder I went onto Arcade mode and it said that v1 is the register loading the characters value however it saids that both registers s2 and s7 are loading the addresses 801E7FD0 so what address am i supposed to load v1 into s2 or s7?

**Helder** · 07-14-2014, 04:26:41 PM

Look at the store where the break occurs so you know which register has the value you want to change. I did notice the arcade mode had a different routine than the training one and should be a little simpler to hack from what I looked at.

**jin299** · 07-14-2014, 04:50:46 PM

looking at the store beside the break it reads sb v1 $2(s2) so would it be right to assume that lbu v1,$?(s2) is the one we are looking for or could it be an add or subtract instruction I should be looking for instead?

**Helder** · 07-14-2014, 05:02:34 PM

You need to look for something that stores the value into register v1 up above that store so look for that and it will likely be a byte load so lbu is what I would look for and if it can't be found then keep tracing any changes made to v1.

**jin299** · 07-14-2014, 05:15:33 PM

The break occurred at the instruction lbu a0, $1 (v0), is this of any use to me, or should I look at the sb instruction because if so there's two sb instructions beside the break, apologies man if I'm coming across as annoying I'm still trying to understand what exactly it is I'm supposed to load into what?

**Helder** · 07-14-2014, 07:02:16 PM

I'll take some pics to show you how but I gave you enough info to go poking around to where you should get results of some sort whether good or bad.

Announcement

Hacking Sequential codes PSX

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment