sdrawkcab
04-13-2012, 08:39 PM
what you need
-ram dump
-controller address
-hook
-ps2dis
-a code to joker
finding your controller address :
note : make sure your cheat device is on pause game : true
1) hold down one of the button listed below and search that exact value in hex. for this example we will be using "R" hold "R" and search "200" in hex. then let go and search "0" repeat until you only have a few results
2) for some games this method dosnt work, if you are playing a game where it dosnt work do this. search for an unknown value then hold down your select button and search great. then let go and search less repeat until you only have a few results
Select button = 0001
Start button = 0008
Up D-Pad button = 0010
Right D-Pad button = 0020
Down D-Pad button = 0040
Left D-Pad button = 0080
Left trigger = 0100
Right trigger = 0200
Triangle button = 1000
Circle button = 2000
Cross button = 4000
Square button = 8000
finding your hook :
1) search "03e00008" in hex copy the results in to your cheat browser and nop them one at a time. when one of them freezes that means you have an active hook. label it or write it down because that's the hook your going to use
the "negative rule" :
if the last 16bits of the code you are jokering are above 7f80 you most add 1 to the first 16 bits
example 1: 0x0881ffff
because ffff greater then 7f80 you must add one to "0881" so your end code would look like :
0x0882ffff
example 2: 0x08810000
0000 is less then 7f80 so in this case you dont have to do anything
real and fake addressing:
to convert a code to real address you just add "08800000" to it you can use a hex calculator to do this
the reason you need to put the code in real addressing is because psp addressing really starts at "08800000" not "00000000"
cheat devices like nite just start at "00000000" to make it easy for you or to make the code look cleaner.
opening & taking your ram dump :
here's how to take a ram dump simply go to options extras ect then go to the ramdump option and pick a slot then press X and your done.
opening your ramdump is simply open psp2dis then go to the open option scroll down and select your ramdump once you get it a box will pop on the screen, make sure it address's from "08800000"
finding your nop cave :
a nop cave is just a ton of address grouped to gather that all have a value of "0"
a common nop cave is "08801000"
here are our mips templates
if you have a regular code
lui t0 $XXXX //First half of controller address (real addressing)
lw t0 $XXXX(t0) //2nd half of controller address
addiu t1 zero $XXXX //Activate button value
addiu t2 zero $XXXX // Deactivate button value
bne t0 t1 $Next bne
nop
lui t3 $XXXX //1st half of your code address (real addressing)
lui t4 $XXXX //1st half of your code's ON value
ori t4 t4 $XXXX //2nd half of your code's ON value
sw t4 $XXXX(t3) //2nd half of code address
bne t0 t2 $To jr ra
nop
lui t3 $XXXX //1st half of your code address (real addressing)
lui t4 $XXXX //1st half of your code's OFF value
ori t4 t4 $XXXX //2nd half of your code's OFF value
sw t4 $XXXX(t3) //2nd half of code address
jr ra
if you have dma code
lui t0 $XXXX //first half of controller (real addressing)
lw t0 $XXXX //second half of controller(t0)
lui t1 $XXXX //first half of pointer (real addressing)
lw t1 $XXXX //second half of pointer(t1)
addiu t2 zero $XXXX //button value on
addiu t3 zero $XXXX //button value off
bne t0 t2 $XXXX //next bne
nop
lui t4 $XXXX //first half of value on
ori t4 t3 $XXXX //second half of value on
sw t4 $XXXX //offset (t1)
bne t0 t3 $XXXX //jump to jr ra
nop
lui t4 $XXXX//first half off value
ori t4 t4 $XXXX//second half off value
sw t4 $XXXX//offset(t1)
jr ra
hook value :
press any address on ps2dis then enter "J $xxxxxxxx" - first line of your subroutine (real addressing)
then just put the value you get next the hook you found before hand.
why do we need a hook?
because in almost every game it skips over the nop caves so you need a hook to just to your joker.
finishing the code :
press command P and then press copy. now copy what you get in to note pad.
add 0x to the start of every line and every value and subtract "0880" from every line.
now just copy it in your cheat device and your done!
-ram dump
-controller address
-hook
-ps2dis
-a code to joker
finding your controller address :
note : make sure your cheat device is on pause game : true
1) hold down one of the button listed below and search that exact value in hex. for this example we will be using "R" hold "R" and search "200" in hex. then let go and search "0" repeat until you only have a few results
2) for some games this method dosnt work, if you are playing a game where it dosnt work do this. search for an unknown value then hold down your select button and search great. then let go and search less repeat until you only have a few results
Select button = 0001
Start button = 0008
Up D-Pad button = 0010
Right D-Pad button = 0020
Down D-Pad button = 0040
Left D-Pad button = 0080
Left trigger = 0100
Right trigger = 0200
Triangle button = 1000
Circle button = 2000
Cross button = 4000
Square button = 8000
finding your hook :
1) search "03e00008" in hex copy the results in to your cheat browser and nop them one at a time. when one of them freezes that means you have an active hook. label it or write it down because that's the hook your going to use
the "negative rule" :
if the last 16bits of the code you are jokering are above 7f80 you most add 1 to the first 16 bits
example 1: 0x0881ffff
because ffff greater then 7f80 you must add one to "0881" so your end code would look like :
0x0882ffff
example 2: 0x08810000
0000 is less then 7f80 so in this case you dont have to do anything
real and fake addressing:
to convert a code to real address you just add "08800000" to it you can use a hex calculator to do this
the reason you need to put the code in real addressing is because psp addressing really starts at "08800000" not "00000000"
cheat devices like nite just start at "00000000" to make it easy for you or to make the code look cleaner.
opening & taking your ram dump :
here's how to take a ram dump simply go to options extras ect then go to the ramdump option and pick a slot then press X and your done.
opening your ramdump is simply open psp2dis then go to the open option scroll down and select your ramdump once you get it a box will pop on the screen, make sure it address's from "08800000"
finding your nop cave :
a nop cave is just a ton of address grouped to gather that all have a value of "0"
a common nop cave is "08801000"
here are our mips templates
if you have a regular code
lui t0 $XXXX //First half of controller address (real addressing)
lw t0 $XXXX(t0) //2nd half of controller address
addiu t1 zero $XXXX //Activate button value
addiu t2 zero $XXXX // Deactivate button value
bne t0 t1 $Next bne
nop
lui t3 $XXXX //1st half of your code address (real addressing)
lui t4 $XXXX //1st half of your code's ON value
ori t4 t4 $XXXX //2nd half of your code's ON value
sw t4 $XXXX(t3) //2nd half of code address
bne t0 t2 $To jr ra
nop
lui t3 $XXXX //1st half of your code address (real addressing)
lui t4 $XXXX //1st half of your code's OFF value
ori t4 t4 $XXXX //2nd half of your code's OFF value
sw t4 $XXXX(t3) //2nd half of code address
jr ra
if you have dma code
lui t0 $XXXX //first half of controller (real addressing)
lw t0 $XXXX //second half of controller(t0)
lui t1 $XXXX //first half of pointer (real addressing)
lw t1 $XXXX //second half of pointer(t1)
addiu t2 zero $XXXX //button value on
addiu t3 zero $XXXX //button value off
bne t0 t2 $XXXX //next bne
nop
lui t4 $XXXX //first half of value on
ori t4 t3 $XXXX //second half of value on
sw t4 $XXXX //offset (t1)
bne t0 t3 $XXXX //jump to jr ra
nop
lui t4 $XXXX//first half off value
ori t4 t4 $XXXX//second half off value
sw t4 $XXXX//offset(t1)
jr ra
hook value :
press any address on ps2dis then enter "J $xxxxxxxx" - first line of your subroutine (real addressing)
then just put the value you get next the hook you found before hand.
why do we need a hook?
because in almost every game it skips over the nop caves so you need a hook to just to your joker.
finishing the code :
press command P and then press copy. now copy what you get in to note pad.
add 0x to the start of every line and every value and subtract "0880" from every line.
now just copy it in your cheat device and your done!