Ko bít có ai đã từng xài P2dis chưa, mình thấy cái này khá hay nhưng search trên web thấy hướng dẫn sơ sài quá. Cái khó ở chỗ P2dis dùng command để tạo ra value cho các address mà mình dốt đặc về khoản này. Vậy nhờ bác nào rành hướng dẫn giùm với.
Sorry nhầm PS2dis chứ ko phải P2dis. Đây là một hướng dẫn từ http://windows-x.tripod.com/id15.html PS2DIS Hacking tutorial INTRO What Do i Need To Prepare to start Hacking? Do i need alot of expensive equipment like "Franken Station!?" No You DONT! Do i have to Download alot of Programs? No You Dont! Do They Require a DVD drive, or is there a cable like the X- Link that connectes my PS2 to my PC like the cable for N64 and PSX? No they dont, but it would be nice if they did! Can You Make an Online Hacking FAQ? Yes i can, yes i will, but not now! If that all how do i make Codes?!?!? OK first things first, You Are goin to need Madd(alot) of patiences, 2nd you are goin to need alot of caffine, i suggest soda(Mountain Dew, Coke, Orange Slice, Sierra Mist, Blue Pepsi) or Coffee i suggest Ecspresso(Cafe' Bustelo) =-=-=-=-=-=-=- Extracting an Elf File -=-=-=-=-=-=-= Things you need... 1. A DVD Drive on your Computer (PC) 2. The Game 3. WinRAR =-=-=-=- How To... -=-=-=-= Open WinRAR in the Search below the Toolbar locate your DVD Drive Once inside your DVD Drive locate the Elf file ELf?.. Slus/Scus/Sles/slps/pbpx/elf/... Look for any of those file names Right Click on the file Click "Add To Archive" a new window should pop up in location click "Browse/Location" Pick your Desktop click OK on the Bottom of the Window click Ok it will Zip Up the File. Now all you have to do now is email the file to who ever. -=- FAQ =-= Why WinRAR? WinRAR has better compress then anything i tried. And it will Zip up pretty much anything to fit into an email! Why do you need an Elf File for? Want codes? its the file used to make code, such as EVERYTHING. What if i dont have a DVD Drive on my PC? Then my friend your S.O.L! Unless you can go to a friends house and Zip it up. Or You know someone online who can send the File. Get hacking! First something about the structure of the codes. The codes we are talk about are HEX codes (decrypted), because it?s the original code. If you want to create codes for the AR2, you have to encrypt them, before you can use them, but if you?re the lucky owner of an XP2, you don?t have to. It works with decrypted and with encrypted codes. How to encrypt them is explained the Converting-Tutorial. A normal one-rowed HEX code consists of three parts: ?Command? - the command line of the code ?Address? - it?s where you can find the code and it tells you what the code is doing ?Value/Digit? - together with the ?Command? it specifies how the code is working C = Command A = Address D = Digit C AAAAAAA DDDDDDDD 2 027A569 FFFFFFFF <----- this is a normal HEX/RAW code There also are some other types of codes, but for now they aren?t important. (You can find them in the ?Code-Type? guide.) First you have to download ?PS2Dis?, made by Hanimar. You can find it in the ?Tools? section of this website. To create codes, you either have to own a DVD drive or know someone who does. You have to put the game DVD in the drive and copy the ELF file of the game. That?s the file where you can find the addresses to create codes. If you and your friends don?t have a DVD drive you have to ask somebody on the Internet to send you the file (it?s about 3MB). SLES_###.## SLUS_###.## SCES_###.## SCUS_###.## SCPS_###.## SLPS_###.## PBPX_###.## That?s how the files can look like. When you have the file, open it with PS2Dis. Now you will see a lot of descriptions and numbers. In the very left column there are many numbers which look a little bit like codes. Those are the addresses of which you will create the codes. They all are in the HEX format. __________________ Now let?s start creating codes ^^ But something you have to know: creating codes needs patience and time! But with some practice you will get faster, so don?t worry. There are different ways of creating codes and the easiest of them I will explain you. Hacking with Labels: (That?s the easiest and fastest method of creating codes.) Labels you can use without problems aren?t in "". First example is GTA3 We open the file, start the Invoke Analyzer and look for some useful labels. One of them is the label RespraysAreFree_8CGarages. We cklick on the label and jump to the address. Address: 00418490 00000000 The only thing we can do is to try some values out (But don?t change the address!) 00418490 0000000 0 --> nothing happens 00418490 0000000 1 --> Free Resprays 00418490 0000000 2 --> game freezes So the code we?re looking for is 00418490 00000001. (And remember: this is a HEX code. It works with the XP2, but if you use the AR2 you have to encrypt it first.) You ask why the command is 0 and not 1 or 2? That?s what I?m explain now. The command depends on the value. If the value is less than or equal 0000 00FF, the command is 0. If the value is less than or equal 0000 FFFF, the command is 1 If the value is less than or equal FFFF FFFF, the command is 2. For better understanding here?s an example: Tidus MAX HP (FinalFantasyX) We have a working PAL version code for XP2 from xploder.net and decrypt it. Tidus MAX HP 1031EAB8 0000FFFF 1031EAC0 0000FFFF We look on the command of the code. It?s 1, so the value is limited. We know, that the maximum size of the value is 0000 FFFF if the command is 1. We know, that FFFF stands for the decimal digit 65535 (If you don?t know it, use the Calculator). But in FFX the maximum HP is 99.999. We want Tidus to have 99.999 HP, so we change the command from 1 to 2. The maximum value for this command is FFFF FFFF what is decimal 4294967295, so the limit is high enough now. We only have to convert 99.999 in HEX now (1869F) and put the new value in the codes: 2 031EAB8 000 1869F 2 031EAC0 000 1869F Don?t forget: the addresses are the same, we only changed the values/digits and the command! That?s all to tell you about hacking with labels. Here are some labels you could look for in games. Bypass Disable Enable Free Add Remove Get Activate Apply cheat/ bcheat Display As an example for hacking with labels we will take the racing game GTC Africa.(Thanks to Nachbrenner) We first start the "Invoke Analyzer". Now we?re looking for labels which sound useful for a racing game, e.g. car, lap, track, time, championship, AI and so on. In the ELF file of GTC Africa we sound an interesting label named CheatUnlockAll. When we choose the label, we?re jumping the addresses. We double click on the lable. 001aa660:24050001 ,li a1, a1=0x00000001 001aa664:3c010028 ,lui at, at=0x00280000 001aa668:ac25a588 ,sw a1 ,[_0027a588] 001aa66c:3c010028 ,lui at, at=0x00280000 001aa670:ac25a594 ,sw a1 , [_0027a594] 001aa674:3c010028 ,lui at, at=0x00280000 001aa678:ac25a598 , sw a1 ,[_0027a598] Now we look to the "sw", 3 times they link to other Adresses. But how we get the Digit? Normally Unlock - Codes have the Digit 00000001 so we test this first. The Codehacker who make this code (Nachbrenner) take the Command "1" and let run the Code in 16 Bits (dont know why he takes this command cause normally when you dont know in how many bits the address runs you choose the command "2" which runs the code in the normal 32 Bit but maybe he test it out this way) So we get these codes: 1 027A588 00000001 1 027A594 00000001 1 027A598 00000001 Try the codes one after another. We find out that the codes are: Unlock All Challenges 1027A588 00000001 Unlock All Championships 1027A594 00000001 Unlock All Single Races 1027A598 00000001 In this case we find in PS2Dis what to do with the code and what value it has. But sometimes we don?t get that much help. Hacking with Labels in quotes: Not every game has labels which even look like codes. Most labels are in " " and let us jump to a so called byte routine. A byte routine only shows how the name of the label is built and are useless for us. But we?re lucky to have ps2dis, which helps us out. Ok... lets take as example the Game "Guilty Gear XX US - SLPS_251.84" We start "Invoke Analyzer" and look into the Labels. We see some trash in it... but then we find the Label "Player Load %d %dn" Press Enter and we come to the Address 0030b4c0 ok... now we see where the Label is locatet but this not our real Address... this is just the part where name of the Label is build. So we press Space Bar + F3. Now ps2dis brings us to address 0010589c Ok.... now are in the right part. Directly below we see two addresses with the op "lh" (load halfword) which have a referer. These referers links to other addresses which holds very often the effect we want. So we mark the addess 001058a0 with spacebar and press "right" and come now to the address Now you should ask you why ps2dis brings you to 00289c50 instead of 002892c52..... this is very easy cause ps2dis shows us the addresses in 32 Bit which mean that the addresses are always shown in "4" steps (0 -> 4 -> 8 -> C -> 0 ..... ). Ok but how to choose now the right code.... you remember the two Addresses with the op "lh" (Load Halfword)? This op tell us that the address there runs in 16 Bits (cause the op "word" runs in 32 Bit and the "half" of a "word" is 16 Bits). So what we have to do now? 1.Referer: 00289c50 00289c51 2.Referer: 00289c52 00289c53 Easy we test the code in16 Bits too! For this we need the Command "1" (1 xxxxxxx 0000????). "Player Load" means that something should be load into the game so it would be not that good when we disable it with "0000". Instead of 0000 we choose now "0001" and see what happens..... 10289c50 0000001 <--- Play Sol Badguy as Player 1 10289c52 0000001 <--- Play Sol Badguy as Player 2 When we change the value again (0002, 0003 you will get all the players which are availbel) Cool we have found now our Player Mod :) Hacking with Strings: Now we come to an advanced part in the art of Code hacking. The first thing is that you get information about the game you want to hack. For example with how many Health Points you start with and what is the maximum Number of Health etc. you can get. This method is dealing with searching for strings/values which are sometimes written into ELF-Files and not just into the Ram. Let?s for example take how the FFX-2 PAL Health Code was hacked. Ok now comes the part where you have to get information about the game. In FFX-2 your Health is shown as Health Points (HP). The minimum of HP you can get is 1 HP. The maximum is 9999HP but with a special Item you can get 99999 HP. Let?s see how we can use this information for hacking a code. First we load the FFX-2 PAL ELF into a dissembler (in this example I used ps2dis) and start Invoke Analyzer. Now we start with searching specific strings. We know that the maximum value is 99999 which is in Hex/Raw 1869F. Now we press Ctrl + F and enable Option "As hex string". When you don?t know exactly how the OP-Code is build but which value it has in the game we take the last 4 Digits. In this example it is 869F. But if we were to write this into the Search Box now it will not find the right results. We have to change the Bytes in these 4 Digits: 869F -> 9F86. If u notice all we did there was put the last 2 digits in front u do this with any hex value when using this method. So we write 9F86 into the Search option and press ok. The first address where ps2dis brings is 001cf604. This area with a bunch of Addresses doesn?t look that bad, look at the parts which stands in " ( ) " behind. We see some values which are often used in this game: "0001869f"; "0000270F"; "000000FF" So we test the addresses in this aria with different values. But we see it doesn?t change anything or just freeze the game. We may have modified other Options in the game that we don?t see yet. But ok... we search again..... Press F5 to get the next result of search. This brings us to the address "001d1564" (Now you can see why we just search for the last 4 Digits.... the op-code is 34c6869f so if we were to search for 1869f instead of 869f it wound not have shown us this address, and we could have missed it). So we look into this cluster of Addresses and see that this Address is also not bad. Look at this.... lui a2, $0001 addiu v1, zero, $270f (shown as li) andi v0, v0, $0001 ori a2, a2, $869f This is the part where the where the Health Values are set. lui a2, $0001 and ori a2, a2, $869f belongs together. this means that the value 0001 is stored in the first for Digits of a Value (0001xxxx), ori a2, a2, $869f stores 4 Digits (in this example 869f) in the last 4 Digits of a Value.... means (xxxx869f). We see that all results belongs to Register a2 so the Digits come together and build the Value 0001869f . addiu v1, zero, $270f means that a value is stored in register v1 (v1 = 0 + 270f). This was just a little Example which is for us not that really important. Now we came to the boring part..... Testing the Addresses with different Values... For example: "201d155c 2403270f" or 201d155c 240300FF or sth, like this... but damn... nothing seems to work for the described Addresses. Ok but we don?t give up and look to the addresses in this bunch and test them. So we come to the jal op on address 001d1570. But how to give a jal a constant value... we have to change the op code jal in something different. We want to store an address so we take the op "addiu". Now we have found a register where we can store the result, which is not used in this routine btw. Which the game allows us to use that it will not freeze. I choose Register v0. The op-code should like this addiu v0, zero, $270f ($270f for the value we want to get). Make a double-click on the Address and type this ( "addiu v0, zero, $270f" ) into the command line. It will give you now the value "2402270f". So we test the Code 201d1570 2402270f and see it brings us 9999 of Health Points :) Now we have the Code for Health.... Another interesting thing is below we see the value $03E7 which is the maximum value from MP.... As far as we can tell is that the health code lies on a jal op we test the next jal too..... We take the same op as before just with the value 03E7 to get the full 999 MP Points.... and after a quick test we see we got all 999 MP-Points... Song trên đây chỉ áp dụng được với 1 game cụ thể, muốn áp dụng với mọi game phải hiểu cấu trúc các command. Vậy mình mới nhờ ai rành giải thích dùm.
