The Secrets of Professional GameShark(tm) Hacking ____ ______ ______ THE ______ ______ ____ / \ | ___| | | _____ | ___| |_ _| / \ | |__| | |__ | |__| | \ | |__ | | | |__| \ \ | __| | | | | | | __| | | \ \ _\ \ | | | |__ | / | | | | _\ \ | | | | |___ | | | | | \ | |___ | | | | | \____/ |______| |______| |___|__\ |______| |__| \____/ Of Professional Gameshark(tm) Hacking _____ 0001110101001110010110100011 ..~` a`~~.. 110100000100001000100000101000001 ..~` }100000111000110001110001100011111110 -----` /\/\/\/10100011100110000111001100001110011000 `. \\\ | 00010001001111110010011111100100111111100 ; \/\/\100100111001100001110011000011101100010 .` ___/01000111000110001110001100011100110010 ; ..~~~~```` 11011000100100100101010100100110101001 .` ..`` ; ..`` ; .` .-` .` .-` ,` "The most elaborate, in-depth hacking guide / .. . for Game Cheat Devices, ANYWHERE!" |.-`` `. \ `.| [Originally By: Kong K Rool* and Macrox] with additions by [Tolos, DGenerateKane, HyperHacker, Viper187, and Kenobi] ----------------------------------------------- Table Of Contents ----------------------------------------------- Section 1 : Foreword I This Version II What's New III Coming Soon IV Dedication V Preface VI Acknowledgments Section 2 : Hacking VII Introduction VIII Hacking Basics - Theory Know The Code Systems Of Counting Or Number Base Offsets Decimal Binary Bitwise Operations Hexadecimal Octal ASCII Floating Points About Most GameShark Hackers IX. How-to Guide - Getting Started What do I need? What do I need to know? Learn Your Shark - Code Types, Buttons and all. Nintendo 64 Code Types Playstation Gameshark Code Types Playstation Xploder/Xplorer Code Types Playstation 2 Code Types Sega Dreamcast Code Types Sega Saturn Code Types Gameboy/Gameboy Color Code Types Gameboy Advance Gameshark V1/V2 Code Types Gameboy Advance Codebreaker Code Types Action Replay V3 Code Types Button Activators - Info & Digits Patch Codes Encryption Playstation 2 Gameshark Encryption Sega Dreamcast Encryption Gameboy Advance Encryption Xploder/Xplorer N64 & PSX Encryption X. How-to Guide - The Hacking Begins One Small Step For Man... The Methods Using Game Trainers Hacking With GameShark Pro - Step by step Hacking The Easy Stuff Hacking The Intermediate Stuff Hacking The Harder Stuff Finding N64 Enable Codes Hacking MTC0 Enablers MTC0 Enablers An Easier Way Hacking Non-MTC0 Enablers Finding 'FF' Enablers N64 Emulator Based Hacking N64 Assembly ("ASM") Hacking Hack Your Shark!? Hacking Playstation 2 Codes Hacking Sega Dreamcast Codes The online Code Porter XI. How-to Guide - Gameboy Hacking Hacking Gameboy Advance Codes With Visualboy Advance Gameboy Advance Size Modifiers How-To Finding Gameboy Advance Enable Codes Creating AR V3 Codes Using AR Crypt Beta8c Hacking Non-Standard Master Codes Gameboy Advance ASM Tutorial GameBoy 3.0 Hacking - by Curly9od Section 3 : Reference XIII. Downloads XIV. GameShark / GameShark Pro FAQ XV. Playstation Xplorer/xploder Information Section 4 : Legal Section 1 : Foreword ----------------------------------------------- I) This Version ----------------------------------------------- Version Number: 5.00c Release Date: 03-25-2003 Edited by Tolos, Viper and macrox * = aka Parasyte ----------------------------------------------- II) What's New ----------------------------------------------- 03-02-04 minor update: -Hacking "unhackable" GBA master codes -Bitwise Operations info -A little basic info on using COP1 instructions (N64 ASM) -IcyGuy revamped his Image Mods and GBA Size Mods info -MAX Crypt, GCN Crypt, and GCN Code Type Helper downloads added 06-27-03 "Secrets..." goes solely HTML! -XPloder 7K decryption algorithm -New AR Crypt info added -Added PS2 encryptor program (javascript) -Added Z64 and V64 info in the GameShark FAQ -Added N64 Emulator Based Hacking guide -Updated N64 ASM Hacking -Updated the Downloads section -More Downloads Added -Image Modifiers 05-31-03 Tons of new info added: -codetypes updated/added for all systems -new N64 enabler information -More complete Button Activator/Joker info -New method of hacking N64 Button Activators -Hacking Timer codes -Quickstart/Skip Into codes -CPU <> P2 Control Modifier Codes -New Moon Jump Method -X/Y/Z Coordinate Modifiers -Floating Points info -Encryption information PS2 -AR Crypt for GBA: Program, V3 code types and guide. -PS2 hacking -Info on DC hacking -Huge N64 ASM Guide -GBA ASM Hacking tutorial -GBA Size Mods -Brought the GS FAQ up-to-date -Greatly expanded the TOC -Added a few mini-TOCs in places they'll be useful 05-21-03 Tolos finally manages to pull an update together. -Added PS2 code type info -GSA and CBA info -Added N64 control stick activator info. -Added links in the Table of Contents for easy refernce (HTML version). 01-01-03 Macrox fixed the errata of missing code types for GS and CB GBA. 05-20-02 Tolos assigned new acting editor by macrox. -Hacking GameBoy Advance enabler codes -GameBoy Advance code types -Added a tidbit on hacking debug codes -Added a section on hacking GameBoy Advance codes. 11-27-01 Interact Accessories affiliation in legal section removed. Reference to Gameshark removed from work title. The reader is to Infer the term gameshark, codebreaker and xplorer to mean cheat device where it occurs in this work. See legal section for proper credit. 04-21-01 -Revised section on N64 and XP code types -DC code types and buttons. -Comparison of GameBoy hacking devices -Reflashing a GameBoy Shark. -More on hacking enabler codes and forcing high and low mode res -DC code types: CodeBreaker, Xplorer and Gameshark. -How to Hack Speed modifiers. -Update on Keycodes list -Revised FAQ section. 11-11-00 -Reflashing a corrupted GameShark -Info on Pelican's new hack device for Game Boy, "Code Breaker" -Gameboy hacking info courtesy of Curly9od 05-06-00 -How to hack specific codes section appended -Using the memory editor has been appended -How to install the pc hacking utilities, hooking the GameShark to a PC and upgrading (flashing) the GameShark Rom added. -How to hack enabler codes -Hacking walk through walls (WTW) codes -Link to online code porter (when text viewed online). 07-22-99 -New chapter added - Chapter 4 - GameShark / GameShark Pro FAQ. -New "How-to" added, for the Big Time Hackers. -Decimal/Hexadecimal conversion formula added. -"This Version", "What's New" and "Coming Soon" sections added. -Many new code type prefixes added. ----------------------------------------------- III) Coming Soon ----------------------------------------------- Gamecube Hacking Caetla Code Types XP64 Code Types Saturn Emulator Hacking CodeBreaker2 Code Types TBA - To be announced topics. ----------------------------------------------- IV) Dedication - by Kong K. Rool ----------------------------------------------- This document, in all its entirety is dedicated to my dad. A very brilliant man in the computer/science fields. He passed away July 9th of 1999 at the age of 36. May he rest in peace. - Kong K. Rool (aka Parasyte) ----------------------------------------------- V) Preface ----------------------------------------------- First off I want to say, Macrox has semi-retired from the hacking scene. That left no one to tend this marvelous document. Then Interact suddenly stopped hosting GSCentral when they learned that their GameBoy Advance encryption code had been cracked, and the people at GSCentral were creating codes that worked with the GameBoy Advance GameShark. After GSCentral came back, we learned we could not use the word GameShark (TM), or have the Hacking Text displayed. So I volunteered to host this document. I hope I can do a good job; as well as Macrox and Parasyte: that is my aim. I also want to thank macrox, HyperHacker, and DgenerateKane for helping me along. Happy hacking, Tolos (Assigned Editor in Chief) P.S. The Hacking Text has been re-instated on GSCentral. A mirror copy of this document will be kept on Tolos’ web sites. These are the only officially endorsed sites by macrox on the most up to date versions of the text. - macrox 1-1-2003 (Editor - retired) ----------------------------------------------- VI) Acknowledgments ----------------------------------------------- Many talented people have contributed to this work over time either directly or indirectly. To those people we say thank you for all your contributions to the world of video games and for hacking codes and sharing ideas on how to hack codes. People whom have shared ideas and contributed information for this document: Kong K. Rool (aka Parasyte) Macrox macrox_the_sage@yahoo.com Tolos tolos_magician@yahoo.com HyperHacker DGenerateKane ShadowKnight Jim Reinhart (GSCentral Founder) Code Master Kamek Freeza Subdrag Viper666(187) viper@gscentral.com Sutaz james007 Gold64007 Stinky613 Crocc Zap2 CodeBoy Savior Charizard Dr. Ian Curly9od Bleeding Gums Murphy Kola FoxDie ARHQ - our AR PRO replay affiliates. Kenobi Icy Guy Goldenboy This list goes on and on, we apologize for any omissions of people who gave of their time to advance the art. The authors want to thank everyone at GSCentral, Game Shark Zone, Game Shark (Software) Code Creators Club, Gamasutra, Dextrose, Interact, MadCatz, and Datel for fruitful discussions. Section 2 : Hacking ----------------------------------------------- VII) Introduction ----------------------------------------------- Welcome to the GameShark World. In this document, you will learn several different ways to hack your own codes. These methods range in degree of difficulty from easy to difficult and yield various results. As you read you are encouraged to practice the methods that are described in this document. This way, you will learn by your activities. There is more than one way to hack codes. This ranges from guessing, to a secret hacking system, which not everyone will understand. Again, as you read, try the ideas mentioned. It has been proven that people learn easier and faster when they are active in a project. It is the authors wish that the material presented here meets the anticipated needs of the reader's wishes to learn to hack GameShark codes. You might even come up with another variation of these methods to hack codes. If you do, let us know and we will consider including it in future versions of this document. ----------------------------------------------- VIII) Hacking Basics ----------------------------------------------- A) Know the Code Offsets Offsets(or RAM addresses) are typically found by examination of the game memory by using advanced hacking equipment such as a GS Pro, Shark Link or hex viewer on a ROM. Basically, an offset is a "memory holder" in which it (usually) holds a byte of memory(a two digit hexadecimal code). If you find an offset that holds the health digits when using a ROM and hex viewer, you can be certain that it isn't the GS code(if you find the health at offset "012203" the GS code usually won't be "80012203 FFFF".) There is less than a 1% chance of finding an offset and it actually being the code. The reason the offset and the offset digits in a GS code are not the same is this - There are MANY, MANY offsets which are used to tell the platform what type of game it is(size, language, title, checksum values, etc.), and other operation codes which will assign all the offsets to do what they are meant to do. There are offsets that hold the hex values that make up the pictures you see in the game, the coordination's of the character you control, mathematical operations... The list goes on and on... The header(tells the machine what type of game you're are booting) might take up all offsets past "012203" itself! There is a block of info that tells where the quantifier-offsets(the byte of memory which you change through GS codes begin and which are usually things such as number of an item you have or level of health you have). This block is called RAM(Random Access Memory), which does exactly what it says. RAM is memory that will be changed all throughout its processing. Score and health are good examples of RAM, the values for both will be changed while you're game is running. So think of GameShark as a RAM Editor. More information about offsets is beyond the scope of this document and will not be included in future editions of this text. B) Systems of counting or number base B-1) Decimal Decimal Notation, based on ten digits, is something you already know. Count to 50 like you normally count. You can count using decimal notation. B-2) Binary Binary, or dual counting, is based on two digits. It's really easy to understand and use. You'll need to know the following - There are two characters used in binary - 0,1 (Think of it as a switch). A "1" means the switch is turned ON. A "0" means the switch is turned OFF. That's what binary is, a bunch of switches. I won't go into any more detail about switches now, but will return to this topic later in the document. A four-digit string of code written in binary is called a "word".(this is also the same in hex[1-digit]) Four Binary Digits(bits - 'BInary digiTS') equals 1 digit hex. Three bits equals 1 digit octal. Now that you know that, hex and octal should seem easier to learn. In this document, we will refer to any and all hex values with "-h" and decimal values with "-d". So value "100" decimal will read like this - "100-d" and "64-h". How do you convert from bits to hex and back? Look at this chart - Hex Binary Hex Binary 0 - 0000 8 - 1000 1 - 0001 9 - 1001 2 - 0010 A - 1010 3 - 0011 B - 1011 4 - 0100 C - 1100 5 - 0101 D - 1101 6 - 0110 E - 1110 7 - 0111 F - 1111 If you notice, there are no more 4-digit combinations of "0,1" left. Now for the conversion part. Look at the 4 bits, each of the numbers have a value assigned to them. We will call these values, "Bit Values". Number in Hex 6 Number in Binary 0110 Bit Value 8421 (The Bit Value will ALWAYS be this! So remember it!) You are going to learn to convert by using multiplication. Math is a great tool to use when working with the GameShark. You can represent the binary word by letting "0110"(8421) = "IJKL" and thus you get "1xL + 2xK + 4xJ + 8xI" = "L+2K+4J+8I"(in algebraic terms). Now substitute the binary back in, you would get "1x0 + 2x1 + 4x1 + 8x0" = "0+2+4+0" which adds up to six. Six is what the hex value was in the beginning. To convert back to binary, use the formula "L+2K+4J+8K", find the numbers, which add up to six. In this case, "4 and 2". Remember, "IJKL" = the bit value. Then substitute the binary back in - "1x0 + 2x1 + 4x1 + 8x0" = "0110". Why do that when there's an easier way? Because there is no use in converting when you don't understand why it is done in that way. You will learn an easier way soon, in fact, make one up! Octal conversions are the same as hex-to-bit. Only, octal goes up to "7". So the bit value looks like this - Octal 3 Binary 011 Bit value 421 The Bit Value will NEVER change. The bit value is actually the value assigned for each bit. If you have an 8-bit value, the bit value would look like this - (128)(64)(32)(16)(8)(4)(2)(1) Notice that every time a new bit is added(to the beginning, no doubt), the last bits' value will double. Further explanation is beyond the scope of this text. To convert between hex and decimal, use this formula - yz = 2-digit value hex (when) z = "A-hex", A = "10-dec" (when) z = "B-hex", B = "11-dec" (when) z = "C-hex", C = "12-dec" (when) z = "D-hex", D = "13-dec" (when) z = "E-hex", E = "14-dec" (when) z = "F-hex", F = "15-dec" (if) z = #, skip next step z-hex = z-dec, z-dec = q (if) y = #, skip next step y-hex = y-dec, y-dec = r y*6 = s yz+s = yz-dec This looks confusing, I know, but I'll explain it as if I were talk to a 10-year-old child. First, "yz" represents a 2-digit hex value. Our value will be "64"(y=6, z=4). When "z" is an "A", A equals "10-d". Understand that so far? If "z"(in the 'yz' hex value) is a number, skip the next step(4 is a number, so we skip this next step). Transfer "z" to decimal(look at the "when's"). If "y" is a number, skip the next step(6 is also a number, we skip the next step). Transfer "y" to decimal(look at the "when's"). Multiply value "y" by 6, the factor is "s". 6*6 = 36, s=36. Add value yz and value s. 64+36 = 100 64-h = 100-d. Now let's do it short-hand - "yz" = C8 C = 12, yz = (12)8 12*6 = 72 (12)8 + 72 [7]2 -- 72-d +(12)8 -- C8-h ------ [20]0 -- 200-d C8 = 200 If this doesn't make sense, I didn't explain it well enough. It is important to understand how to do the number base conversions before continuing. If you do not understand, the reader is encouraged to review the material already presented. B-3) Bitwise Operations You may hear about "Bitwise Operators" and wonder what some of them actually do. They're used for doing binary math, for lack of a better explanation. & (AND) The AND operation can best be understood like addition.. only there's no adding or carrying involved... really the only similarity is that you work with each digit the same as you do with addition... Like this: 1000 +0001 ------ 1001 Just add each digit downward. Well, AND requires you to work with each digit downward as well. Here are the rules: 1 & 1 = 1 1 & 0 = 0 0 & 1 = 0 0 & 0 = 0 That means the result will be a 1 ONLY if both comparing digits are 1 Think of it as true and false.. if TRUE & TRUE, then TRUE. 1100 &1010 ------ 1000 Starting from the left-most digits, 0 & 0 = 0, 0 & 1 = 0, 1 & 0 = 0, 1 & 1 = 1.... and there's your result. You can use bitwise AND for a technique called MASKING. Masking allows you to strip certain bits, while saving others. Say you wanted to strip the upper nybble of a byte, and save only the lower nybble... Well, you AND that byte with 00001111b. When you do that, the upper 4 bits will be completely stripped, because 0 & anything is always equal to 0 and the lower four bits will copied over directly, because 1 & anything = bits that were set. This can be useful when dealing with hex numbers as well. Say you have AC1B02FF and you want the lower four bits for some reason. AC1B32ED AND 0000FFFF = 000032ED | (OR) When using OR, TRUE or anything = TRUE The rules: 1 OR 1 = 1 1 OR 0 = 1 0 OR 1 = 1 0 OR 0 = 0 OR is used to set bits... whereas AND is used to clear. So, if you wanted to set the least significant bit, your could do "BYTE OR 00000001" XOR XOR means EXCLUSIVE OR. it's purpose is to inverse bits. The rules: 1 XOR 1 = 0 1 XOR 0 = 1 0 XOR 1 = 1 0 XOR 0 = 0 Pretty simple here... it works just like OR, with the exception that 1 XOR 1 = 0. Say you have a flag, and you want to toggle it on and off. You can do "VAR XOR 00000001" and it will inverse it; it will turn it on if it's off, or it will turn it off if it's on. That's much easier than doing "if VAR = 0 then VAR = 1, else if VAR = 1 then VAR = 0." Just a simple XOR operation and you're done. Much faster. NOT NOT works EXACTLY like XOR with the mask completely filled with 1's NOT will inverse the variable completely. All 1's are changed to 0 in the result, and all 0's are changed to 1 in the result 10101010 XOR 11111111 = 01010101 NOT 10101010 = 01010101 What's the difference? As you can see, NOT does not have a mask... so you just say "NOT VAR" and you know it's the same as "VAR XOR 11111111" The difference could be speed. Especially in assembly, where you might have to load 0xFFFFFFFF into a register to perform the XOR; you could just do a simple NOT instead. Inversing is great because you can negate numbers with it NOT VAR + 1 = -VAR Take for example... NOT 00000001 = 11111110 11111110 + 1 = 11111111 and of course, 11111111 = FF, FF is -1 << (Left Shift) Shifting left works like multiplication when you shift left, all right-most bits get shifted over to the left, and 0's get shifted into the blank spaces. Here are some examples: 00111111 << 2 = 11111100 00000001 << 3 = 00001000 10000000 << 1 = 00000000 Just shifting digit places. So, shift left by 1 is the same as multiplying by 2, left shift by 2 is the same as multiplying by 4. shift left by 3 is the same as multiplying by 8, etc. Left shit works best as a means to multiply by a power of 2. 2^1 = 2, 2^2 = 4, 2^3 = 8, etc. Shift left x is the same as multiply by 2^x. >> (Right Shift) Right shift works the same, only opposite, so it's like dividing. When right shifting, bits shifted off of the right side are completely lost, and bits shifted in from the left come in as 0. Well, they usually shift in as 0 when right shifting. In MIPS, you may have noticed "Shift Right Arithmetic (SRA)" and "Shift Right Logical (SRL)." Shifting right logical will ALWAYS shift 0's into the new spaces. Shifting right arithmetic will shift the MSB (most signifigant bit) into the new spaces. The MSB is treated as a sign bit with arithmetic right shift. That's a way to preserve the sign when you divide a negative number. Here are some examples... SRA = Shift Right Arithmetic, SRL = Shift Right Logical: 10000000,00000000,00000000,00000000 SRA 4 = 11111000,00000000,00000000,00000000 10000000,00000000,00000000,00000000 SRL 4 = 00001000,00000000,00000000,00000000 B-4) Hexadecimal Hexadecimal is a programming 'language' you must know in order to hack GameShark codes. So, what is it? Hex is what your GameShark codes are written in. There are sixteen characters used in a GS code. The characters are as follows - 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F Let's learn to count in hex. If you look above, you'll see how to count to fifteen in hex. What's sixteen? "10-h" is sixteen. By the way, don't say "ten," say, "one, zero" for '10-h'. Let's see what you've learned. What comes after 19? What comes after 3F? If you said, "1A" for question #1, that is correct. If you said, "40" for question #2, you should know how to count in hex! B-5) Octal Octal is just another way to write binary(like hex), but octal words are longer than hex words. What you've already read is enough to know about octal. You do not need to know octal to hack GS codes. B-6) ASCII ASCII is what you are looking at right now. ANYTHING that can be typed on the keyboard is ASCII. ASCII is useful to know when hacking in my secret way. It is also useful for using the text editor search option in hacking devices such as the GameShark PRO. You don't need to know the assignments for ASCII characters(although you might need to know them when hacking text editing codes). B-7) Floating Points Floating Points are a hexidecimal representation of "real numbers", usually following the IEEE-754 standard. This could be considered an advanced topic, if nothing else, because even some long time hackers I've mentioned it to have never heard of them. However, even those who haven't heard of them, have most likely dealt with them in one game or another. To put it in the simplest terms possible: Floating Points are numbers with decimal points. 100.0 and 100 are common values used by games to represent your max health. The difference is 100 is 64 in hex; 100.0 is 42C80000 in hex. In hacking terms, Floating Points can make it difficult to find some things, if you're only using 8-Bit comparisons. I'm not saying 32-Bit comparisons are required though. Most things that use Floating Points are still found by 16-bit searches. So how can you convert those hex values like 42C80000 to their decimal form? This is a question I've been asking for a while now. I'm told it involves advanced math functions like Shifts and XORs. Don't get worried though. As with most things that require much thinking, somebody wrote a program to do the conversions for us. You can get FloatConvert here. Nobody really knows who wrote this, but I thank that person whoever they are. It's not required you know anything about Floating Points to hack most codes, but they are a major part of games and certain, more advanced, code types can be harder to find if don't have a little understanding of this. C) About Most GameShark Hackers Most hackers use more than one way to hack. Most know programming languages such as binary/hex/octal, HTML and Perl, scripting languages, R300 Instruction sets, etc. HTML and Perl is included here because many hackers want to use this language to create a website that has all their codes displayed. You don't need to learn many of the things other than binary and hexadecimal to "hack better than the Pros." Here are some ways you can hack(1 star[*] by the name is easy, 2 is harder, etc.) - Guessing**** This isn't easy, because you don't always find a code this way. It's not only troublesome, but risky at some times. Some guessed codes can corrupt game data and corrupt hacking devices. Modifying Codes* One of the easiest things to do. Change a number on an existing code, you make a new code. (Only works when you have a basis[base code] to work with.) This technique was and still is widely used. Looking At The Source[Code]*** Hard, but most effective. Worth a shot. This technique requires the reader to have a working knowledge of dissembler programs and is currently beyond the scope of this work. Using Hacking Equipment* - ***(Code Generators; i.e. GS PRO) Another way to get codes. It might not be very easy, but it doesn't take much time. Plus, it's the second most effective way to hack. Can be used to get easy to hard code types. Porting** Porting is taking a code from one version of a game, and making it work on another version of that same game. This does not always work. The reason is the same reason that they make more than one version. Possibly to fix a minor bug. So the offsets will be in a higher or lower position, or even moved to a totally different location. You can use the "GS Code Porter"(available at GameShark Central) to port any code for you. Hence you can make a code before anyone else gets the chance! See FAQ section. Combination Hacking* - *** All you need to do is hack using two or more methods at once, for a greater chance of finding a code. (!!!!!There is a slight risk of loosing saved data on your GS when turning the system on and off while guessing or modifying codes.) ----------------------------------------------- IX) How-to Guide - Getting Started ----------------------------------------------- A) What do I need? You need a Game Platform(N64, PSX, Dreamcast, Game Boy, etc.), you need a game to hack, and you need a GameShark,GameShark PRO or GameShark CDX and/or other hacking devices such as the Blaze Xplorer/Xploder or Pelican CodeBreaker. You will also need other things to hack in other ways such as a hex editor and calculator can do hex math or perhaps an emulator that can capture memory dumps or can do game saves all of which can be analyzed later by some hex editor program. A will to learn, basic math skills, patience, endurance, practice and this using this document are the things you need. B) What do I need to Know? If you've managed to read everything above, then you know about basis of everything you'll need to know about hacking. The remainder is learning to use hacking equipment and the software for it and to master the basics as presented here and then from there to be resolved to try as best you can to hack the harder code types. C) Learn Your "Shark" and code types There are a few things you'll need to know about your GameShark before we begin hacking. You'll discover how the GameShark codes work. This is the layout of all N64/PSX 'Shark codes - XXYYYYYY ZZZZ This is the layout of all GB 'Shark codes - XXZZYY-YY This format is called endian. Most Memory ram dumps are in this format. The GB Gameshark rewrites the code to reversed endian format as XXZZYYY. The Pelican CodeBreaker uses unencrypted endian format. The Xploder uses both encrypted and decoded reverse endian formats. "X" digits is the 'prefix', used to tell the GS what kind of code you are using. "Y" digits are the 'Offset Digits', used to locate the offset digits you want to change. "Z" digits are the 'Quantity Digits', used to change the quantity of the chosen offset. The reason there is a hyphen between the Y's in the GB code layout is because the Y's are actually set up backwards. The first two Y's should be behind the second two. Of course, you only need to know this if you are going to use my hacking method... You ARE going to try it, right? Note: GameShark and Action Replay code types are the same. Nintendo 64 Code TypesCompatibility 8-bit Constant Write Constantly writes the value specified by YY to address XXXXXX. This and its 16-Bit counterpart below are the most used code types on N64. You'll probably be making most of your new codes with them. GS/XP6480XXXXXX 00YY 16-bit Constant Write Constantly writes the 16-Bit value specified by YYYY to address XXXXXX. GS/XP6481XXXXXX YYYY 8-bit Uncached Write Constantly writes the value specified by YY to the uncached address XXXXXX. GS/XP64A0XXXXXX 00YY 16-bit Uncached Write Constantly writes the 16-Bit value specified by YYYY to the uncached address XXXXXX. GS/XP64A1XXXXXX YYYY 8-bit GS Button Writes the value YY to address XXXXXX ONLY when the GS Button is pressed. GS/XP6488XXXXXX 00YY 16-bit GS Button 16bit version of the above. Writes the value YYYY to address XXXXXX ONLY when the GS Button is pressed. GS/XP6489XXXXXX YYYY 8-Bit Equal To Activator Execute the following code (ZZZZZZZZ ZZZZ) ONLY when the value stored in address XXXXXX is equal to YY. GS/XP64D0XXXXXX 00YYZZZZZZZZ ZZZZ16-Bit Equal To Activator Same as above, only it reads a 16bit value. GS Pro 3.0+ ONLY! GS/XP64D1XXXXXX YYYYZZZZZZZZ ZZZZ8-Bit Different To Activator Execute the following code (ZZZZZZZZ ZZZZ) ONLY when the value stored in address XXXXXX is NOT equal to YY. GS 3.0+D2XXXXXX 00YYZZZZZZZZ ZZZZ16-Bit Different To Activator Same as above, only it reads a 16bit value. GS 3.0+D3XXXXXX YYYYZZZZZZZZ ZZZZDisable Expansion Pack Keeps the game from using the expansion pack if it is present. Also used on some older non-expansion pack games to increase compatibility with the code generator. GS Pro 3.2+EE000000 0000Disable Expansion Pack Disabled the expansion pack (if present) using a secondary method. GS Pro 3.2+DD000000 0000Disable Expansion Pack Disabled the expansion pack (if present) using a 3rd method. GS Pro 3.2+CC000000 0000Enable Code Tells the GameShark where the value "3C0880" is in the RAM. This type of code does not write a value to the given address. It sets the entry point which the GS will use to start the game. Games which require that code have a specific protection chip which will set the entry point upon booting the N64. GS 1.08+DEXXXXXX 0000Enable Code / 8-Bit Write Once Tells the GameShark what address is causing malfunction with it, and writes the supplied value to that address. Writes the value YY to the address XXXXXX once on boot. F0\F1 codes write to RAM before starting the game. This way, the codes take effect before the code handler is executed. GS Pro 3.0+ / XP64F0XXXXXX 00YYEnable Code / 16-Bit Write Once 16-Bit version of the above. GS Pro 3.0+ / XP64F1XXXXXX YYYYSet Store Location For Active Codes Sets the location in RAM where active codes are stored. Usually only used on games that utilize the expansion pack. GS Pro 3.3+FFXXXXXX 0000Enable Code - Xploder64 The same as an F1 enabler on GS Pro. XP642AXXXXXX YYYYEnable Code - Xploder64 The exact use of this code type is unknown as of now. XP643CXXXXXX YYYYPatch Code Patch codes, aka Serial Repeaters, are used to make a code string shorter. EG, You have five codes put together to give you "all weapons." Use the patch to shorten it to two codes. XX is the number of addresses to write; YY is the amount (offset) to add to each address; ZZ is the amount to add to each value. GS Pro 3.3+5000XXYY 00ZZTTTTTTTT VVVV Playstation Code Types Compatibility GameShark8-bit Constant Write Constantly writes the value specified by YY to address XXXXXX. This and its 16-bit counterpart below are the most used code types on PSX. You'll probably be making most of your new codes with them. GS x.x30XXXXXX 00YY 16-bit Constant Write Constantly writes the value specified by YY to address XXXXXX. This and its 16-bit counterpart below are the most used code types on PSX. You'll probably be making most of your new codes with them. GS x.x80XXXXXX 00YY 8-bit Equal To Activator When the value for the given address is equal to the supplied value, activate the following code. GS 2.2+E0XXXXXX 00YY 8-bit Different To Activator When the value for the given address is different to the supplied value, activate the following code. GS 2.2+E1XXXXXX 00YY 8-bit Less Than Activator When the value for the given address is less than the supplied value, activate the following code. GS 2.2+E2XXXXXX 00YY 8-bit Greater Than Activator When the value for the given address is greater than the supplied value, activate the following code. GS 2.2+E3XXXXXX 00YY 16-bit Equal To Activator When the value for the given address is equal to the supplied value, activate the following code. GS x.xD0XXXXXX 00YY 16-bit Different To Activator When the value for the given address is different to the supplied value, activate the following code. GS 2.2+D1XXXXXX 00YY 16-bit Less Than Activator When the value for the given address is less than the supplied value, activate the following code. GS 2.2+D2XXXXXX 00YY 16-bit Greater Than Activator When the value for the given address is greater than the supplied value, activate the following code. GS 2.2+D3XXXXXX 00YY 16-bit Universal Activator Same as D0 except not RAM dependent. More easily used as a button activator. GS 2.41+D4000000 YYYY 16-bit All-code Button Activator When buttons pressed equal YYYY then activate all codes. GS 2.41+D5000000 YYYY 16-bit Universal De-Activator When buttons pressed equal YYYY then de-activate all codes. GS 2.41+D6000000 YYYY 16-bit Increment Value Add value(16-bit) code. Use with D/E activators. Example -(adds value "1007" to address "001221" when address "110012" equals value "5")D0110012 000510001221 1007 GS 2.2+10XXXXXX 00YY 16-bit Decrement Value Subtract value(16-bit) code. Use only with D/E activators. Example -(subtracts value "102" from address "001221" when address "110012" equals value "6")D0110012 000611001221 0102 GS 2.2+11XXXXXX 00YY 8-bit Increment Value Add value(8-bit) code. Use with D/E activators. Example -(adds value "7" to address "001221" when address "110012" equals value "5")D0110012 000520001221 0007 GS 2.2+20XXXXXX 00YY 8-bit Decrement Value Subtract value(8-bit) code. Use only with D/E activators. Example -(subtracts value "2" from address "001221" when address "110012" equals value "6")D0110012 000621001221 0002 GS 2.2+21XXXXXX 00YY Patch Code Patch codes, aka Serial Repeaters, are used to make a code string shorter. EG, You have five codes put together to give you "all weapons." Use the patch to shorten it to two codes. XX is the number of addresses to write; YY is the amount (offset) to add to each address; ZZ is the amount to add to each value. GS 2.41+5000XXYY 00ZZTTTTTTTT VVVVActivate All Codes Works like the D0/E0 code type, but affects ALL codes. Use as an (M) Must Be On if the game won't load with codes turned on. GS 2.2+C0XXXXXX YYYYActivate All Codes On Delay Works like the D0/E0 code type, but affects ALL codes. This is like a timer. A value of around 4000 or 5000 will usually give you a good 20-30 second delay before codes are activated. Use as an (M) Must Be On if the game won't load with codes turned on. GS 2.41+C1000000 YYYYCopy Bytes Copy's YYYY bytes from location XXXXXX to location ZZZZZZ. Example use would be:C2040450 000880040680 0000That would copy 8 bytes from 40450 to 40680. GS 2.41+C2XXXXXX YYYY80ZZZZZZ 0000 Xplorer/Xploder -- see explorer FAQ for more info8-bit Constant Write Writes value YY to address XXXXXX. Xplorer30XX XXXX 00YY16-bit Constant Write Writes value YYYY to address XXXXXX. Xplorer80XX XXXX YYYYSlow Motion Code Delays CPU by X per cycle. Best used with activator. Xplorer4000 0000 000XText Replace Code Writes any number of bytes ZZ to address XXXXXX. YYYY is the number of bytes to write. Xplorer50XX XXXX YYYYZZZZ ZZZZ ZZZZZZZZ ZZ.. ....Do on Event Code CPU breaks at address AAAAAAAA; YYYY is number of bytes used (XX's); FFFFFFFF is the break point mask; CCCC is the type of break point, which can be E180 (instruction gotton by CPU but not yet implemented), EE80 (data to be read or written), E680 (data to be read), EA80 (data to be wrtten) or EF80 (instruction). Xplorer6000 0000 YYYYAAAA AAAA CCCCFFFF FFFF XXXXXXXX XXXX XXXXDo-if-True Code If address XXXXXX is equal to value YYYY execute following code. Xplorer70XX XXXX YYYYDo-if-False Code If address XXXXXX is not equal to value YYYY execute following code. Xplorer90XX XXXX YYYYPatch Code nn is the number of repetitions (plus one); AAAA is the size of the address step; BBBB is the increase in the data value per step; XXXXXX is the initial address; YYYY is the inital value. XplorerB0nn AAAA BBBB10XX XXXX YYYYDo-if-True Code (c-code) Same as 7-code, but only functions from 0010 0000 to 01FF FFFF. XplorerC0XX XXXX YYYYDo-if-True Code (d-code) Same as 7-code. but only functions from 0000 0000 to 000F FFFF. XplorerD0XX XXXX YYYYAuto-Activating Code Automatically activates other selected codes if address XXXXXX is equal to YYYY. XplorerF0XX XXXX YYYY 32-Bit Constant Write 32-bit constant write to XXXXXX address (0000YYYY) Xplorer00XX XXXX YYYY Playstation 2 Code Types - Courtesy hellion (hellion00.thegfcc.com)Note that all the code types below are in RAW form. RAW codes must be encrypted to work on the Gameshark™ for Playstation 2.8-bit Constant Write This command will constantly write the value specified by dd to the address specified by aaaaaaa. 0aaaaaaa 000000dd 16-bit Constant Write This command will constantly write the value specified by dddd to the address specified by aaaaaaa. 1aaaaaaa 0000dddd 32-bit Constant Write This command will constantly write the value specified by dddddddd to the address specified by aaaaaaa. 2aaaaaaa dddddddd Increment/Decrement Commands 8-bit Increment This command adds the value specified by nn to the value stored at the address aaaaaaaa. 301000nn aaaaaaaa 8-bit Decrement This command subtracts the value specified by nn to the value stored at the address aaaaaaaa. 302000nn aaaaaaaa 16-bit Increment This command adds the value specified by nnnn to the value stored at the address aaaaaaaa. 3030nnnn aaaaaaaa 16-bit Decrement This command subtracts the value specified by nnnn to the value stored at the address aaaaaaaa. 3040nnnn aaaaaaaa 32-bit Increment This command adds the value specified by nnnnnnnn to the value stored at the address aaaaaaaa. 30500000 aaaaaaaannnnnnnn 00000000 32-bit Decrement This command subtracts the value specified by nnnnnnnn to the value stored at the address aaaaaaaa. 30600000 aaaaaaaannnnnnnn 00000000 Test Commands 16-bit Equal Only when the value at the address specified by aaaaaaa is equal to the value specified by dddd will the next line of code be executed. Daaaaaaa 0000dddd 16-bit Not Equal Only when the value at the address specified by aaaaaaa is not equal to the value specified by dddd will the next line of code be executed. Daaaaaaa 0010dddd 16-bit Less Than Only when the value at the address specified by aaaaaaa is less than the value specified by dddd will the next line of code be executed. Daaaaaaa 0020dddd 16-bit Greater Than Only when the value at the address specified by aaaaaaa is greater than the value specified by dddd will the next line of code be executed. Daaaaaaa 0030dddd 16-bit Equal : Multiple Skip Only when the value at the address specified by aaaaaaa is equal to the value specified by dddd will the next nnn lines of code be executed. Otherwise, they will be skipped. Ennndddd 0aaaaaaa 16-bit Not Equal : Multiple Skip Only when the value at the address specified by aaaaaaa is not equal to the value specified by dddd will the next nnn lines of code be executed. Otherwise, they will be skipped. Ennndddd 1aaaaaaa 16-bit Less Than : Multiple Skip Only when the value at the address specified by aaaaaaa is less than the value specified by dddd will the next nnn lines of code be executed. Otherwise, they will be skipped. Ennndddd 2aaaaaaa 16-bit Greater Than : Multiple Skip Only when the value at the address specified by aaaaaaa is greater than the value specified by dddd will the next nnn lines of code be executed. Otherwise, they will be skipped. Ennndddd 3aaaaaaa Miscellaneous Commands Copy Bytes (GS2 v2.0 or higher) a = Address to copy fromb = Address to copy ton = Number of bytes to copy 5aaaaaaa nnnnnnnnbbbbbbbb 0000000032-bit Multi-Address Write Starting with the address specified by aaaaaaa, this code will write to xxxx addresses. The next address is determined by incrementing the current address by (yyyy * 4). The value specified by dddddddd is written to each calculated address. Also known as a "Patch Code." 4aaaaaaa xxxxyyyydddddddd 00000000 Untested Commands 3000nnnn dddddddd aaaaaaaax(n-1) 32-bit Multiple Address Write? 8aaaaaaa bbbbbbbb cccccccc 00000000 Master Command Aaaaaaaa dddddddd 32-bit Write Once? B0000000 nnnnnnnn Timer Command Caaaaaaa dddddddd 32-bit Equal? Faaaaaaa bbbbbbbb Master Command DEADFACE xxxxxxxx"DEADFACE" Master Command - changes encryption seeds Sega Dreamcast Code TypesThe following are what decrypted or raw code types look like. Xploder and Codebreaker use this format. Gameshark uses an encrypted format for the first line of the code (the address) while all use the second line as is (offset or quantifier). Dreamcast has 32 bit codes. These codes will require 8 digits for the offset and 8 digits for the quantifier, 2^32= FFFFFFFF in hex. Example, XXYYYYYY ZZZZZZZZ.Note: It is not unusual for manufacturers of cheating devices to encrypt their codes. Fire International (Blaze USA) has encrypted codes in both its N64 and Game Boy Xploder/Xplorer, while Interact has employed encryption in its DC Shark, GameBoy Advance Shark, and Playstation 2 Shark. If the code begins with a '0', then it is in decrypted format. As in any encryption there always is a crack to defeat it. Codebreaker and Xploder both have the built in ability to accept DC gameshark codes in decipher them. It is left to the reader to explore the decryption further. Code ValueDescription00xxxxxx000000vvWrite 8bit (byte) value "vv" to memory address 8cxxxxxx. That is, 8 bit constant write.01xxxxxx0000vvvvWrite 16bit (2byte) value "vvvv" to memory address 8cxxxxxx. That is, 16 bit constant write.02xxxxxxvvvvvvvvWrite 32bit (4byte) value "vvvvvvvv" to memory address 8cxxxxxx. That is, 32 bit constant write.0300nnnnaaaaaaaaGroup write code. nn specifies how many 32 bit values follow. aaaaaaaa is the addrsss to write to. The values following this code are written to address aaaaaaaa. E.g:03000004 8c01200011111111 22222222 33333333 44444444 The effect is as follows: With a count of 00000004 codes, to address 8c012000:8c012000 = 111111118c012004 = 222222228c012008 = 333333338c01200c = 44444444 030100vvaaaaaaaaIncrement code. Add the 8bit value vv to the value at address aaaaaaaa030200vvaaaaaaaaDecrement code. Subtract the 8bit value vv from the value at address aaaaaaaa 0303vvvvaaaaaaaaIncrement code. Add the 16bit value vvvv to the value at address aaaaaaaa0304vvvvaaaaaaaaDecrement code. Subtract the 16bit value vvvv from the value at address aaaaaaaa03050000aaaaaaaavvvvvvvvIncrement code. Add the 32bit value vvvvvvvv to the value at address aaaaaaaaNote that this code is 3 lines long and so will require an 0exxxxxx condition (not a 0dxxxxxx) if you're using it with a condition code.03060000aaaaaaaavvvvvvvvDecrement code. Subtract the 32bit value vvvvvvvv from the value at address aaaaaaaaNote that this code is 3 lines long and so will require an 0exxxxxx condition (not a 0dxxxxxx) if you're using it with a condition code.04xxxxxxrrrrssss vvvvvvvvRepeat/Filler code. Writes to address 8Cxxxxxx. Writes the 32bit value vvvvvvvv. Repeats this rrrr time, each time increasing the address by ssss (actually ssss x 4). That is, 32-Bit Constant Serial Write E.g:04007a300003000112345678 Effect: 8c007a30 = 123456788c007a34 = 123456788c007a38 = 12345678 05xxxxxxdddddddd nnnnnnnn Copy bytes code. Copy nnnnnnnn bytes from the address 8cxxxxxx to the address dddddddd. That is, constant copy bytes071000XX Change Decryption Type0b0xxxxx Delay putting on codes for xxxxx cycles.Default 1000 (0x3e7) 0cxxxxxxvvvvvvvvIf the value at address 8Cxxxxxx is equal to vvvvvvvv, execute ALL codes; otherwise no codes are executed. Useful for waiting until game has loaded.0dxxxxxx0000vvvv If the value at address 8Cxxxxxx is equal to vvvv, execute the following code. Can be used with code types 00, 01 and 02 only. To use this type of control with other codes use an 0e code. 0dxxxxxx0001vvvv If the value at address 8Cxxxxxx is different to vvvv, execute the following code. Can be used with code types 00, 01 and 02 only. To use this type of control with other codes use an 0e code. 0dxxxxxx0002vvvvIf the value at address 8Cxxxxxx is less than vvvv (unsigned), execute the following code. Can be used with code types 00, 01 and 02 only. To use this type of control with other codes use an 0e code. 0dxxxxxx0003vvvv If the value at address 8Cxxxxxx is greater than vvvv (unsigned), execute the following code. Can be used with code types 00, 01 and 02 only. To use this type of control with other codes use an 0e code. 0ennvvvv00aaaaaa If the value at address 8caaaaaa is equal to vvvv, execute the following nnnn lines of codes. E.g:0e04abcd0001200002300040ffffffff02300050eeeeeeeeif address 8c012000==abcd, execute the 04 lines of codes following. The 4 lines of codes being two "02xxxxxx" codes "02300040=ffffffff" and "02300050=eeeeeeee". 0ennvvvv01aaaaaa If the value at address 8caaaaaa is different to vvvv, execute the following nnnn lines of codes. 0ennvvvv02aaaaaa If the value at address 8caaaaaa is less than vvvv (unsigned), execute the following nnnn lines of codes. 0ennvvvv03aaaaaa If the value at address 8caaaaaa is greater than vvvv (unsigned), execute the following nnnn lines of codes. 0F-XXXXXX0000YYYY 16-Bit Write Once Immediately. (Activator code) Sega Saturn Code Types - Courtesy Leo/AGSCC and CodeMaster 16-bit Constant Write Just what it implies. Continuously writes YYYY value to XXXXXXX address. 1XXXXXXX YYYY 8-bit Constant Write Continuous write of YY value to address XXXXXXX. 3XXXXXXX 00YY 16-bit Write Once Writes YYYY value to XXXXXXX address once on boot up. Same as F0/F1 on N64 0XXXXXXX YYYY 16-bit Equal To Activator Activates the code on the line directly beneath it ONLY when XXXXXXX address is YYYY value. DXXXXXXX YYYY 16-Bit Enable Code Enable Code FXXXXXXX YYYY Gameboy/Gameboy Color Code Types8-bit Constant Write The most common GS code prefix for Gameboy is "01". This means the code resides in the first bank of the address line. Codebreaker users will find that 00 and 01 are equally used code types. The "00" simply means the code resides in the zero bank and "01" as above, the first bank. There are no known other code types for gameboy as there are for N64, Playstation and Dreamcast. Z is the data bank; XXXX is the address; YY is the value. 0ZYYXXXX Gameboy Advance Gameshark V1/V2 Code Types- by Parasyte (Additions by DGenerateKane)Note that all the code types below are in RAW form. RAW codes must be encrypted to work on the Gameshark for Gameboy Advance.8-bit Constant Write Continuously writes the value xx to the RAM address aaaaaaa. 0aaaaaaaa 000000xx 16-bit Constant Write Continuously writes the 16-Bit value xxxx to the RAM address aaaaaaa. Address must be aligned to 2 (must end with one of the following digits - 0,2,4,6,8,A,C,E). 1aaaaaaaa 0000xxxx 32-bit Constant Write Continuously writes the 32-Bit value xxxxxxxx to the RAM address aaaaaaa. Address must be aligned to 4 (must end with one of the following digits - 0,4,8,C). 2aaaaaaaa xxxxxxxx 32-bit Group Write Writes data to the following "count" (cccc) addresses. (xxxxxxxx value is also concidered an address, not really a problem, just a very stupid bug -- thanks Datel!!) Many addresses can follow. Example: 30000004 01010101 03001FF0 03001FF4 03001FF8 00000000 (write 01010101 to 3 addresses - 01010101, 03001FF0, 03001FF4, and 03001FF8. '00000000' is used for padding, to ensure the last code encrypts correctly) 3000cccc xxxxxxxx aaaaaaaa 16-bit ROM Patch This type allows GSA to intercept ROM reads and returns the value xxxx. The address is shifted to the right by 1 (divided by 2). You can either manually shift the address left by 1, or multiply by 2 to get the real address. GSAcrypt (Win32 version) has an option to automatically shift the address for you. Note: V1\V2 hardware can only have up to 1 user-defined rom patch max. V3 can have up to 4. some enable code types can shorten the amount of user-defined rom patches available. 6aaaaaaa 0000xxxx 16-bit ROM Patch Similar to first ROM patch code, except patch is enabled before the game starts, instead of waiting for the code handler to enable the patch. (address >> 1) 6aaaaaaa 1000xxxx 16-bit ROM Patch 16-bit ROM Patch ? (address >> 1) 6aaaaaaa 2000xxxx 8-bit GS Button Code 8-Bit RAM write only when the GS Button is pressed. 8a1aaaaa 000000xx 16-bit GS Button Code 16-Bit RAM write only when the GS Button is pressed. 8a2aaaaa 000000xx Slowdown On GS Button Slow down on GS Button. This type will put the GBA into a loop for "xxxx" number of times, each time the code handler is run. This slows the game down. 80F00000 0000xxxx 16-Bit 'If Equal To' Activator Activate the code on the next line ONLY when the value of address 'aaaaaaa' is Equal To xxxx. Daaaaaaa 0000xxxx 16-Bit 'If Equal To' Activator (Multi-Line) 16-Bit activate the multi lines if-true. If the value at address is equal to xxxx, execute following 'zz' lines. E0zzxxxx aaaaaaaa Hook Routine (For Enablers) Used to insert the GS code handler routine where it will be executed at least 20 times per second. Without this code, GSA can not write to RAM.xxxx:0001 - Executes code handler without backing up the $lr register. Must turn GSA off before loading game.0002 - Executes code handler and backs up the $lr register. Must turn GSA off before loading game. 0003 - Replaces a 32-bit pointer used for long-branches. Must turn GSA off before loading game. 0101 - Executes code handler without backing up the $lr register. 0102 - Executes code handler and backs up the $lr register. 0103 - Replaces a 32-bit pointer used for long-branches. Faaaaaaa 0000xxxx ID Code (For Enablers) Used by GSA only for auto-detecting the inserted game. xxxxxxxx 001DC0DE DEADFACE - Change Encryption Seeds "Deadface" is used to change the encryption seeds. It's original intent was probably to re- encrypt codes if someone figured out the normal encryption. (Very similiar to the CBA's '9' code type.) DEADFACE 0000xxxx Gameboy Advance Codebreaker Code Types- by Parasyte (Additions by DGenerateKane)Note that all the code types below are in RAW form. RAW codes must be encrypted to work on the Codebreaker for Gameboy Advance.Master Code #1 xxxx is the CRC value (the "Game ID" converted to hex)Flags ("yyyy"):0008 - CRC Exists (CRC is used to autodetect the inserted game) 0002 - Disable Interupts 0000xxxx yyyy Master Code #2 'y' is the CBA Code Handler Store Address (0-7) [address = ((d << 0x16) + 0x08000100)]1000 - 32-bit Long-Branch Type (Thumb) 2000 - 32-bit Long-Branch Type (ARM) 3000 - 8-bit(?) Long-Branch Type (Thumb)4000 - 8-bit(?) Long-Branch Type (ARM) 0020 - Unknown (Odd Effect) 1aaaaaaa xxxy 8-Bit Constant RAM Write Continuosly writes the 8-Bit value specified by 'yy' to address aaaaaaa. 3aaaaaaa 00yy Slide Code This is one of those two-line codes. The "yyyy" set is the data to store at the address (aaaaaaa), with xxxxxxxx being the number of addresses to store to, and iiii being the value to increment the addresses by. The codetype is usually use to fill memory with a certain value. 4aaaaaaa yyyyxxxxxxxx iiii 16-Bit Logical AND Performs the AND function on the address provided with the value provided. I'm not going to explain what AND does, so if you'd like to know I suggest you see the instruction manual for a graphing calculator. This is another advanced code type you'll probably never need to use. 6aaaaaaa yyyy 16-Bit 'If Equal To' Activator If the value at the specified RAM address (aaaaaaa) is equal to yyyy value, active the code on the next line. 7aaaaaaa yyyy 16-Bit Constant RAM Write Continuosly writes yyyy values to the specified RAM address (aaaaaaa). 8aaaaaaa yyyy Change Encryption Seeds(When 1st Code Only!) Works like the DEADFACE on GSA. Changes the encryption seeds used for the rest of the codes. 9yyyyyyy yyyy 16-Bit 'If Not Equal' Activator Basicly the opposite of an 'If Equal To' Activator. Activates the code on the next line if address xxxxxxx is NOT equal to yyyy Axxxxxxx yyyy 16-Bit Conditional RAM Write No Description available at this time. D00000xx yyyy AR V3 Codes TypesAbout the Code Types NumbersLet's take for exemple : Type E3 3.0.3.1.x : 00XXXXXX : (00000130 -> C7000130) ZZZZZZZZ : Write the Word ZZZZZZZZ to the address $4XXXXXX 3.0.3.1.x : 1st number = 3 = Data size (0 to 3) 2nd number = 0 = Code Type (0 to 7) 3rd number = 3 = Cude subtype (0 to 3) 4th number = 1 = Special bit (0 to 1) 5th number : x = Unused bit (0 to 3) 3.0.3.1.0 gives these (bit speaking) = 11.000.11.1.00 reverse it : 00.1.11.000.11 = 0011100011 = E3 = The code type. I choose to take this numbering to make it that the Ram 8bits write (Type 0), Ram 16bits write Type 1 andRam 32bits write (Type 2) have the same type number than for AR/GS V1/2. Moreover, If I didn't "reverse" the numbers, we've gotten almost only even code type number, which, IMHO, sounds really strange... 1) Normal RAM Write CodesType 000.0.0.x.x (02024EA4 -> 00224EA4)Fill area (XXXXXXXX) to (XXXXXXXX+YYYYYY) with Byte ZZ. XXXXXXXXYYYYYYZZ Type 011.0.0.x.x (02024EA4 -> 02224EA4)Fill area (XXXXXXXX) to (XXXXXXXX+YYYY*2) with Halfword ZZZZ. XXXXXXXXYYYYZZZZ Type 022.0.0.x.x (02024EA4 -> 04224EA4)Write the Word ZZZZZZZZ to address XXXXXXXX. XXXXXXXXZZZZZZZZ 2) Pointer RAM Write CodesType 200.0.1.x.x (02024EA4 -> 40224EA4)Writes Byte ZZ to ([the address kept in XXXXXXXX]+[YYYYYY]). XXXXXXXXYYYYYYZZ Type 211.0.1.x.x (02024EA4 -> 4224EA4)Writes Halfword ZZZZ ([the address kept in XXXXXXXX]+[YYYY*2]). XXXXXXXXYYYYZZZZ Type 222.0.1.x.x (02024EA4 -> 4424EA4)Writes the Word ZZZZZZZZ to [the address kept in XXXXXXXX]. XXXXXXXXZZZZZZZZ 3) Add CodesType 400.0.2.x.x (02024EA4 -> 80224EA4)Add the Byte ZZ to the Byte stored in XXXXXXXX. XXXXXXXX000000ZZ Type 411.0.2.x.x (02024EA4 -> 82224EA4)Add the Halfword ZZZZ to the Halfword stored in XXXXXXXX. XXXXXXXX0000ZZZZ Type 422.0.2.x.x (02024EA4 -> 84224EA4)Add the Word ZZZZ to the Halfword stored in XXXXXXXX. XXXXXXXXZZZZZZZZ 4) Write to $4000000 (IO Registers!)Type 633.0.3.0.x (00000130 -> C6000130)Write the Halfword ZZZZ to the address $4XXXXXX 00XXXXXX0000ZZZZ Type E33.0.3.1.x (00000130 -> C7000130)Write the Word ZZZZZZZZ to the address $4XXXXXX 00XXXXXXZZZZZZZZ 5) If Equal Code (= Joker Code)Type 040.1.0.x.x (02024EA4 -> 08224EA4)If Byte at XXXXXXXX = ZZ then execute next code. XXXXXXXX000000ZZ Type 240.1.1.x.x (02024EA4 -> 48224EA4)If Byte at XXXXXXXX = ZZ then execute next 2 codes. XXXXXXXX000000ZZ Type 440.1.2.x.x (02024EA4 -> 88224EA4)If Byte at XXXXXXXX = ZZ execute all the codes below this one in the same row (else execute none of the codes below). XXXXXXXX000000ZZ Type 640.1.3.x.x (02024EA4 -> C8224EA4)While Byte at XXXXXXXX <> ZZ turn off all codes. XXXXXXXX000000ZZ Type 051.1.0.x.x (02024EA4 -> 0A224EA4)If Halfword at XXXXXXXX = ZZZZ then execute next code. XXXXXXXX0000ZZZZ Type 051.1.0.x.x (02024EA4 -> 0A224EA4)If Halfword at XXXXXXXX = ZZZZ then execute next code. XXXXXXXX0000ZZZZ Type 251.1.1.x.x (02024EA4 -> 4A224EA4)If Halfword at XXXXXXXX = ZZZZ then execute next 2 codes. XXXXXXXX0000ZZZZ Type 451.1.2.x.x (02024EA4 -> 8A224EA4)If Halfword at XXXXXXXX = ZZZZ execute all the codes below this one in the same row (else execute none of the codes below). XXXXXXXX0000ZZZZ Type 651.1.3.x.x (02024EA4 -> CA224EA4)While Halfword at XXXXXXXX <> ZZZZ turn off all codes. XXXXXXXX0000ZZZZ Type 062.1.0.x.x (02024EA4 -> 0C224EA4)If Word at XXXXXXXX = ZZZZZZZZ then execute next code. XXXXXXXXZZZZZZZZ Type 262.1.1.x.x (02024EA4 -> 4C224EA4)If Word at XXXXXXXX = ZZZZZZZZ then execute next 2 codes. XXXXXXXXZZZZZZZZ Type 462.1.2.x.x (02024EA4 -> 8C224EA4)If Word at XXXXXXXX = ZZZZZZZZ execute all the codes below this one in the same row (else execute none of the codes below). XXXXXXXXZZZZZZZZ Type 662.1.3.x.x (02024EA4 -> CC224EA4)While Word at XXXXXXXX <> ZZZZZZZZ turn off all codes. XXXXXXXXZZZZZZZZ 6) If Different CodeType 080.2.0.x.x (02024EA4 -> 10224EA4)If Byte at XXXXXXXX <> ZZ then execute next code. XXXXXXXX000000ZZ Type 280.2.1.x.x (02024EA4 -> 50224EA4)If Byte at XXXXXXXX <> ZZ then execute next 2 codes. XXXXXXXX000000ZZ Type 480.2.2.x.x (02024EA4 -> 90224EA4)If Byte at XXXXXXXX <> ZZ execute all the codes below this one in the same row (else execute none of the codes below). XXXXXXXX000000ZZ Type 680.2.3.x.x (02024EA4 -> D0224EA4)While Byte at XXXXXXXX = ZZ turn off all codes. XXXXXXXX000000ZZ Type 091.2.0.x.x (02024EA4 -> 12224EA4)If Halfword at XXXXXXXX <> ZZZZ then execute next code. XXXXXXXX0000ZZZZ Type 291.2.1.x.x (02024EA4 -> 52224EA4)If Halfword at XXXXXXXX <> ZZZZ then execute next 2 codes. XXXXXXXX0000ZZZZ Type 491.2.2.x.x (02024EA4 -> 92224EA4)If Halfword at XXXXXXXX <> ZZZZ disable all the codes below this one. XXXXXXXX0000ZZZZ Type 691.2.3.x.x (02024EA4 -> D2224EA4)While Halfword at XXXXXXXX = ZZZZ turn off all codes. XXXXXXXX0000ZZZZ Type 0A2.2.0.x.x (02024EA4 -> 14224EA4)If Word at XXXXXXXX <> ZZZZZZZZ then execute next code. XXXXXXXXZZZZZZZZ Type 2A2.2.1.x.x (02024EA4 -> 54224EA4)If Word at XXXXXXXX <> ZZZZZZZZ then execute next 2 codes. XXXXXXXXZZZZZZZZ Type 4A2.2.2.x.x (02024EA4 -> 94224EA4)If Word at XXXXXXXX <> ZZZZZZZZ disable all the codes below this one. XXXXXXXXZZZZZZZZ Type 6A2.2.3.x.x (02024EA4 -> D4224EA4)While Word at XXXXXXXX = ZZZZZZZZ turn off all codes. XXXXXXXXZZZZZZZZ 7) [If Byte at address XXXXXXXX is lower than ZZ] (signed) CodeSigned means : For bytes : values go from -128 to +127. For Halfword : values go from -32768/+32767. For Words : values go from -2147483648 to 2147483647. For exemple, for the Byte comparison, 7F (127) will be > to FF (-1). Type 0C0.3.0.x.x (02024EA4 -> 18224EA4 or 28224EA4)If ZZ > Byte at XXXXXXXX then execute next code. XXXXXXXX000000ZZ Type 2C0.3.1.x.x (02024EA4 -> 58224EA4 or 68224EA4)If ZZ > Byte at XXXXXXXX then execute next 2 codes. XXXXXXXX000000ZZ Type 4C0.3.2.x.x (02024EA4 -> 98224EA4 or A8224EA4)If ZZ > Byte at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX000000ZZ Type 6C0.3.3.x.x (02024EA4 -> D8224EA4 or E8224EA4)While ZZ <= Byte at XXXXXXXX turn off all codes. XXXXXXXX000000ZZ Type 0D1.3.0.x.x (02024EA4 -> 1A224EA4 or 2A224EA4)If ZZZZ > Halfword at XXXXXXXX then execute next line. XXXXXXXX 0000ZZZZ Type 2D1.3.1.x.x (02024EA4 -> 5A224EA4) If ZZZZ > Halfword at XXXXXXXX then execute next 2 lines. XXXXXXXX 0000ZZZZ Type 4D1.3.2.x.x (02024EA4 -> 9A224EA4)If ZZZZ > Halfword at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX 0000ZZZZ Type 6D 1.3.3.x.x (02024EA4 -> DA224EA4)While ZZZZ <= Halfword at XXXXXXXX turn off all codes. XXXXXXXX 0000ZZZZ Type 0E2.3.0.x.x (02024EA4 -> 1C224EA4)If ZZZZZZZZ > Word at XXXXXXXX then execute next line. XXXXXXXX ZZZZZZZZ Type 2E2.3.1.x.x (02024EA4 -> 5C224EA4)If ZZZZZZZZ > Word at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 4E2.3.2.x.x (02024EA4 -> 9C224EA4)If ZZZZZZZZ > HWord at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 6E2.3.3.x.x (02024EA4 -> DC224EA4)While ZZZZZZZZ <= Word at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ 8) [If Byte at address XXXXXXXX is higher than ZZ] (signed) CodeSigned means : For bytes : values go from -128 to +127. For Halfword : values go from -32768/+32767. For Words : values go from -2147483648 to 2147483647. For exemple, for the Byte comparison, 7F (127) will be > to FF (-1). Type 100.4.0.x.x , 0.6.0.x.x (02024EA4 -> 20224EA4 or 30224EA4)If ZZ < Byte at XXXXXXXX then execute next code. XXXXXXXX000000ZZ Type 300.4.1.x.x (02024EA4 -> 60224EA4 or 70224EA4)If ZZ < Byte at XXXXXXXX then execute next 2 codes. XXXXXXXX000000ZZ Type 500.4.2.x.x , 0.6.2.x.x (02024EA4 -> A0224EA4 or B0224EA4)If ZZ < Byte at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX000000ZZ Type 700.4.3.x.x (02024EA4 -> E0224EA4 or F0224EA4)While ZZ => Byte at XXXXXXXX turn off all codes. XXXXXXXX000000ZZ Type 111.4.0.x.x, 1.6.0.x.x (02024EA4 -> 22224EA4 or 32224EA4)If ZZZZ < Halfword at XXXXXXXX then execute next line. XXXXXXXX 0000ZZZZ Type 31 1.4.1.x.x (02024EA4 -> 62224EA4)If ZZZZ < Halfword at XXXXXXXX then execute next 2 lines. XXXXXXXX 0000ZZZZ Type 51 1.4.2.x.x, 1.6.2.x.x (02024EA4 -> A2224EA4 or B2224EA4)If ZZZZ < Halfword at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX 0000ZZZZ Type 71 1.4.3.x.x (02024EA4 -> E2224EA4) While ZZZZ => Halfword at XXXXXXXX turn off all codes. XXXXXXXX 0000ZZZZ Type 12 2.4.0.x.x, 2.6.0.x.x (02024EA4 -> 24224EA4 or 34224EA4) If ZZZZ < Halfword at XXXXXXXX then execute next line. XXXXXXXX 0000ZZZZ Type 32 2.4.1.x.x (02024EA4 -> 64224EA4) If ZZZZ < Halfword at XXXXXXXX then execute next 2 lines. XXXXXXXX 0000ZZZZ Type 52 2.4.2.x.x,2.6.2.x.x (02024EA4 -> A4224EA4 or B4224EA4) If ZZZZ < Halfword at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX 0000ZZZZ Type 72 2.4.3.x.x (02024EA4 -> E4224EA4) While ZZZZ => Halfword at XXXXXXXX turn off all codes. XXXXXXXX 0000ZZZZ 9) [If Value at adress XXXXXXXX is lower than...] (unsigned) Code Unsigned means : For bytes : values go from 0 to +255. For Halfword : values go from 0 to +65535. For Words : values go from 0 to 4294967295. For exemple, for the Byte comparison, 7F (127) will be < to FF (255). Type 14 0.5.0.x.x (02024EA4 -> 28224EA4) If ZZZZZZZZ > Byte at XXXXXXXX then execute next line. XXXXXXXX ZZZZZZZZ Type 34 0.5.1.x.x (02024EA4 -> 68224EA4) If ZZZZZZZZ > Byte at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 54 0.5.2.x.x (02024EA4 -> A8224EA4) If ZZZZZZZZ > Byte at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 74 0.5.3.x.x (02024EA4 -> E8224EA4) While ZZ <= Byte at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ Type 15 1.5.0.x.x (02024EA4 -> 2A224EA4) If ZZZZZZZZ > Halfword at XXXXXXXX then execute next line. XXXXXXXX ZZZZZZZZ Type 35 1.5.1.x.x (02024EA4 -> 6A224EA4) If ZZZZZZZZ > Halfword at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 55 1.5.2.x.x (02024EA4 -> AA224EA4) If ZZZZZZZZ > Halfword at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 75 1.5.3.x.x (02024EA4 -> EA224EA4) While ZZZZZZZZ <= Halfword at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ Type 16 2.5.0.x.x (02024EA4 -> 2C224EA4) If ZZZZZZZZ > Word at XXXXXXXX then execute next line. XXXXXXXX ZZZZZZZZ Type 36 2.5.1.x.x (02024EA4 -> 6C224EA4) If ZZZZZZZZ > Word at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 56 2.5.2.x.x (02024EA4 -> AC224EA4) If ZZZZZZZZ > Word at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 76 2.5.3.x.x (02024EA4 -> EC224EA4) While ZZZZZZZZ <= Word at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ 10) [If Value at adress XXXXXXXX is higher than...] (unsigned) Code Unsigned means For bytes : values go from 0 to +255. For Halfword : values go from 0 to +65535. For Words : values go from 0 to 4294967295. For exemple, for the Byte comparison, 7F (127) will be < to FF (255). Type 18 0.6.0.x.x (02024EA4 -> 30224EA4) If ZZZZZZZZ < Byte at XXXXXXXX then execute next line.. XXXXXXXX ZZZZZZZZ Type 38 0.6.1.x.x (02024EA4 -> 70224EA4) If ZZZZZZZZ < Byte at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 58 0.6.2.x.x (02024EA4 -> B0224EA4) If ZZZZZZZZ < Byte at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 78 0.6.3.x.x (02024EA4 -> F0224EA4) While ZZZZZZZZ => Byte at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ Type 19 1.6.0.x.x (02024EA4 -> 32224EA4) If ZZZZZZZZ < Halfword at XXXXXXXX then execute next line. XXXXXXXX ZZZZZZZZ Type 39 1.6.1.x.x (02024EA4 -> 72224EA4) If ZZZZZZZZ < Halfword at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 59 1.6.2.x.x (02024EA4 -> B2224EA4) If ZZZZZZZZ < Halfword at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 79 1.6.3.x.x (02024EA4 -> F2224EA4) While ZZZZZZZZ => Halfword at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ Type 1A 2.6.0.x.x (02024EA4 -> 34224EA4) If ZZZZZZZZ < Halfword at XXXXXXXX then execute next line. XXXXXXXX ZZZZZZZZ Type 3A 2.6.1.x.x (02024EA4 -> 74224EA4) If ZZZZZZZZ < Halfword at XXXXXXXX then execute next 2 lines. XXXXXXXX ZZZZZZZZ Type 5A 2.6.2.x.x (02024EA4 -> B4224EA4) If ZZZZZZZZ < Halfword at XXXXXXXX then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX ZZZZZZZZ Type 7A 2.6.3.x.x (02024EA4 -> F4224EA4) While ZZZZZZZZ => Halfword at XXXXXXXX turn off all codes. XXXXXXXX ZZZZZZZZ 11) If AND CodeType 1C0.7.0.x.x (02024EA4 -> 38224EA4)If ZZ AND Byte at XXXXXXXX <> 0 (= True) then execute next code. XXXXXXXX000000ZZ Type 3C0.7.1.x.x (02024EA4 -> 78224EA4)If ZZ AND Byte at XXXXXXXX <> 0 (= True) then execute next 2 codes. XXXXXXXX000000ZZ Type 5C0.7.2.x.x (02024EA4 -> B8224EA4)If ZZ AND Byte at XXXXXXXX <> 0 (= True) then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX000000ZZ Type 7C0.7.3.x.x (02024EA4 -> F8224EA4)While ZZ AND Byte at XXXXXXXX = 0 (= False) then turn off all codes. XXXXXXXX000000ZZ Type 1D1.7.0.x.x (02024EA4 -> 3A224EA4)If ZZZZ AND Halfword at XXXXXXXX <> 0 (= True) then execute next code. XXXXXXXX0000ZZZZ Type 3D1.7.1.x.x (02024EA4 -> 7A224EA4)If ZZZZ AND Halfword at XXXXXXXX <> 0 (= True) then execute next 2 codes. XXXXXXXX0000ZZZZ Type 5D1.7.2.x.x (02024EA4 -> BA224EA4)If ZZZZ AND Halfword at XXXXXXXX <> 0 (= True) then execute all following codes in the same row (else execute none of the codes below). XXXXXXXX0000ZZZZ Type 7D1.7.3.x.x (02024EA4 -> FA224EA4)While ZZZZ AND Halfword at XXXXXXXX = 0 (= False) then turn off all codes. XXXXXXXX0000ZZZZ Type 1E2.7.0.x.x (02024EA4 -> 3C224EA4)If ZZZZZZZZ AND Word at XXXXXXXX <> 0 (= True) then execute next code. XXXXXXXXZZZZZZZZ Type 3E2.7.1.x.x (02024EA4 -> 7C224EA4)If ZZZZZZZZ AND Word at XXXXXXXX <> 0 (= True) then execute next 2 codes. XXXXXXXXZZZZZZZZ Type 5E2.7.2.x.x (02024EA4 -> BC224EA4)If ZZZZZZZZ AND Word at XXXXXXXX <> 0 (= True) then execute all following codes in the same row (else execute none of the codes below). XXXXXXXXZZZZZZZZ Type 7E2.7.3.x.x (02024EA4 -> FC224EA4)While ZZZZZZZZ AND Word at XXXXXXXX = 0 (= False) then turn off all codes. XXXXXXXXZZZZZZZZ 12) "Always..." CodesFor the "Always..." codes: -XXXXXXXX can be any authorised address BUT 00000000 (use 02000000 if you don't know what to choose). -ZZZZZZZZ can be anything. -The "y" in the code data must be in the [1-7] range (which means not 0). Type 07 3.y.0.x.x (02024EA4 -> 0E224EA4) Always skip next line. XXXXXXXX ZZZZZZZZ Type 27 3.y.1.x.x (02024EA4 -> 4E24EA4) Always skip next 2 lines. XXXXXXXX ZZZZZZZZ Type 47 3.y.2.x.x (02024EA4 -> 8E224EA4) Always Stops executing all the codes below. XXXXXXXX ZZZZZZZZ Type 67 3.y.3.x.x (02024EA4 -> CE224EA4) Always turn off all codes. XXXXXXXX ZZZZZZZZ 13) 1 Line Special Codes (= starting with "00000000")Type z000.0.0.0.0 End of the code list (even if you put values in the 2nd line). 00000000 Type z04x.1.0.x.x AR Slowdown : loops the AR XX times 0800XX00 14) 2 Lines Special Codes (= starting with '00000000' and padded (if needed) with "00000000")Note: You have to add the 0es manually, after clicking the "create" button.Type z080.2.0.x.x (02024EA4 -> 10224EA4)Writes Byte ZZ to address XXXXXXXX when AR button is pushed. XXXXXXXX000000ZZ Type z091.2.0.x.x (02024EA4 -> 12224EA4)Writes Halfword ZZZZ to address XXXXXXXX. XXXXXXXX0000ZZZZ Type z0A2.2.0.x.x (02024EA4 -> 14224EA4)Writes Word ZZZZZZZZ to address XXXXXXXX. XXXXXXXXZZZZZZZZ Type z0C0.3.0.x.x (02024EA4 -> 18224EA4)Patches ROM address (XXXXXXXX << 1) with Halfword ZZZZ. XXXXXXXX0000ZZZZ Type z0D1.3.0.x.x (02024EA4 -> 1A224EA4)Patches ROM address (XXXXXXXX << 1) with Halfword ZZZZ. Does not work on V1/2 upgraded to V3. Only for a real V3 Hardware? XXXXXXXX0000ZZZZ Type z0E2.3.0.x.x (02024EA4 -> 1C224EA4)Patches ROM address (XXXXXXXX << 1) with Halfword ZZZZ. Does not work on V1/2 upgraded to V3. Only for a real V3 Hardware? XXXXXXXX0000ZZZZ Type z0F3.3.0.x.x (02024EA4 -> 1E224EA4)Patches ROM address (XXXXXXXX << 1) with Halfword ZZZZ. Does not work on V1/2 upgraded to V3. Only for a real V3 Hardware? XXXXXXXX0000ZZZZ Type z20x.0.1.x.x (00000000 -> 40000000)(SP = 0) (means : stops the "then execute all following codes in the same row" and stops the "else execute none of the codes below)". 0000000000000000 Type z30x.4.1.x.x (00000000 -> 60000000)(If SP <> 2 -> SP = 1) (means : start to execute all codes until end of codes or SP = 0). (bypass the number of codes to executes set by the master code). 0000000000000000 Type z400.0.2.x.x (02024EA4 -> 80224EA4)Writes Byte YY at address XXXXXXXX. Then makes YY = YY + Z1, XXXXXXXX = XXXXXXXX + Z3Z3, Z2 = Z2 - 1, and repeats until Z2 < 0. XXXXXXXX000000YYZ1Z2Z3Z3 Type z411.0.2.x.x (02024EA4 -> 82224EA4)Writes Halfword YYYY at address XXXXXXXX. Then makes YYYY = YYYY + Z1, XXXXXXXX = XXXXXXXX + Z3Z3*2, XXXXXXXX0000YYYYZ1Z2Z3Z3 Type z422.0.2.x.x (02024EA4 -> 84224EA4)Writes Word YYYYYYYY at address XXXXXXXX. Then makes YYYYYYYY = YYYYYYYY + Z1, XXXXXXXX = XXXXXXXX + Z3Z3*4, Z2 = Z2 - 1, and repeats until Z2<0. XXXXXXXXYYYYYYYYZ1Z2Z3Z3 WARNING: There is a BUG on the REAL AR (v2 upgraded to v3, and maybe on real v3) with the 32Bits Increment Slide code. You HAVE to add a code (best choice is 80000000 00000000 : add 0 to value at address 0) right after it, else the AR will erase the 2 last 8 digits lines of the 32 Bits Inc. Slide code when you enter it !!!15) Special Codes-Master Code-Type 622.0.3.x.x (address to patch -> address to patch AND $1FFFFFE)Master Code settings. XXXXXXXX0000YYYY -ID Code-Type 622.0.3.x.x word at address 080000ACMust always be 001DC0DE XXXXXXXX001DC0DE -DEADFACE- Must always be DEADFACENew Encryption seed. DEADFACE0000XXXX Final NotesSP = 0 : normal (execute n codes before giving back the hand to the game). SP = 1 : execute all codes until SP <>1 (or end of codes). SP = 2 : don't execute anymore codes. Each time the GSA starts to execute codes (= each time "it has the hand"), SP = 0. The 'execute all the codes below this one in the same row' makes SP = 1. The '(else execute none of the codes below)' makes SP = 2. The 'turn off all codes' makes an infinite loop (that can't be broken, unless the condition becomes True). D) Button Activators What is a Button Activator? Most, if not all systems have the ability to use Button Activators. A Button Activator is a code that will activate another code when you a button on the controller. These codes use the D0/D1 prefix. NOTE: Activators *usually* only activate only the code directly beneath them. There are some special cases though. The digits and such for these codes vary by system... What is a Control Stick Activator? A Control Stick Activator is the same as a Button Activator, but it is unknown at this time if they can be used in the same way on the console itself (only tested on emulator). Based on N64 testing, the reason for this difference is the range of values that the control stick can have (e.g. pushing the stick all the way left on the emulator makes the activator value 82, but odds are it's slightly different on the console). I know at the very least, these will work on the console to activate codes when the stick is moved any direction if you change, for example, an 'Equal To Activator' to a 'Not Equal To Activator' and use 0 for the value. This could be useful for the THQ wrestling games where the only thing the stick does is cause your wrestler to taunt; you could use the control stick to activate the Always Special or Full Spirit code for your player whenever you taunt. I invite whatever hackers we have left here to experiment with these on the console and post their findings on the messageboards. What good are they? Activators are used when you only want to have a certain code active at a certain time, rather than it always being active. Activators on Nintendo 64 Activators on N64 come in a few varieties: 8-Bit and 16-Bit. This is also the only system to see Control Stick Activators thus far. Button Activator 1 (8-Bit) values: 00 - No Buttons 01 - D-Pad Right 02 - D-Pad Lefft 04 - D-Pad Down 08 - D-Pad Up 10 - Start 20 - Z 40 - B 80 - A You can combine these for multiple buttons. I.E. D-Pad Left and B would be 42. Button Activator 2 (8-Bit) values: 00 - No Buttons 01 - C-Right 02 - C-Lefft 04 - C-Down 08 - C-Up 10 - R 20 - L You can combine these for multiple buttons. I.E. C-Left and R would be 12. Dual (16-Bit) Activator values: Dual Activators are nothing more than the above 2 Activators together. They have 4 digits instead of 2. the first 2 digits use Activator 1 values and the 2nd 2 use Activator 2 values. This allows for more button combos for activating codes without having to use both Activators seperately. I.E. L + R + Z would be 2030. Control Stick Activator 1 (8-Bit) values (Nemu 64 only): 00 - Nothing/Centered 45 - 55% Right 7E - 100% Right BB - 55% Left 82 - 100% Left Control Stick Activator 2 (8-Bit) values (Nemu 64 only): 00 - Nothing/Centered 45 - 55% Up 7E - 100% Up BB - 55% Down 82 - 100% Down Control Stick Activator 1 (8-Bit) values (Project64 only): 00 - Nothing/Centered 7E - 100% Right 81 - 100% Left 50 - 100% Right on Axispad B0 - 100% Left on Axispad Control Stick Activator 2 (8-Bit) values (Project64 only): 00 - Nothing/Centered 7E - 100% Up 81 - 100% Down 50 - 100% Up on Axispad B0 - 100% Down on Axispad Dual (16-Bit) Control Stick Activator values: I would hope you can figure this one out. ;-) (Same as Dual Button Activators) Gameboy Advance Codebreaker Activator Digits: START 0x0008 SELECT 0x0004 A 0x0001 B 0x0002 UP 0x0040 DOWN 0x0080 LEFT 0x0020 RIGHT 0x0010 Left Trigger 0x0200 Right Trigger 0x0100 Playstation Joker Commands Button Activators on Playstation are known as "Joker Commands"; don't ask me why. You'll see Playstation Jokers in four forms (all are 16-Bit). The reason there are 4 forms is that, apparetly, game makers never agreed on a common way to store values when keeping track of what buttons are being pressed. Digits here were provided by GSCCC Normal Joker Command Digits: 0000 - No Buttons 0001 - L2 Button 0002 - R2 Button 0004 - L1 Button 0008 - R1 Button 0010 - Triangle Button 0020 - Circle Button 0040 - X Button 0080 - Square Button 0100 - Select Button 0800 - Start Button 1000 - Up Direction 2000 - Right Direction 4000 - Down Direction 8000 - Left Direction Multi Buttons - Just combine (add) the values. i.e. Up + R1 would be 1008. Reverse Joker Command Digits: 0000 - No Buttons 0100 - L2 Button 0200 - R2 Button 0400 - L1 Button 0800 - R1 Button 1000 - Triangle Button 2000 - Circle Button 4000 - X Button 8000 - Square Button 0001 - Select Button 0008 - Start Button 0010 - Up Direction 0020 - Right Direction 0040 - Down Direction 0080 - Left Direction Multi Buttons - Just combine (add) the values. i.e. Up + R1 would be 0810. Max Normal Joker Command Digits: FFFF - No Buttons FFFE - L2 Button FFFD - R2 Button FFFB - L1 Button FFF7 - R1 Button FFEF - Triangle Button FFDF - Circle Button FFBF - X Button FF7F - Square Button FEFF - Select Button F7FF - Start Button EFFF - Up Direction DFFF - Right Direction BFFF - Down Direction 7FFF - Left Direction Multi Buttons - Combining these is a little harder. L1 + Select would be FEFB. Max Reverse Joker Command Digits: FFFF - No Buttons FEFF - L2 Button FDFF - R2 Button FBFF - L1 Button F7FF - R1 Button EFFF - Triangle Button DFFF - Circle Button BFFF - X Button 7FFF - Square Button FFFE - Select Button FFF7 - Start Button FFEF - Up Direction FFDF - Right Direction FFBF - Down Direction FF7F - Left Direction Multi Buttons - Combining these is a little harder. L1 + Select would be FBFE. Playstayion 2 Joker Command Digits - Courtesy hellion (hellion00.thegfcc.com): 0001 - Select 0002 - L3 0004 - R3 0008 - Start 0010 - Up 0020 - Right 0040 - Down 0080 - Left 0100 - L2 0200 - R2 0400 - L1 0800 - R1 1000 - Triangle 2000 - Circle 4000 - X 8000 - Square Multi Buttons - Add the values. 8200 - Square + R2 Dreamcast: Indices For DC Pad Commands - By UL1 The 'good' thing is: for the DC there are commands available that allow you to activate a code in the game by pressing one or more buttons on your pad. The 'bad' thing is : It isn't as easy as it is for the PSX... The BUTTON COMMAND is easy to use because you just insert the values and that's it. You can combine different buttons - just subtract the given values from FFFF. With the L / R COMMANDS it's a bit difficult... There are two types : The ANALOG-L/R COMMAND For the A-L/R COMMAND the values for the buttons differ depending on how strong you push the button(s). So just the value for the default position of the buttons can be given - you can activate the code by saying : Code active if button isn't moved (use '0' instead of the question mark) or Code active if button is moved (use '1' instead of the question mark). Alternatively, if you want to activate the code(s) when pressing button(s) to the max, use FF00 for 'L', 00FF for 'R' or FFFF for both. The DIGITAL L/R COMMAND This one is easy to use because you use it the same way as the BUTTON COMMANDS. The ANALOG STICK COMMAND is similar to the A-L/R COMMAND but here you have two different values for the default position of the stick : 0000 or 8080 and there is no value for a max position. XXXXXXXX always represents the code address. Most of times the BUTTON and the L/R COMMAND addresses are placed consecutive in the memory, e.g. : BUTTON COMMAND 01000000 0000FFFB L/R COMMAND 01000002 0000FFFD so you also could use a combination of the two commands. That would read like this : 01000000 FFFDFFFB NOTE : Because SEGA / the developers use almost all buttons for game play it's sometimes difficult to find a combination that doesn't affect other functions in the game. So I suggest to use the second Pad for activating codes in such cases. BUTTON COMMAND XXXXXXXX 0000???? A = FFFB B = FFFD X = FBFF Y = FDFF START = FFF7 D-UP = FFEF D-DOWN = FFDF D-LEFT = FFBF D-RIGHT = FF7F A-L/R COMMAND XXXXXXXX 000?0000 0 = active when none of the two buttons is pressed 1 = active when one or both buttons are pressed L = FF00 R = 00FF D-L/R COMMAND XXXXXXXX 0000???? L = FFFD R = FFFE A-STICK COMMAND XXXXXXXX 000?0000 or XXXXXXXX 000?8080 0 = active when A-Stick isn't moved 1 = active when A-Stick is moved E) Patch Codes How do Patch Codes Work? Patch codes are used to make a code string shorter. EG, You have five codes put together to give you "all weapons." Use the patch to shorten it to two codes. This is how it works - 50000A02 0000 + 80844CF0 FF5F EXAMPLE ONLY! NOT A REAL CODE! The first code is the patch, the second is the first code of the expanded STRING(a string is where the offsets will go up only a few digits for each code, EG. 100000, 100002, 100004, etc). The patch does not use an address, yet it is an instruction for the GameShark. The seventh and eighth digit in the patch tells how many numbers the second code will raise to get to the next code in the string. In this case, "2" is used, meaning the next code in the string must be "80844CF2 FF5F." Then the next code would also go up by two. So would the next one, and so on. The fifth and sixth digits of the patch are the digits that tell the GameShark how many codes are in the string. "0A" is used in the example, so ten codes are being used at once with only two codes! Also note, the codes within the string MUST have the same quantity digits!!!! It's possible to have as many as 255 codes used at once using this format. Maybe even more in the future. You can also change the quantity digits in the patch to make the values of each code in the string raise by a certain value. This is what the above code would look like with out a patch - 80844CF0 FF5F 80844CF2 FF5F 80844CF4 FF5F 80844CF6 FF5F 80844CF8 FF5F EXAMPLE ONLY! NOT A REAL CODE! 80844CFA FF5F 80844CFC FF5F 80844CFE FF5F 80844D00 FF5F 80844D02 FF5F Which would you want to use? Okay now to put a new twist on the Patch Codes. I'll use the materia modifier for Final Fantasy 7 as an example. slot 1: 3009CE60 FFxx slot 2: 3009CE64 FFxx There are 200 slots but there are only 90 different types materia so to get them all that's how many codes you'll need. the quantity digits for those range from 00-5A and 5A equals 90 in decimal. The codes go up by 4 so we have: 50005A04 0000 + 3009CE60 FFxx Is that the code to give you all the materia? NO! That code will give you the same materia in 90 different slots. To get all the materia we need to make the XX go up by one with each code. We do that the same way we make the first half of the code. So here it is: 50005A04 0001 + 3009CE60 FF00 We just did the same thing with the last four digits as we did for the rest of the code. So which is better 2 codes or 90? F) Encryption F-1) Playstation 2 Encryption - Courtesy hellion & kpdavatar (hellion00.thegfcc.com) There are 3 types of encryption that the PS2 Gameshark (and AR) V1/V2 use. The encryption type is determined by the (M) Must Be On code for each game. You may have noticed in looking through some codes that some games have a 1 line (M) code and some games have a 2 line. That extra line sets different encryption seeds. After seeing "DEADFACE" on GBA, I would've expected this extra line to have more than just 2 ways of encrypting. I'm guessing we'll see that in the V3 shark if anyone gets around to studying it. The Codebreaker for PS2 only has 1 encryption type that we're aware of. No detailed information about the encryption itself is available at this time, but kpdavatar's encryptor/decryptor supports them. The "1456E7A5" Encryption Scheme This was the original encryption method -- your 1 line (M) code. You may have seen codes like "3CA2B610 1456B00C" on some sites. The "1456E7A5" name was derived from the fact that it's commonly used in the values on encrypted codes. 1456E7A5, when used in that part of a code, decrypts to 00000000. The other 2 encryption types are the same wway. Here are the equations that are used for the encryption. The input to the encryption is denoted as a0a1a2a3 d0d1d2d3, and the output is denoted as A0A1A2A3 D0D1D2D3. Each a0, a1, etc is a two digit hex number. In the equations below, the '$' means that the following number is a hexidecimal number. XOR is a binary operation that can be performed on hex numbers using Windows Calculator in Scientific Mode. Note: If you're not into equations, there's an encryptor created by kpdavatar. :) A0 = (a0 XOR $A6) - $6A A1 = (a1 XOR $96) - $FF A2 = (a2 XOR $01) - $7E A3 = (a3 XOR $82) - $5A D0 = (d0 XOR $D9) - $C5 D1 = (d1 XOR $3B) - $E5 D2 = (d2 XOR $1B) - $34 D3 = (d3 XOR $CC) - $27 The "BCA99B83" Encryption Scheme This encryption is used for games that have certain two-line (M) Must Be On codes. The first line of the (M) code should be "0E3C7DF2 1853E59E". Here are the equations that are used for the encryption. The input to the encryption is denoted as a0a1a2a3 d0d1d2d3, and the output is denoted as A0A1A2A3 D0D1D2D3 . Each a0, a1, etc is a two digit hex number. In the equations below, the '$' means that the following number is a hexidecimal number. XOR is a binary operation that can be performed on hex numbers using Windows Calculator in Scientific Mode. A0 = (a0 - $69) XOR $69 or A0 = (a0 - $E9) XOR $E9 A1 = (a1 - $4F) XOR $4F or A1 = (a1 - $CF) XOR $CF A2 = (a2 - $7B) XOR $7B or A2 = (a2 - $FB) XOR $FB A3 = (a3 - $45) XOR $45 or A3 = (a3 - $C5) XOR $C5 D0 = d0 + $BC or D0 = d0 - $43 D1 = d1 + $A9 or D1 = d1 - $56 D2 = d2 + $9B or D2 = d2 - $64 D3 = d3 + $83 or D3 = d3 - $7C The "F8FCFEFE" Encryption Scheme This encryption is used for games that have certain two-line (M) Must Be On codes. The first line of the (M) code should be "0E3C7DF2 1645EBB3". Here are the equations that are used for the encryption. The input to the encryption is denoted as a0a1a2a3 d0d1d2d3, and the output is denoted as A0A1A2A3 D0D1D2D3 . Each a0, a1, etc is a two digit hex number. In the equations below, the '$' means that the following number is a hexidecimal number. XOR is a binary operation that can be performed on hex numbers using Windows Calculator in Scientific Mode. A0 = a0 + $1C or A0 = a0 - $E3 A1 = a1 + $F7 or A1 = a1 - $08 A2 = a2 + $4E or A2 = a2 - $B1 A3 = a3 + $CF or A3 = a3 - $30 D0 = (d0 - $44) XOR $44 or D0 = (d0 - $C4) XOR $C4 D1 = (d1 - $42) XOR $42 or D1 = (d1 - $C2) XOR $C2 D2 = (d2 - $27) XOR $27 or D2 = (d2 - $A7) XOR $A7 D3 = (d3 - $09) XOR $09 or D3 = (d3 - $89) XOR $89 Playstation 2 Code Encryptor by kpdavatar You didn't actully want to do all those equations, did you? Well if you do, knock yourself out. Otherwise, check out kpdavatar's 1337 encryptor below :) "); newWindow.document.close(); newWindow.focus(); } function aq(Which,Do,What) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 05:00 PM CST // GS2 encryption based on Hellion00 Web page http://hellion00.thegfcc.com // Which = 0-7 ~ a0-d3 // Do = 0 What = 0 return Xor 00 // Do = 0 What = 1 return Add 00 // Do = 0 What = 2 return Sign + // Do = 0 What = 3 return SignAdd +00 // Do = 0 What = 4 return SwapRaqXorSignAdd 0t00+00 // Do = 0 Set Xor Add Msg var raq = document.ConvForm.Rd3; var aqxor = document.ConvForm.d3xor; var aqadd = document.ConvForm.d3add; var msgq = document.ConvForm.MSGd3; var aw = "0"; var aC = "A0"; var ab = "a0"; var ax = "00"; var aa = "00"; var as = "+"; var ar = "t"; var at = "+00"; var dummy = 0; // get which radios xors adds and msgs if (Which == 0) { aw = document.ConvForm.a0Swap.value; aC = "A0"; ab = "a0"; raq = document.ConvForm.Ra0; aqxor = document.ConvForm.a0xor; aqadd = document.ConvForm.a0add; msgq = document.ConvForm.MSGa0; } if (Which == 1) { aw = document.ConvForm.a1Swap.value; aC = "A1"; ab = "a1"; raq = document.ConvForm.Ra1; aqxor = document.ConvForm.a1xor; aqadd = document.ConvForm.a1add; msgq = document.ConvForm.MSGa1; } if (Which == 2) { aw = document.ConvForm.a2Swap.value; aC = "A2"; ab = "a2"; raq = document.ConvForm.Ra2; aqxor = document.ConvForm.a2xor; aqadd = document.ConvForm.a2add; msgq = document.ConvForm.MSGa2; } if (Which == 3) { aw = document.ConvForm.a3Swap.value; aC = "A3"; ab = "a3"; raq = document.ConvForm.Ra3; aqxor = document.ConvForm.a3xor; aqadd = document.ConvForm.a3add; msgq = document.ConvForm.MSGa3; } if (Which == 4) { aw = document.ConvForm.d0Swap.value; aC = "D0"; ab = "d0"; raq = document.ConvForm.Rd0; aqxor = document.ConvForm.d0xor; aqadd = document.ConvForm.d0add; msgq = document.ConvForm.MSGd0; } if (Which == 5) { aw = document.ConvForm.d1Swap.value; aC = "D1"; ab = "d1"; raq = document.ConvForm.Rd1; aqxor = document.ConvForm.d1xor; aqadd = document.ConvForm.d1add; msgq = document.ConvForm.MSGd1; } if (Which == 6) { aw = document.ConvForm.d2Swap.value; aC = "D2"; ab = "d2"; raq = document.ConvForm.Rd2; aqxor = document.ConvForm.d2xor; aqadd = document.ConvForm.d2add; msgq = document.ConvForm.MSGd2; } if (Which == 7) { aw = document.ConvForm.d3Swap.value; aC = "D3"; ab = "d3"; raq = document.ConvForm.Rd3; aqxor = document.ConvForm.d3xor; aqadd = document.ConvForm.d3add; msgq = document.ConvForm.MSGd3; } // make xors adds hex and get add sign at = fix(aqxor.value); ax = at.substring(1,3); at = fix(aqadd.value); aa = at.substring(1,3); as = at.substring(0,1); if (raq[0].checked) { ar = "t"; if (aw == "0") { msgq.value = aC + " = (" + ab + " XOR $" + ax + ") " + as + " $" + aa + " "; } else { if (aw == "1") { msgq.value = aC + " = SN((" + ab + " XOR $" + ax + ") " + as + " $" + aa + ") "; } else { msgq.value = aC + " = (SN(" + ab + ") XOR $" + ax + ") " + as + " $" + aa + " "; } } } else { ar = "f"; if (aw == "0"){ msgq.value = aC + " = (" + ab + " " + as + " $" + aa + ") XOR $" + ax + " "; } else { if (aw == "1"){ msgq.value = aC + " = SN((" + ab + " " + as + " $" + aa + ") XOR $" + ax + ") "; } else { msgq.value = aC + " = (SN(" + ab + ") " + as + " $" + aa + ") XOR $" + ax + " "; } } } // do do if (Do == 1) { aqxor.value = ax; aqadd.value = as + aa; } else { if (What == 0) { return ax; } if (What == 1) { return aa; } if (What == 2) { return as; } if (What == 3) { ab = as + aa; return ab; } if (What == 4) { ab = aw + ar + ax + as + aa; return ab; } } } function fix(junk) { // Function by kpdavatar@netbroadcaster.com // Version 3.00 07/26/2002 08:00 PM CST // take xor or add and make +hexpair // init vars var mx = "0"; var HexOut = "err"; // var for parsing junk var l = 0; var c2 = "+"; var c1 = "0"; var c0 = "0"; mx = "+00" + junk; l = mx.length c2 = mx.substring(l-3,l-2); if (c2 == "-") { c2 = "-" } else { c2 = "+" } c1 = MakeHexC(mx.substring(l-2,l-1)); c0 = MakeHexC(mx.substring(l-1,l)); HexOut = c2 + c1 + c0; return HexOut; } function SetXors(What) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 05:00 PM CST var m = " "; var dummy = 0; // conv to hex to solve GS2? to GS2? dummy = ConvToHex(); if (What.value == "Custom") { document.ConvForm.MName.value = "Z"; } if (What.value == "1456E7A5") { m = "1 0tA6-6A 0t96-FF 0t01-7E 0t82-5A 0tD9-C5 0t3B-E5 0t1B-34 0tCC-27 0"; document.ConvForm.MXorAdd.value = m; dummy = MXorAdd(0,0); } if (What.value == "BCA99B83") { m = "B 0f69-69 0f4F-4F 0f7B-7B 0f45-45 0f00+BC 0f00+A9 0f00+9B 0f00+83 1"; document.ConvForm.MXorAdd.value = m; dummy = MXorAdd(0,0); } if (What.value == "F8FCFEFE") { m = "F 0f00+1C 0f00+F7 0f00+4E 0f00+CF 0f44-44 0f42-42 0f27-27 0f09-09 2"; document.ConvForm.MXorAdd.value = m; dummy = MXorAdd(0,0); } if (What.value == "Herben") { m = KeyCode(); m = SetM(); document.ConvForm.MXorAdd.value = m; dummy = MXorAdd(0,0); } dummy = ConvToGS2(); } function SetM() { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 12:00 PM CST var KeyCode = document.ConvForm.FKeyCode; var K76 = "00"; var K54 = "00"; var K32 = "00"; var K10 = "00"; var Bytes = "00000000"; var B0 = "00"; var B1 = "00"; var B2 = "00"; var B3 = "00"; var X0 = "00"; var X1 = "00"; var X2 = "00"; var X3 = "00"; var n = 0; var Mout = " "; Mout = "H "; K76 = KeyCode.value.substring(0,2); K54 = KeyCode.value.substring(2,4); K32 = KeyCode.value.substring(4,6); K10 = KeyCode.value.substring(6,8); n = ("0x" + K76) * 1; if (n < 0 || n > 7) { n =0; } Bytes = HerbenBytes(K54); B0 = Bytes.substring(0,2); B1 = Bytes.substring(2,4); B2 = Bytes.substring(4,6); B3 = Bytes.substring(6,8); if (K76 == "00") { X0 = "0t" + B3 + "+00"; X1 = "0t" + B2 + "+00"; X2 = "0t" + B1 + "+00"; X3 = "0t" + B0 + "+00"; } if (K76 == "01") { X0 = "1t" + B0 + "+00"; X1 = "1t" + B3 + "+00"; X2 = "1t" + B1 + "+00"; X3 = "1t" + B2 + "+00"; } if (K76 == "02") { X0 = "0f" + "00" + "-" + B3; X1 = "0f" + "00" + "-" + B2; X2 = "0f" + "00" + "-" + B1; X3 = "0f" + "00" + "-" + B0; } if (K76 == "03") { X0 = "0f" + "00" + "+" + B3; X1 = "0f" + "00" + "+" + B2; X2 = "0f" + "00" + "+" + B1; X3 = "0f" + "00" + "+" + B0; } if (K76 == "04") { X0 = "0f" + B3 + "-" + B3; X1 = "0f" + B0 + "-" + B0; X2 = "0f" + B2 + "-" + B2; X3 = "0f" + B1 + "-" + B1; } if (K76 == "05") { X0 = "0t" + B3 + "+" + B2; X1 = "0t" + B2 + "+" + B1; X2 = "0t" + B1 + "+" + B0; X3 = "0t" + B0 + "+" + B3; } if (K76 == "06") { X0 = "1t" + "00" + B3; X1 = "1t" + "00" + B2; X2 = "1t" + "00" + B1; X3 = "1t" + "00" + B0; } if (K76 == "07") { X0 = "1t" + B3 + "+00"; X1 = "1t" + B1 + "+00"; X2 = "1t" + B0 + "+00"; X3 = "1t" + B2 + "+00"; } Mout += X0 + " " + X1 + " " + X2 + " " + X3 + " "; n = ("0x" + K32) * 1; if (n < 0 || n > 7) { n =0; } Bytes = HerbenBytes(K10); B0 = Bytes.substring(0,2); B1 = Bytes.substring(2,4); B2 = Bytes.substring(4,6); B3 = Bytes.substring(6,8); if (K32 == "00") { X0 = "0t" + B3 + "+00"; X1 = "0t" + B2 + "+00"; X2 = "0t" + B1 + "+00"; X3 = "0t" + B0 + "+00"; } if (K32 == "01") { X0 = "1t" + B0 + "+00"; X1 = "1t" + B3 + "+00"; X2 = "1t" + B1 + "+00"; X3 = "1t" + B2 + "+00"; } if (K32 == "02") { X0 = "0f" + "00" + "-" + B3; X1 = "0f" + "00" + "-" + B2; X2 = "0f" + "00" + "-" + B1; X3 = "0f" + "00" + "-" + B0; } if (K32 == "03") { X0 = "0f" + "00" + "+" + B3; X1 = "0f" + "00" + "+" + B2; X2 = "0f" + "00" + "+" + B1; X3 = "0f" + "00" + "+" + B0; } if (K32 == "04") { X0 = "0f" + B3 + "-" + B3; X1 = "0f" + B0 + "-" + B0; X2 = "0f" + B2 + "-" + B2; X3 = "0f" + B1 + "-" + B1; } if (K32 == "05") { X0 = "0t" + B3 + "+" + B2; X1 = "0t" + B2 + "+" + B1; X2 = "0t" + B1 + "+" + B0; X3 = "0t" + B0 + "+" + B3; } if (K32 == "06") { X0 = "1t" + "00" + B3; X1 = "1t" + "00" + B2; X2 = "1t" + "00" + B1; X3 = "1t" + "00" + B0; } if (K32 == "07") { X0 = "1t" + B3 + "+00"; X1 = "1t" + B1 + "+00"; X2 = "1t" + B0 + "+00"; X3 = "1t" + B2 + "+00"; } Mout += X0 + " " + X1 + " " + X2 + " " + X3 + " 3"; return Mout; } function MXorAdds() { // Function by kpdavatar@netbroadcaster.com // Version 3.01 07/03/2002 01:00 PM CST var dummy = 0; // convert to hex to prevent quarky logic codes dummy = ConvToHex(); dummy = MXorAdd(0,0); dummy = ConvToGS2(); } function MXorAdd(Do,Where) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2032 05:00 PM CST // do = 0 reset XorsAdds to MXorAdd // do = 1 store XorsAdds to MXorAdd // where = 0 MXorAdd // where = 1 MXorAddt var MXorAdd = document.ConvForm.MXorAdd; var MXorAddt = document.ConvForm.MXorAddt; var MXA = "1 0tA6-6A 0t96-FF 0t01-7E 0t82-5A 0tD9-C5 0t3B-E5 0t1B-34 0tCC-27 0"; // 0123456789012345678901234567890123456789012345678901234567890123456 var ta = " "; var tc = " "; var dummy = " "; var b = 0; var c = document.ConvForm.RGS2Mode; var b = 0; var aw0 = document.ConvForm.a0Swap; var ra0 = document.ConvForm.Ra0; var a0xor = document.ConvForm.a0xor; var a0add = document.ConvForm.a0add; var aw1 = document.ConvForm.a1Swap; var ra1 = document.ConvForm.Ra1; var a1xor = document.ConvForm.a1xor; var a1add = document.ConvForm.a1add; var aw2 = document.ConvForm.a2Swap; var ra2 = document.ConvForm.Ra2; var a2xor = document.ConvForm.a2xor; var a2add = document.ConvForm.a2add; var aw3 = document.ConvForm.a3Swap; var ra3 = document.ConvForm.Ra3; var a3xor = document.ConvForm.a3xor; var a3add = document.ConvForm.a3add; var dw0 = document.ConvForm.d0Swap; var rd0 = document.ConvForm.Rd0; var d0xor = document.ConvForm.d0xor; var d0add = document.ConvForm.d0add; var dw1 = document.ConvForm.d1Swap; var rd1 = document.ConvForm.Rd1; var d1xor = document.ConvForm.d1xor; var d1add = document.ConvForm.d1add; var dw2 = document.ConvForm.d2Swap; var rd2 = document.ConvForm.Rd2; var d2xor = document.ConvForm.d2xor; var d2add = document.ConvForm.d2add; var dw3 = document.ConvForm.d3Swap; var rd3 = document.ConvForm.Rd3; var d3xor = document.ConvForm.d3xor; var d3add = document.ConvForm.d3add; if (Do == 0) { if (Where == 0) { MXA = MXorAdd.value; } else { MXA = MXorAddt.value; } // set MName tc = MXA.substring(0,1); document.ConvForm.MName.value = tc; // set a0 aw0.value = MXA.substring(2,3); tc = MXA.substring(3,4); if (tc == "t") { ra0[0].checked = true; ra0[1].checked = false; } else { ra0[1].checked = true; ra0[0].checked = false; } a0xor.value = MXA.substring(4,6); a0add.value = MXA.substring(6,9); tc = aq(0,1); // set a1 aw1.value = MXA.substring(10,11); tc = MXA.substring(11,12); if (tc == "t") { ra1[0].checked = true; ra1[1].checked = false; } else { ra1[1].checked = true; ra1[0].checked = false; } a1xor.value = MXA.substring(12,14); a1add.value = MXA.substring(14,17); tc = aq(1,1); // set a2 aw2.value = MXA.substring(18,19); tc = MXA.substring(19,20); if (tc == "t") { ra2[0].checked = true; ra2[1].checked = false; } else { ra2[1].checked = true; ra2[0].checked = false; } a2xor.value = MXA.substring(20,22); a2add.value = MXA.substring(22,25); tc = aq(2,1); // set a3 aw3.value = MXA.substring(26,27); tc = MXA.substring(27,28); if (tc == "t") { ra3[0].checked = true; ra3[1].checked = false; } else { ra3[1].checked = true; ra3[0].checked = false; } a3xor.value = MXA.substring(28,30); a3add.value = MXA.substring(30,33); tc = aq(3,1); // set d0 dw0.value = MXA.substring(34,35); tc = MXA.substring(35,36); if (tc == "t") { rd0[0].checked = true; rd0[1].checked = false; } else { rd0[1].checked = true; rd0[0].checked = false; } d0xor.value = MXA.substring(36,38); d0add.value = MXA.substring(38,41); tc = aq(4,1); // set d1 dw1.value = MXA.substring(42,43); tc = MXA.substring(43,44); if (tc == "t") { rd1[0].checked = true; rd1[1].checked = false; } else { rd1[1].checked = true; rd1[0].checked = false; } d1xor.value = MXA.substring(44,46); d1add.value = MXA.substring(46,49); tc = aq(5,1); // set d2 dw2.value = MXA.substring(50,51); tc = MXA.substring(51,52); if (tc == "t") { rd2[0].checked = true; rd2[1].checked = false; } else { rd2[1].checked = true; rd2[0].checked = false; } d2xor.value = MXA.substring(52,54); d2add.value = MXA.substring(54,57); tc = aq(6,1); // set d3 dw3.value = MXA.substring(58,59); tc = MXA.substring(59,60); if (tc == "t") { rd3[0].checked = true; rd3[1].checked = false; } else { rd3[1].checked = true; rd3[0].checked = false; } d3xor.value = MXA.substring(60,62); d3add.value = MXA.substring(62,65); tc = aq(7,1); // set GS2 Mode tc = MXA.substring(66,67); document.ConvForm.RGS2Mode[0].checked = false; document.ConvForm.RGS2Mode[1].checked = false; document.ConvForm.RGS2Mode[2].checked = false; document.ConvForm.RGS2Mode[3].checked = false; document.ConvForm.RGS2Mode[4].checked = false; if (tc == "0") { document.ConvForm.RGS2Mode[0].checked = true; } if (tc == "1") { document.ConvForm.RGS2Mode[1].checked = true; } if (tc == "2") { document.ConvForm.RGS2Mode[2].checked = true; } if (tc == "3") { document.ConvForm.RGS2Mode[3].checked = true; } if (tc == "4") { document.ConvForm.RGS2Mode[4].checked = true; } } else { // store MName tc = ""; ta = document.ConvForm.MName.value; tc += ta + " "; // store a0 tc += aq(0,0,4) + " "; // store a1 tc += aq(1,0,4) + " "; // store a2 tc += aq(2,0,4) + " "; // store a3 tc += aq(3,0,4) + " "; // store d0 tc += aq(4,0,4) + " "; // store d1 tc += aq(5,0,4) + " "; // store d2 tc += aq(6,0,4) + " "; // store d3 tc += aq(7,0,4) + " "; // find what GS2 Mode b = 0; for (var i = 0; i < 5; i++) { if (c[i].checked) { b = i; i = 5; } } ta = DecToHex(b,1); tc += ta; if (Where == 0) { MXorAdd.value = tc; } else { MXorAddt.value = tc; } } } function GS2(CI,E) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 05:00 PM CST // CI = CodeIn CO = CodeOut // E = 0 GS2toHex Unencrypt E = 1 HexToGS2 Encrypt // Convertion from: http://mywebpages.comcast.net/dstrobri/index.html // hellion00@comcast.net // temp char for CI var mx = "0"; var c = "0"; // ver's for CO var ca0 = "00"; var ca1 = "00"; var ca2 = "00"; var ca3 = "00"; var cd0 = "00"; var cd1 = "00"; var cd2 = "00"; var cd3 = "00"; var CO = "0"; // ver's for formulas var a0w = document.ConvForm.a0Swap; var ra0 = document.ConvForm.Ra0; var a0xor = document.ConvForm.a0xor; var a0add = document.ConvForm.a0add; var a1w = document.ConvForm.a1Swap; var ra1 = document.ConvForm.Ra1; var a1xor = document.ConvForm.a1xor; var a1add = document.ConvForm.a1add; var a2w = document.ConvForm.a2Swap; var ra2 = document.ConvForm.Ra2; var a2xor = document.ConvForm.a2xor; var a2add = document.ConvForm.a2add; var a3w = document.ConvForm.a3Swap; var ra3 = document.ConvForm.Ra3; var a3xor = document.ConvForm.a3xor; var a3add = document.ConvForm.a3add; var d0w = document.ConvForm.d0Swap; var rd0 = document.ConvForm.Rd0; var d0xor = document.ConvForm.d0xor; var d0add = document.ConvForm.d0add; var d1w = document.ConvForm.d1Swap; var rd1 = document.ConvForm.Rd1; var d1xor = document.ConvForm.d1xor; var d1add = document.ConvForm.d1add; var d2w = document.ConvForm.d2Swap; var rd2 = document.ConvForm.Rd2; var d2xor = document.ConvForm.d2xor; var d2add = document.ConvForm.d2add; var d3w = document.ConvForm.d3Swap; var rd3 = document.ConvForm.Rd3; var d3xor = document.ConvForm.d3xor; var d3add = document.ConvForm.d3add; // store CI in memory X make 17 Char long with space mx = CI + "00000000000000000"; mx = mx.substr(0,17); // make sure input is hex mx = MakeHexW(mx); // Convert // 0xFF is hex in javasrcript c = mx.substring(0,2); ca0 = EPair(c, a0xor.value, a0add.value, ra0[0].checked, E, a0w.value); c = mx.substring(2,4); ca1 = EPair(c, a1xor.value, a1add.value, ra1[0].checked, E, a1w.value); c = mx.substring(4,6); ca2 = EPair(c, a2xor.value, a2add.value, ra2[0].checked, E, a2w.value); c = mx.substring(6,8); ca3 = EPair(c, a3xor.value, a3add.value, ra3[0].checked, E, a3w.value); c = mx.substring(8,10); cd0 = EPair(c, d0xor.value, d0add.value, rd0[0].checked, E, d0w.value); c = mx.substring(10,12); cd1 = EPair(c, d1xor.value, d1add.value, rd1[0].checked, E, d1w.value); c = mx.substring(12,14); cd2 = EPair(c, d2xor.value, d2add.value, rd2[0].checked, E, d2w.value); c = mx.substring(14,16); cd3 = EPair(c, d3xor.value, d3add.value, rd3[0].checked, E, d3w.value); // build code CO = ca0 + ca1 + ca2 + ca3 + cd0 + cd1 + cd2 + cd3; return CO; } function EPair(P,X,Y,F,E,W) { // Function by kpdavatar@netbroadcaster.com // Version 3.00 0/26/2002 08:00 PM CST // P = Pair Char X = Xor Y = Add // W = 0 ~ F = true ~ A? = (a? Xor X) + Y // W = 1 ~ F = true ~ A? = SN((a? Xor X) + Y) // W = 2 ~ F = true ~ A? = (SN(a?) Xor X) + Y // W = 0 ~ F = false ~ A? = (a? + Y) Xor X // W = 1 ~ F = false ~ A? = SN((a? + Y) Xor X) // W = 2 ~ F = false ~ A? = (SN(a?) + Y) Xor X // E = 0 ~ Decrypt // E = 1 ~ Encrypt // W = 0 // E = 0 ,F = True ~ A? = (a? !+ Y) Xor X :Decrypt A? = (a? Xor X) + Y // E = 1 ,F = True ~ A? = (a? Xor X) + Y :Encrypt A? = (a? Xor X) + Y // W = 1 // E = 0 ,F = True ~ A? = (SN(a?) !+ Y) Xor X :Decrypt A? = SN((a? Xor X) + Y) // E = 1 ,F = True ~ A? = SN((a? Xor X) + Y) :Encrypt A? = SN((a? Xor X) + Y) // W = 2 // E = 0 ,F = True ~ A? = SN((a? !+ Y)) Xor X) :Decrypt A? = (SN(a?) Xor X) + Y // E = 1 ,F = True ~ A? = (SN(a?) Xor X) + Y) :Encrypt A? = (SN(a?) Xor X) + Y // W = 0 // E = 0 ,F = False ~ A? = (a? Xor X) !+ Y :Decrypt A? = (a? + Y) Xor X // E = 1 ,F = Flase ~ A? = (a? + Y) Xor X :Encrypt A? = (a? + Y) Xor X // W = 1 // E = 0 ,F = False ~ A? = (SN(a?) Xor X) !+ Y :Decrypt A? = SN((a? + Y) Xor X) // E = 1 ,F = Flase ~ A? = SN((a? + Y) Xor X) :Encrypt A? = SN((a? + Y) Xor X) // W = 2 // E = 0 ,F = False ~ A? = SN((a? Xor X) !+ Y) :Decrypt A? = (SN(a?) + Y) Xor X // E = 1 ,F = Flase ~ A? = (SN(a?) + Y) Xor X :Encrypt A? = (SN(a?) + Y) Xor X var c = "+00"; var nx = 0; var na = 0; var np = 0; var ne = 0; var ce = "00"; var tc = "00"; var s = "+"; var fe = true; // convert add to Dec tc = Y; s = tc.substring(0,1); c = "0x" + tc.substring(1,3); na = c * 1; if (s == "-") { na *= -1; } // convert xor to Dec nx = ("0x" + X) * 1; // W=1 Swap Before Decrypt or W=2 Swap Before Encrypt if ((W == "1" && E == 0) || (W == "2" && E == 1)) { P = SwapNibble(P); } // convert pair to Dec np = ("0x" + P) * 1; // use which formula // E = 0 decrypt // Subract instead of add // Add instead of subtract // invert formula fe = F; if (E == 0) { na *= -1; if (F) { fe = false; } else { fe = true; } } if (fe) { ne = (np ^ nx) + na; if (ne < 0) { ne += 256; } if (ne > 255) { ne -= 256; } } else { ne = np + na; if (ne < 0) { ne += 256; } if (ne > 255) { ne -= 256; } ne ^= nx; } ce = DecToHex(ne, 2); // W=1 Swap After Encrypt or W=2 Swap After Decrypt if ((W == "1" && E == 1) || (W == "2" && E == 0)) { ce = SwapNibble(ce); } return ce; } function SwapNibble(bytein) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 05:00 PM CST var tempb = "00"; var tempH = "0"; var tempL = "0"; var byteout = "0"; tempb = bytein; tempH = tempb.substring(0,1); tempL = tempb.substring(1,2); byteout = tempL + tempH; return byteout; } function FormatOut(WhatDo) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 05/12/2003 05:00 PM CST var d = document.ConvForm.RCodeType; var dummy = 0; if (d[0].checked) { dummy = ConvToGS2(); } if (d[1].checked) { dummy = ConvToHex(); } if (d[2].checked) { dummy = ConvToCB2(); } } function DoOffSet(What) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 10:30 AM CST // What = 0 Add What = 1 Sub var OffSet = document.ConvForm.CodeOff; var Code = document.ConvForm.Code; var d = document.ConvForm.RCodeType; var b = 0; var savemode = 0; var dummy = 0; // vars for code and offset var mc = "fedcba9876543210"; var mcf = "fedcba98"; var mcb = "76543210"; var ncf = 0; var ncb = 0; var mo = "fedcba9876543210"; var mof = "fedcba98"; var mob = "76543210"; // find what Mode b = 0; for (var i = 0; i < 4; i++) { if (d[i].checked) { b = i; i = 4; } } savemode = b; // convert to hex to prevent quarky logic codes dummy = ConvToHex(); // store Code in memory X make 17 Char long + space // mcf = Code.value; mc = Code.value + "00000000000000000"; mc = mc.substr(0,17); // make sure input is hex mc = MakeHexW(mc); // store Offset in memory X make 17 Char long + space // mof = OffSet.value; mo = OffSet.value + "00000000000000000"; mo = mo.substr(0,17); // make sure input is hex mo = MakeHexW(mo); // cut to word size and make java hex mcf = "0x" + mc.substr(0,8); mcb = "0x" + mc.substr(8,16); mof = "0x" + mo.substr(0,8); mob = "0x" + mo.substr(8,16); // add words java (? * 1) makes dec if (What == 0) { ncf = (mcf * 1) + (mof * 1); ncb = (mcb * 1) + (mob * 1); } else { ncf = (mcf * 1) - (mof * 1); ncb = (mcb * 1) - (mob * 1); } // put code out Code.value = DecToHex(ncf,8,2) + DecToHex(ncb,8,2); // set mode back if (savemode == 0) { dummy = ConvToGS2(); } if (savemode == 1) { dummy = ConvToHex(); } if (savemode == 2) { dummy = ConvToCB2(); } if (What == 0) { document.ConvForm.MSG.value = "Add Hex Offset"; } else { document.ConvForm.MSG.value = "Sub Hex Offset"; } } function KeyCode() { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 12:00 PM CST var MCode = document.ConvForm.MCode; var KeyCode = document.ConvForm.FKeyCode; var mx = "0000000000000000"; // var for Parsing and Shifting Code var CMFE = "0E"; var CMFEDCBA98 = "0E3C7DF2"; var CM76 = "17"; var CM54 = "46"; var CM32 = "EA"; var CM10 = "AD"; var CH76 = "XX"; var CH54 = "XX"; var CH32 = "XX"; var CH10 = "XX"; var n76 = 0; var n54 = 0; var n32 = 0; var n10 = 0; var x = " "; var y = " "; var z = " "; var n = 0; var KeyHex = "00000000"; // store (M) in memory X make 17 Char long with space mx = MCode.value + "00000000000000000"; mx = mx.substr(0,17); // make sure input is hex mx = MakeHexW(mx); CMFE = mx.substring(0,1); if (CMFE == "E") { // one line (M) code KeyCode.value = "05100518"; } else { // DEADFACE (M) code CM76 = "0x" + mx.substring(8,10); CM54 = "0x" + mx.substring(10,12); CM32 = "0x" + mx.substring(12,14); CM10 = "0x" + mx.substring(14,16); n76 = (CM76 * 1) - 0X3B; if (n76 < 0) { n76 += 0x100; } n76 ^= 0xD9; if (n76 < 0 || n76 > 7) { n76 = 0; } CH76 = DecToHex(n76, 2); n54 = (CM54 * 1) - 0X1B; if (n54 < 0) { n54 += 0x100; } n54 ^= 0x3B; if (n54 < 0 || n54 > 31) { n54 = 0; } CH54 = DecToHex(n54, 2); n32 = (CM32 * 1) - 0XCC; if (n32 < 0) { n32 += 0x100; } n32 ^= 0x1B; if (n32 < 0 || n32 > 7) { n32 = 0; } CH32 = DecToHex(n32, 2); n10 = (CM10 * 1) - 0XD9; if (n10 < 0) { n10 += 0x100; } n10 ^= 0xCC; if (n10 < 0 || n10 > 31) { n10 = 0; } CH10 = DecToHex(n10, 2); KeyCode.value = CH76 + CH54 + CH32 + CH10; } z = mx; if (document.ConvForm.CenterSpace.checked) { x = mx.substring(0,8); y = mx.substring(8,16); z = x + " " + y; } z = z + "-GS2"; MCode.value = z; return KeyHex; } function HerbenBytes(HexBase) { // Function by kpdavatar@netbroadcaster.com // Version 5.00 03/12/2003 04:00 PM CST // function to get Herben's GS2 Data var OffSet = 0; var BytesOut = "00000000"; var HData = " "; var y = 0; // 0 1 2 3 4 5 6 7 8 9 A B C D E F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F HData = "0000000025E3AE1F6DA2F39B4F457B69C54012A5CAE0C98004098390931858623A42A9D77D6557440D1C50ECF1C1087543EB043B05B081627169020C661421A3820196A631B209E4218E0F1FD8FB904CFEFAC3054D8662E4C2092744C895216ECC1B3BD90961225BA0144E34060E88E64999F508D521C531F1EC75914603EEAE"; OffSet = ("0x" + HexBase) * 8; if (OffSet < 0) { OffSet = 0; } if (OffSet > 248) { OffSet = 0; } y = OffSet + 8; BytesOut= HData.substring(OffSet, y); return BytesOut; } // end --> Code: Mode: GS2 Hex CB2 MSG : Hex Offset: Output FormatCenter Space Post Desc. Mem0Mem1Mem2Mem3 Mem4Mem5Mem6Mem7 Mem8Mem9MemAMemB MemCMemDMemEMemFGS2 Encryption 1456E7A5 BCA99B83 F8FCFEFE Custom Mem Name Herben First Line of (M): a0XorAdd AddXorADD:XOR:MSG:a1XorAdd AddXorADD:XOR:MSG:a2XorAdd AddXorADD:XOR:MSG:a3XorAdd AddXorADD:XOR:MSG:d0XorAdd AddXorADD:XOR:MSG:d1XorAdd AddXorADD:XOR:MSG:d2XorAdd AddXorADD:XOR:MSG:d3XorAdd AddXorADD:XOR:MSG: F-2) Sega Dreamcast Encryption The Gameshark for Sega Dreamcast only accepts codes in their encypted form. However, Xploder and Codebreaker DC accept both RAW (decrypted) codes and Gameshark (encrypted) codes. If you have a DC shark and want to encrypt codes for use on it, then use DCCrypt. There's also a CD image of the Gameshark floating around that's been modded to accept RAW codes. F-3) Converting between GSA and CBA - by DGenerateKane Well, I've seen many people asking how, and I'm sure we will get more n00b's who will ask. So I whipped up this guide on how to. I did it in about 5 minutes, there may be some mistakes and typos, correct them if you please. And I don't mind feedback or questions. GBA Code Conversion Guide Version 1.1 By DGenerateKane Last Updated: 03-03-03 Code Type List originally by Parasyte, edited by DGenerateKane CBACrypt and GSACrypt by Parasyte Table Of Contents 1. GameShark to CodeBreaker 2. CodeBreaker to GameShark 3. Tools 4. Info 5. GSA Code Type List 6. CBA Code Type List 7. What's Next GameShark to CodeBreaker 1. Get a GS code you want converted. Example: Breath of Fire II Infinite Zenny 4C051DA2 3F3075BB 2. Put it in the left panel of GSACrypt, making sure to seperate the first and second 8 digits with a space. 3. Press Decrypt. The new code in the right panel is the same code now in RAW format. The example code: 12006870 0000FFFF 4. Now, refer to the code types to see what the name of the code type is, then check for the same code type for CB, and change the first digit accordingly. If there is no matching code type, the code cannot be converted. Example: 82006870 0000FFFF 5. Now, go to www.cmgsccc.com/gba (I think) for gsccc's CB codes, find the game that you are converting codes for, and copy the first line of the (M) code, it starts with a 9. If it doesn't have one, you don't need to convert it any further, you're done. The BoF II Seed code is: 9171AA80 F67E 6. Paste the 9 code into the left panel of CBACrypt. 7. Paste the RAW code you decrypted into CBACrypt UNDER the 9 code. Delete the first 4 digits from the second line of 8 digits. EXAMPLE: XXXXXXXX YYYYXXXX: Delete the four digits in the Y positions. Remember to seperate the first 8 digits and the last 4 digits with a space. The example code is: 82006870 FFFF 8. Press Encrypt. The new code in the right panel is the code now in CB encrypted format. (Ignore the first line, its the 9 code) Example Code: 0AD6BC51 CF46 9. Fine! (End) CodeBreaker to GameShark 1. First, look at the codes for the game at GSCCC and check if it has a 9 code in the (M) code. If not, the code is already in RAW format, skip to step 5 Example: Breath of Fire II Infinite Zenny 0AD6BC51 CF46 2. Take the 9 code from the (M) and paste it into the left panel of CBACrypt. 9 Code is 9171AA80 F67E 3. Paste the CB code you want converted under the 9 code. 4. Press Decrypt. The new code in the right panel is the same code now in RAW format. (Ignore the first line, its the 9 code) Example Code: 82006870 FFFF 5. Now, refer to the code types to see what the name of the code type is, then check for the same code type for GS, and change the first digit accordingly. If there is no matching code type, the code cannot be converted. Example Code: 12006870 FFFF 6. Paste the RAW code you decrypted into GSACrypt's left panel. Add 4 0's to the begining of the second line of 8 digits. EXAMPLE: XXXXXXXX YYYY: Add four 0's in the Y positions. Remember to seperate the first 8 digits and the last 8 digits with a space. Excample Code: 12006870 0000FFFF 7. Press Encrypt. The new code in the right panel is the code now in GS encrypted format. Example Code: 4C051DA2 3F3075BB 8. Fine! (End) Tools Location of GSACrypt: ARCrypt Final 2_2 Location of CBACrypt: http://www.gscentral.com/lib/downloads/CBAcrypt.exe Note for ARCrypt: You must have a program that will extract .rar files, such as WinRAR. Info Unconvertable Codes: Codes that have a code type in one format but not the other. (M) Codes. (Different Format) ID Codes. (Different Format) GSA 32bit codes. (CB only supports 8 and 16) GSA GS Button Codes. (The CB for some reason doesn't have one this time around.) Encryption Seed Code. (Different encryption obviously) Since I know you are lazy, I have pasted below all the known GS and CB code types. (see above section - Tolos) F-4) Xploder/Xplorer N64 & PSX Encryption -by Parasyte & Misfire Some Xploder/Xplorer codes are encrypted, and some aren't. We're guessing that maybe only the "official" ones are encrypted. Perhaps we'll find out more about this later, but at least we can encrypt/decrypt them. :) EncryptionDecryptionA0A1A2A3 D0D1a0a1a2a3 d0d1A0 = (a0 XOR $06) on PSXA0 = (a0 XOR $68) on N64A1 = (a1 XOR $81) - $2BA2 = (a2 XOR $82) - $2BA3 = (a3 XOR $83) - $2BD0 = (d0 XOR $84) - $2BD1 = (d1 XOR $85) - $2BAlternate:A0 = (a0 XOR $06) on PSXA0 = (a0 XOR $68) on N64A1 = (a1 XOR $01) - $ABA2 = (a2 XOR $02) - $ABA3 = (a3 XOR $03) - $ABD0 = (d0 XOR $04) - $ABD1 = (d1 XOR $05) - $AB a0 = (A0 XOR $06) on PSXa0 = (A0 XOR $68) on N64a1 = (A1 + $2B) XOR $81a2 = (A2 + $2B) XOR $82a3 = (A3 + $2B) XOR $83d0 = (D0 + $2B) XOR $84d1 = (D1 + $2B) XOR $85Alternate:a0 = (A0 XOR $06) on PSXa0 = (A0 XOR $68) on N64a1 = (A1 + $AB) XOR $01a2 = (A2 + $AB) XOR $02a3 = (A3 + $AB) XOR $03d0 = (D0 + $AB) XOR $04d1 = (D1 + $AB) XOR $05Newer PSX 7K Encryption (PSX Only)A0A1A2A3 D0D1A0 = (a0 XOR $07)A1 = (a1 - (a2 AND $73)) + ((a3 XOR $90) - $F5) - d0 - d1A2 = (a2 - (a3 AND $73)) + ((d0 XOR $90) - $16) - d1A3 = (a3 - (d0 AND $73)) + ((d1 XOR $90) - $5A)D0 = (d0 - (d1 AND $73)) + $35D1 = (d1 + $35) Newer PSX 7K Decryption (PSX Only)a0a1a2a3 d0d1d1 = (D1 - $35)d0 = (D0 + (D1 AND $73)) - $35a3 = (A3 + (D0 AND $73)) - ((D1 XOR $90) - $5A)a2 = (A2 + (A3 AND $73)) - ((D0 XOR $90) - $16) + D1a1 = (A1 + (A2 AND $73)) - ((A3 XOR $90) - $F5) + D0 + D1a0 = (A0 XOR $07) ----------------------------------------------- X) How-to Guide - The Hacking Begins ----------------------------------------------- Are you ready to start hacking? Of course you are. If you have skipped directly to this section hoping you can read just this part and think you can be a GameShark code hacker, think again. It is HIGHLY recommended, indeed required that you read everything that has already been presented in this document. If you do not, you won't understand what most of the following states, and you will most likely not be successful in being able to hack GameShark codes. This is the untouched, unchanged GB Hacking Guide written by DaRfUs. We include it here to honor a hacker who first desired to teach others his trade. ========================== GB Hacking guide Written by DaRfUs First you start off by choosing what you want the code to do (start with something simple like an unlimited life code). Now go to "Game Trainer" in the GS menu. It will start the game. Walk around for a little bit WITHOUT getting hit. Now press the little button at the top of the GameShark. It will take you to the GS menu once more. Again go to Game Trainer. Now walk around this time I want you to get hit. Press the GS button as soon as the life goes down. You will be taken back to the menu once again. Go to the trainer, and select "Continue Trainer" there will be 4 boxes now here is the most important part... What happened to your life the 2nd time (the time you got hit? it went down right?) so you would pick the down arrow, because your life went down! Wasn't that simple! Now it will search for some possible codes(if you get a big # of possible codes then keep repeating step 2) ========================== What this says is "compare and contrast", which is what the guys like CodeBoy and CodeMaster do when hacking! They use the same method the GB GS trainer uses. In the text above, DaRfUs explains that you choose the "down arrow". This is not only because your life went down, but so the trainer will compare the two RAM Dumps(which were taken when you pushed the little button on top), and display only the codes that had the values lowered in the second dump. From what I understand, the GameShark Pros' trainer will work similar to the one on the standard GB 'Shark and the SharkLink/Comms Links. With all this information, you should be cutting the edges in your mind. You should be gathering ideas right now. Thinking of what these trainers actually do. Discovering for yourself what you want to know about GS hacking. A) One Small Step For Man... Nintendo 64 - This part discusses important information about things like key codes, and "Enable Codes". A key code is a code which is used to bypass the lock-out code set into the games header. When a key code is activated in the 'Shark, it will use that key code as a default for a one-time shot. There are currently four different key codes available. Check GameShark Central (www.gscentral.com) for the key codes or check the FAQ section of this document. Most "locked" games need the use of an "Enable Code". There are also many games that use enablers that do not require Key codes. They simply allow codes to function and the code generator which is the software newer Game Sharks have function. This code is a code that is placed in with the others(usually named, "MUST BE ON" or "M" code). The Enable code used the most is "DE000400 0000" but there are others. Most recently, Donkey Kong 64 had a multi line enabler code in the 3.2 version to allow codes to work with the Game shark. The 3.3 Game shark now uses only one line of code. Enablers also allow the gamer to use what is called hi resolution codes which in order for a game to run would normally use the memory expansion pack and thus render the GameShark Code Generator unable to run since it requires this same memory expansion pack. Any code beginning with "DE" in GS versions 1.08 to 2.1 will cause the 'Shark to freeze up when not used with a key code and needing game. In my version 2.2, the code "DE000400 0000" will NOT freeze the Shark. Yet almost any other "DE Code" will freeze it. As mentioned earlier, there is one key coded game that DOESN'T need an enable code. The Legend of Zelda: Ocarina of Time and when using the GameShark 2.2, you see a new addition to the key codes. It's a 32-bit block(aka instruction code). Now, three of the four key codes use the block "80 20 10 00". BUT, Zelda uses the block "80 19 00 00". Does this suggest that using a block different from the default, will make the use of an Enable Code nullified? I think not. There must be some defect that The GS has when using the "80 20 10 00" code. This calls for the 'DE' enable code to make the GameShark work! The GS 3.2 and up does however require an enabler code or M codes in order to work without freezing. The DE is used to tell the GameShark where the value "3C0880" is located. Why "3C0880"? I don't know for sure, but my guess is that the value is where the RAM begins. So the RAM actually starts at RAM address "000400" and not "000000"(which also has the value of "3C0880"). The DE code does not overwrite the value of the given address. PlayStation - There are a few Enable Codes needed in PSX games(Crash Bandicoot for example). But I don't understand if the enablers are used for a lock-out, or to fix a small bug. This part of the section is in need of reference. I know a few people that could submit contributions, and I'm sure everyone will greatly appreciate it. B) The Methods Here are a few of the many methods used to hack GS codes - Game Trainers - MadCatz and Datel have their own trainers. You can, however, get a trainer called "PC Comms Link" which will connect your platform to your computer where you can use a hex editor to view the ROM/RAM of your game. You will only be editing the RAM part of your games memory though. Comms Links may still be available from Datel. Game Backup Devices - Some devices like "Doctor V64" and "CD64" have a built-in hex editor and GameShark function that allows you to view the ROM/RAM and create GameShark codes. There are many LEGAL issues regarding the use of these type of hacking devices and as such the authors of this document have declined to include them within the scope of this work. ROM and Hex Editor - Finally! Kong's secret hacking method is revealed! It is, at sometimes, seemingly impossible to hack using this primitive method, but it is well worth the trouble of it all! I was able to hack 54 Harvest Moon GB codes using this. When no one else could even get one code! How about those results?! I've also hacked numerous other codes this way. Definitely something to try out! Be Aware, using ROMs(they can be found on the internet) is ILLEGAL when used for purposes of your own entertainment, this means you can't use them just to play them! It may be possibly illegal just because most of the Nintendo game instruction booklets say, "WARNING: Copying of any Nintendo game is illegal and is strictly prohibited by domestic and international copyright laws. "Back-up" or "archival" copies are not authorized and are not necessary to protect your software. Violators will be prosecuted." The author does not endorse nor will support any information or the acquisition of obtaining game ROMs for legal reasons, and their use is explained here for comparison and illustrative purposes only. The author waives all responsibility for those readers that possess or attempt to possess such material, and the sole responsibility, accountability and legal consequences rest solely with the reader. If none of this scares you, read on. You can hack this way by doing similar to what DaRfUs explains. If looking for an infinite health code, start a ROM with an emulator and DO NOT lose any health. Save the current state(check with your emulators readme file to see how to save a state or a snapshot), which will be like a ROM Dump. Then restart the ROM, go to a different spot you were at last time, lose health, and as quickly as you can, save the state/snapshot! Now load up a hex editor such as "Hex Workshop". Open the saves that you made(check with your emulators' readme file to find out what the extension will be). Choose Tools/Compare(in Hex WorkShop). You will get various comparisons. When you find a comparison that looks like it could be the one, change it in the second save that you made. Change the quantifier to something like "00"(this way, you will die if you have the right offset). Now load your emulator and ROM, load the SECOND save that you made(with the changed quantifier), if you die, or have less energy, you found the right offset! Now you need to find the beginning of the RAM. This might be impossible w/o previous training skills. A really easy way to hack the beginning of the "valid" RAM, You can activate certain GameShark codes, and save a state, then find the values used in the codes, in the hex editor! EG- for Game Boy hacking, I use these codes together on any game- 013C00C0 013D01C0 014902C0 012203C0 Now I'd save a snapshot. Then Id enter hex workshop and find value "3C3D4922" which is nearly impossible to see twice(although on some games, the GS wrights to two different address locations with one code). When I find the FIRST string with that value, I write the beginning offset on a piece of paper. then I subtract that offset from "C000". L