|
cheats
|
|
|
vgaddict8
Suspended permanently
|
27. July 2005 @ 07:13 |
Link to this message
|
|
Hi. Besides button codes and hints, is there anything like gameshark for the xbox? I heard of trainers or something, but what do they do? It would be lame if there are no gameshark device for xbox.
|
|
Advertisement
|
|
|
|
|
Achilles3
Suspended due to non-functional email address
|
27. July 2005 @ 14:48 |
Link to this message
|
|
Yes there's ActionReplay for all your Xbox cheat needs.
This message has been edited since posting. Last time this message was edited on 27. July 2005 @ 14:50
|
|
vgaddict8
Suspended permanently
|
28. July 2005 @ 06:58 |
Link to this message
|
|
Sucks, because no one been able to rip it yet. Make a download version please!
|
|
vgaddict8
Suspended permanently
|
30. July 2005 @ 08:49 |
Link to this message
|
|
Has Action Replay been cracked for xbox? I can't find it anywhere! So not? I need to know!
|
|
Flashed
Junior Member
|
30. July 2005 @ 18:03 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 6. August 2005 @ 20:22
|
|
vgaddict8
Suspended permanently
|
31. July 2005 @ 08:16 |
Link to this message
|
|
Hey Flashed, is there another method to get action replay free besides having to make your own usb controller. That's pretty scary stuff. Isn't there a burnable version of action replay for xbox? If there isn't, is there another way to cheat for xbox? Do you know what trainers are. I have beat many games, and want to explore their cheat values.
|
|
Flashed
Junior Member
|
1. August 2005 @ 00:03 |
Link to this message
|
|
|
Senior Member
2 product reviews
|
3. August 2005 @ 10:18 |
Link to this message
|
|
the action replay for xbox does not allow you to cheat. it mearly allows you to download other peoples saved games and use them. If you have your xbox modded, then you are better off downloading a copy of Xbox Save Game Manager and ftp'ing the save game to your xbox. Now as for the cheating, the best way to go is to get trainers or learn how to create them yourself.
|
|
Flashed
Junior Member
|
3. August 2005 @ 21:39 |
Link to this message
|
|
Hey Bubba did u get a tutorial on how to make your own trainers?
|
Senior Member
2 product reviews
|
3. August 2005 @ 22:00 |
Link to this message
|
|
yeah, I have a couple of tutorials on how to create trainers. They isn't really 100% specific but I'll post them on here later. I have to cruise to work at the moment.
|
|
tim1210
Member
|
4. August 2005 @ 00:36 |
Link to this message
|
|
There are things called "Trainers" It's alot like gameshark. Like If you get the halo trainer u can get like unlimited shield, super jump, stuff like that, gameshark-y cheats. You dont need a usb or anything either, u just need to DL it and install it.
This message has been edited since posting. Last time this message was edited on 4. August 2005 @ 00:37
|
Senior Member
2 product reviews
|
4. August 2005 @ 05:58 |
Link to this message
|
|
Ummmmm, tim1210 you really didn't read all of this thread did you? If you did then you would have noticed that we were already talking about using trainers. And shortly I am going to post a couple of tutorials on how to make trainers.
|
Senior Member
2 product reviews
|
4. August 2005 @ 05:59 |
Link to this message
|
|
Edited due to double post.
This message has been edited since posting. Last time this message was edited on 4. August 2005 @ 06:00
|
|
Flashed
Junior Member
|
5. August 2005 @ 13:00 |
Link to this message
|
|
Hey bubbba so wats up with the tutorial?
This message has been edited since posting. Last time this message was edited on 5. August 2005 @ 13:29
|
|
vgaddict8
Suspended permanently
|
5. August 2005 @ 16:43 |
Link to this message
|
Yep! I got trainers to work and they are pretty sweet! Thank you so much Flashed for all you help-If not for you help, I wouldn't be using some sweet cheats for burnout 3.
So Bubba1982, action replay for xbox doesn't really allow you to cheat? That's pretty stupid then.
Besides http://trainers.evolutionx.info/pg/downloads/category/3/index.php... where else can I get more trainers?
|
|
Achilles3
Suspended due to non-functional email address
|
5. August 2005 @ 17:38 |
Link to this message
|
|
|
Senior Member
2 product reviews
|
5. August 2005 @ 20:16 |
Link to this message
|
|
well, the trainer tutorial has been submitted to the guides section and is now awaiting approval from aD staff. If it doesn't get approved then I'll just paste it in here. Fear not, you will get a guide.
|
|
Advertisement
|
|
|
Senior Member
2 product reviews
|
5. August 2005 @ 20:31 |
Link to this message
|
decided to post the first tutorial in here anyways. remember, this is not a tutorial made by me. ok.
Evox Trainer Tutorial.
Tools needed:
Computer
Xbox
Latest Evox
CXBX (http://www.caustik.com/cxbx/)
Network connection between xbox and computer
brain
Useful tools:
Ida Pro (any will do, 4.30-current is ideal)
The first step to writing a trainer is to pick a game, just about any game will do,
but its best to start out with something simple, where its easy to tell the values
you are dealing with. It helps if the value is something you can see update, such
as lives or amount of ammo.
I looked back through the games that I've wrote trainers for, and most of them weren't
what I'd call simple, Armed and Dangerous and TMNT (# of continues) were easiest, so lets
try one of those..
After selecting a game get a copy of the xbe onto your computer and load it up in caustiks
CXBX, go to the file menu and say 'export exe' and save it to something like tmnt.exe, now
go to the edit menu, and select the dump xbe info to option, dump it to a file so that you
can cut and paste.
Open the output file up with a text editor (notepad/wordpad) and scroll until you see
something like (from max payne 2):
Dumping XBE Certificate...
Size of Certificate : 0x000001EC
TimeDate Stamp : 0x3FB3F515 (Thu Nov 13 16:18:13 2003)
Title ID : 0x5454000C
Title : L"Max Payne 2"
The part you care about it the title ID, copy that to another text editor window and
be sure to save it, you'll need it to write the trainer.
Now load up the game on your xbox (I will be showing how to do the Continue trainer for TMNT),
telnet to your xbox's ip.. You will see:
RemoteX Debugger V1.1
.
Pick a character, I chose Leonardo..
Hit A until you you see a bunch of the little robot thingies coming at you..
Now look at your status bar, you have health (bar) # of Shurikens, score, and '6' hearts.
type: value 6
The output should look like:
Store Game State in slot 0
...
...
Done.
Slot 0 Val 6
--
Now lose a life, and continue, now on the screen it says '5' so do a value 5 search.
the output should look like:
Store Game State in slot 1
...
...
Done.
Slot 0 Val 6
Slot 1 Val 5
--
repeat the above process again (lose a life and continue) then search for 4..
Store Game State in slot 2
...
...
Done.
Slot 0 Val 6
Slot 1 Val 5
Slot 2 Val 4
(a bunch of crap)
I then wen't back to the title screen (Start) and started playing again, now that my life
count is back to 6, so I do a value 6 search..
Check 83d00000:83f58000
83d03088
83d030d0
83d0343c
83d03444
83d034d8
83d03910
83d0395c
83d08084
83d0842c
83d0c2dc
83d0c2e0
83d0c2e4
83d0c2e8
83d0c2ec
83d0c600
83d0c604
83d0c618
83d0c634
83d0c638
83d0c63c
83d0c670
83d17424
83d1781c
83d814c0
83d81830
83d81c1c
Check 00a80000:00b80000
00b72448
Check 83b34000:83c60000
83b97274
83b99a54
Check 83575000:835b5000
From this I would have to say that only three of these addresses look like good targets,
00b72448
83b97274
83b99a54
The next step is to look at what data is stored there..
so type: db <address> 10
you should see:
00b72448 : 06 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 | ................
83b97274 : 06 6a 7e d2 06 6c 81 d2 06 6a 7e d2 07 66 79 d0 | .j~R.l.R.j~R.fyP
83b99a54 : 06 67 79 d2 59 a1 af e2 bf dc e1 f4 ff ff ff ff | .gyRY!/b?\at
From this I would have to say the first one is the best canidate. Most if not all games
for xbox are wrote in C (or C++) and in C a integer (whole number) is 4 bytes long.
Although you can store values in a single byte, unless memory is tight, it is seldom
done (from what I've seen so far).
So now what? Lets see if we can change the value..
type: poke 00b72448 7
! The hearts value went up to 7! We may have the correct address..
Now its time to see. Now we want to see when this value is changed..
so type: bpmb 0 00b72448 w
Now its time to die again. When you hit start to continue the game froze. This is
good, it means this value WAS updated when you continued..
BP 0 @ 0002a261
EAX : 00b72424
EBX : 00000000
ECX : 00000001
EDX : 00000006
ESI : 013bcd24
EDI : d0044df0
EBP : d0044d4c
TMNT hangs after you do a break point (At least it does for me) so just reboot your system
(type reset in the telnet window) or turn the xbox on and off and reload TMNT, and reconnect
with telnet.
now in IDA pro, click the VIEW-ASM tab, then go to the jump menu, select jump address
and type in 0002a261.
.text:0002A250 arg_0 = dword ptr 4
.text:0002A250
.text:0002A250 mov eax, dword_2AA8E0
.text:0002A255 mov edx, [eax+24h]
.text:0002A258 mov ecx, [esp+arg_0]
.text:0002A25C sub edx, ecx
.text:0002A25E mov [eax+24h], edx
.text:0002A261 retn
.text:0002A261 sub_2A250 endp
Look at the instruction before the break, they are moving the value in edx to some memory
location, this is whats updating the value we see on the screen. So where does this edx
value come from?
If you look at the line above that:
.text:0002A25C sub edx, ecx
This means: edx = edx - ecx
if we look back to what our break point said, we see that ecx equals one, so that means its
edx = edx - 1 and since edx equals 6 after the subtraction, that means it was previously 7.
so rewrote in english:
move some address stored at 2AA8E0 into eax
*move the value that is at eax + 24h into edx
move the value (1) that was pushed to this routine into ecx
-subtract ecx from edx and place it in edx
*move edx back to where it came from (eax + 24h)
So we have a few options, we can change ecx to 0, we could not subtract the value, or we
could remove all instructions from the function, or we could just return as soon as we get
to the function.
move some address stored at 2AA8E0 into eax
*move the value that is at eax + 24h into edx
move the value (1) that was pushed to this routine into ecx
*move edx back to where it came from (eax + 24h)
If we remove the subtraction part, we end up moving a value from
eax+24h to edx
then from
edx to eax+24h
That will keep the value the same, so lets do that..
The SUB starts at 0002A25C and ends at 0002A25D so we have to remove two bytes,
the simplist way to do this is to 'NOP' (no operation) the SUB instruction.
so in your telnet window type:
poke 0002A25C 90
poke 0002A25D 90
Now start playing, and try to die, the value should stay the same, and you now have
infinite lives!
|
