News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Best hacking methods  (Read 2410 times)

joe73ffdq

  • Full Member
  • ***
  • Posts: 198
    • View Profile
Best hacking methods
« on: February 08, 2016, 02:48:01 am »
I have been at this for a couple years, but it seems like things take forever, and I would like opinions for some better methods or tools. Also, what are some patterns in the code I might not be thinking of.
 

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
    • My Brill Game Site
Re: Best hacking methods
« Reply #1 on: February 08, 2016, 05:52:29 am »
EDIT - Looking over your post history you may well already know / be doing this.

Can you provide a bit more scope as to what you are aiming to do?

The methods for finding game mechanics quickly will likely differ from those for finding text compression routines.

What are some of the patterns in the code you ARE thinking of? Much easier to tell you what you aren't thinking of if we know what you are. :) Also the platform you are working on would be nice for more specific details.

But to give you some direction I like to find RAM locations first, so quickly and easily find a location to lose lives, take a snapshot with 3 lives, lose 1, take another snapshot, compare. This gives you the location lives are stored at (can be even faster if your emulator has a search function).

Then put that address into a tracer and have it fire whenever there is a write to it. Start the game up, enable tracing, play till you lose a life, check the trace file. You should have at least 2 entries, one when the lives was set on game start and one when they were changed on losing a life.

Now look through the full trace output and jump to the code sections marked out in the original trace, read the code and you can see where initialisation is taking place and normally any other values (starting score, continues that sort of stuff) and now you can edit that in the ROM to adjust the game.

Fairly basic example of some of the quickest changes that can be made. You can even speed this up by using existing GameGenie or ActionReplay codes to give you addresses of interest but I prefer finding them myself to give a fuller understanding.

One of the parts I find most time consuming is working out which values map to which items in an inventory. Take this information on Grand Theft Auto for example. I had to go through each value for the Weapon Slot one by one, change them, save the change to the memory card and reload on the real PS2 to check (since I wasn't using an emulator at the time). Took forever to get through but the thing is, it was fun! I enjoy changing the values and seeing what it gives me as a result. Who knew there were 4 different dildos in GTA? I didn't until I done this! There is probably a faster way to work it out by checking where the value I am using is used as it is likely an offset to some pointer somewhere but at my current level (or at least back then) I think this would have taken longer than 'brute forcing' it.
« Last Edit: February 08, 2016, 06:02:28 am by RyanfaeScotland »

joe73ffdq

  • Full Member
  • ***
  • Posts: 198
    • View Profile
Re: Best hacking methods
« Reply #2 on: February 08, 2016, 07:26:10 am »
I didnt realize how vague the question was.

Most of what I do is, run through a hex editor, while testing, and making documents. Its the formatting process, with making a well laid out document, that is taking time. 2 things that would help here. If I could crop a section anywhere, and cut and paste anywhere. If there was a sub menu text option, for certain words chosen, to condense the document for easier scrolling.


I have several documents for both FF1 and DW2. I am trying to set them up, so they navigate like an editor. So I guess the best question would be, what is the most versatile Notepad type program. One that would have a small box, for sub menus, text, or notes. OCD with trying to crunch space, is the time killer to be specific.


With code patterns, I look for the following in 6502, which is all I know.

a9, a2, a0, c9, 8d, ad, and to a lesser extent, 2d, 6d, b9, 99. That should locate most stuff.



Is there anything that is formatted like an editor, and then I label everything accordingly, and then type in all the text. Kind of like an editor as a reference guide, while you manually use a hex editor.

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
    • My Brill Game Site
Re: Best hacking methods
« Reply #3 on: February 08, 2016, 08:17:38 am »
Quote
So I guess the best question would be, what is the most versatile Notepad type program.
and this
Quote
If there was a sub menu text option, for certain words chosen, to condense the document for easier scrolling.
I'd highly recommend Notepad++. I used to user Programmer's Notepad but found ++ to be way better.

With it you can do a lot of the functions you are aiming for. You can't really cut and paste anywhere but it lets you cut, paste and edit across multiple lines at arbitrary points in the line so that something like:

Code: [Select]
Hello World
Hello World
Hello World
Hello World

Can be output by only typing the line once and no copy pasting. Really handy if you need to say remove a comma between words on different lines or add markup. (Here is a video showing it better than I'm explaining it!)

Another useful feature is it does code folds so it would let you condense the document provide you mark it up a little with some XML or HTML

Here is a quick example with just the minimal XML added:

Unfolded:


Folded:


And the beauty is if once you have all your notes XML marked up they are easier to read in other tools which makes them more useful. Of course no such tools exist yet and I've never found a need to write one myself but if you were inclined to do so then it would be easier. :D

I don't actually use the code folding myself in my notes but might do soon as the file I am currently working on is getting pretty huge.

Here is a fairly typical set up for me:


You can see the left view has my notes, the right has 3 tabs which are the full T&E disassembly, the trace file I am working from and the emulator tracer settings. I also have my emulator and hex editor open in the background as well.

This makes it really easy to refer to the trace log on the right, make notes and test things out using ALT+TAB to jump between everything. If you like separate displays for 'sub menus, text, or notes' you could do this with a separate file for each opened in a separate tab or you could open multiple instances of Notepad++ and arrange them to your liking.

Not much else to say really. Once you use Notepad++ you'll never go back to Windows Notepad that's for sure. You should also get ClipX whilst you are at it. A clipboard manager that lets you copy and paste hundreds of items and keeps a history you can switch back and forth between.
« Last Edit: February 08, 2016, 03:32:31 pm by RyanfaeScotland »

joe73ffdq

  • Full Member
  • ***
  • Posts: 198
    • View Profile
Re: Best hacking methods
« Reply #4 on: February 08, 2016, 07:30:57 pm »
Cool, that definitely helps.  I have been using Notepad++ for a few months,  and the fold and unfold thing will help a lot. I just wish I could cut and paste vertically,  and not just horizontally.

FAST6191

  • Hero Member
  • *****
  • Posts: 3021
    • View Profile
Re: Best hacking methods
« Reply #5 on: February 08, 2016, 07:51:23 pm »
You can. It is called column mode editing/column select
https://notepad-plus-plus.org/features/column-mode-editing.html

joe73ffdq

  • Full Member
  • ***
  • Posts: 198
    • View Profile
Re: Best hacking methods
« Reply #6 on: February 09, 2016, 09:21:20 pm »
Colunm editing just saved me tons of time, thanks. Battle Spells in DW2, have 9 parts, and 4 different address locations. I was able to organize and reformat the page in a couple hours and not weeks.

February 10, 2016, 12:58:49 am - (Auto Merged - Double Posts are not allowed before 7 days.)
I have a couple questions, seeing the topic at hand is the right place to do so.

As far as patterns in the code, what would I look for to find....

Weapon, Armor, Shield, and Helmet Strength, are all lumped together consecutively. How would I find where their (type) is. Meaning I want to remove some weapons, to add more shields and helmets. I imagine I would be looking for a JSR that would follow either 8d xx xx, or ad xx xx, but I cant find anything.

Finding which items or armor, are assigned to special resistances. Here again I was thinking either 8d or ad, and the item # being in the 3 byte (LDA or STA), but cant find this either.

Then there is the holding capacity of 8, which I looked for c9 08 in a few places, and found nothing.

The last thing I want to find, is what each spell targets. HP, MP, Str, and Agi, specifically. Here I was thinking of $60xx, again a 3 byte (LDA or STA).

I almost forgot, and I dont remember the thread I got the answer. Bank switching for MMC1, and how to look for it.


The thing I get stuck on a lot lately, is how I want to structure my documents. I do a lot of Ctrl (z,x,c,v,b), and now that I learned Alt / left click, the ability to move more than just single lines vertically, is an imperative help  :banghead::thumbsup: 
« Last Edit: February 10, 2016, 12:58:49 am by joe73ffdq »

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
    • My Brill Game Site
Re: Best hacking methods
« Reply #7 on: February 10, 2016, 07:41:24 am »
Colunm editing just saved me tons of time, thanks. Battle Spells in DW2, have 9 parts, and 4 different address locations. I was able to organize and reformat the page in a couple hours and not weeks.
...

Good to hear. It is also worth checking out the macro feature and how that works as it is another real time saver on repetitive tasks.

I'm afraid I can't help too much with your pattern problem as I haven't done much in the way of it myself but it sounds like you are reading through the hex of the file looking for the hex codes for the instructions rather than a disassembly looking for the actual instructions themselves, would this be right?

Something that could be worth keeping in mind is that not every item in the list will be referenced directly. Say you have a list of 3 items at the following offsets:

Code: [Select]
0100 - Axe
0102 - Sword
0104 - Spork

Then you might find to get this information for the Spork the game makes a reference to the first item in the list along with an offset.

Something like (pseudo-code):

Code: [Select]
LDA    $0100, A0
MOV   #$4(A0), D0

So if you are doing a search for the equivalent of
Code: [Select]
MOV    $0104, D0 you won't find it.

Of course this is just a possibility although I think it is a pretty likely one.


As an aside I've just convinced myself that I need to mark up my notes better. Currently I am updating my notes and then updating 2 pages on my website as well with what I've found. Because of all the formatting and markup needed to get it to display correctly on the site I am spending hours just regurgitating my notes onto there, hours that I could be spending finding out more info!

So I'm going to write a tool that will take my notes, marked up with XML and spit out the HTML I need to display them nicely. :)

February 11, 2016, 05:49:45 pm - (Auto Merged - Double Posts are not allowed before 7 days.)
So I took the plunge and tidied up my notes on Toejam and Earl with some XML and I'm pretty chuffed with the results. I've went from this:



To this:



Much better!

Over the next few days I'm going to throw together a little program to interpret these notes and put out some additional files based on them. However I'll stop dumping my updates all over your topic, sorry!  :angel:
« Last Edit: February 11, 2016, 05:49:47 pm by RyanfaeScotland »