[ACmod]

So I'm a long-term fan of the Armored Core series and have been really entrenched/involved in the franchise for over a decade now. Often times we talk about ways to improve/balance the games. Because of the huge amount of customization in these games (they have tons of stats and parts to equip) they often have a lot of poorly balanced parts that are either not very useful or make certain mechanics easily abused.

Later PS3 era games had the ability to get publisher patches to fix these things, but the PS2 games don't have that. Ideally I would modify Armored Core Last Raven Portable or Armored Core Last Raven (for PS2). The PS2 version lacks multiplayer but has dual analog support, the PSP version has no dual analog support but has multiplayer.

What tools would I need to modify in-game values such as the stats of individual parts of a PSP or PS2 game?

The entire goal here is to create a more ground-based, weighty, high-consequence style of fighting and increase variety between weapons and tactics by affecting their existing in-game stats. I already have an fairly extensive list of precise stat changes to make, but I have no coding ability to implement this "patch" to the game.

I know a mod like this would be well received by the community and would definitely bring a lot of interest back to this franchise. The crux is that I want to take the stats/game design benefits that From Software learned from the PS3 games (including Dark Souls) and implement them into their PS2 games.

Unfortunately, this is not a PC game and I'm not sure if releasing it as a "PC mod" would be legal. The publishers (Agetec) however no longer release or support the game, so I'm not sure if it would be taken down  or not.

[BlackDog61]

About tools and methods (and the fact that this thread is more or less a duplicate of your other post http://www.romhacking.net/forum/index.php?topic=22701 - but I'd keep this one which is more phrased like a personal project):
- Please read the "getting started" section on this site. There's a lot you can learn there, even if it doesn't say "PS2" or "PSP", the techniques once files are available will be similar to even SNES era games. Every game is different and you will have to explore a lot to get there (unless there's an existingt community around this game, which is an uncommon thing).
- You're trying to do something which is a bit on the tough side. Typically, to rebalance a game, you need to find, understand and modify its internal data structures - assuming most of what you want to do is already in data (instead of code). There's a good chance you'll need to change code too (which means ASM and some mid-to-advance skills to be learnt). I'm saying this so you can prepare yourself for a significant learning in front of you, and therefore take enough time to learn, and poke around, and learn, etc.

Others will probably have more precise ideas when you define some good examples of what you'd like to change. (Are we talking attack values, capabilities, looks...?)

[ACmod]

Basically, parts in game that you equip all have individual stats. I'd like to change the stats of individual parts so that they have different attack/ammo/defense values.I don't see this as being much more complex than, say, translating english text to Japanese text in-game. Many PSP games have issued fan patches that translate the text, however I can't find any information on the tools used to modify it.

So far all I can do is try to de-encode the AC.BIN file in UMDgen that seems to contain the game information, but it's a wall of unreadable text. If I decode the eboot.bin file using JIS-Shift I can get a few legible words out of it, so I assume that's the encoding they used. That doesn't work for the AC.Bin file, however. All the other game files are audio or video resources, so I assume AC.BIN is where the game data is.

I can also try to identify the values in Cheat Engine to create a CWCheat for it, but I can't identify individual part values/addresses and the ones I can identify (such as total defense, which is a character stat added up from multiple parts you equip) don't seem to change when I apply a cheat to them.

I wanted to avoid posting this as personal project since the rules for that board say you need some real progress, and so far all I've managed to do is learn a bit more but not make any actual changes to the game.

I've made some progress with discussing the various tools to use (here: https://www.reddit.com/r/vitahacks/comments/52qyth/tools_for_making_a_community_patch/ ) it seems like there's an unpassable wall between having a binary and being able to read it. If that's true, how do people release translation patches?

In this case it wouldn't be strictly text assets, but the "ammo" and "power" and "defense" etc. stats of each item/weapon in the game. All of those stats are displayed as text in the game, however. It seems like audio and video resources are stored in their own format separately (there are distinct folders for them filled with .at3 and .pmf files)

Opening the AC.bin file in hex view shows that almost every line is 2 values followed by lots of 00s. Here's the first few lines of the file:
01 00 00 00 00 00 00 00 89 00 00 00 1F 00 00 00
02 00 00 00 1F 00 00 00 05 00 00 00 02 00 00 00
03 00 00 00 21 00 00 00 05 00 00 00 02 00 00 00
04 00 00 00 23 00 00 00 02 00 00 00 01 00 00 00

a bit further down the file it turns into lines like this for the remainder of the file, before going to all 00s near the end.
69 A4 67 B8 DD 54 58 58 24 2C C0 CE A2 06 F0 BE
61 4B 43 C0 F5 15 ED 6A DB 73 73 59 C4 72 15 9C
9D 42 82 59 76 EF 3D D5 53 D3 5E 96 63 B7 79 32
DC AF 45 45 FA F1 CF 67 08 EA 17 FF 7A FE E9 2C

So my question is how do I determine how and what to edit to change the in-game values for those parts?

For example, one weapon has an attack power of 3050. 3050 is not used as a stat for any other part in the game, so converting to hex (BEA) and searching for that yeilds a lot of results that I can sift through but I have no idea how to tell which results correspond to that weapon or not.



EDIT:

I think what I'm basically looking for is a game decompiler/disassembler for PSP files, or some way to read/organize assembly code, right? I've found a few examples of such a thing online but they usually have broken links/downloads and are from 2007 or so, such as: http://forums.qj.net/psp-development-forum/116729-release-psp-easy-disassembler.html

Or, ideally, pre-compiled source code for the game.

[NoOneee]

PPSSPP has a memory viewer and a debugger/disassembler you can try to use. There's also this, but I've never tried it: http://wololo.net/talk/viewtopic.php?f=5&t=31832
The EBOOT.BIN file is an encrypted ELF file, so you won't be able to do anything useful changing it before decryption. You can use the "Dump decrypted EBOOT.BIN" feature of PPSSPP to decrypt it, or use the Deceboot utility I've posted here on this site.
I've never even looked at this specific title, but if AC.bin is a huge file containing all the game data, it probably starts with a table containing the position and size of each "sub-file". The PSP processor is "little endian", so it is likely that the 3050 is stored as "EA 0B" instead of "0B EA", so maybe you should search for that. It is possible that the value is compressed or encrypted somehow, which can make your job much harder.

[ACmod]

Thanks for the massively helpful post.

AC.bin seems to be the only file that isn't a media (.at3 or .pmf) within the ISO, other than the boot/eboot files, so yeah, I would assume most of the game data is found there.

I've tried running the PPSSPP disassembler but I'm not sure how to navigate it or get useful information out of it, though it seems quite useful if I can figure out how it works.

Could you explain more about the table you are referring to? Could that be the hex code that is formatted like such:


01 00 00 00 00 00 00 00 89 00 00 00 1F 00 00 00
02 00 00 00 1F 00 00 00 05 00 00 00 02 00 00 00
03 00 00 00 21 00 00 00 05 00 00 00 02 00 00 00
04 00 00 00 23 00 00 00 02 00 00 00 01 00 00 00

It starts off like that for many lines. If so, how do I read that table?

Lastly, Is there any benefit to decrypting to EBOOT.BIN ELF file that would help make the AC.bin file less obsfucating or help me find what values to change to modify the items in the game?

[NoOneee]

I'm just guessing here based on the information given and I could be terribly wrong. There are many ways they could have done a file table...

4 bytes: File ID (little endian)
4 bytes: File position (little endian)
4 bytes: Unknown field (little endian)
4 bytes: File size (little endian)

So the first line represents:

File ID: 1 (00 00 00 01)
File position: 0 (00 00 00 00) (bytes? sectors?)
Unknown field: 137 (00 00 00 89)
File size: 31 (00 00 00 1F) (bytes? sectors?)

The second line:
File ID: 2 (00 00 00 02)
File position: 31 (00 00 00 1F) (bytes? sectors?) (this seems to be the [previous file position + file size])
Unknown field: 5 (00 00 00 05)
File size: 2 (00 00 00 02) (bytes? sectors?)

Edit: You could try to decrypt and decompile/disassamble the EBOOT file with the tools linked on the post above, because it is very likely that the code to read the AC.bin file is located there. I believe that if you follow the instructions it should generate decompiled C code. I think Archaemic did this to figure out how to fix the slowdown in the PSP version of Final Fantasy Tactics. It won't be easy to understand though. I'm also not familiar with the PPSSPP disassembler, so I can't really help you with that.

[ACmod]

Ah, that's cool. So now the question is what file ID corresponds to what values in-game so I can use the table to search for the position of that file ID? If so, that's great, it gives me a starting point at least to navigate with, though I'm not sure how I would figure out which file IDs correspond to which in-game values.

I was really hoping that editing a part's stats was going to be as simple as making an "infinite ammo" cheat for the game. 

There is also a PS2 version of the game, though I don't think the disassembly tools for the PS2 are any easier than the PSP.

I'll try to decrypt the eboot file next, I'll post my results then.



EDIT: After decrypting the eboot it seems to be similarly impossible to read, aside from a few characters of "ELF" at the top. Scrolling down reveals some legible text but I have to read through the whole file of symbols to get there, so it might take a while. I'm reading it in Hex or ASCII view, but I could try other decoding methods Like JIS-Shift.


Here's an example of the few spots of legible text in the file, everything else is a few words here and there other than this big section:

I{±.CÒ>HûnY-éÛöÃQg‘¦Ì°©tÎzf¹a”Þñinvalid distance too far back㄀㄀㄀invalid distance code㄀㄀㄀invalid literal/length code㄀㄀㄀㄀㄀1.2.7㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀IHDR㄀IDAT㄀IEND㄀PLTE㄀bKGD㄀cHRM㄀gAMA㄀hIST㄀iCCP㄀iTXt㄀oFFs㄀pCAL㄀sCAL㄀pHYs㄀sBIT㄀sPLT㄀sRGB㄀tEXt㄀tIME㄀tRNS㄀zTXt㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀
㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀
㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀
㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀ÿ㄀㄀㄀ÿ㄀㄀㄀.㄀㄀㄀Potential overflow in png_zalloc()㄀㄀r.㄀㄀+0000㄀㄀㄀nc.
㄀㄀㄀㄀1.2.7㄀㄀㄀er)
㄀㄀㄀㄀libpng error no. %s: %s
㄀㄀㄀㄀libpng error: %s, offset=%d
㄀㄀㄀㄀libpng error: %s
㄀㄀㄀libpng warning no. %s: %s
㄀㄀libpng warning: %s
㄀Out of Memory!㄀㄀Overflow in png_memcpy_check.㄀㄀㄀heck.㄀㄀㄀lue㄀74.83㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀ìQ¸µøÔ@㄀㄀㄀㄀㄀jø@㄀㄀㄀㄀㄀㄀à?Limiting gamma to 21474.83㄀㄀Setting gamma=0㄀o zero㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀Image width or height is zero in IHDR㄀㄀㄀image size exceeds user limits in IHDR㄀㄀Invalid image size in IHDR㄀㄀Width is too large for libpng to process pixels㄀Invalid bit depth in IHDR㄀㄀㄀Invalid color type in IHDR㄀㄀Invalid color type/bit depth combination in IHDR㄀㄀㄀㄀Unknown interlace method in IHDR㄀㄀㄀㄀Unknown compression method in IHDR㄀㄀MNG features are not allowed in a PNG datastream
㄀㄀㄀Unknown filter method in IHDR㄀㄀㄀Invalid filter method in IHDR㄀㄀㄀pose.㄀㄀㄀ts.㄀ams.㄀㄀㄀㄀k.㄀㄀ile.㄀㄀㄀㄀t㄀㄀㄀.㄀㄀㄀tes.㄀㄀㄀㄀hunk.㄀㄀㄀Call to NULL write function㄀Write Error㄀Attempted to set both read_data_fn and write_data_fn in㄀the same structure.  Resetting read_data_fn to NULL.㄀㄀㄀㄀MNG features are not allowed in a PNG datastream
㄀㄀㄀Valid palette required for paletted images
㄀Unable to write international text
㄀No IDATs written into file㄀㄀Application was compiled with png.h from libpng-%.20s㄀㄀㄀Application  is  running with png.c from libpng-%.20s㄀㄀㄀Incompatible libpng version in application and library㄀㄀㄀㄀㄀㄀mall.㄀㄀㄀small.㄀㄀piled.㄀㄀png_write_info was never called before png_write_row.㄀㄀㄀zlib error㄀㄀Unknown row filter for method 0㄀Can't add Up filter after starting㄀㄀Can't add Average filter after starting㄀Can't add Paeth filter after starting㄀㄀㄀Unknown custom filter method㄀㄀㄀㄀Unknown filter heuristic method㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀p@㄀㄀㄀㄀㄀㄀à?㄀㄀㄀㄀㄀㄀ð?㄀㄀㄀㄀㄀㄀ @㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀y PNG㄀㄀㄀㄀㄀㄀㄀äÍ(㄀hÎ(㄀¤Î(㄀ÔÎ(㄀Ï(㄀@Ï(㄀|Ï(㄀㄀㄀㄀㄀lÔ(㄀|Ô(㄀ŒÔ(㄀œÔ(㄀¬Ô(㄀PÔ(㄀PÔ(㄀PÔ(㄀Unknown compression type %d㄀zlib error㄀㄀Invalid bit depth for grayscale image㄀㄀㄀Invalid bit depth for RGB image㄀Invalid bit depth for paletted image㄀㄀㄀㄀Invalid bit depth for grayscale+alpha image㄀Invalid bit depth for RGBA image㄀㄀㄀㄀Invalid image color type specified㄀㄀Invalid compression type specified㄀㄀Invalid filter type specified㄀㄀㄀Invalid interlace type specified㄀㄀㄀㄀1.2.3㄀㄀㄀Invalid number of colors in palette㄀Ignoring request to write a PLTE chunk in grayscale PNG㄀Invalid zlib compression method or flags in IDAT㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀jø@㄀㄀㄀㄀㄀㄀à?㄀㄀㄀㄀㄀㄀àAInvalid sRGB rendering intent specified㄀Empty keyword in iCCP chunk㄀Unknown compression type in iCCP chunk㄀㄀Empty keyword in sPLT chunk㄀Invalid sBIT depth specified㄀㄀㄀㄀Invalid cHRM white point specified㄀㄀white_x=%f, white_y=%f
㄀Invalid cHRM red point specified㄀㄀㄀㄀Invalid cHRM green point specified㄀㄀Invalid cHRM blue point specified㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀š™™™™™é?㄀㄀㄀㄀㄀㄀ð?㄀㄀㄀㄀
㄀㄀㄀cified㄀㄀㄀㄀㄀㄀Invalid number of transparent colors specified㄀㄀Ignoring attempt to write tRNS chunk out-of-range for bit_depth㄀Ignoring attempt to write 16-bit tRNS chunk when bit_depth is 8㄀Can't write tRNS with an alpha channel㄀㄀Invalid background palette index㄀㄀㄀㄀Ignoring attempt to write 16-bit bKGD chunk when bit_depth is 8㄀Ignoring attempt to write bKGD chunk out-of-range for bit_depth㄀Invalid number of histogram entries specified㄀㄀㄀zero length keyword㄀Out of memory while procesing keyword㄀㄀㄀invalid keyword character 0x%02X㄀㄀㄀㄀trailing spaces removed from keyword㄀㄀㄀㄀leading spaces removed from keyword㄀extra interior spaces removed from keyword㄀㄀Zero length keyword㄀keyword length must be 1 - 79 characters㄀㄀㄀㄀Empty keyword in tEXt chunk㄀Empty keyword in zTXt chunk㄀Unrecognized unit type for oFFs chunk㄀㄀㄀Unrecognized equation type for pCAL chunk㄀㄀㄀%12.12e㄀Unrecognized unit type for pHYs chunk㄀㄀㄀Invalid time specified for tIME chunk㄀㄀㄀㄀㄀㄀㄀Dî(㄀”ï(㄀Œî(㄀Àî(㄀,ï(㄀”ï(㄀`ï(㄀㄀㄀㄀㄀lî(㄀lî(㄀tî(㄀lî(㄀tî(㄀tî(㄀tî(㄀lî(㄀tî(㄀tî(㄀tî(㄀tî(㄀tî(㄀tî(㄀tî(㄀lî(㄀\yr=`c`0…uw…‡‚b„wSuuIIDF㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀\yr=`c`0~{t‰sˆw22222IIDDSceWaveMainEvf㄀㄀SceWaveMain㄀\yr=`c`0~{t…s…222222IIDD\yr=`c`0~{ty‡2222222IIDDSceGuSignal㄀lly ㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀de)㄀㄀㄀㄀㄀¼g)㄀㄀㄀㄀㄀¼g)㄀㄀㄀ ㄀ ㄀¼g)㄀㄀㄀㄀㄀m)㄀㄀㄀ ㄀ ㄀m)㄀㄀㄀€㄀€㄀m)㄀㄀ ㄀€㄀㄀
m)㄀ ㄀€㄀
㄀m)㄀ ㄀

㄀m)㄀1.2.3㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀
㄀㄀㄀
㄀㄀㄀
㄀㄀㄀
㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀
㄀㄀㄀
㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀㄀   ㄀㄀㄀   ㄀㄀㄀
㄀㄀㄀

[NoOneee]

EDIT: After decrypting the eboot it seems to be similarly impossible to read, aside from a few characters of "ELF" at the top. Scrolling down reveals some legible text but I have to read through the whole file of symbols to get there, so it might take a while. I'm reading it in Hex or ASCII view, but I could try other decoding methods Like JIS-Shift.

That's expected, ELF is a binary executable file. What I meant is that if you follow this instructions here (http://wololo.net/talk/viewtopic.php?f=5&t=31832) after decrypting you should be able to get some assembly code and/or decompiled C code. Flame replied to your other thread and he probably has more experience than me on this: http://www.romhacking.net/forum/index.php/topic,22701.msg318016.html#new

[STARWIN]

I don't know anything. Given that:

1. If this works like PS1 cd images, a good way to work is to modify files extracted from the game image and then insert them back with some tool.

2. I'd guess what you want to modify is either in the main executable (eboot bin?) or AC.bin. Ideally they are not encrypted or processed in some way, because you'd have to figure out the details of that to modify something within otherwise.

3. I would not bother figuring out how AC.bin is constructed internally in your case, unless there is processing involved so that you have to.

4. Many of the parts or whatever seem to have rather exotic values as stats. If they are there in the binary like this, you might be able to find them by searching and looking around. CR-WB91LGL for example has a price of 98800c (in PS2 faq at least) which would most likely be stored as a 4 byte value of "F0 81 01 00". The other stats may very well be nearby if you find the spot.

5. Something like PPSSPP is most valuable not because of the disassembly but because of debugging. Better search for somewhat unique values as in above first.

Basically the same advice for the PS2 version, except replace PPSSPP with PCSX2's debugger (not sure if it is available conveniently somewhere these days).

[ACmod]

I'm having trouble with the second and third steps on the wololo link. Where do I input this?

prxtool -o yourasmfile.asm -n psp.xml yourmodule.prx

In the windows command prompt? What do I put in for the names of the .asm and .prx files?

I want to thank you guys again for your help. I'll also try searching for longer values like Starwin suggested, though I'm not sure if the prices are going to be located near other stats such as attack power or weight.

[NoOneee]

I'm having trouble with the second and third steps on the wololo link. Where do I input this?

prxtool -o yourasmfile.asm -n psp.xml yourmodule.prx

In the windows command prompt? What do I put in for the names of the .asm and .prx files?

I want to thank you guys again for your help. I'll also try searching for longer values like Starwin suggested, though I'm not sure if the prices are going to be located near other stats such as attack power or weight.

I've never done this so I can't help you too much, but yourmodule.prx should be eboot.bin (the decrypted one). The "yourasmfile.asm" is the output filename for the disassembled code, you can use any name you want. Keep psp.xml, I'm guessing this file is already included with the tools.

[STARWIN]

Regarding stats, they may be stored as 4, 2 or 1 byte values, and different stats can take different amounts of space. All the stats of the same type, like weapon price, have the same length. Larger values aren't necessarily longer, but they have less 00 bytes (that many wrong search results may have). Like 255 can be stored as "FF" or "FF 00" or "FF 00 00 00" (least valuable byte first). If you get way too many search results, you can even assume that the values in the FAQ are stored in a sequence (many possible orders and value lengths, try the FAQ or stat view order on screen ingame first). Just merging 2 stats makes the value much more unique for a search.

[NoOneee]

I've actually tried to get C code using:
prxtool.exe -w -o test.asm -n psp.xml EBOOT_DEC.bin
and:
basic-decompiler.exe test.asm > test.c

And unless I'm doing something wrong, the results were pretty much unreadable.
You'd probably have more luck trying to use the PPSSPP debug tools.

[ACmod]

Okay, I finally managed to get PRX tools to work and now I have a .asm file of the EBOOT.BIN to work with. I'm currently compiling the program from the wololo link (basic-decompiler) though visual studio 2013 is giving me an error: error c3861: 'snprintf' identifier not found.

The PRX tool command I used was prxtool.exe -o decompiledeboot.asm -n psp.xml npuh10024.bin

(npuh10024.bin is the name of the decrypted eboot)

How did you compile the basic-decompiler.exe?

[NoOneee]

Okay, I finally managed to get PRX tools to work and now I have a .asm file of the EBOOT.BIN to work with. I'm currently compiling the program from the wololo link (basic-decompiler) though visual studio 2013 is giving me an error: error c3861: 'snprintf' identifier not found.

The PRX tool command I used was prxtool.exe -o decompiledeboot.asm -n psp.xml npuh10024.bin

(npuh10024.bin is the name of the decrypted eboot)

How did you compile the basic-decompiler.exe?

When you see those "Makefile" files, you probably need to compile with gcc/g++. I don't know how to compile it on Visual Studio. I'm on Windows right now, so I've used the mingw-w64 compiler to compile a 32 bit windows executable (https://sourceforge.net/projects/mingw-w64/?source=typ_redirect).
You'd normally just need to type "make" in the command line to compile, but that resulted in a .exe that complains about a missing DLL. I had to change the
LDFLAGS=
to
LDFLAGS=--static
In the Makefile to just bundle the required library in the executable file.

But you don't really need to do all this, the C code really is unreadable/seems wrong. I had to include the "-w" flag in prxtool because it doesn't seem to output complete disassembly without it. Maybe I'm missing something, or that post at wololo is wrong and prxtool don't really like ELF files.

[ACmod]

So if the Eboot.bin file is useless, whats the process I need to go through in order to use the PPSSPP debugger to identify the values I need to change?

This reply: http://www.romhacking.net/forum/index.php/topic,22701.msg318016.html#msg318016 helps explain the disassembly view better, but it's not clear how that connects to:

4. Many of the parts or whatever seem to have rather exotic values as stats. If they are there in the binary like this, you might be able to find them by searching and looking around. CR-WB91LGL for example has a price of 98800c (in PS2 faq at least) which would most likely be stored as a 4 byte value of "F0 81 01 00". The other stats may very well be nearby if you find the spot.

^ Something like this where I can actually search for specific values.

Also, doing a search through AC.bin for "F0 81 01 00" yields no results.

[flame]

For example, one weapon has an attack power of 3050. 3050 is not used as a stat for any other part in the game, so converting to hex (BEA) and searching for that yeilds a lot of results that I can sift through but I have no idea how to tell which results correspond to that weapon or not.

1) Finding what you want to change
2) Changing permanently what you want to change (patching) OR cheat making (changing temporarily, i.e., at runtime, what you want to change)

A lot of GOOD questions on here will fall into one of those categories. "How do I find where the thing I want to change is." This sometimes worded as "cannot find" and that's OK wording too I think. The other one is "how do I change the thing I want to change" but the problem is a lot of people haven't found where the thing they want to change is yet (those are poor requests I think).

I can't really tell you how to go about it because this is Romhacking. The basic idea is:
1) Try something that is likely to work
2) If it worked, stop. If not, go to step 1
And you can look at NightCrawler's romhacking manifesto too if you like. That is definitely worth a read in my book.

I recommend people start on PSP romhacking by cheat making, because it can help you understand how PSP memory and instructions work.
If there is money in the game, try making a money cheat and if there is player health, try making a player health cheat. Finally, if there is a player attack stat value that's displayed on the screen, that would be a good target for a cheat as well. Those will help people interested in the game and will help you learn romhacking, I think.

1) Download and install unchecky.
2) Download and install Cheat Engine. You can uninstall unchecky at this point if you like.
3) Do the Cheat Engine Tutorial. This is one of the VERY BEST TUTORIALS in all of romhacking. HIGHLY recommended. It is a pretty fun tutorial too. When you are done you will understand why Cheat Engine is a popular program and why people like making cheats. You probably only need to do tutorials 1 and 2 for this. Note: The last two tutorials, 7 and 8 I think, are pretty tough and probably (almost certainly) not needed for this level of hack that you're doing (even I cannot do them) so don't worry if you don't get it. Especially the last one. Wow that one is difficult. The timers for entry on the later tutorials are pretty tight too, I think they could be extended to like 10 seconds and still be the same challenge.
4) Follow this tutorial: Using PPSSPP and Cheat Engine to make cheat codes: http://forums.ppsspp.org/showthread.php?pid=94016
I used this one for other games and I can confirm it works.

Cheat Engine is great at memory searching. PPSSPP has a basic memory search function that works. Cheat Engine is a power user memory searching tool; you'll be able to find what you need much quicker using it.

To prove that you've learned, tell us the addresses for player health, player attack and player money that you found. At this point you'll be at main step (2) above: how do I change what I need to change. At this point we can go over making and publishing the cheats which is a quick activity and then move on to whatever else you need to do.

Can you enlighten as to whether the goal is "I want to rebalance the game" or "I want to cheat"?

[ACmod]

The goal is to permanently change stats of parts (items) in the game in the form of a "balance fix" for the game. I would like to compile that into a new .ISO, or a cheat, or a patch file that can be applied to an existing .ISO so the game plays identically as "vanilla" but with altered item stats so that more items are useful in competitive play.

Basically, every stat of the player  character is the result of a combination of 10 or so parts. So "Player Health" is the combined health of 4 equipped items (Head, Arm, Core, Legs, each with their own "health" value). However, a good 50-75% of the head/core/legs/arms parts are not useful in the game because it is poorly balanced and a few parts are overwhelmingly dominant (such as having really high health but also really high speed)

I can probably make a cheat that makes player health always 9999. However that doesn't solve the problem that the individual parts are unbalanced.

I went through all the steps you suggested (already installed cheat engine, already did the tutorial, already tried to find values (and even found the values for current 'defense' by searching values while equipping/unequipping parts and tried to change it with a cheat, but no result) prior to joining this forum and found that after a day or so of searching the RAM through cheat engine for the addresses to create a cheat out of, none of them made an impact on the gameplay at all.

All the "working" cheats I can find are such things like "infinite ammo" or "infinite money" but do not actually change the stats of the items themselves. This is why I thought doing a rom hack and trying to change the game binaries (where I am sure stats for each item are stored) would work instead.

A good analogy would be a game where players could equip an weapon with "12 strength". I don't want to change the player's attack power/strength when attacking, I want to change the weapon's stats so it had "13 strength" instead.


I'm asking a "1" question: How do I find those values to  change? I definitely want to change them permanently if possible through a patch.

[flame]

A good analogy would be a game where players could equip an weapon with "12 strength". I don't want to change the player's attack power/strength when attacking, I want to change the weapon's stats so it had "13 strength" instead.

I play a lot of RPG games and the player's attack stat, which is displayed in many games, is simply the character's STR stat plus the weapon's ATK. I don't know how this game works though. Is weapon attack value used unmodified, because the chassis doesn't factor in to how hard a missile hits, for example?

Anyway, in RPGs, this calculation:
character STR + weapon ATK
is being performed somewhere. Either when you change weapons, when you choose to look at the player attack stat, or upon entering combat. Somewhere is MUST be calculated, otherwise how does the game know. So if you know this address where the player attack value is, you can make a cheat of it, or you can set a memory write breakpoint on it and backtrace the code to see where it loads the weapon attack value to add to the character STR value...and then we end up having answered question (1) above: where is the thing I need to change. It is clear that you are still trying to answer this question.

You did find some values, right?
Well there's some kind of problem with PPSSPP and Cheat Engine, I talked about it at cheat engine forums without response.
1) Say the address where the defense value is (we can make cwCheat out of it to confirm if it's working)
2) In the Cheat Engine match list if you R-click and choose change value, it will change. The regular change value will not work, not sure the reason.

[STARWIN]

What flame mentioned is the surefire way. The debugger and breakpoints part, that is. It can take a day or two to get comfortable with the debugger. There are many causal chains you can figure out, like the STR+ATK example that flame mentioned. Another one would be entering a screen where the weapon values are shown.. search for the values in RAM and see where they come from. The better you know the game the easier it is to come up with something.

However on the alternative path, searching the binary..

I hope you searched in hex mode and not in text mode. You should also search from the decrypted eboot bin (if i understand correctly that it is the main executable - the main exe can definitely contain arrays of weapon data and such). If you really find nothing after some tries, there is a risk that the binary files are processed somehow, which would be a pain because it basically maps the easy value at runtime to some binary mess in the game image.