This allowed the use of game cheats that weren't necessarily part of the actual game code.
In addition, the cartridge allowed the user to create new codes, by essentially searching for values in an existing game.
My understanding of it is that it effectively was a memory scanner, that would find values in the systems RAM, and allowed values to be rewritten (constantly rewriting the memory location of the health variable to read 100% would effectively be an infinite health cheat, for example).
Similar application shave been released for PC games, but to be honest, they went to involve running unchecked code and tend to have an air of shadiness about them.
Plus they tend to just be a very directed tool for a specific game title, so blinding running one might help you out with a game, but you're not getting anything useful from it.
This project is to demonstrate that similar results can be produced using standard tools, which have uses beyond games, so while cheating at the game won't make you any good at the game, you might instead learn something that is useful in the real world.
Tools
The tool being used is a Hex Editor (wikipedia). I'm using GHex, but the most commonly known editor is WinHex for windows.
Process
There are several approaches that can be taken, there are some who will painstakingly sit and work out the whole format of the file.
While this is probably the most technically sound approach, it's incredibly time consuming and laborious, particularly if you're only looking to change one or two values.
Another approach is to load a game, make a note of some key values in the game you'd like to amend - ammo, health, cash, etc. The more unique the value, then in theory the easier it will be to find in the file.
For this example we're using Saints Row 3, and in particular we're looking at ammo.
Note that there the process does involve a certain amount of trial and error, so for conciseness I'm not going to cover all of the missteps along the way, just what I did right. Of course it goes without saying making backups of the save before editing is worth doing just in case.
These are the ammo balances of the save I'm using:
 |  |
 |  |
The first thing to do is to convert some of these values to hexadecimal so that we know what to look for in the hex editor.
So starting with 265 - this converts to 109 in hex, or in the notation used with most hex editors, this will appear as "01 09", so use the find function in the hex editor to look for all instances of that. There are two likely outcomes, either:
- You'll find multiple instances, so the next step becomes figuring out which one is the one you want to change.
- You'll find nothing. In which case the endian ordering of the file could be an issue - this refers to the order in which the bytes are used to create the actual number. In layman's terms, you can think of it as reading from left-to-right or right-to-left. Simply reverse the order of the bytes above - e.g. "01 09" becomes "09 01" and search for that. If you continue to find nothing, it could well be there's some additional encoding or perhaps simple encryption on the file. There's ways around that but it's a bit of of scope for this project - I might do a follow up post later dealing with those things.
 |
| The bytes representing the pistol ammo highlighted in red (click to enlarge) |
So, let's change these two bytes to FF (the largest 2-character hexadecimal value - like 99 is in decimal), reload the game, and see what happens.
 |
| The pistol ammo is now 65535 (which is the decimal equivalent of hex value FFFF) |
So, where to go from here? We can repeat the above exercise with the other values to find them, but we can help to deduce the whereabouts by adding some logic to what we already know - in this instance, we're looking for ammo values, we've found one, and we can reason that it's quite likely that these values will be grouped together.
For example, the SMG ammo value (70 00) was found nearby
 |
| The 2 values (pistol value in blue, SMG value in red). Click to enlarge. |
From there we can deduce further - The pistol value starts at byte 19104. The SMG value starts at 19132 - 28 bytes apart.
So what if we look forward another 28 bytes at 19160? We find "30 00" - decimal value 48, the value of shotgun ammo. And again, another 28 bytes later we get hex "77 00" - decimal 119, the rifle ammo.
 |
| The other ammo values. Click to enlarge |
So lets test it and change all of those to "FF FF"
So did it work?
 |  |
 |  |
Yes.
SR3 save file 'cheat flag'
Although it's not really in the spirit of this post, if you're here to just cheat at this one particular game, there's a byte in the save file that identifies if cheats were used in the game. It's the byte at 0x000000C8. You can play with cheats, then just change this flag to zero and it'll be as if you hadn't.
A final note on using cheats in games
Using cheats in games is obviously a polarising subject. I am very much opposed to using cheats in multiplayer games where doing so will affect the experience of others.
I am also generally opposed to using them in single player games - whether they're keycodes put in deliberately by the games developers or third party tools that you've just downloaded and ran.
In my opinion you should at least do a playthrough 'as the developers intended', however, they can be a good way of extending the re-playability of the game and getting more life out of your purchase afterwards, and by instead using techniques that I've covered in this post, you can learn and practise techniques that can be useful in the real world, and in my opinion the benefits of that outweigh the drawbacks.
I am trying two mod two RTS games. Endwar and R.U.S.E
ReplyDeleteAs far as I am aware, there is no looking up the ammo count equivalent version for this.
But I am trying to modify the in-game income, unit level, and health value. I am stuck. Not that great with modding like this. But at this point, it's just become principal for me to do this even if badly. Any help would be appreciated.
Unfortunately I can't offer much help for those games specifically as I don't own them.
DeleteIt could be that there is some obfuscation or encryption of the save file to deter this kind of approach, but given the age of the games I wouldn't think that likely.
However, finding the right part of the file can be a bit of trial and error and comes with some practice.
Some tips that might help:
It helps if you can make copies of the save file for comparison.
Start with taking a copy of the save file to be the 'original'. Make a note of the in-game values (money, health etc) from that save - even ones you're not looking to change - if you can find them in the file, it can clue you in to where the values you do want to change are.
Load the save, make a change to the value you're looking for, then save again, then compare the two save files looking for the differences. (Call this the 'altered save')
Not all the differences will necessarily be related to the value you're trying to find - there could be timers, NPC movements, and things like that which are out of the players control.
To filter those out, load the original save, DON'T change the value you're looking, and save again. (the 'unaltered save')
If you then compare the unaltered and altered saves in relation to the original, you can assume that the locations that have changed in both are not the ones you're after. The locations that have changed in the altered save only are the ones most likely to be your target.
Hope this helps!
Any hex info on elden ring?
ReplyDeleteSorry no - I'm never that up to date with games as I don't play nearly as much as I used to. I would guess that more modern titles like that have obfuscation or encryption to prevent this approach working.
DeleteHowever if you were to give it a shot, the general principles in this post - take a copy of a save, then load it and change one thing, then compare the new save against the copy & look for differences - should still apply.