Wiki

RWP Hacking Class #3


Welcome to the third RWP Hacking Class. Thank you for coming.

Last time we learned how to make a controller activator, and also how to do a "signed" floating point search for a moonjump. Even if you didn't succeed in actually hacking the moonjump, I believe everyone understood the method. For starters today, I will talk about bitflags, and what they are. Once we finish, we will hack a code using an unknown search

You didn't realize it, but last week our controller activators actually were a bitflag. We usually do 8-bit, 16-bit, or 32-bit codes. While we've skirted around the issue before, now we'll actually use the definition of bit. A bit is a value that is either a 0 or a 1. A bunch of bits are strung together, to form 8-bits, 16-bits, or 32-bits. So our 8-bit codes, while we represent in hexadecimal, are really a string of 8 0s or 1s

OK, everyone open up Windows Calculator. I will show you what this means so you understand it. Click Hex. Then type in FF. Click Bin (Binary). You'll see 11111111. This means that our 8-bit value FF, (255 in decimal), is 8-bits of 11111111.

Now lets try the values from last time. We said that pressing R, was the value 10. Click Hex again, type in 10 (hex 10). Then click Bin again. You should see 10000
Note that windows calculator doesn't show 0s beyond the leading 1. So really our 8-bit value is 00010000.

Now to drive the point home. Lets try the value for the L button. It was 20 in hex. Try it. You should get 100000 (so really 00100000).

Lets compare what we got: R BUTTON: 00010000 // 10. L BUTTON: 00100000 // 20. A bitflag is using one bit to represent information. So you have 8-bits, and each bit means a part of it.

They generally are grouped together though, for example, so generally you'll have things like doors unlocked, etc. So like 8-bits, first bit a 10000000 means door 0 unlocked, 01000000 means second door unlocked, etc. A 0 means here not unlocked.

A famous code that does this is the Stop N Swop Eraser in BK originally hacked I believe by CodeGenius

Memory: 80283400
Value: ABCD

A
1234 (bits)

B
1234 (bits)

C
1234 (bits)

D
1234 (bits)

A1 = NABNUTS EGG Available
A2 = CAPTAINS EGG Available
A3 = LOGOS EGG Available
A4 = DESERT DOOR Open

B1 = SHARKFOOD ISLAND Raised
B2 = XBARRELL Open
B3 = ICE CAVE Open
B4 = YELLOW EGG Collected

C1 = RED EGG Collected
C2 = GREEN EGG Collected
C3 = BLUE EGG Collected
C4 = PINK EGG Collected

D1 = TURQUOIE EGG Collected
D2 = ICE KEY Collected
D3 = unknown
D4 = unknown

81283400 (16-bit) is the location for telling what eggs have been collected - it's a bitflag. Now before we had an 8-bit bitflag, now it's just 16-bits but the same principle. For example, here the series of bits:
  • 0000000010000000 means Red Egg Collected
  • 0000000001000000 means Green Egg Collected
If we want both to be activated, we use the OR operation. In windows calculator Click Bin. Now paste 0000000010000000. Click OR. Now click 0000000001000000. Press Equal. Now click Hex. We get the code C0, which we want 16-bits, so put 00 before it and we get 00C0. Try the code 81283400 00C0 in-game. You may need to go through an exit to get it to change the menu. You should have both those eggs, and only those eggs
This bitflag method is very useful for hacking many unlockable type codes.

The first class, we primarily hacked a known search. The second class, we primarily hacked an unknown search using less than and greater than. Now we will *only* use unknown searches, not less than, not greater than, but instead NOT EQUAL TO.
Lets try and rehack the bitflag code for the BK Secrets that I showed you above
There are many ways this could be stored though. So we will not use the knowledge that it's a bitflag.

Use the code 81283400 0000, so no cheats are unlocked, then disable it (so nothing is unlocked now). I will take you on the mentality you should take when you are hacking something. We don't usually know if it's 8-bit, 16-bit, or 32-bit. I would always try doing 8-bit first, then 16-bit, then lastly 32-bit, then cycle back to just 8-bit.

Use the warp mod to get to Gobi's valley egg. Use code 8037E8F5 0092, then walk through any exit. Turn on this code so you can slam on the floor
8137C3A2 FFFF. NOW IMPORTANT. Press the key 0, then Press F5 to make a save state in slot 0. You can now 0, then press F7 at any time to load back to this exact spot

8-bit Search. Do an initial search without collecting the egg
Slam the button down. Now collect it, and do NOT EQUAL TO (cause now it's different)
Press F7 to load our old state. Search NOT EQUAL TO because now egg is not collected
Walk around and choose EQUAL TO a few times (because not collected). You can walk outside, do EQUAL TO, etc. Then press F7 to go back, collect the egg, and do NOT EQUAL TO. Now after collecting, press EQUAL TO a bunch of times, leave the room.

How would we test to see if we get the code? Leave the room with egg NOT collected
Now turn on a bunch of codes you think are likely it. Walk back in the room with code son. If the egg is gone, it means we succeeded! After a while testing, you should find our code from before, it should be 80283401. We are guessing its a bitflag, so set it to FF. (all 8-bit are 1s). We also can test the values next to it, like 80283400 00FF, and 80283402 00FF to see if they do anything else.

Great! Next week we will hack some even more advanced codes!
%s1 / %s2