| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 646
» Latest member: Luca1337
» Forum threads: 1,815
» Forum posts: 14,000
Full Statistics
|
| Online Users |
There are currently 127 online users.
» 2 Member(s) | 120 Guest(s)
Applebot, Bing, Facebook, Google, Twitter, KarmaAK
|
| Latest Threads |
Allow Pausing Before Race...
Forum: Offline Non-Item
Last Post: Vega
2 hours ago
» Replies: 0
» Views: 7
|
Top 10 Most Influential C...
Forum: Coding & Hacking General Discussion
Last Post: Vega
6 hours ago
» Replies: 2
» Views: 7,347
|
Show Ice Cube on Online P...
Forum: Online Non-Item
Last Post: _Ro
Today, 08:23 AM
» Replies: 0
» Views: 32
|
CPU Control Cycler [Ro]
Forum: Offline Non-Item
Last Post: _Ro
Today, 07:56 AM
» Replies: 7
» Views: 1,009
|
Thunder Cloud Effect Modi...
Forum: Offline; Item
Last Post: JerryHatrick
Yesterday, 11:13 PM
» Replies: 11
» Views: 1,092
|
MKW Coder/Developer of th...
Forum: Coding & Hacking General Discussion
Last Post: Vega
Yesterday, 09:10 PM
» Replies: 10
» Views: 13,840
|
Make it to 10,000
Forum: General Discussion
Last Post: Vega
Yesterday, 08:15 PM
» Replies: 7,338
» Views: 5,670,923
|
Miniturbos and Inside Dri...
Forum: Coding & Hacking General Discussion
Last Post: JerryHatrick
Yesterday, 09:54 AM
» Replies: 1
» Views: 859
|
Code request???
Forum: Code Support / Help / Requests
Last Post: DrTap
01-09-2025, 06:06 PM
» Replies: 3
» Views: 4,956
|
CPUs/Online Players Have ...
Forum: Visual & Sound Effects
Last Post: Zeraora
01-09-2025, 02:26 AM
» Replies: 2
» Views: 515
|
|
|
| Accurate Explosion Damage [MrBean, CLF78] |
|
Posted by: CLF78 - 07-10-2021, 07:52 AM - Forum: Online; Item
- No Replies
|
 |
This code makes it so other players will see you blow up only if you were actually hit by an explosion. This also fixes blue shell dodges and players spinning out rather than exploding like they should. Everyone should be running the code to get the full benefits.
NTSC-U
0256D840 00004800
02565BE8 00004800
PAL
02572690 00004800
02569F68 00004800
NTSC-J
02572010 00004800
025698E8 00004800
NTSC-K
025606E8 00004800
02557FC0 00004800
Code created by: MrBean (first line) and CLF78 (second line)
Code credits: tZ (documentation)
|
|
|
| USER Overflow Fix [Star] |
|
Posted by: Seeky - 07-04-2021, 04:32 PM - Forum: Online Non-Item
- No Replies
|
 |
USER Overflow Fix [Star]
This code validates the mii count field of incoming USER records to prevent a buffer overflow that could potentially be used as an RCE exploit.
WARNING: this code only fixes one specific overflow, it does not protect against Star's original RCE exploit and wouldn't protect against any other exploits if they were to be found. For protection against the current known exploits, you should pair this code with RACE Header RCE Protection or use RACE Packet Validation instead, which protects against both and can also act as an antifreeze (although it's a longer gecko code than the other two combined)
NTSC-U
C26555FC 00000006
89250009 8945000A
8905000B 88E5000C
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 00000000
NTSC-J
C26590F0 00000006
89250009 8945000A
8905000B 88E5000C
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 00000000
PAL
C2659A84 00000006
89250009 8945000A
8905000B 88E5000C
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 00000000
NTSC-K
C2647D9C 00000006
89250009 8945000A
8905000B 88E5000C
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 00000000
This code is adapted from the source code available here.
Code created by: Star
|
|
|
|
| RACE Packet Validation [Seeky, Star] |
|
Posted by: Seeky - 07-04-2021, 04:26 PM - Forum: Online Non-Item
- No Replies
|
|
RACE Packet Validation [Seeky, Star]
This code validates each section size in the header of incoming RACE packets and rejects them if they're invalid. This can act as an antifreeze and also protects against Star's RCE exploit. Also included is a check on the mii count field of the incoming USER record to prevent a buffer overflow from increasing that which could potentially be used as another RCE exploit.
WARNING: If other RCE exploits were to be found, this code would do nothing to protect against them. It's specifically designed to block these two exploits.
NTSC-U
C26555FC 00000019
89250008 2C090010
4C820020 89250009
2C090000 4182000C
28090028 4C820020
8945000A 2C0A0000
4182000C 280A0028
4C820020 8905000B
710700FB 41A2000C
28080038 4C820020
88E5000C 70EB007F
4182000C 28070040
4C820020 8965000D
2C0B0000 41A20028
280B00C0 4C820020
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 8925000E
712A00EF 4182000C
28090008 4C820020
8925000F 2C090000
41820014 3929FFE8
5529063E 280900E0
4D810020 9421FFD0
60000000 00000000
NTSC-J
C26590F0 00000019
89250008 2C090010
4C820020 89250009
2C090000 4182000C
28090028 4C820020
8945000A 2C0A0000
4182000C 280A0028
4C820020 8905000B
710700FB 41A2000C
28080038 4C820020
88E5000C 70EB007F
4182000C 28070040
4C820020 8965000D
2C0B0000 41A20028
280B00C0 4C820020
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 8925000E
712A00EF 4182000C
28090008 4C820020
8925000F 2C090000
41820014 3929FFE8
5529063E 280900E0
4D810020 9421FFD0
60000000 00000000
PAL
C2659A84 00000019
89250008 2C090010
4C820020 89250009
2C090000 4182000C
28090028 4C820020
8945000A 2C0A0000
4182000C 280A0028
4C820020 8905000B
710700FB 41A2000C
28080038 4C820020
88E5000C 70EB007F
4182000C 28070040
4C820020 8965000D
2C0B0000 41A20028
280B00C0 4C820020
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 8925000E
712A00EF 4182000C
28090008 4C820020
8925000F 2C090000
41820014 3929FFE8
5529063E 280900E0
4D810020 9421FFD0
60000000 00000000
NTSC-K
C2647D9C 00000019
89250008 2C090010
4C820020 89250009
2C090000 4182000C
28090028 4C820020
8945000A 2C0A0000
4182000C 280A0028
4C820020 8905000B
710700FB 41A2000C
28080038 4C820020
88E5000C 70EB007F
4182000C 28070040
4C820020 8965000D
2C0B0000 41A20028
280B00C0 4C820020
7D254A14 7D295214
7D294214 7D293A14
A1290014 2C090002
4C820020 8925000E
712A00EF 4182000C
28090008 4C820020
8925000F 2C090000
41820014 3929FFE8
5529063E 280900E0
4D810020 9421FFD0
60000000 00000000
Source code is available here.
Code created by: Seeky (original version) and Star (corrections and adding the USER overflow fix)
|
|
|
|
| Special r0 Rules List for Broadway |
|
Posted by: Vega - 07-03-2021, 11:57 PM - Forum: Resources and References
- No Replies
|
 |
Special r0 Rules List for Broadway
This thread will contain multiple lists of instructions of Broadway that have special rules regarding the usage of r0. I also included some non-related lists that could be useful for someone.
List of instructions where r0 as a source register is treated as literal 0~
addi
addis
eciwx
ecowx
lbz
lbzx
lfd
lfdx
lfs
lfsx
lha
lhax
lhbrx
lhz
lhzx
lmw
lswi
lswx
lwarx
lwbrx
lwz
lwzx
psq_l
psq_lx
psq_st
psq_stx
stb
stbx
stfd
stfdx
stfiwx
stfs
stfsx
sth
sthbrx
sthx
stmw
stswi
stswx
stw
stwbrx
stwcx.
stwx
List of instructions where r0 as the destination register is treated as literal 0~
dcbf
dcbi
dcbst
dcbt
dcbtst
dcbz
dcbz_l
icbi
List of instructions where if r0 is used as a source register, the instruction is invalid
lbzu
lbzux
lfdu
lfdux
lfsu
lfsux
lhau
lhaux
lhzu
lhzux
lwzu
lwzux
psq_lu
psq_lux
psq_stu
psq_stux
stbu
stbux
stfdu
stfdux
stfsu
stfsux
sthu
sthux
stwu
stwux
List of instructions where if the source register is also used as the destination register, then the instruction is invalid~
lbzu
lhau
lhzu
lwzu
List of instructions where if any of the source register(s) (the GPR being used, not value within GPR) are greater than or equal to the destination register, then the instruction is invalid~
lmw
|
|
|
|
| PowerPC For Dummies: Guides And Examples Page |
|
Posted by: JimmyKazakhstan - 06-30-2021, 01:42 AM - Forum: Resources and References
- Replies (6)
|
 |
This is a separate "Guides And Examples" page that I made as part of the PowerPC For Dummies Guide
I've initially been posting examples under the list of instructions but due to the way the instruction comments push the instructions to various edges of the screen, sometimes way out of alignment from others, everything is all over the place. I have a feeling that people trying to read it will get a headache.
So I've made an entire different page for it called "Guides And Examples".
It's in the style of the documentation page from the late GeckoCodes.org
I thought about posting it to the original guide thread but I had a feeling it would get lost in the existing sea of replies there already.
So I decided to make this separate thread, just so that anybody who browses this category of the site will have the chance to see it.
I'll still be updating the original guide and posting instruction specific code examples to it, but all of the general "examples" and guides will be posted to this new page.
Here is the page!
PowerPC For Dummies: The Guides and Examples Page
Let me know if anything on the page is incorrect.
Also, please let me know if there is an easier way I can explain a certain thing on it, trying to explain the logic instructions was..... not fun.
|
|
|
|
| Red Shells Always Target Player 1 [stebler] |
|
Posted by: stebler - 06-28-2021, 07:59 AM - Forum: Offline; Item
- No Replies
|
|
Red Shells Always Target Player 1 [stebler]
PAL:
047AAEFC 38000000
C27B3920 00000003
2C1C0000 41820008
3B400001 2C1A0000
60000000 00000000
NTSC-U:
047A0254 38000000
C27A4EC0 00000003
2C1C0000 41820008
3B400001 2C1A0000
60000000 00000000
NTSC-J:
047AA568 38000000
C27B2F8C 00000003
2C1C0000 41820008
3B400001 2C1A0000
60000000 00000000
NTSC-K:
047992BC 38000000
C27A1CE0 00000003
2C1C0000 41820008
3B400001 2C1A0000
60000000 00000000
Source code:
Code: # replace at 807aaefc (PAL)
# replace at 807a0254 (NTSC-U)
# replace at 807aa568 (NTSC-J)
# replace at 807992bc (NTSC-K)
li r0, 0 # try to follow player id 0 instead of the one immediately ahead of the thrower
Code: # inject at 807b3920 (PAL)
# inject at 807a4ec0 (NTSC-U)
# inject at 807b2f8c (NTSC-J)
# inject at 807a1ce0 (NTSC-K)
cmpwi r28, 0 # check if the player id is 0
beq p1
li r26, 1 # otherwise set this boolean that will prevent the player from being explicitly targeted
p1:
cmpwi r26, 0 # original instruction
|
|
|
|
| Blue Shells Always Target Player 1 [stebler] |
|
Posted by: stebler - 06-28-2021, 07:47 AM - Forum: Offline; Item
- No Replies
|
|
Blue Shells Always Target Player 1 [stebler]
PAL:
047AC1A8 38600000
047AC1AC 4E800020
NTSC-U:
047A1500 38600000
047A1504 4E800020
NTSC-J:
047AB814 38600000
047AB818 4E800020
NTSC-K:
0479A568 38600000
0479A56C 4E800020
Source code:
Code: # replace at 807ac1a8 (PAL)
# replace at 807a1500 (NTSC-U)
# replace at 807ab814 (NTSC-J)
# replace at 8079a568 (NTSC-K)
li r3, 0 # set return value to player id 0
blr # return immediately
|
|
|
|
| PowerPC - Trying to understand the rlwinm instruction |
|
Posted by: JimmyKazakhstan - 06-26-2021, 01:18 AM - Forum: Code Support / Help / Requests
- Replies (9)
|
|
I have another question about something I wanted to add to the PowerPC For Dummies guide.
I've been trying to learn how the rlwinm instruction works and oh man, let me tell you.
It's a lot harder than I thought it would be. I can't even begin to describe the headaches I got from trying to figure it out.
Yes, I got an actual headache from this.
I thought it was only one big instruction, but it turns out to be the substitute for 4 different ones.
I spent about 4 hours testing many things with it, I put together a very brief simplification of it.
Code: rlwinm = (Rotate Left Word Immediate With AND Mask) = An instruction that has the functions of the slwi, srwi, clrlwi, and clrrwi instructions.
rlwinm rA, rB, SH, MB, ME
# There isn't a definition I can give for any of these because their usage changes based on what operation is being done.
RA = Destination Register
RB = Source Register
SH = Shift Amount
MB = Mask Value
ME = End Mask
# clrlwi Operation
# You will get this if the "Shift Amount" is 0 and the Mask Value is 0
# The amount of bits cleared depends on what the End Mask Value is
# Assume the register holds the value 0x81234567
0 = 80000000
8 = 81000000
11 - 15 = 81200000
16 = 81230000
17 - 23 = 81234000
24 = 81234500
27 - 29 = 81234560
# clrrwi Operation
# You will get this if the "Shift Amount" is 0 and the End Mask is 31
# The amount of bits cleared depends on what the Mask Value is
# Assume the register holds the value 0x81234567
1 = 01234567
8 = 00234567
11 - 15 = 00034567
16 = 00004567
17 - 23 = 00000567
24 = 00000067
27 - 29 = 00000007
# slwi Operation
# You will get this if the Mask Value is 0 and the End Mask is the amount of bits you want to shift.
# If the End Mask is 31, the code will shift portions of the same value into the new space (I don't know any other way to word this).
# EXAMPLE :
# Assume the register holds the value 0x81234567
# rlwinm r18,r18,16,0,31
# If the End Mask was 24, the register would have the value 0x45678100
# But since it's 31, The value becomes 0x45678123
# The amount of bits shifted depends on what the Shift Amount is
# Assume the register holds the value 0x81234567
8 = 23456700
16 = 45670000
24 = 67000000
That's as far as I managed to get before I quit because of the headache I got.
My question is....
Is any part of this correct?
I want to know in advance before I add anything else to what I have.
|
|
|
|
|
