| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 648
» Latest member: TASsy_js
» Forum threads: 1,816
» Forum posts: 14,011
Full Statistics
|
| Online Users |
There are currently 72 online users.
» 0 Member(s) | 70 Guest(s)
Bing, Google
|
| Latest Threads |
Make it to 10,000
Forum: General Discussion
Last Post: Cealgair
46 minutes ago
» Replies: 7,346
» Views: 5,677,202
|
Textures/texture packs in...
Forum: Coding & Hacking General Discussion
Last Post: Vega
11 hours ago
» Replies: 1
» Views: 32
|
MKW Coder/Developer of th...
Forum: Coding & Hacking General Discussion
Last Post: Fifty
Yesterday, 05:06 AM
» Replies: 11
» Views: 13,920
|
Allow Pausing Before Race...
Forum: Offline Non-Item
Last Post: Vega
01-11-2025, 07:47 PM
» Replies: 0
» Views: 44
|
Top 10 Most Influential C...
Forum: Coding & Hacking General Discussion
Last Post: Vega
01-11-2025, 03:27 PM
» Replies: 2
» Views: 7,368
|
Show Ice Cube on Online P...
Forum: Online Non-Item
Last Post: _Ro
01-11-2025, 08:23 AM
» Replies: 0
» Views: 52
|
CPU Control Cycler [Ro]
Forum: Offline Non-Item
Last Post: _Ro
01-11-2025, 07:56 AM
» Replies: 7
» Views: 1,040
|
Thunder Cloud Effect Modi...
Forum: Offline; Item
Last Post: JerryHatrick
01-10-2025, 11:13 PM
» Replies: 11
» Views: 1,145
|
Miniturbos and Inside Dri...
Forum: Coding & Hacking General Discussion
Last Post: JerryHatrick
01-10-2025, 09:54 AM
» Replies: 1
» Views: 866
|
Code request???
Forum: Code Support / Help / Requests
Last Post: DrTap
01-09-2025, 06:06 PM
» Replies: 3
» Views: 4,979
|
|
|
| Conditional OOB v2.0 [riidefi] |
|
Posted by: JoshuaMK - 07-08-2020, 07:42 AM - Forum: Misc/Other
- No Replies
|
 |
Conditional OOB v2.0 [riidefi]
Usage: Add an AREA of type 10 (0xA) to the KMP. The first and second AREA parameters, "P1" and "P2", define the checkpoint range: the AREA will be enabled if and only if a player is in the Cth checkpoint sector such that P1 <= C < P2.
NOTE: If P1 == P2, this code is disabled, and the boundary is unconditionally enabled.
NOTE: If P1 > P2, the range functions in blacklist mode. The AREA will be disabled within P2 <= C < P1, and enabled everywhere else.
(NTSC-U)
C256CA24 00000014
7C630735 41A00094
3CC0809C 80BF0004
80A50000 80868F28
80C68F70 5460103A
8084002C 88A50010
80840000 80C6000C
54A5103A 7C84002E
7CA6282E 80840004
A0E5000A A1040028
A124002A 7D484850
7D44FE70 7C805278
7CC40050 7CA84810
7C894910 7D400034
7CA52038 7CA82A14
55440FFE 7CA53850
5400D97E 7CA62810
7CA52910 7CA500D0
7CA42278 7C840378
3804FFFF 7C031B79
60000000 00000000
(PAL)
C2571874 00000014
7C630735 41A00094
3CC0809C 80BF0004
80A50000 8086D6E8
80C6D730 5460103A
8084002C 88A50010
80840000 80C6000C
54A5103A 7C84002E
7CA6282E 80840004
A0E5000A A1040028
A124002A 7D484850
7D44FE70 7C805278
7CC40050 7CA84810
7C894910 7D400034
7CA52038 7CA82A14
55440FFE 7CA53850
5400D97E 7CA62810
7CA52910 7CA500D0
7CA42278 7C840378
3804FFFF 7C031B79
60000000 00000000
(NTSC-J)
C25711F4 00000014
7C630735 41A00094
3CC0809C 80BF0004
80A50000 8086C748
80C6C790 5460103A
8084002C 88A50010
80840000 80C6000C
54A5103A 7C84002E
7CA6282E 80840004
A0E5000A A1040028
A124002A 7D484850
7D44FE70 7C805278
7CC40050 7CA84810
7C894910 7D400034
7CA52038 7CA82A14
55440FFE 7CA53850
5400D97E 7CA62810
7CA52910 7CA500D0
7CA42278 7C840378
3804FFFF 7C031B79
60000000 00000000
(NTSC-K)
C255F8CC 00000014
7C630735 41A00094
3CC0809B 80BF0004
80A50000 8086BD28
80C6BD70 5460103A
8084002C 88A50010
80840000 80C6000C
54A5103A 7C84002E
7CA6282E 80840004
A0E5000A A1040028
A124002A 7D484850
7D44FE70 7C805278
7CC40050 7CA84810
7C894910 7D400034
7CA52038 7CA82A14
55440FFE 7CA53850
5400D97E 7CA62810
7CA52910 7CA500D0
7CA42278 7C840378
3804FFFF 7C031B79
60000000 00000000
Code Creator: riidefi
|
|
|
| Advanced Live Replay [WhatisLoaf] |
|
Posted by: WhatisLoaf - 07-04-2020, 09:01 PM - Forum: Time Trials & Battle
- Replies (7)
|
 |
This code stores the inputs of a ghost when replaying it.
This will make the game replicate these inputs when either in Solo Time Trial or Ghost Race.
The latter makes comparisons in time trial recordings possible.
[1] Select the ghost you want to mimic
[2] Press "Watch Replay" and exit when the replay starts, you don't have to watch the entire replay play out.
[3] For regular live replay just press "Solo Time Trial"
[4] If you want to race a ghost just select the ghost you want to race and press "Race Ghost"
Getting 2 ghosts on your console/dolphin can be by using Ghost Manager.
PAL
04522738 60000000
0452273C 60000000
C252EDF4 00000005
899E0B53 2C0C0002
40820018 A19E23DE
918400E4 818400DC
918400E0 38043E60
90040008 00000000
NTSC-U
0451E2C4 60000000
0451E2C8 60000000
C252A2AC 00000005
899E0B53 2C0C0002
40820018 A19E23DE
918400E4 818400DC
918400E0 38043E60
90040008 00000000
NTSC-J
045220B8 60000000
045220BC 60000000
C252E774 00000005
899E0B53 2C0C0002
40820018 A19E23DE
918400E4 818400DC
918400E0 38043E60
90040008 00000000
NTSC-K
0451075C 60000000
04510760 60000000
C251CE4C 00000005
899E0B53 2C0C0002
40820018 A19E23DE
918400E4 818400DC
918400E0 38043E60
90040008 00000000
Code: # 8052edf4 - RMCP
# 8052a2ac - RMCE
# 8052e774 - RMCJ
# 8051ce4c - RMCK
lbz r12, 0x0b53 (r30) # get the current game mode
cmpwi r12, 2
bne store_address # only execute code when in time trial
# make ghost saving possible
lhz r12, 0x23de (r30) # get the input data length
stw r12, 0xe4 (r4)
lwz r12, 0xdc (r4) # get pointer to input data
stw r12, 0xe0 (r4)
addi r0, r4, 0x3e60 # set pointer to controller that contains the inputs
store_address:
stw r0, 0x8 (r4) # default instruction
Code created by: WhatisLoaf
Code credits: Seeky (documentation)
|
|
|
|
| Custom Time Trial Rankings [WhatisLoaf] |
|
Posted by: WhatisLoaf - 06-23-2020, 08:02 PM - Forum: Time Trials & Battle
- Replies (5)
|
|
Custom Time Trial Rankings [WhatisLoaf]
Hey everyone, this code will allow you to create fully custom time trial rankings in the Mario Kart channel.
Since there is a lot of data to fill in I'm not going to post the code here as it changes heavily based on what you fill in.
Instead I've made a tool that generates these codes which you can find at tt-rec.com
I know this is kind of unorthodox but this is the only way to not make it a nightmare to use.
This is my first time making a code for mkw so feel free to give feedback on what can be improved.
I've ported to all regions but only tested PAL and NTSC-U, I suspect the other regions should be fine though.
The code includes Anarion's globe position changer and region changer. For the preprogrammed globe position I used Vega's extensive database of globe positions.
Vega's CRC bypass code is also used which means not having to deal with checksums.
Besides that there are 2 codes: A title changer (that is displayed above the rankings) and the code that fills in the entire top 10, below is the source code for both:
Custom Rankings Title:
Code: #Address Ports
#NTSC-U = 805C12AC
#PAL = 805CDDCC
#NTSC-J = 805CD6A8
#NTSC-K = 805BBD8C
mflr r11
bl set_address
# the entire string is placed in and can vary in length
# it's important to include 0000 at the end to terminate the string
.long XXXXXXXX
set_address:
cmpwi r14, 0x1776 # message ID for continental rankings title
bne- function_end
mflr r3 # replace the address with our address
stw r3, 0x20(sp)
function_end:
or r3, r21, r21
mtlr r11
Custom Top 10:
The source code here only includes 1 entry as an example. Big thanks to Vega for providing a more easy to read version of the code and shortening it by a few lines.
Code: #Time Entry Packet Symbol Map
#0x1 (halfword) Milliseconds
#0x4 (word) Minutes, Seconds, then Milliseconds
#0x8 thru 0x53 Entire Mii Data including its CRC16 checksum; 0x4C in size
#0x57 (byte) Controller; 0 - Wheel, 1 - Wiichuck, 2 - Classic, 3 - GCN; useful if you wanna display wheel icon
#0x60 (byte) Country Code, use 0xFF to disable flag or use a country code that normally doesn't have a flag
#0x61 (byte) State Code (location within country), editing this is useless for this code
#0x62 (halfword) Location Code (location within state, this was never implemented/finalized in mkwii); useless to edit
#Address Ports
#NTSC-U = 806414CC
#PAL = 8060BFAC
#NTSC-J = 8060B720
#NTSC-K = 805FA3CC
#Backup Global Variable Registers (r18 thru r31), 0x34 amount of space
stmw r18, -0x34 (sp) #No function calls in code, safe to do
#FYI: LR is already backed up in r0
#Set r4 as 0 (friend rankings) to skip WFC connect
li r4, 0 #Default instruction not needed as r4's value is now set
#Change Byte in memory back to 1 (Regionals); Friend Rankings won't show for some reason
li r12, 1
stw r12, 0x58 (r3)
#Set Amount of Entries (1 thru 10)
li r12, 1 #1 used just for compilation, !!!adjust this for how many time entries will be used in the code!!!
stw r12, 0x60 (r3) # set amount of times to show
mtctr r12
#Set r11 to points to where the first data needs to be written to
addi r11, r3, 0x0068
#Make Mii Data Table
bl read_data
.short 0xDDDD #Millisecond
.byte 0xEE #Minute
.byte 0xEE #Second
#Mii Data from 0x00 to 0x1b
.llong 0xFFFFFFFFFFFFFFFF
.llong 0xFFFFFFFFFFFFFFFF
.llong 0xFFFFFFFFFFFFFFFF
.long 0xFFFFFFFF
#Mii Data from 0x20 to 0x31
.llong 0xFFFFFFFFFFFFFFFF
.llong 0xFFFFFFFFFFFFFFFF
.long 0xFFFFFFFF
.short 0xFFFF
.byte 0xEE #Flag (Country code) Value, use 0xFF to disable flag
.byte 0xEE #Wheel/Not-Wheel Value; 0 = Wheel & 1 = No Wheel
#!!!For more than one entry, add in another set of the data from the template just above!!!
read_data:
mflr r12
#Loop, based on amount of entries
loop:
#Load all data from current time entry to r24 thru r31
lmw r18, 0 (r12)
#Store Time to proper spots in the Time Entry Packet
sth r18, 0x1 (r11)
stw r18, 0x4 (r11)
#Copy-paste first half of Mii Data to its spot in the Time Entry Packet
stmw r19, 0x8 (r11)
#Copy-paste second half of Mii Data to its spot in the Time Entry Packet
stmw r26, 0x28 (r11)
#Store Wheel Bit Value, Store Flag Byte value
stb r31, 0x57 (r11) #Wheel; 0 = Yes, 1 = No
sth r31, 0x60 (r11) #Flag; use 0xFF to disable flag
#Increment r12 & r11 for next Time Entry (if applicable)
addi r12, r12, 0x38
addi r11, r11, 0x68
#Decrement Loop
bdnz+ loop
#Restore LR, already backed up in r0 before code was executed
mtlr r0
#Restore Global Variable Registers (r18 thru r31)
lmw r18, -0x34 (sp)
Code created by: WhatisLoaf
Code credits: Anarion (globe position changer & region changer), Vega (globe position database, CRC Bypass Code)
|
|
|
|
| RACE Header RCE Protection [Seeky] |
|
Posted by: Seeky - 06-22-2020, 12:26 PM - Forum: Online Non-Item
- Replies (9)
|
 |
RACE Header RCE Protection [Seeky]
This code will increase the space allocated for each of the split RACE packet buffers to the maximum size that could be memcpyed into them (0xff, since the length values in the packet header are 1 byte each), preventing the buffer overflow that was used in Star's RCE code. This code was actually made a few weeks before the release of taht code, as an attempt for an antifreeze originally, and turned out to be fixing the same exploit that was being used for his RCE.
WARNING: this code only fixes one specific overflow, it does not protect against the USER overflow and wouldn't protect against any other exploits if they were to be found. For protection against the current known exploits, you should pair this code with USER Overflow Fix or use RACE Packet Validation instead, which protects against both and can also act as an antifreeze (although it's a longer gecko code than the other two combined)
NTSC-U
08895AC4 000000FF
20070004 00000000
PAL
0889A194 000000FF
20070004 00000000
NTSC-J
088992F4 000000FF
20070004 00000000
NTSC-K
088885CC 000000FF
20070004 00000000
Code created by: Seeky
Code credits: Star (showing the exploit could be used for RCE), CLF78 (shortening the code to an 08)
|
|
|
|
| Remote Code Execution [MikeIsAStar] |
|
Posted by: Star - 06-22-2020, 04:08 AM - Forum: Online Non-Item
- Replies (4)
|
 |
Remote Code Execution [MikeIsAStar]
This code will inject arbitrary code into a client's game.
Code: #======================================#
# Mario Kart Wii Remote Code Execution #
#--------------------------------------#
# Author : MikeIsAStar #
# Date : 29 May 2023 #
#--------------------------------------#
# Description: This code will inject #
# arbitrary code into a client's game. #
#--------------------------------------#
# Terms & Conditions: You are fully #
# responsible for all activity that #
# occurs while using this code. The #
# author of this code can not be held #
# liable to you or to anyone else as a #
# result of damages caused by the #
# usage of this code. #
#======================================#
#======================================#
# Assembler Directives #
#======================================#
.set packetSize, packetEnd - packetStart
.set payloadSize, payloadEnd - payloadStart
#======================================#
# Text Section #
#======================================#
.section ".text"
#======================================#
# Hook Address #
#--------------------------------------#
# RMCP : 0x80657F30 #
# RMCE : 0x80653AA8 #
# RMCJ : 0x8065759C #
# RMCK : 0x80646248 #
#======================================#
.globl _start
_start:
bl packetEnd
packetStart:
.long 0x4D696B65
.long 0x00000000
.byte payloadStart - packetStart
.byte payloadSize
.byte 0x00
.byte 0x00
.byte 0x00
.byte 0x00
.byte 0x00
.byte 0x00
.llong 0x4D696B6553746172
.llong 0x4D696B6553746172
.long 0x80000000 # Destination address
.long 0x00000000
payloadStart:
.long 0x4D696B65
payloadEnd:
packetEnd:
lis 12, 0x80005F34@ha
li 5, packetSize
mflr 4
ori 12, 12, 0x80005F34@l
stw 5, 8(3)
mtctr 12
lwz 3, 0(3)
bctrl
li 4, packetSize
https://github.com/MikeIsAStar/Mario-Kar...-Execution
Code Creator: MikeIsAStar
|
|
|
|
| Block First 8 Cups in Regionals |
|
Posted by: Optllizer - 06-21-2020, 06:24 PM - Forum: Code Support / Help / Requests
- Replies (4)
|
 |
Hello, Right now I am working on a new custom track distribution and I am stuck trying to figure out how to block the first 8 cups from being played in Regionals. Why you may ask, Well I don't want to play regular tracks in regionals, but I still want the option to tt them offline. I know that CT Code has this option but LE Code doesn't. The filter code is public on github but I don't know assembly to try and use it. I am wondering if anyone is able to try and use the CTGP 1.02 code to make a filter for LE Code.
Here is the public CT code.
https://github.com/Chadderz121/wii-ct-code
|
|
|
|
| Comments about the "Please READ before posting any Code bugs/issues" thread |
|
Posted by: Leseratte10 - 06-21-2020, 06:36 AM - Forum: Coding & Hacking General Discussion
- Replies (1)
|
|
I can't reply to the "Please READ before posting any Code bugs/issues" announcement thread ( https://mkwii.com/showthread.php?tid=1535 ) so I'm making a new thread because I have some comments about that; if it's in the wrong sub forum please move it.
Quote:However in the era of post-Nintendo WiFi, most users play MKWii on the Wiimmfi service, which can lead to many issues. The Wiimmfi Service has many security patches that can cause a code to be buggy or not work at all. In fact, certain popular/infamous codes have been blocked specifically. This can still effect offline-only codes (due to loading via some Wiimmfi-patching system/app)!
...
It does suck that Wiimmfi (plus corresponding Wiimmfi patchers) can cause certain codes to malfunction, but it is what it is.
1) just loading the game through a Wiimmfi patcher doesn't load any updated code at all, except for the code that downloads the actual update from Wiimmfi. Loading the game through a Wiimmfi patcher and NOT going online and just playing in offline mode does, to my knowledge, NOT influence any cheat codes from working at all.
2) To my knowledge, going on Wiimmfi and only playing in friend rooms shouldn't influence any cheat code either. Wiimmfi may not let you connect if you are using cheats to spoof your identity, but it doesn't break any cheat codes.
We specifically try to not affect offline cheating and cheating in friend rooms where cheating is allowed, so I'm surprised about that statement. Of course, breaking certain cheat codes in WW races might be a nice unintended side effect, but at least for friend rooms. we are regularly testing cheat codes on Wiimmfi, and we've never run into issues with cheats not working.
Is there any cheat code that is known to break in offline mode just because it is running on a Wiimmfi-patched ISO?
And is there any cheat code (except for identity spoofing or stuff like that) that breaks in friend rooms on Wiimmfi but works in friend rooms on AltWFC?
|
|
|
|
| Code request (Useful for many packs) |
|
Posted by: Ro_ - 06-17-2020, 11:43 AM - Forum: Code Support / Help / Requests
- Replies (3)
|
|
Hello, I want to make a gamemode but there is a problem: It is timer based, so, the timer will have to be different deoending on the amount of players in the room.
Can someone create a code that is an activator for player amounts? Like this:
TIMER CODE EXAMPLE
XXXXXXXX XXXXXXX -> big assembly code for the player amount activator
28YYYYYY 000000PP - activator for amount of players
04000000 00000000 - code wanted
E0000000 80008000 - terminator
Let's say I want a cheat to have differsnt values depending on the amount of players in the room
XXXXXXXX XXXXXXXX
28YYYYYY 00000001 - if 1P
04533330 38000005
e0000000 80008000
28yyyyyy 00000002 - if 2P
04533330 3800000A
e0000000 80008000
and there it goes
|
|
|
|
| Banned file modifications on Wiimmfi |
|
Posted by: Star - 06-14-2020, 04:24 AM - Forum: Coding & Hacking General Discussion
- Replies (4)
|
|
The following files have their SHA-1 hashes sent to the server via the Wiimmfi Update code:
kartParam.bin
driverParam.bin
ItemSlot.bin
GeoHitTableItem.bin
GeoHitTableItemObj.bin
GeoHitTableKart.bin
GeoHitTableKartObj.bin
minigame.kmg
ObjFlow.bin
As of patcher v71 (2020-06-03 13:56:37)
|
|
|
|
|
