| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 646
» Latest member: Luca1337
» Forum threads: 1,815
» Forum posts: 14,000
Full Statistics
|
| Online Users |
There are currently 109 online users.
» 1 Member(s) | 106 Guest(s)
Bing, Google, LucioWins
|
| Latest Threads |
Allow Pausing Before Race...
Forum: Offline Non-Item
Last Post: Vega
3 hours ago
» Replies: 0
» Views: 10
|
Top 10 Most Influential C...
Forum: Coding & Hacking General Discussion
Last Post: Vega
7 hours ago
» Replies: 2
» Views: 7,348
|
Show Ice Cube on Online P...
Forum: Online Non-Item
Last Post: _Ro
Today, 08:23 AM
» Replies: 0
» Views: 33
|
CPU Control Cycler [Ro]
Forum: Offline Non-Item
Last Post: _Ro
Today, 07:56 AM
» Replies: 7
» Views: 1,010
|
Thunder Cloud Effect Modi...
Forum: Offline; Item
Last Post: JerryHatrick
Yesterday, 11:13 PM
» Replies: 11
» Views: 1,094
|
MKW Coder/Developer of th...
Forum: Coding & Hacking General Discussion
Last Post: Vega
Yesterday, 09:10 PM
» Replies: 10
» Views: 13,841
|
Make it to 10,000
Forum: General Discussion
Last Post: Vega
Yesterday, 08:15 PM
» Replies: 7,338
» Views: 5,671,006
|
Miniturbos and Inside Dri...
Forum: Coding & Hacking General Discussion
Last Post: JerryHatrick
Yesterday, 09:54 AM
» Replies: 1
» Views: 859
|
Code request???
Forum: Code Support / Help / Requests
Last Post: DrTap
01-09-2025, 06:06 PM
» Replies: 3
» Views: 4,956
|
CPUs/Online Players Have ...
Forum: Visual & Sound Effects
Last Post: Zeraora
01-09-2025, 02:26 AM
» Replies: 2
» Views: 515
|
|
|
| Shortcut to Finding the Cause of a Crash |
|
Posted by: JoshuaMK - 08-04-2019, 04:50 AM - Forum: Coding & Hacking General Discussion
- Replies (3)
|
 |
So you created a code, and while testing, the game crashes. What do you do?
Normally, you would restart the game, set a breakpoint on your code address, and painstakingly go stepping through code, frame by frame in some cases to try and pinpoint the cause of the crash.
This can take a long time, (you might get lucky though) and this in the long run, is extremely inefficient. So what you do is take advantage of these steps to skip all the hassle and go straight to the cause of the crash.
1.) Use Star's Exception Recovery code, which can be found here > https://mkwii.com/showthread.php?tid=116...83#pid2283
2.) With your faulty code and Exception Recovery activated, boot the game, and set a breakpoint on the instruction address: 00000300
3.) Play the game normally with the set breakpoint, and it will pause the game the instant the game crashes.
4.) You will see this set of code:
Code: 00000300 mtspr SPRG0, r3
00000304 mfspr r3, SRR0
00000308 addi r3, r3, 4
0000030c mtspr SRR0, r3
00000310 mfspr r3, SPRG0
00000314 rfi
5.) All you need to do now is look at the instruction ABOVE the one you are on. This instruction is what caused the crash. Like this example:
Code: 8039C8B8 lis r3, 0x807E
8039C8BC lhz r8, -0x2878 (r3)
8039C8C0 lwz r7, 0x0248 (r30) <----The cause of the crash
8039C8C4 rlwinm r7, r7, 0, 24, 28 <----The one we jumped to
8039C8C8 cmpw r7, r8
8039C8CC bgt ->0x803A780C
6.) Using what you found, look at your code and try to single out the cause, it could be bad coding that could be remedied with some fixes, or it could be an unsafe register.
7.) Once you have "fixed" the code, do the same steps again and if the game never breaks, you are good to go.
There you go! A nifty shortcut to bypass the struggles of predicting crashes and stepping through unneeded amounts of code.
Credits: Star (Exception Recovery)
|
|
|
| Clock [Vega] |
|
Posted by: Vega - 08-02-2019, 09:42 PM - Forum: Misc/Other
- Replies (6)
|
 |
Clock [Vega]
NOTE: It's recommended to also include this code to eliminate frame flickers -> https://mkwii.com/showthread.php?tid=1530
This code will place a graphical image of the current time (hours:minutes) on the bottom of your screen. It is reliant on the time set in the Calendar settings of the Wii's settings. So make sure the time in Calendar is up to date.
The clock is always on once you go past the bootstrap screen (the Wii Remote warnings). It is in military format (13:00 is 1:00 PM)
NOTE: This code makes use of memory addresses 0x80000F98 thru 0x80000FBF. Make sure no other codes in your GCT/Cheat-Manager are using those addresses.
NTSC-U
C200A3F0 00000007
9421FF80 BC610008
806DA358 80630044
80630000 3D808002
618C23E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009640 00000011
9421FF80 BC610008
3FE08002 3FA0801A
63BCACBC 7F8803A6
4E800021 3F608000
637B0F98 7F65DB78
63BCAF08 7F8803A6
4E800021 48000011
25303264 3A253032
64000000 7CC802A6
80FB0008 811B0004
38600089 388000D8
38A00001 63FE1DF0
7FC803A6 4E800021
63FE1DD0 7FC803A6
4E800021 B8610008
38210080 81830000
60000000 00000000
PAL
C200A430 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C2480 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009680 00000011
9421FF80 BC610008
3FE08002 3FA0801A
63BCAD5C 7F8803A6
4E800021 3F608000
637B0F98 7F65DB78
63BCAFA8 7F8803A6
4E800021 48000011
25303264 3A253032
64000000 7CC802A6
80FB0008 811B0004
38600089 388000D8
38A00001 63FE1E90
7FC803A6 4E800021
63FE1E70 7FC803A6
4E800021 B8610008
38210080 81830000
60000000 00000000
NTSC-J
C200A38C 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C23A0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C20095DC 00000011
9421FF80 BC610008
3FE08002 3FA0801A
63BCAC7C 7F8803A6
4E800021 3F608000
637B0F98 7F65DB78
63BCAEC8 7F8803A6
4E800021 48000011
25303264 3A253032
64000000 7CC802A6
80FB0008 811B0004
38600089 388000D8
38A00001 63FE1DB0
7FC803A6 4E800021
63FE1D90 7FC803A6
4E800021 B8610008
38210080 81830000
60000000 00000000
NTSC-K
C200A538 00000007
9421FF80 BC610008
806DA380 80630044
80630000 3D808002
618C24E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009788 00000011
9421FF80 BC610008
3FE08002 3FA0801A
63BCB0B8 7F8803A6
4E800021 3F608000
637B0F98 7F65DB78
63BCB304 7F8803A6
4E800021 48000011
25303264 3A253032
64000000 7CC802A6
80FB0008 811B0004
38600089 388000D8
38A00001 63FE1EF0
7FC803A6 4E800021
63FE1ED0 7FC803A6
4E800021 B8610008
38210080 81830000
60000000 00000000
Code creator: Vega
Code credits: Star (Draw Text), RiiDefi (Draw Text), Megazig (OS Functions)
1st ASM (When Game loads StaticR.rel, Get Render Mode & Call Direct Print Setup Frame Buffer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r0, 0x0014 (r1)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_SetupFB, 0x800223E0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_SetupFB, 0x80022480
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_SetupFB, 0x800223A0
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_SetupFB, 0x800224E0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Get Render Mode (RKSystem->mpVideo()->pRenderMode) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
.if (region == 'E' || region == 'e') # RMCE
lwz r3, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p') # RMCP
lwz r3, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j') # RMCJ
lwz r3, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k') # RMCK
lwz r3, -0x5C80(r13)
.endif
lwz r3, 0x0044(r3)
lwz r3, 0x0 (r3)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Call nw4r::db: DirectPrint_SetupFB #
# r3 = Render Mode #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
call_link nw4r_db_DirectPrint_SetupFB
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
pop_stack
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
2nd ASM (Calculate the Time, Draw it to Screen)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
#~~~~~~~~~~~~~~~~~~~~~~#
#No need to backup r0 or LR
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_nw4r address
ori r30, r31, \address@l
mtlr r30
blrl
.endm
.macro call_os address
ori r28, r29, \address@l
mtlr r28
blrl
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_Printf, 0x1DF0
.set nw4r_db_DirectPrint_StoreCache, 0x1DD0
.set OSGetTime, 0xACBC
.set OSTicksToCalendarTime, 0xAF08
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_Printf, 0x1E90
.set nw4r_db_DirectPrint_StoreCache, 0x1E70
.set OSGetTime, 0xAD5C
.set OSTicksToCalendarTime, 0xAFA8
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_Printf, 0x1DB0
.set nw4r_db_DirectPrint_StoreCache, 0x1D90
.set OSGetTime, 0xAC7C
.set OSTicksToCalendarTime, 0xAEC8
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_Printf, 0x1EF0
.set nw4r_db_DirectPrint_StoreCache, 0x1ED0
.set OSGetTime, 0xB0B8
.set OSTicksToCalendarTime, 0xB304
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~#
# Push Stack #
#~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set r31 and r29 for Macros #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r31, 0x8002
lis r29, 0x801A
#~~~~~~~~~~~~~~~~~~~~~~~~~#
# OSGetTime #
# No Args #
# Return Values... #
# r3 = Upper Time Base #
# r4 = Lower Time Base #
#~~~~~~~~~~~~~~~~~~~~~~~~~#
call_os OSGetTime
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Setup Exception Vector for Real Time Dump #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r27, 0x8000
ori r27, r27, 0x0F98
mr r5, r27
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# OSTicksToCalendarTime #
# r3 = Upper Time Base #
# r4 = Lower Time Base #
# r5 = Where to dump full Real Time to #
# r5 + 0 = Where Seconds are Dumped #
# r5 + 4 = Minutes Dumped #
# r5 + 8 = Hours Dumped #
# r5 + 0xC = Day #
# r5 + 0x10 = Month #
# r5 + 0x14 = Year #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
call_os OSTicksToCalendarTime
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set C++ String and r6 Arg of DirectPrint #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
bl set_string
.string "%02d:%02d\0\0"
set_string:
mflr r6
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Grab Hours then Seconds for printf args of DirectPrint #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lwz r7, 0x8 (r27)
lwz r8, 0x4 (r27)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# DirectPrint Printf & Store Cache #
# Purpose: Draw on Screen #
# r3 = X coordinate (starts far left) #
# r4 = Y coordinate (starts at very top) #
# r5 = 0 No Wrap; 1 Wrap #
# r6 = Address Pointer to String that will be Drawn on Screen #
# r7 thru r10 printf format args #
# f1 thru f13 printf float format args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
li r3, 0x89
li r4, 0xD8
li r5, 0x1
call_nw4r nw4r_db_DirectPrint_Printf
call_nw4r nw4r_db_DirectPrint_StoreCache
#~~~~~~~~~~~#
# Pop Stack #
#~~~~~~~~~~~#
pop_stack
lwz r12, 0 (r3) #Default Instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
|
|
|
|
Static Analysis with Ghidra: Quick Start |
|
Posted by: terorie - 08-02-2019, 07:31 PM - Forum: Other
- Replies (15)
|
 |
Hey, first post here!
ITT we disassemble and analyze Mario Kart Wii using Ghidra:
A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
Basic disassembly / PowerPC experience required.
Why Ghidra?
I was on a long hunt for a proper disassembler. Tried out everything from cross-compiled gcc to Hopper's trial version to radare2. They were all kind of working but were either a pain to set up or lacked advanced functionality like auto-analysis. Finally, Vega pointed me to Ghidra which works flawlessly and is easy to set up. Bonus points for open source!
I'll focus on Linux / macOS users but will work fine on Windows with minor changes.
So here's the basic plan:
- Extracting game binaries from your image
- Setup Ghidra + Tools
- Create Ghidra project and analyze binaries
At the bottom of the thread, you can find a list of all tools used.
Getting the game binaries
Most of the game code resides in two files: main.dol and StaticR.rel. The former one is the entrypoint containing a bunch of generic/loading code, the latter is a relocatable object file containing most of the game logic. Despite being relocatable, it is always loaded at the same address.
To extract these files from the game ISO, we use wit extract from Wiimm's ISO tools.
The files reside here: /DATA/files/rel/StaticR.rel /DATA/sys/main.dol.
Because most of the symbol addresses differ across different regions, I recommend using the PAL version (RMCP01) of the game going forward. It seems to have the most symbol names mapped.
Setting up Ghidra
Now that we have the interesting files, it's time to install the tools that can look at them.
Ghidra is Java-based, so install the JDK. (Debian: openjdk-12-jdk, Brew Cask: java).
Also set the correct $JAVA_HOME in your .profile.
(Try $(dirname $(readlink $(which java)))/java_home if you don't know where)
Next, download and install Ghidra. ~/opt/ghidra is a good location.
Set the correct $GHIDRA_INSTALL_DIR in your .profile.
Why not go ahead and try it out!
Open it with ~/opt/ghidra/ghidraRun
You can close it back down again because sadly the NSA didn't include logic to parse .dol/.rel files,
or to understand the Wii's Broadway CPU. Maybe we need more mkwii cybercrime, just saying.
Installing Ghidra extensions
Fortunately, aldelaro5 and Cuyler36 wrote Ghidra extensions that fill the gap!
Install the Broadway Language definitions so Ghidra understands Wii machine code:
Next, build and install GameCube Loaders so Ghidra can parse .dol/.rel files:- Download the repo:
git clone https://github.com/Cuyler36/Ghidra-GameCube-Loader
- Build the Gradle project to produce an extension .zip file with ./gradlew
- If above fails for some reason, grab the prebuilt .zip from the GitHub releases tab
- Place the zip in $GHIDRA_INSTALL_DIRECTORY/Extensions/Ghidra/
- Start Ghidra and install the plugin via File => Install Extensions
- Restart Ghidra to activate changes
Congrats! You now have a solid toolchain that can disassemble and statically analyze any Wii game.
Analyze all the binaries
Let's put it to use!
- Start up a new project in Ghidra (non-shared)
- Press I and import main.dol and StaticR.rel
Select Nintendo GameCube Binary as the format.
If it asks you if you want to load symbol maps, press no as we don't have any right now.
- Press the green dragon to open CodeBrowser
![[Image: HRkraM8.png]](https://i.imgur.com/HRkraM8.png)
- In Code Browser, Go To File => Open and select the two binaries
- You'll be asked if you want to run code analysis. Confirm and wait for a few minutes.
Of course, Mario Kart ships without debug symbols so every function is just called FUN_<address> for now. Best of all, despite not even knowing the ABI, Ghidra recognizes most call parameters.
You can find some symbol names in the list of useful links at the bottom.
How to import them is left as an exercise to the reader. (Protip: Ghidra has an amazing Python API)
I might release a symbol file some time in the future.
That's it! Have fun reversing and let us know what you're working on.
![[Image: gWr4yG9.png]](https://i.imgur.com/gWr4yG9.png)
Useful links
Special thanks to Vega and Dorian for tech support.
|
|
|
|
| Staying Safe Online |
|
Posted by: Vega - 08-02-2019, 12:46 AM - Forum: Coding & Hacking General Discussion
- No Replies
|
|
Staying Safe Online
I hear a lot of conversation of protecting your IP Address, staying safe on wifi, and friend BOT. I get questions such as "How can I protect myself while playing on Wiimmfi? or "I hear this friend BOT thing can get your MAC Address, can I stop that?"
Here are some of my recommendations...
Regarding IP Addresses:
Use a VPN. For dolphin it's easy, just get a VPN service and have it running.
For the Wii console, this is how you can setup a VPN:
Credits to Dorian & Luna~
What you need-
-Nintendo Wii
-Ethernet Cable
-Wii/Wii U LAN Adapter (3rd party brands tend to not work, get a Genuine Nintendo one)
-Windows 7+ computer
The LAN Adapter is attached to one of the USB ports of the Wii/Wii U, and the Ethernet cable is connected from the LAN Adapter to your computer.
How to-
-Download the VPN of your choice, Proton VPN is recommended as it works better for the Wii, and you can choose a specific IP to use every time.
-Connect to any country of your choice.
-Enter Internet Network Settings > Change Adapter Options
-Go into your Wi-Fi properties and enable, "Allow other network users to connect through this computer's Internet connection" on your VPN ethernet option.
-On your Wii run a wired test connection and it should work.
Notes-
-Every so often Windows decides to disable "Allow other network users to connect through this computer's Internet connection", just re-enable it and you'll be fine.
-Your internet for your Wii and PC will run slightly slower with the VPN enabled.
Regarding Wifi:
There is a packet of information that players share with each other in WWs/Rooms. It's called the User Record/Packet. There is some information in there that you should always spoof.
First is the Client ID. If you made a Mii on your Wii, somebody can get the MAC Address based on the Mii's Client ID. Not only can a person get this from the USER Record, they can get this from what is known as the SAKE protocol. A person can get this SAKE information from a network sniffing tool such as WireShark. Thus, it's crucial you spoof this.
Client ID Spoofer (set the code's value to C2428998) - http://mkwii.com/showthread.php?tid=840
Vega, what if I play on CTGP? I can't use that code!
You can change the Mii's Client ID permanently via a couple of methods. Whichever method you use, set the Client ID value to C2428998.
1. The first method is the MyAvatarEditor program. It's a windows abobe air type program. You can find it somewhere on google within minutes easily. If you get an installation error, you may need to change the computer's clock date to anything before Oct 31, 2017. You will need Adobe Air installed beforehand. Run the installer, afterwards a desktop shortcut will be created. The program itself is self-explanatory to use.
2. If you can't get the Avatar program to install/run. You can instead use a Hex Editor (I recommend HxD, google it). Use something such as Savegame Manager GX to extract the Mii to your SD/USB to go into your computer. The Client ID is at 0x1C (row 00000010, column 0C) of the Mii file. Before you re-inject your Modified Mii(s), remove any of their original copies that are present in the Mii channel.
Whichever method you do, set the Mii's Client ID value to C2428998.
--
Second is your Wii ID. Now we don't want this spoofed during server login, cause that can result in a Ban. I made a code that only spoofs the Wii ID for the USER Packet. Link to code - http://mkwii.com/showthread.php?tid=821
Set this to a random value that would still produce a value Wii ID number, just not yours.
FINAL NOTE:
The codes provided may be against the rules to use on Wiimmfi. No, they are not detectable.
Regarding Friend BOT:
The Client ID changes will protect you from the BOT getting your MAC Address.
|
|
|
|
| Camera Turn Speed Modifier [JoshuaMK] |
|
Posted by: JoshuaMK - 08-01-2019, 01:23 AM - Forum: Visual & Sound Effects
- No Replies
|
|
Camera Turn Speed Modifier [JoshuaMK]
Effects how quickly the camera turns to follow player when player makes a corner.
(NTSC-U)
0488DBF0 XXXXXXXX
(PAL)
04892330 XXXXXXXX
(NTSC-J)
04891980 XXXXXXXX
(NTSC-K)
04880738 XXXXXXXX
Normal X Value: 3F4CCCCD
Recommended Value: 3D000000
Setting it to 00000000 will make camera never turn. Any value equal to 40000001 and above WILL cause a game crash at some point.
Code Creator: JoshuaMK
|
|
|
|
| Camera Layering Modifier [JoshuaMK] |
|
Posted by: JoshuaMK - 08-01-2019, 01:18 AM - Forum: Visual & Sound Effects
- No Replies
|
|
Camera Layering Modifier [JoshuaMK]
Extreme values will make far away geometry/textures/objects phase in front of close up geometry/textures/objects partially.
(NTSC-U)
0488DBDC XXXXXXXX
(PAL)
0489231C XXXXXXXX
(NTSC-J)
0489196C XXXXXXXX
(NTSC-K)
04880724 XXXXXXXX
Normal X Value: 3FA66666
Setting X to 00000000 gives best results, but only on Dolphin (Set to 38000000 for real Wii). Setting X to anything too high will cause a blackscreen.
Code Creator: JoshuaMK
|
|
|
|
| Crazy Collision [JoshuaMK] |
|
Posted by: JoshuaMK - 07-31-2019, 07:45 AM - Forum: Offline Non-Item
- No Replies
|
|
Crazy Collision [JoshuaMK]
This code lets you modify what type of wall the game thinks you are colliding with. Read below for a description for some X values.
Note: This code makes the game think you are ALWAYS in contact with the wall type, but because you can still drive around, it creates some interesting effects.
(NTSC-U)
045AD300 38A0XXXX
(PAL)
045B8228 38A0XXXX
(NTSC-J)
045B7BA8 38A0XXXX
(NTSC-K)
045A6280 38A0XXXX
Some X Values:
0 = Normal - No wall collision
1 = Drifting, wheelies, and hopping are all effected. Hopping quickly lets you gain height infinitely.
2 through F = Mostly untested. F has same effects as 1, so does 2.
10 through 3F = Almost completely untested. Seems to have generalized effects like weird wall contact and such.
40 through 6F = Almost completely untested. Seems the same as 10 through 3F, but stronger effects.
70 through 9F = Mostly untested. 70 through 7F Seems to have player almost falling through floor. 80 through 9F seems to have player falling through floor and bouncing back up shortly after.
100 through 1FF = Almost completely untested. Seems to have player fall through floor without bouncing back up.
7FFF = Falling through some floors, not all though. (Idk)
Code Creator: JoshuaMK
|
|
|
|
| Triple Mushroom Behavior Modifier [JoshuaMK] |
|
Posted by: JoshuaMK - 07-30-2019, 05:52 AM - Forum: Offline; Item
- Replies (3)
|
|
Triple Mushroom Behavior Modifier [JoshuaMK]
Offline use only
This code effects the use/behavior of the Triple Mushroom. Read below for each separate description for each separate X value.
(NTSC-U)
047ADF1C 28000000
047ADF20 3800000X
(PAL)
047BC97C 28000000
047BC980 3800000X
(NTSC-J)
047BBFE8 28000000
047BBFEC 3800000X
(NTSC-K)
047AAD3C 28000000
047AAD40 3800000X
X Values:
0 = Infinite Triple Mushroom
1 = When you use the Triple Shroom, it skips down to Single Shroom, then functions normally
2 = When you use the Triple Shroom, it goes down to two Shrooms and then turns Infinite
3 = Infinite Triple Mushroom
Code creator: JoshuaMK
Code Contributors: Phyz (Saw his code and decided to overhaul)
|
|
|
|
| Unban Yourself From Any Wii Server (Dolphin only) |
|
Posted by: Vega - 07-30-2019, 01:14 AM - Forum: Purgatory
- No Replies
|
|
NOTICE: In purgatory due to this no longer working on Wiimmfi and that ALTWFC never bans anybody. Kept for historical purposes.
Unban Yourself From Any Wii Server (Dolphin)
NOTE: This is for dolphin-emulator that is using a real Wii NAND. This will NOT work the the dolphin supplied default nand.
NOTE: This won't work for 'Stable' versions of Dolphin. Use a modern dev version.
NOTE: Will MOST likely NOT work on Wiimmfi, but you can try...
Requirements:
Know how to run codes on Dolphin
Chapter 1. IP Address
First thing's first, all servers keep track of all players' IP Addresses. Thus, it is essential that this must be changed. To see what your IP is, simply Google 'what is my IPv4?'.
Here are some methods to change your IP. Be sure to re-google 'what is my IPv4?' after trying a method. Once you have a different IP address, go to Chapter 2.
Fyi: ISP = Internet Service Provider (Google, Spectrum, Xfinity, Cox, etc)
Router/Modem/Network-Box Method
1. Reset your Internet modem (Some ISP's have a setup to where every time you reset your modem, you get a new IP)
2. Turn modem off, wait 1 hour, turn it back on.
3. Turn modem off, wait 24 hours, turn it back on.
VPN Method
This will vary greatly per what VPN service you are using and what your computer operating system is. Therefore, I simply cannot make a singular guide for this method. Obviously since Windows is very popular, there are all sorts of VPN services that will easily install on Windows. For Linux, I have heard good things about Express VPN. ExpressVPN has tutorials (for Ubuntu 14 & 16) of how to get your VPN up and running. Google is your friend.
ISP Contact Method
If the Router/Modem/Net-Box Methods won't work. You can try calling your ISP and ask for a new IP address. Chances are you will be denied or in fact, they can't do it which leads to the next method.
New Router/Modem Method
Nowadays, most ISPs set IPs to your router/modem's MAC Address. You can call your ISP and say you need a new modem. They will let you know where to trade in your current modem for a new one. This will 100% work, and you will get a new IP Address.
Chapter 2: Data Save(s)
There are two methods to wipe your data save(s). Choose whichever is easiest for you.
Via computer files:
Your Wii NAND files location varies per computer operating system. You need to find where your NAND files are. They will be in a folder called "Wii". Within the "Wii" folder open the "Title" folder, then open the "00010004" folder. Delete all folders within the "00010004" folder.
Via system menu:
Launch Dolphin, launch your system menu. At the Wii Main Menu, click on the Wii Logo on the Bottom Left. Click Data Management, then Wii. Find the MKWii Data Save file(s) and erase them all.
Chapter 3: Changing MAC Address
You need to find where your dolphin config files are at (it's a folder than contains multiple .ini files). The location of these files varies per operating system. Find the dolphin.ini file. Open it.
The MAC Address is listed next to WirelessMac. It is 12 digits long. The digits are in Hex (0-9, A-F). You cannot change the first 6 digits to whatever you want. Nintendo has certain values that they own. You must use one of these combination of values. Here's a list of all valid first 6 digit combos for MAC Addresses:
Code: 0009BF
001656
0017AB
00191D
0019FD
001AE9
001B7A
001BEA
001CBE
001DBC
001E35
001EA9
001F32
001FC5
002147
0021BD
00224C
0022AA
0022D7
002331
0023CC
00241E
002444
0024F3
0025A0
002659
002709
182A7B
2C10C1
34AF2C
40F407
58BDA3
78A2A0
8C56C5
8CCDE8
9CE635
A45C27
A4C0E1
B8AE6E
CC9E00
D86BF7
E00C7F
E0E751
E84ECE
For the last 6 digits of the MAC Address, they can be anything in Hex. I wouldn't do anything silly such as all the digits being the same. Apply your new MAC Address, save and close the file.
Chapter 4: Changing DWC_Authdata
Go back to where your NAND files were. Open the "shared2" folder. Open the DWC_AUTHDATA file with a Hex Editor (I recommened HxD which you can find for free within minutes via a Google search).
DWC_AUTHDATA Hex digit guide:
Code: 00 00 0Z ZZ ZZ ZZ ZZ ZZ 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Z = Your new DWC_AUTHDATA value
Edit the Z values to something random that isn't the same as your current value. The overall Z value cannot exceed 9184E729FFF. Simply set your overall Z value to any Hex number that doesn't exceed that limit. Have common sense, don't use a number too small or too large. Also don't set your overall Z value to something silly like 22222222222.
Apply the changes. Save the file. Close your Hex Editor
Chapter 5: Changing the Wii ID
You will need my Wii ID NAND Modifier Code - http://mkwii.com/showthread.php?tid=1173
Follow the instructions listed and read all the notes in the thread. Simply apply the cheat code and launch the game. The Wii Menu return function of the code may not work (cause Dolphin is Dolphin...). This is normal. After you have executed the code, there are two ways to check to see if the Wii ID changes were successful...
Method #1 (system menu):
Launch your system menu. Click the envelope logo on the bottom right. Click the second icon on the left (Create Message). Then click on the Address Book on the far right. Your Wii ID number will appear (in decimal form, not the hex form you used in the code ofc, use any Decimal to Hex online converter to check the Hex value). If it's not changed, scroll down to 'troubleshooting'.
Method #2 (nwc24msg.cfg):
Go to your NAND files. Open the 'shared2' folder. Open the 'wc24' folder. You will see a file named nwc24msg.cfg. Open it with a Hex Editor (such as HxD). At address 0x8, is the start of your WIi ID. It should match what you put in your code. If not, scroll down to troubleshooting.
Troubleshooting Wii ID Change:
The code may have not worked because of your External Frame Buffer settings in Dolphin or because Dolphin is Dolphin..... Launch Dolphin, go to your Graphics config (or click the icon that looks like a computer monitor). Go to the hacks tab. UNCHECK the XFB option "Store XFB Copies to Texture Only". Reboot Dolphin, try again.
If that setting was already unchecked, you have two options:
-Try a different version of Dolphin
-You can run the code on a Wii Console, it will work then. First, backup your console's current nwc24msg.cfg and .cbk files (the cbk is also in /shared2/wc24) via some HBC application; such as WIi Explorer. Then run the code on your console. Use an HBC app to move your new cfg and cbk files to your SD/USB. And then put those two new files in your Dolphin NAND replacing the older ones. Afterwards, put back your original console cbk & cfg files back into the console's NAND.
Chapter 6: Changing the Serial Number
NOTE: I have heard that modern versions of Dolphin will auto generate you a new setting.txt (with new randomly generated Serial Number) if you delete the file, then relaunch Dolphin. Even if this works, I wouldn't advise this as I'm pretty sure the Dolphin Devs wouldn't use correct serial number ranges for the generated serial number. If you decide to go this route, just be sure to backup your original setting.txt before deleting it just in case this 'bricks' your Dolphin NAND from booting.
Go back to your Wii NAND files again.
Open the title folder.
Open the "00000001" folder.
Open the "00000002" folder.
Open the "data" folder.
You will see a setting.txt file. Take note of its location.
You will need the SettingEditor.zip file. Add me on Discord (vega8365).
Extract/unzip the file. Open the SettingEditor folder, you will see a SettingEdit.exe file. Run the exe file. There is an 'Open' button at the bottom left, click it. Navigate to where your setting.txt, open it.
All your info of your setting.txt will be loaded into the program. The 9 digit number in the Serno section is what we are concerned with, nothing else. You cannot choose any number you want, because Nintendo had specific ranges that they use.
There are tons of ranges but I chose the ones that were most common for safety reasons.
Ranges: X = Any decimal number you want
10XXXXXXX (the most common range, any user can use this)
11XXXXXXX (only use this range if your system menu is PAL)
3XXXXXXXX (only use this range if your system menu is US)
5XXXXXXXX (only use this range if your system menu is US)
Apply your new 9 digit serial number. Then click Save. Close the program.
Chapter 7 (Optional) Client ID Spoofer Code
Client ID Spoofer Code - http://mkwii.com/showthread.php?tid=840
This code is not really needed. It may be necessary if you are a very known 'ban-bypasser' and you are very paranoid about being caught. Every person's Mii Data (when online) is stored on the mkw server via the SAKE protocol. If an admin has the proper tools, he/she can (with a lot of trouble) view a person's SAKE (Mii Data information). Thus, if that admin is viewing your Mii Data, he/she can see if your Client ID is connected to a banned MAC Address.
Keep in mind the odds of all of this are very very slim. Like I said, if you're really paranoid, then run the Client ID Spoofer as well. In the Client ID Spoofer thread there is a recommended Client ID value to use if you are not sure what value to set the code to (C2428998). The recommended value is the default value that is on the famous Mii Editor program - My Avatar Editor. Which many people use, thus many people on mkw servers have this same Client ID so it is the safest value to use for the code.
Chapter 8. Going online
If you are using a VPN, be absolutely sure your VPN is turned on and working. Launch dolphin. Apply the Client ID Spoofer code if you chose to use it. Launch your ISO.
Connect to WiFi. If you are connecting to Wiimmfi, you should get EC 23899. If you got an EC of 239XX, then you were caught and got re-banned/blocked again. For all other servers, you should connect with no error codes.
If successful, congratz!
IMPORTANT NOTE (for Wiimmfi): Whatever region of ISO you registered with is the one you need to play with. Changing regions of ISOs causes certain items in the emulated NAND to change thus causing you to re-register. Thus, registering multiple 'regions of ISOs' during the 7 day wait is not advised and could trigger a re-ban.
Chapter 9. Troubleshooting
If you've received EC 239XX on Wiimmfi, try a different value for the DWC_AUTHDATA file. Delete your data save. Try connecting online again.
If you still are receiving EC 239XX after that, then remove the DWC_AUTHDATA file completely. Delete your data save once again. Try connecting. If that still doesn't work, then post in the thread for help or contact me via discord (vega8365)
If deleting the file worked, the server will have a new one generated for you once you have connected online after your 7 day wait. During the time you don't have a DWC_AUTHDATA file, this may cause an error when connecting to ALTWFC, you will simply need to wait out the 7 days for your new file to be generated to fix the ALTWFC issue.
Credits:
Wii ID NAND Modifier Code by Vega
SettingEdit by Spzx0
Client ID Spoofer Code by Vega
|
|
|
|
|
