Guide to perma edit ISO with Cheat Codes
#1
Guide to perma edit ISO/WBFS with Cheat Codes


NOTICE: This guide is going to be for users with a moderate amount of experience. If you are a 'beginner', It is recommended you read the following threads first:

Guide to create activators and deactivators - http://mkwii.com/showthread.php?tid=68
Guide to port Codes - http://mkwii.com/showthread.php?tid=113
Intro to Wiimm's Tools - http://mkwii.com/showthread.php?tid=347

Also... this guide is written for Linux users. If you are intuitive enough, you can change some of the commands to work on Windows.



You will need a Hex Editor... (HxD via Wine is used in this Guide)

NOTE: If you are on Windows, I recommend HxD. You can find HxD (via free download) on a google search very quickly. For Linux, I recommend HxD via Wine emulation.

Also, you will need the RAM dump binary file for your version of MKWii. If you have Dolphin Emulator, look at this thread HERE. If not, run this code HERE on your Wii.



CHAPTER 1: Intro

This is different that patching an ISO/WBFS file with a premade GCT file. While that is better because you can use any types of codes, the GCT file is rendered useless if Ocarina is set to ON on USB Loader settings. This method of perma editing codes in this guide can bypass that problem.

This guide will only focus on perma editing 04-type codes. 02, and 00 types can also work. Perma editing ASM codes is much much much more challenging. That will not be covered in this tutorial.

You can perma edit as many 'one liner' codes as you want, but to keep it simple we will only do one code. There's one catch though, not every know 'one liner' code will work. We can only use codes that are found on the main.dol or StaticR.rel file. All other codes occur in RAM from other various places such as certain NAND files, and data save files. Those odd codes won't be found anywhere on an ISO/WBFS file to edit.

To see if a Cheat Code can be edited on an ISO/WBFS, view this thread - HERE

CHAPTER 2: Getting the Deactivator/Hex String

Alright so now we got that issue covered, let's choose a simple code for this guide. That code will be the NTSC-U Disable Blooper Ink Code (0457B244 41A2005C). Obviously we will be perma editing this to a NTSC-U MKW game.

Open your RAM dump file with your Hex Editor. We need to convert our code to it's RAM Address. Remove the '04' part from the first part of the Code. That number is 57B244. Press CTRL+G and enter in that number. Your cursor will be navigated down thru RAM. If done correctly, the first four bytes of hex immediately after your cursor are 40 82 00 5C. You should already know that is the deactivator. Now kind of like with porting codes, we need to copy a sufficient length of hex (beginning at the cursor). Let's copy the first 12 bytes which will be.

40 82 00 5C 81 07 00 04 3C A0 80 89

Place that in a random empty txt file for later or let it stay in your 'clipboard' to simply just paste it later.

CHAPTER 3: Extracting ISO/WBFS

Extract your ISO/WBFS using Wiimm's Tools. I'll post an example command using a scrubbed WBFS file called RMCE01.wbfs in the /home/user directory

cd /home/user
wit extract RMCE01.wbfs /home/user/newfolder

CHAPTER 4: Finding Deactivator/Hex String on ISO/WBFS

Alright since you have viewed the thread about the MKW RAM Code Address Ranges. We know that our Disable Blooper Ink code is within the StaticR.rel. We need to open that file in our HxD hex editor. It's located at /home/user/newfolder/files/rel/StaticR.rel.

Once you have StaticR.rel opened, press CTRL+F to bring up a search window. Change datatype to Hex and search direction to All. Remember those 12 bytes you copied earlier? Paste that in the empty box and then click on OK.

Now you should get a notification that no results were found. Ok we need to cut down on the hex string we used to search. Take off the last 4 bytes (left with '40 82 00 5C 81 07 00 04' now), and search that string. You should be at Offset 0006F2E0 under column 4. The reason why the 12 byte hex string didn't work is because MKW RAM won't always match the exact hex of main.dol and StaticR.rel. A RAM dump is the live memory at the time of dump. 

To be sure we have the right location on the StaticR.rel, press the Search option at the very top menu of HxD. Click on 'Find Again'. Should be no other results. Click on 'Find Again Reversed'. Should also be no other results. 

CHAPTER 5: Making the edits & rebuilding ISO/WBFS

Change the '40 82 00 5C' string of hex to '41 A2 00 5C'. To make these changes, highlight just the '40' then begin to type the new string of hex. The cursor on HxD will move along accordingly as you type. Once completed, save the changes and exit HxD. You should now understand what we did in a 'nutshell'. We simply took the deactivator of the blooper code and used that to find the spot in the StaticR.rel where that action of the game is stored. We then changed the deactivator to the value used in the blooper code. 

Final step is to rebuild our ISO/WBFS. Example command provided below..
cd /home/user
wit copy ./newfolder /home/yourusername/RMCE01new.wbfs



Congratz! Now you can load ISO/WBFS's thru the USB loader with no GCT file with Ocarina set to ON. This method can be used to bypass the ISO conditionals of Wimmfi League.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)