Kodewerx

I've been trying to figure out what each line in the VC code does.
I had ICanCcount (one of my friends. He hacks CRA and JUS) help me with what I couldn't figure out in bot matches.
I tried each address alone in a bot match first, then I had ICC join one of my matches.
I took out each line that I couldn't figure out before and asked if there was any difference in sound/anything else.


94000130 FFFB0000 Press select activator
020de4e8 04000400 |
020de4e9 00040004 |
020de4ea 00000400 |
020de4eb 00000004 |------unknown. All of the 4's are 0's when chat is not activated.
020de4ec 04000000 |
020de4ee 00000400 |
020de4ef 00000004 |
0214c1bc 0000000e Hushes the volume in your DS
0214c84c 00000004 Unknown
02198d40 00004000 Transfers sound to other DS's and hushes other DS's in the game
021e8acc 021e8b1c Mic symbol (Changes from 0x021e8b14 to 0x021e8b1c when chat is activated)
021e8af0 00300103 Mic symbol
02279bf0 0227aed0 Unnecassry? (varies by player)
02279bf8 0227ae64 Unnecassary? (varies by player)
D2000000 00000000 End all if's

I haven't been able to get the code to work yet.
Right now, it's static when you aren't talking, and bigger static when you are talking.
I'll try and see if this code works if everyone has it on.



Edit- I've fixed the code.
Now it works.
=D
It's undergoing testing right now.

_________________

Music mod!
Hold select while loading a map
I've picked out a few of my favorites.
These will also be added to my sub.
I'll do some more tomorrow or later.
=3

Main Menu
94000130 FFFB0000
020fa6dc 020ef934
020fa7e4 002b002b
D2000000 00000000

Oubliette
94000130 FFFB0000
020fa6dc 020f1f44
020fa7e4 002f002f
D2000000 00000000

Victory music
94000130 FFFB0000
020fa6dc 020ef934
020fa7e4 00060006
D2000000 00000000

Credits
94000130 FFFB0000
020fa6dc 020f53c4
020fa7e4 003a003a
D2000000 00000000

Escape Music
94000130 FFFB0000
020fa6dc 020f1824
020fa7e4 00340034
D2000000 00000000

Boss music 2
94000130 FFFB0000
020fa6dc 020f18e4
020fa7e4 00130013
D2000000 00000000

Gorea 1 music
94000130 FFFB0000
020fa6dc 020f1d94
020fa7e4 002d002d
D2000000 00000000

_________________

FC modifier-
0x020d8c88

This will not work if you just enter any FC.
It needs to be an FC given to you by Nintendo WFC.
I have not tested what happens if 2 people have the same FC.
(Maybe if I change everyone's FC to the same thing people will be able to join
people's game's that they've never exchanged FC's with??)


And....
D=

Voice chat doesn't work.
;.;

Here is the final code (just in case you waned it)-
94000130 FFFB0000
020de4e8 04000400
020de4e9 00040004
020de4ea 00000400
020de4eb 00000004
020de4ec 04000000
020de4ee 00000400
020de4ef 00000004
020fa800 01006a13
0214c1bc 0000000f
0214c84c 00000004
021e8acc 021e8b1c
021e8af0 00300103
02279bf0 0227aed0
02279bf1 000227ae
02279bf8 0227ae64
02279bf9 000227ae
023fffa9 00000028
D2000000 00000000

_________________

It tends to freeze the game up.

The very first version always seems to make the game freeze after awhile.

Look at the lines in the first version and find out which ones of those are causing the problem...

At worst, however, activating the voice transfer routine is likely loading ASM into memory at a sensitive area, therefore making any form of a mic hack futile.

_________________

Drill shots-
020daf98 10000500
020db0f0 10000500
020db248 10000500
020db3a0 10000500
020db4f8 10000500

_________________

Never frozen by Judicator Player 1:

020DABCC 00FF0000 //Allows movement
020DE670 00000000 //Clear freeze overlay; requires refresh

020DAD58 00000000 //No screen quake when injured

Health bar always:
020DE71C 00000003 //Red
020DE71C 00000001 //Normal

Also, you guys could have tried modding my instant charge code to get all the "can't be frozen/burned/volted" effects.

Immune to charge shots (tested and working on WiFi):

620D9CB8 00000000
020DAF74 00000000
D0000000 00000000
620D9CB8 00000001
020DBEA4 00000000
D0000000 00000000
620D9CB8 00000002
020DCDD4 00000000
D0000000 00000000
620D9CB8 00000003
020DDD04 00000000
D2000000 00000000

Edit:

Pro tip:

Change these aspects of the "rapid fire" code to disable enemy firing:

- 5 type codes become 6 type codes
- 2 type codes should be 0 type codes, go ahead and fix that
- change 000000FF to 00000000

_________________

Play as ______ in story mode.

Kanden
020dab14 00000001

Spire
020dab14 00000005


Trace
020dab14 00000002


Noxus
020dab14 00000004


Sylux
020dab14 00000003


Weavel
020dab14 00000006


Guardian
020dab14 00000007


This code is buggy.
You will look like Samus, but be able to use alt attacks/have each affinity power etc.
Some alt attacks freeze the game.


I'll try and fix that.
<_>

_________________

Scan Visor mode
Select to activate,
Up+Select to deactivate.
This lets you roll around in alt form and see any scans you need.
This is a good code to use if you're trying to get 100% in story.
94000130 FFFB0000
020de690 00000001
D0000000 00000000
94000130 FFBB0000
020de690 00000000
D0000000 00000000

You need to deactivate the code in order to scan what you need.

_________________

This is for Kyle. I'm going to point out things I learn about how his mic code works.

94000130 FFFB0000
020de4e8 04000400
020de4e9 00040004 - This line is not word aligned. It goes bye bye.
020de4ea 00000400 - See above.
020de4eb 00000004 - Same.
020de4ec 04000000
020de4ee 00000400 - Not word aligned. The word aligned addresses not only do what the crossed out lines do already, but they're word aligned, so they actually work.
020de4ef 00000004 - NOT WORD ALIGNED
020fa800 01006a13
0214c1bc 0000000f
0214c84c 00000004 - The 4 here is a copy of the 4 that is here: 0x20de4e9: 04. The ASM said so. However, we'll keep both lines, as both these addresses serve a different purpose, and we may need both purposes.
021e8acc 021e8b1c
021e8af0 00300103
02279bf0 0227aed0
02279bf1 000227ae - Not word aligned. If you'll notice the previous line, it's no wonder the values are the same.
02279bf8 0227ae64
02279bf9 000227ae - See above.
023fffa9 00000028 - This can't be a code. You're writing to an input register. That will never work. Besides...it's not word aligned.
D2000000 00000000

This leaves us with:

94000130 FFFB0000
020DE4E8 04000400
020DE4EC 04000000
020FA800 01006A13
0214C1BC 0000000F
0214C84C 00000004
021E8ACC 021E8B1C
021E8AF0 00300103
02279BF0 0227AED0
02279BF8 0227AE64
D2000000 00000000

Edit: Further reading of the ASM shows that the data around 020DE4E8 is just copies of the halfword (2 bytes) at that address. Since all the other stuff is copied and therefore will automatically match the parent value, I think we can chop the third line off of the above code. We can also get rid of the line "0214C84C 00000004". So, now we have:

94000130 FFFB0000
120DE4E8 00000400 //Notice how I made this a type 1 code
020FA800 01006A13
0214C1BC 0000000F
021E8ACC 021E8B1C
021E8AF0 00300103
02279BF0 0227AED0
02279BF8 0227AE64
D2000000 00000000

More ASM work shows that 020FA800 isn't even being read. I'm setting up a bot match right now, so this may not be true, but theoretically, this line isn't needed because it's not being scanned by the game anyway.

Bots can't talk back, so asking them if they can hear me won't help. :\

0214C1BC 0000000F - this line doesn't need to be a word write, so let's make it a 2 type code. In the meanwhile, I'm going to set a byte-length break on read of this address.

The ASM says it's a 32 bit value, so never mind all that.

Would you look at that; this one is yielding a result. Unlike the first line of the code, I'm not finding all kinds of ASM to sift through. This address only gave me one routine. Since it's only one routine, I should have no problem following the whole thing and seeing what it's doing.

For reference, the read is at 0x21242C4. The ASM is ldrb r1, [r0].

Ugh, that was a lot of subroutines. I noticed that the value decrements, counting down to 0. I'm guessing it's a timer for how much longer you have to speak until the mic turns back off upon release.

2279BF0 is not read from. This line may also be useless.

Neither is 2279BF8.

94000130 FFFB0000
120DE4E8 00000400
020FA800 01006A13 //May be unnecessary
0214C1BC 0000000F
021E8ACC 021E8B1C
021E8AF0 00300103
02279BF0 0227AED0 //May be unnecessary
02279BF8 0227AE64 //May be unnecessary
D2000000 00000000

That leaves 4 memory locations we should retest.

Post older versions of the code, if you can, so I can add in any lines you may have taken off that weren't supposed to be removed.

_________________

That ridiculous rumor is starting to piss me off.

94000130 FFFB0000
120DE4E8 00000400 //No clue
020FA800 01006A13 //May be unnecessary
0214C1BC 0000000F //Silences user's DS
12198D40 00004000 //Silences other DS
021E8ACC 021E8B1C //Mic symbol related
021E8AF0 00300103 //Mic symbol related
D2000000 00000000

020DE4EC 04000000 //No clue; copy of first line
0214C84C 00000004 //No clue; copy of first line

We still don't know how to send voice data. That's the problem right there.

Any lines of the code not listed are irrelevant.

On a brighter note, we can send data to DS's...hushing another player's DS counts.

Now if only we could send data in places other than the lobby and send data other than "turn the volume down" type stuff.

Edit: More potentially related values:

220FC115 0000000E
220FC11C 00000005
22262B15 00000006
23808AF2 00000030
23808B9A 00000030
23808D3E 00000030
23808DE6 00000030
23808E3A 00000030
23808E8E 00000030
2380919A 00000030

One of those values hushes my DS...

_________________

I find it hilarious. =p



Here's what I have in my notes.
(This is hasn't been modified by you yet. >.>
Most of it can/will be cut.)

94000130 FFFB0000 Press select activator
020de4e8 04000400
020de4e9 00040004
020de4ea 00000400
020de4eb 00000004 ------unknown
020de4ec 04000000
020de4ee 00000400
020de4ef 00000004
0214c1bc 0000000e Hushes the volume in your DS (May also be the value of F)
0214c84c 00000004 Unknown
02198d40 00004000 Transfers sound to other DS's. I cut this line out of the final version. This line is 00000000 when sound is not being sent, and changes to 00004000 when sound is being sent. This was the line that was causing the buzzing sound/interference.
021e8acc 021e8b1c Mic symbol, Value Changes from 0x021e8b14 to 0x021e8b1c when chat is activated
021e8af0 00300103 Mic symbol
02279bf0 0227aed0 Unnecassry? (varies by player)
02279bf8 0227ae64 Unnecassary? (varies by player)
D2000000 00000000 'Fin


I tried each line by itself both online (With a friend) And on Bots.

_________________

poksicle, I entered:



into the runlist, and this is what it does:

Some of King's stuff looks misaligned. I wouldn't go with that.

Edit: His code handler executed the codes wrong, so it gave him the wrong values.

The values I've already posted are correct.

One of the reasons the code was crashing might be due to misaligned writes.

0x2114404 - loads user's silencing address and writes 0xF to it
0x21242C0 - loads user's silencing address and decrements it
0x2124984 - loads user's silencing address and writes 0x0 to it
0x21502B8 - loads user's silencing address and writes 0xF to it

Theory is that one of the 0xF writes is caused by receiving a request from another DS.

The last entry is distant from the other three, so it must be part of a different series of subroutines. My guess is that 0x21502B8 is near some WiFi request routines, which I would love to see for myself, but alas, I can't ever find anything that looks like what I'm searching for.

Notice how the routines write 0xF - this explains why you only ever saw F. The second entry confirms that it is indeed a timer.

I don't know what the third entry is for. Perhaps it writes a 0 just before disabling the routines that write to the address when starting a game.

_________________

So I was noobing around in the MAC memory of my DS, and...well, this:

192.168.1.100 localport 54604 natneg 1 gamename mprimeds publicip 1938615832 publicport
54604 numplayers 0 maxplayers 3 dwc_pid 74737063 dwc_mtype 2 dwc_mresv 0 dwc_mver 3
dwc_eval 1

6o|~X[R*uw=5,J
sX1,J
u:9fHA3\final\2¸¶Fnewprofileid\103149235\reason\\final\\addbuddy
\\sesskey\17232074\newprofileid\91815776\reason\\final\\addbuddy\\sesskey\17232074
\newprofileid\101683147\reason\\final\\addbuddy\\sesskey\17232074\newprofileid\92873985
\reason\\fina
service:WANIPConnection:1

NTS: ssdp:alive
SERVER: VxWorks/5.4.2 UPnP/1.0 iGateway/1.1
USN: uuid:13814000-4ff1-11f2-9be3-c67e816b4bfb::urn:schemas-upnp-org:service:Layer3Forwarding:1

NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900
CACHE-CONTROL: max-age = 126
LOCATION: http://192.168.1.1:2869/IGatewayDeviceDescDoc
NT: urn:schemas-upnp-org:device:WANDevice:1
NTS: ssdp:alive
SERVER: VxWorks/5.4.2 UPnP/1.0 iGateway/1.1
USN: uuid:28f8f50a-e59a-1612-9be4-c67e816b4bfb::urn:schemas-upnp-org:device:WANDevice:1

In short,

lol wut?

There's more to it than that. I took out the more garbage looking stuff.

Apparently, this IP:

mprimeds publicip 1938615832

which I searched for as "193.86.158.32", is some server in Amsterdam.

The other IPs point to some place in California.

I suppose that's all pointless, but I thought it was neat that my Trainer Toolkit could give me all that info.

Hey shut up don't judge me

Edit: I sent Kyle a text message while we were in the game lobby.

I managed to catch a glimpse of the data as it was being sent.

I sent another message and took a hex dump of it as it was sending, and got this:


 E 
9¾ô ¿yßd 9¾ò`Ùªª  E !
g €epÀ¨
dLŹ#Øõ3
ÿ“  k l¸¶Fwut? w¸¶Fd 74737063 d

The message was supposed to be "lol, wut?", but as you can see, the hex dump instead shows "l¸¶Fwut?".

"¸¶F" tends to overwrite pieces of the message; I think it's only the beginning, just after that first character. I doubt that this discrepancy occurs until after the data is already sent, so I'm not seeing what was actually sent.

Still, this is wicked.

_________________

Look, I figured out the packet area:

04804170: 01 00 00 00 00 00 00 00 14 00 4C 00 08 01 00 00
04804180: 00 18 39 BE 9D F4 00 09 BF 79 DF 64 00 18 39 BE
04804190: 9D F2 10 D1 AA AA 03 00 00 00 08 00 45 00 00 28
048041A0: 77 E2 00 00 80 06 26 99 C0 A8 01 64 CF 26 0B 22
048041B0: 0A 0C 74 CC 61 BE 3A FD EC 3B 98 3A 50 10 09 6F
048041C0: 6D F9 FC 0C B8 B6 46 1D

All packets seem to stem from the same address each time.

Slot 1 packets start at 0x4804170
Slot 2 packets start at 0x4804028
Slot 3 packets start at 0x4804334

All three contain data that makes pretty much no sense to me at all.

I can tell this is a full packet because I recognize the TX header. The first 8 bytes are undocumented. The next two bytes are the sending speed.

0x14 means 2 MBits per second, which is the WiFi max. Since the halfword at +0x8 is 0x0014, this pretty much proves that the TX header begins at 0x4804170.

Right after this is the packet length. 0x004C.

At 0x0048(+0x000C if you count the TX header itself) should be the checksum of the packet, if 0x004C is indeed the packet length. At +0x0054 is the value that I keep seeing at the end of packets, so I'm pretty sure it's the checksum. This reinforces my belief that 0x4804170 is the packet start beyond a doubt to me.

Now that that is worked out, I need to figure out where the hell these packets go, and how they are deciphered to be implemented by the other DS. Because, really, that data makes no sense. I would say it's encrypted, but text messages appear as plain text, so it must be something else.

I took that packet while not playing an actual game, so it might be full of addresses of the server computer and not the target addresses of a DS's RAM...

Edit: Added notes on other packet areas ^

Edit:

Received packets go into a circular read buffer that begins at
0x4804794
and ends at
0x4805F60

I could have figured that out sooner if I didn't feel the need to tell myself that I don't have the capacity to understand all this.

Anyhow, I think I know enough to write a program for people to receive data that I send to them, which could possibly be used to play one player mode with more than one person, or something nearly as intriguing.

As far as sending data to peoples' DS's that they may or may not want, well, that can't be done. Not yet, anyway. I'm still skeptical if that's even possible...

Edit: In case this turns into the soap opera that Pok's mic code created, let it be known that I won't bother posting any info on how to send data to peoples' DS's against their own will. That's a power that no one should be dumb enough to share for many, many obvious reasons.

If there's one thing you should know about me, it's that I'm not that dumb. :\

_________________

Zeld, your intellegence owns me.

Yes, well, my noob ass was having trouble finding the TX headers, when all this time I could have just gone to 0x48000A0 and viewed the MAC addresses to calculate the TX header addresses easily.

I guess the reason I didn't try that was because I tried something like that before and didn't think I had found what I was looking for, and then dismissed that method as fruitless.

Of course, that would be impossible, because if the values at 0x48000A0 were wrong, then the game would be sending the wrong data, and wouldn't be working in the first place.

I sound more intelligent than I am because no one else seems to bother reading the WiFi documentation; otherwise there ought to at least be one person who knows how bad I've been floundering around with this stuff.

I'm just too much of a visual learner to believe all the stuff I read so easily.

_________________

VOICE CHAT

IS...

KYLE'S CODE

Zeld will not be making voice chat. Kyle wanted to make it, Kyle will get to make it.

Unless he is just completely stuck, which I guess he might be...

Either way, I'd rather be disabling other peoples' action replays when they go noob hunting with the omega cannon than saying like,

"HAI GUYZ I'M LAGGIN OUR GAEM WIT TEH VOCE CHAT"

Also, really.

How can a child molester "phish" you unless YOU have the voice chat code on, too?

The phrase is "Don't talk to strangers". There's nothing about "Don't let strangers talk to you" in there. Sure, their voice is probably creepy, but sodomy of your ears is the best they can do until you're dumb enough to use voice chat to tell them where you live and how you like to take it up the ass.

_________________

Hey, noobs.

Stop wasting so much code space on your AR with inefficient codes.

220DAB48 00000000 //Shut off others' guns
220DBA78 00000000 //It shuts yours off too, but the code below will fix that
220DC9A8 00000000
220DD8D8 00000000

520D9CB8 00000000 //Offset calc
02003F7C 00000000
D0000000 00000000
520D9CB8 00000001
02003F7C 00000F30
D0000000 00000000
520D9CB8 00000002
02003F7C 00001E60
D0000000 00000000
520D9CB8 00000003
02003F7C 00002D90
D2000000 00000000

B2003F7C 00000000 //Offset loaded and abused :3
A20DA7EE 00000000 //Next 4 lines are infinite health for all four players
120DA7EE 0000FFFF
120DA7F0 0000FFFF
D0000000 00000000
220DAB48 000000FF //Rapid fire for all four players; now you can shoot again!
120DA862 0000FFFF //Next two lines are infinite missiles for everyone
120DA866 0000FFFF
120DA860 0000FFFF //Infinite UA ammo for everyone
120DA864 0000FFFF
94000130 FDFF0000 //R to fly for everyone
120DAF74 0000FFFF
D0000000 00000000
94000130 FEFB0000 //Select+L+R for Omega Cannon for everyone
220DABE3 00000008
220DABE7 000000FF
D2000000 00000000

The offset calculator can be shortened for the AR, but it will be even shorter when I remove it completely by making my aim bot do the offset calculation for us.

This is a Kollab code. It's a bunch of nice codes thrown together.

So, if you want to credit someone for the above code (and trust me, you do), credit KODEWERX.

There, all you cheating faggots don't have to use so much RAM for your faggotry any more.

Edit: Here's the shortened offset calculator for the AR only:

023FE074 012FFF11 //Offset calculator
E0000000 00000018
E59F000C E5900000
E3A01EF3 E0030190 //Destination register changed from r10 (offset) to r3 (stored)
E12FFF1E 020D9CB8
023FE074 E3520003 //Followed by Player 1 codes that will now work for all players
D6000000 02003F7C //Stored to an unused address for easier access
D2000000 00000000

Change the 3 in E0030190 to the appropriate number if I accidentally used the wrong register :\

Edit: I just realized that after all of this code optimization, I can finally run all the codes I normally use on my AR! It used to be that the codes took up too much memory in the code handler, and I was forced to use the TT to load the hex of the ASM codes to avoid using direct writes of that data that would cost too much code handler room.

_________________

You quoted an entire post to ask two little questions about it, with no other input, and your questions were full of ignorance and failure.

The obvious answers to your questions are "Duh, put it into your code list" and "Of course not, how would an offset calculator that works for more than one game even be remotely possible?".

Isn't there a rule somewhere in this forum that warns against posting things other than codes? I'm hoping this post is an exception because this post is relevant. Yours, however, seemed quite unnecessary. I'm wondering if it fits the guidelines required for what makes up a "reportable" post.

To any other noob who reads this, STOP QUOTING ENTIRE POSTS (at least, when they're long and full of information you aren't even addressing). Learn to be more creative with the quote tag.

Edit: I tested the AR version of the offset calculator and it didn't work. I think I used the wrong register, as I had feared.

Now where the hell in the EnHacklopedia are the register uses of the AR documented?

Edit: I still don't know where "stored" is.

Aim Bot Version 3.5 is up on my website. And a new forum type thing. Looks like freewebs might have more use than you all say. Sure, it's not going to be as good as Kodewerx, but it's better than a guest book.

Edit: 3.6 is up. Also, 4.0 will make use of this information:

X, Z, Y points to a position approximately 0x200 lower than a target's head and approximately 0xC00 higher than a target's highest dorsal point when in alt form

At base +0x4BA is a byte that is 0 when the actor is in biped, 1 when the actor is in alt, and 3 when the actor is dead

The above information cost me 4 instructions in order to implement better shooting at bipeds' heads and at alts. Aim bot 4.0 is currently only 2 lines longer of an AR code. v_V

On the other hand, stupendous efficiency!

_________________

Somebody requested these in a PM......



CREDIT TO Zeld.
All I did was switch the buttons.

Always fire charged shots(right handed)(wifi)

94000130 fdff0000
520d9cb8 00000000
020daf74 000000ff
d2000000 00000000
520d9cb8 00000001
020dbea4 000000ff
d2000000 00000000
520d9cb8 00000002
020dcdd4 000000ff
d2000000 00000000
520d9cb8 00000003
020ddd04 000000ff
d2000000 00000000


Always fire charged shots (left handed)(wifi)

94000130 feff0000
520d9cb8 00000000
020daf74 000000ff
d2000000 00000000
520d9cb8 00000001
020dbea4 000000ff
d2000000 00000000
520d9cb8 00000002
020dcdd4 000000ff
d2000000 00000000
520d9cb8 00000003
020ddd04 000000ff
d2000000 00000000

_________________

^My site can be accessed by clicking on my sig^ (I am Razzle)
[MPH v1.0 US] Has 640 codes, with credit in all the notes. (last up-date 8/25/07)
http://www.the-random-site.com/SUB.xml

Fixed version of previous code:

220DAB48 00000000 //Shut off others' guns
220DBA78 00000000
220DC9A8 00000000
220DD8D8 00000000

520D9CB8 00000000 //Offset calc
02003F7C 00000000
D0000000 00000000
520D9CB8 00000001
02003F7C 00000F30
D0000000 00000000
520D9CB8 00000002
02003F7C 00001E60
D0000000 00000000
520D9CB8 00000003
02003F7C 00002D90
D2000000 00000000

B2003F7C 00000000 //Copies your health to an unused address
DC000000 020DA7EE
F2003F7A 00000002
D2000000 00000000
A2003F7A 00000000 //Sets health to max if you're alive
B2003F7C 00000000
120DA7EE 0000FFFF
120DA7F0 0000FFFF
D2000000 00000000
B2003F7C 00000000 //Offset load
220DAB48 000000FF //Rapid Fire
120DA862 0000FFFF //Infinite Missiles
120DA866 0000FFFF
120DA860 0000FFFF //Infinite UA Ammo
120DA864 0000FFFF
94000130 FDFF0000 //Instant Charge Shots
120DAF74 0000FFFF
D0000000 00000000
94000130 FEFB0000 //Select+L+R for Omega Cannon
220DABE3 00000008
220DABE7 000000FF
D2000000 00000000

Credit to Kodewerx.

_________________

We already established that. What's your point?

Aim Bot 3.9 and Walk Through Walls 1.1 are up on my website.

Older Aim Bots don't work with the new walk through walls.

Change 2003F7C to 2003F8C and 2003F7A to 2003F8A in the code in my previous post to keep all the data nice and compact - if you do this, there will be contiguous free space from 0x2000520 to 0x2003F8A.

Not that anyone ever uses that space but me...

_________________

No one is allowed to put my aim bot in a sub, so don't ask anyone to. You'll get in just as much trouble as them, for "coercively forcing" them into committing the misdeed.

Also, Aim Bot 3.9 was 8 bytes longer than it needed to be (I'm hoping it's fully optimized now). I reposted Aim Bot 3.9 and Walk Through Walls 1.1 with the modification that requires 8 less bytes, which should slightly increase the performance speed by a couple millionths of a second per cycle as well as, of course, give all you noobies 8 extra bytes of space to work with for your long ass ASM codes.

Oh, wait, no one else makes ASM codes for this game.

But if they did...

_________________

I added another part to the code that Zeld posted. Here it is

220dab48 00000000 //Shut off others' guns
220dba78 00000000
220dc9a8 00000000
220dd8d8 00000000

520d9cb8 00000000 //Offset calc
02003f7c 00000000
d0000000 00000000
520d9cb8 00000001
02003f7c 00000f30
d0000000 00000000
520d9cb8 00000002
02003f7c 00001e60
d0000000 00000000
520d9cb8 00000003
02003f7c 00002d90
d2000000 00000000

b2003f7c 00000000 //Copies your health to an unused address
dc000000 020da7ee
f2003f7a 00000002
d2000000 00000000
a2003f7a 00000000 //Sets health to max if you're alive
b2003f7c 00000000
120da7ee 0000ffff
120da7f0 0000ffff
d2000000 00000000
b2003f7c 00000000 //Offset load
220dab48 000000ff //rapid fire
120da862 0000ffff //Infinite Missiles
120da866 0000ffff
120da860 0000ffff //Infinite UA Ammo
120da864 0000ffff
94000130 fdff0000 //Instant Charge Shots
120daf74 0000ffff
d0000000 00000000
220dabe6 000000ff //All Weapons (what I added)
220dabe8 000000ff
94000130 fefb0000 //Select+L+R for Omega Cannon
220dabe3 00000008
220dabe7 000000ff
d2000000 00000000

Credit to kodewerx in general. We all helped pretty much.

Ok, that's it. It's cool how you can optimize codes like that .

Credit for the original L+R+Up for all weapons code goes to virus. I Just shortened it to 2 lines and took out the activator.

0x020e78fc Also holds the Single player maps too.
;o

A few Single Player maps (Each of which can be accessed through Multiplayer)-
Echo Hall- 03001c02
Combat Hall- 03002102
Alimbic Gardens- 01012402
Thermal Vast- 01012502
Alinos Perch- 04012702
Hallways of Oubliette/Oub Gateway- 01085902
Empty Oubliette- 01085a02
Gorea 1- 01085b02
Gorea 2-01085c02

Unavailable/Unfinished Data shrine?-01085d02
0__o
Story mode Harvester-01085E02
Story mode Chall- 01085F02

_________________

2D alt (or paper alt): Doesn't always work, when you start to move it might pop back to 3D
By Deaggle, ported by bfree
020DAC08 FFFFFFFF

up,down,left,right or touch tactical screen for jump:
By Deaggle, ported by bfree
020DAAB0 FFFFFFFF

touch anyone with samus boost (with all hunters) and he will die:
By Deaggle, ported by bfree
220DABE0 FFFFFFFF


Slipping ground (like in arcterra)
by deaggle, ported by bfree
020DAB74 00FFFFFF

Everyone 100% cloaked + no objects ( UA, missiles, etc)
By Deaggle, ported by bfree
020DAD80 FFFFFFFF

Invisible alt. transformation
By Deaggle, ported by bfree
020DA970 0FFFFFFF

Bending alt. transformation
By Deaggle, ported by bfree
020DA980 FFFFFFFF

instantly alt. transformation ( no animation)
By Deaggle, ported by bfree
020DA9C0 FFFFFFFF

When your shots touch one wall, the animation is the noxus judicator charged.
By Deaggle, ported by bfree
020DAF90 00000010

Alt Mods, by me, it effects each alt differently, but doesn't work for alts with bombs, sylux freezes the game. You have to reactivate the code everytime you die.

Press B to activate
94000130 FFFD0000
220DABE1 00000007
d2000000 00000000

_________________

^My site can be accessed by clicking on my sig^ (I am Razzle)
[MPH v1.0 US] Has 640 codes, with credit in all the notes. (last up-date 8/25/07)
http://www.the-random-site.com/SUB.xml

All multiplayer levels unlocked

020e785c FFFFFFFF





I like this code.
I'm going through to find the rest of the weapon's animations.

Edit-
Heh.
Looks like this address also holds weapon sounds and the actual weapon animation, not just the impact.
;o
Fun.

_________________

020daf90 XX0Y0Z00

Z=Sound
0=PB
1=Volt driver
2= Missile
3= Battle Hammer
4= Imp
5= Jud
6= Magmaul
7=Shock Coil
8= OMG cannon
9= Spawning sound

Y=Weapon Trail
0=PB
1= Volt
2=Charged Volt
3= Judicator
4= Magmaul
5= Charged Mag
6= Small Trail, color depends on weapon
7= Same
8= Imp
9= Shock Coil
A= BH
B=OMG cannon (Doesn't work ;o)

XX= Impact
04= PB
5F= Charged PB
08= Normal Missile
C1= Charged Missile
FF= Shock Coil
09= Magmaul
C0= Fireball
C2= Charged Mag
5F= Puffy PB
C9=Charging PB
0A= Jud
0E- Affinity BH
1F=Imp
B0= BH
59= Volt
AE= Charged Volt
F8= OMG cannon (Only works in oub)

_________________

Deaggle


Scan shots



This code make your shots scan the map and touch the first ennemy seeing.your shots is invisible but don't worry, it's the code.The only one problem is than the bots have the code too :s

Tips

add the zeld's code for no screen quake when injured
add an code for the bots cant fire or immune against shots
use the magmaul or missiles for an better effect

_________________

^My site can be accessed by clicking on my sig^ (I am Razzle)
[MPH v1.0 US] Has 640 codes, with credit in all the notes. (last up-date 8/25/07)
http://www.the-random-site.com/SUB.xml