Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Thu Mar 28, 2024 11:22 am

All times are UTC - 8 hours [ DST ]


Forum rules


Discussion of illegal hacking/cracking is prohibited. (No virus/trojans/cracks/warez/etc allowed.)



Post new topic Reply to topic  [ 29 posts ] 
Author Message
PostPosted: Mon Jan 19, 2009 4:18 pm 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
I've been learning ASM, and I've made a few codes successfully (each one more difficult than the last).
Well, now I'm attempting to tackle loops, and I can't seem to do them right. I'm trying to make "smart inventory slot modifier" that only writes the item to the slot if it's empty (FFF1). If it is not empty, it moves on the the first empty slot and writes it there. I slapped an L+R activator on it. However, it freezes every time I try the code :( I'm guessing it's looping infinitely. Any help? I'll post the source.
Code:
ldr r1, slot
add r2, r1, #0x1C
ldrh r0, pitfall
ldrh r3, check

Loop:
cmp r1, r2
bge End
ldrh r4, [r1]
cmp r4, r3
beq Store
add r1, r1, #0x2
b loop

Store:
strh r0, [r1]
End:
bx lr

slot:
.long 0x21D88FE
check:
.short 0xFFF1
pitfall:
.short 0x1566


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 26, 2009 12:59 pm 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
Nevermind, I figured out what I was doing wrong while kodewerx was down.
I made a few changes to how the code activates and stuff like that as well. Now it activates by typing "st" and sending it. When it finds an empty space in your inventory it will store the item there and end the code, while replacing the "st" with an "ok". If your inventory is full, it will end the code and replace the "st" with a "no"
Code:
ldr r1, slot
ldr r5, text
ldrh r8, [r5]
ldrh r11, word
ldrh r12, done
add r2, r1, #0x1C
ldrh r0, pitfall
ldrh r3, check
cmp r8, r11
bne End
strh r12, [r5]

loop:
cmp r1, r2
bgt No
ldrh r4, [r1]
cmp r4, r3
beq Store
add r1, r1, #0x2
b loop

No:
ldrh r1, word2
strh r1, [r5]
bx lr

Store:
strh r0, [r1]
bx lr
End:
bx lr

slot:
.long 0x21D88FE
text:
.long 0x22AF136
word:
.ascii "st"
word2:
.ascii "no"
done:
.ascii "ok"
check:
.short 0xFFF1
pitfall:
.short 0x1566


I also made another very simple code with a loop. It places an item in all 15 inventory slots.
Code:
ldr r1, slot
ldrh r3, pitfall
add r0, r1, #0x1C

loop:
cmp r1, r0
bgt End
strh r3, [r1]
add r1, r1, #0x2
b loop

End:
bx lr

slot:
.long 0x21D88FE
pitfall:
.short 0x1566


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Feb 05, 2009 9:59 am 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
Heh.

String manipulation in assembly does not, for a fun time, make.

This reminds me; I need to look into getting City Folk and/or coming up with more motivation to use my USB Gecko (a programming project of mine is distracting me from doing great things with my shiny Christmas present D:).

Edit: ".ascii", eh? I sure have a lot more directives to learn.

I've only ever needed .short, .long and .byte. :P

_________________
Image


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Thu Feb 05, 2009 4:51 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Zeld wrote:
Edit: ".ascii", eh? I sure have a lot more directives to learn.

I've only ever needed .short, .long and .byte. :P


... and .string and .asciz and ...

Here's a complete list: http://sourceware.org/binutils/docs/as/ ... Pseudo-Ops

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 10, 2009 6:30 pm 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
I've gotten A LOT more advanced since I posted this thread. In fact I'm sorta embarrassed at how inefficient my codes were. Uh, I'll post shorter versions. Here is the "smart inventory" code
Code:
ldr r0, slot
ldrh r1, item
ldrh r2, check
add r3, r0, #0x1C
ldrh r5, word
ldrh r8, done
ldr r11, text
ldrh r12, [r11]
cmp r12, r5
bxne lr
strh r8, [r11]

loop:
cmp r0, r3
ldrgth r1, noword
strgth r1, [r11]
bxgt lr
ldrh r4, [r0]
cmp r4, r2
addne r0, r0, #0x2
bne loop
strh r1, [r0]
bx lr


slot:
.long 0x21D88FE
text:
.long 0x22AF136
word:
.ascii "st"
done:
.ascii "ok"
noword:
.ascii "no"
item:
.short 0x1566
check:
.short 0xFFF1


Here is the "fill all 15 slots" code
Code:
ldr r0, slot
ldrh r1, item
add r2, r0, #0x1C

loop:
cmp r0, r2
bxgt lr
strh r1, [r0], #0x2
b loop

slot:
.long 0x21D88FE
item:
.short 0x1566


I'd post my most recent project, but A_Random_Person would get mad because I "stole his idea"
well I sorta did but I made an original version...but since he doesn't want me to post it, I won't.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 11, 2009 12:46 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
The only thing that jumps out at me is this line:

Code:
ldrh r2, check


r2 is never used. (Thus, the 'check' label and its data is also unused.)

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 11, 2009 1:52 am 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
Parasyte wrote:
The only thing that jumps out at me is this line:

Code:
ldrh r2, check


r2 is never used. (Thus, the 'check' label and its data is also unused.)

Actually it is used, later on in the loop. It checks to see if the slot is empty, and if it isn't it adds #0x2 to the slot address and repeats the loop. If the slot is empty it stores the item there and ends the code
Code:
cmp r4, r2
addne r0, r0, #0x2
bne loop
strh r1, [r0]
bx lr


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 11, 2009 6:18 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Ah yes, there it is.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 12, 2009 5:35 pm 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
Here's my recent project. It's a search and replace code for AC:WW. It searches the map for an item and replaces it with another item. You put the item you want to search for in inventory slot 1, and the item you want to replace it with in inventory slot 2. Then if you're offline you press L+R, and if you're online you press A+B. It works with all 4 characters offline and online. This is just to show you how advanced I've gotten. A_Random_Person, just so you don't get mad, I'll remove the literals. That way people can't compile it unless they know the values, and I doubt a non-hacker would know the online slot pointer.
Code:
ldr r0, map
ldr r8, button
ldrh r11, [r8]
add r1, r0, #0x2000
ldr r4, char
ldrh r5, chardiff
ldrb r4, [r4]
tst r11,#0x300
ldreq r3, inventory1
beq maincode
tst r11,#0x0003
bxne lr
ldr r3, inventory2

maincode:
mla r3, r4, r5, r3
ldrh r5, [r3], #0x2
ldrh r4, [r3]

Loop:
cmp r0, r1
bxeq lr
ldrh r2, [r0], #0x2
cmp r2, r5
streqh r4, [r0,#-0x2]
b Loop

@here are where the literals would be, I removed them so someone wouldn't get mad


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 12, 2009 11:49 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
It would be better to use the ldmia/stmia instructions for large memory copies, like that. It could also be implemented as a Duff's Machine if you want speed over size. Another point of optimization is to use a decrementing counter instead of comparing an incrementing pointer to an end pointer; the SUB instruction will set the Z flag for you when it decrements the counter to zero, which will cut out the need for a CMP instruction. Also, don't be afraid to use more of those conditional instructions:

Original:
Code:
ldreq  r3, inventory1
beq    maincode
tst    r11, #0x0003
bxne   lr
ldr    r3, inventory2

maincode:
mla    r3, r4, r5, r3


Optimized:
Code:
ldreq  r3, inventory1
ldrne  r3, inventory2
tstne  r11, #0x0003
bxne   lr
mla    r3, r4, r5, r3

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Sun Feb 15, 2009 4:52 am 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
Thanks for those suggestions. In the end I just decided to convert it to thumb :)
The code is only 15 lines long now, and works perfectly :p
I had to change a few things though.
By the way, is the mla (multiply accumulative) instruction usable in thumb? It seems like whenever I used it, my codes would freeze...
I ended up doing a multiply instruction and then an add instruction instead.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 17, 2009 7:16 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Yes, MLA is usable in the Thumb instruction set.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 19, 2009 12:44 pm 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
Parasyte wrote:
the SUB instruction will set the Z flag for you when it decrements the counter to zero

Just a reminder; you have to specify this manually in ARM mode (you appear to be using ARM mostly). This is done by adding the "s" suffix to an instruction: "subs".

Thanks for the list, Para. I don't see much need for most of those with what I do, but I do know how nice it is to abuse directives in terms of making them evaluate constant expressions whose values change each time the source is modified.

Edit: CpuFastSet is a software interrupt within the GBA BIOS that implements repeated ldmia-stmdb instructions to copy 32 bytes in 2 instructions with the priority only the BIOS can achieve.

I bet the NDS has a similar SWI.

...having just checked GBATEK; wouldn't you know it: CpuSet and CpuFastSet both have the same SWI IDs for GBA7, NDS7 and NDS9 processors.

Those are:

CpuSet: #0x0B in Thumb, #0x0B0000 in ARM
CpuFastSet: #0x0C in Thumb, #0x0C0000 in ARM

CpuSet is mostly for VRAM filling/copying, I believe; VRAM has a 16 bit bus and CpuSet is the only of the two SWIs above that has an option for filling/copying in groups of 16 bit values. Naturally, CpuFastSet is faster.

On the DS, though, it has a bug and only works correctly (that is, at the faster speed of 32 bytes per iteration of the copy loop) for the first fourth of the interrupt.

Still, if copying large sections of RAM to others is what you're after, CpuFastSet is likely the way to go.

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Fri Feb 20, 2009 7:53 pm 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
Well Zeld, from what I've heard, you're the "ASM God"
XD I wish you could teach me >_> sorry
It's hard to learn when the reference sheet doesn't define what the terms do, it just tells you how they do it (so I have no clue what the heck some of them are doing >_>) I also don't wanna read that huge 800 PDF document >_>


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Feb 22, 2009 3:32 pm 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
^ That irked me a bit too; fortunately, some of them are obvious enough if you've seen examples and/or have been coding for a while.

I still only see real use for .ascii, .align, .org and the 3 1, 2 and 4 byte data type designations.

.float may prove useful at some point as well. At least in PPC ASM.

The rest don't look like they have an application within my small time use of various assemblers.



On a separate note, I do consider myself pretty damn good with assembly, but really I only appear as a "god" because those who would call me that haven't seen the work of those (many) who have outperformed me.

Just as an example, I'm sure bushing has done far more interesting things using ARM when breaking into our Wiis.

Edit: You want me to teach you? Here's your first lesson: don't pull an ARP and forget to preserve the link register before calling another function!

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Sun Feb 22, 2009 3:48 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Zeld wrote:
On the DS, though, it has a bug and only works correctly (that is, at the faster speed of 32 bytes per iteration of the copy loop) for the first fourth of the interrupt.

Still, if copying large sections of RAM to others is what you're after, CpuFastSet is likely the way to go.
With that bug, wouldn't the best way be to implement a fixed version in your own code?

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Mon Feb 23, 2009 4:30 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Zeld wrote:
... I'm sure bushing has done far more interesting things using ARM PPC when breaking into our Wiis.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Mon Feb 23, 2009 5:18 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Sat Nov 24, 2007 6:04 pm
Posts: 647
Location: Rattlesnakes and Sand
Parasyte wrote:
Zeld wrote:
... I'm sure bushing has done far more interesting things using ARM PPC when breaking into our Wiis.

... ?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Feb 23, 2009 8:42 pm 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
I'm with Jlee on this one.

I was referring to the Starlet core. Assuming that's the ARM processor; I believe he nicknamed it such and nicknamed the PPC core you thought I was referring to as the "Hollywood". (Edit: citation.)

I specifically said "ARM" to emphasize that while all the Wii hackers sprouting up after the fact are becoming intimate with the PPC side of things, it is the original Wii hackers who made it possible for the rest of us who have the most unofficial knowledge of the ARM core responsible for initializing the PPC core.

Being that you're Para, I'm sure you knew about the ARM core, so instead I'm going to guess that you corrected me because you thought I was too incompetent to know what I was talking about and therefore must have meant "PPC". How cruel.

Oh...also, I haven't done anything cool with PPC anyway. Of ARM and PPC, comparing his accomplishments to mine is only sensible in the former case.

You can see a picture of him fiddling with it on his blog, you know.



To HyperHacker: considering that the NDS is a whole 75% slower in its implementation, your idea probably significantly outweighs the speed increase that comes with BIOS level priority; really, they're similarly reasonable options to consider. It's less code to write to use the SWI, at least.

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 24, 2009 12:52 am 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
So far, the most complicated code I've made is a "items inside house" modifier. If you want to see the source send me a PM (because i don't wanna post the code or the source because it can be used for malicious purposes in the wrong hands)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Feb 24, 2009 8:57 am 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
You mean it works in others' houses over WiFi?

If so, that's a terrible mistake on Nintendo's part. v_V

_________________
Image


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue Feb 24, 2009 4:14 pm 
Offline
Kommunist
Kommunist

Joined: Sat Nov 18, 2006 10:11 am
Posts: 108
Zeld wrote:
Edit: You want me to teach you? Here's your first lesson: don't pull an ARP and forget to preserve the link register before calling another function!


You honestly can't hold much on me for that >_> I seriously got 2 hours of sleep or less on that day >_<

Quote:
If so, that's a terrible mistake on Nintendo's part. v_V
What else is new...? lol

Quote:
".ascii", eh? I sure have a lot more directives to learn.

Surprised you havn't seen this in one of my codes.. although I've really only needed it for one and I don't think i needed help on that one... meh w\e lol :P

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 24, 2009 7:43 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
"Hollywood" (Wii CPU) and "Broadway" (Wii GPU) had already been nicknamed by Nintendo. Being that I'm Para who doesn't follow Wii hacking, I had no idea there was an ARM core embedded in the PowerPC CPU. I simply figured it was an honest mistake.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Feb 25, 2009 7:57 am 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
But you're Para! Surely you can contribute more to Wii hacking than say, I, can. :/

Second lesson of assembly coding: sleep more than 2 hours if and when you do.

I usually get about 10 hours of sleep these days.

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 25, 2009 11:46 pm 
Offline
Kommunist
Kommunist

Joined: Fri Sep 05, 2008 4:27 pm
Posts: 95
Wow O_o
Here's my "Text to AR code" code
You type the AR code into the chat and press L+R
It has to be an 8, 16, or 32 bit write though. It checks to see if you put a 0, 1, or 2 at the beginning. Depending on which one you put, it'll store either a byte, a halfword, or a word in the address you type. For example, you might type
121d88fe 00001566
since it starts with a 1, it'll store #0x1566 in the address #0x21d88fe
Code:
ldr r1,text

mov r12,lr
mov r0,#0x0
bl branchstuffs

cmp r2, #0x2
bgt end
mov r3, r2
mov r0,#0x18
bl branchstuffs

mov r4, r2
add r1, r1, #0x1
mov r0,#0x1C
bl branchstuffs

cmp r3, #0x1
streqh r2, [r4]
strlt r2, [r4]
strgtb r2, [r4]
end:
mov lr,r12
bx lr

branchstuffs:
mov r2,#0x0

loop: @@@@@credit goes to A_Random_Person for this part. Thanks!
ldrb r8,[r1],#0x1
cmp r8, #0x3A
addgt r8, r8, #0x9
and r8, r8, #0xF
add r2, r2, r8, lsl r0
subs r0, #0x4
bpl loop
bx lr

text:
.long 0x022AF136

I'm planning on doing the opposite later. You type in an address, and then the value stored there pops up when you press an activator. That way you can see the values stored at any address you want in game, and you can also write to those addresses :p


Last edited by dragonboy269 on Fri Feb 27, 2009 7:38 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 26, 2009 2:05 pm 
Offline
Kommunist
Kommunist

Joined: Sat Nov 18, 2006 10:11 am
Posts: 108
Quote:
sub r0,#0x4
cmp r0,#0x0
bge loop


Ew. Ew. Ew.

Code:
subs r0, #0x4
bpl loop

...i do believe that works a bit better

Edit:
I'll send you a diff Text conversion btw >_> it will support lower & upper case. That and you can actually post it without having to worry about virus sayign something.

_________________
Image


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Thu Feb 26, 2009 5:41 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Zeld wrote:
But you're Para! Surely you can contribute more to Wii hacking than say, I, can. :/

I don't have my Wii here. triath's sister borrowed it months ago, and I haven't really cared to go get it back. I'm not all that interested in Wii hacking, at the moment. Since I have other things to focus on.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Fri Feb 27, 2009 9:47 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
That's pretty awesome. I wonder if you could add the code to the AR's code list directly, instead of implementing your own write system? You might have to find a copy of the opcodes each type translates to (which would make it impossible if they're wiped out, unless you supply them yourself) but it'd allow you to add any type of code.

Maybe just take over the video hardware and implement a full-blown RAM editor. ;) Find a debug print function. I did it in MK64 (well it was a viewer, but a couple lines would fix it), I'm sure it can be done on the DS too.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 06, 2009 10:28 am 
Offline
Kommunist
Kommunist

Joined: Sat Nov 18, 2006 10:11 am
Posts: 108
HyperHacker wrote:
That's pretty awesome. I wonder if you could add the code to the AR's code list directly, instead of implementing your own write system? You might have to find a copy of the opcodes each type translates to (which would make it impossible if they're wiped out, unless you supply them yourself) but it'd allow you to add any type of code.

Maybe just take over the video hardware and implement a full-blown RAM editor. ;) Find a debug print function. I did it in MK64 (well it was a viewer, but a couple lines would fix it), I'm sure it can be done on the DS too.


I would do that but it seems to be a little bit over my head at the moment...

_________________
Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 29 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: Yandex [RuBot] and 65 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group