How to Joker Codes 1.6

-----------------DOES NOT TURN OFF----------------------

alright imma give you a outline...

first obviously u need ps2dis opened. then drag the 1.6 update into ps2dis. itll say load from and address from.both are zero. change address from to 08800000. then go to an open spot in the game

NOTE:this means a place where it is all nops but still blue. ie i go to 08801800. ull see what i mean. to jump to 08801800 press g and then type 08801800, then enter.

okay now that u are there u actually start to joker. if u double click on 08801800 a box will pop up. at the bottom of it youll see command and it should be 'nop'... thats called mips. nop stands for no operation.

Note: for a joker to work it must have a controller address. which is the address the button value will be stored on. basically the address for the buttons. now ive seen 2 but actually found one myself. its 09a80230, ive also seen tonic using 09a8e1e4, i dont think it matters. correct me if im wrong. well anyways here is what u wanna fill into the first command box(note:if its on a diff line it goes into the next command box:

lui t0, $09a8 <----loads 09a8 into the first register
lui t1, $08d6 <----loads the first four of flashes address
lh t0, $e1e4(t0) <----loads the last half of the controller address into the first register(its now 09a80230
lw t2, $fa2c(t1) <----loads the second half of flash into register 1(its now
ori t3, zero, $8000 <----button value for square
bne t0, t3, $(t0 the jr ra address) <----if 09a80230(or 09a8e1e4) doesnt equal 00008000 then end the function
(skip a line because of branch delay)
lui t4, $4000 <----loads the modded value for flash into flash
sw t4, $fa2c(t1) <----stores it into the address
(skip another line)
jr ra <----end the function

okay now a little bit of MIPS. here are the definitions of the commands we used:

lui = load upper immediate, used to load the first four digits of a code
lw = load word, used to load the last four digits of a code
lh = load halfword, used to also load the last half digits but use the same register rather than using another register.
ori = or immediate, used to load many things ie, button values, last four digits onto a register etc.
bne = branch if not equal, used to tell the game something is not equal to something then end the function(the opposite is beq=branch if equal, then you branch to the modded value)
sw = store word, used to usaully store value hexes into the address(not sure if used for other things)
jr ra = honestly dont know but used to end a function. ill found out wwhat it means and will post it.

--------------------------TURNS OFF------------------------------

alright here is a joker that turns off upon release

lui t0, $08d6 <---- loads first four digits of flash into t0
lui t1, $09a8 <---- loads first four digits of controller address into t1
lw t2, $e1e4(t1) <---- loads second half of controller address into t1(BTW the full address is now in t2 not t1)
ori t3, zero, $8000 <---- loads squares button value
bne t2, t3, $to the original value <----- says if the controller address isnt equal to 8000(square) then go to the normal value and stay normal(kinda lol?)
(skip)
lw t4, $fa2c(t0) <---- loads last four digits of flash into t0
lui t5, $4000 <---- loads modded value into t5
sw t5, $fa2c(t0) <--- stores t5 into t0 in other words making the value 40000000
j $to the end of the function <--- jumps to the end to skip adding original value cause then it would just immediately turn off
(skip)
lui t6, $3f80 <--- loads normal value into t6
sw t6, $fa2c(t0) <--- stores value into flash
(skip)
jr ra <--- ends function

Hope i Helped and plz Rep+

feel free to ask any questions also notice how it doesnt add the normal value unless the contoller doesnt equal square. it just skips it and IF it does equal square then it skips adding the modded value and goes streight to the normal value

Good job on the tutorial. =)
But what if you need to load the second modded value of your code and in what area do you find your hooks?

well then you would do lui t(whatever), $(whatever the first part is)
then ori t(the same register), t(the same register), $(last four)
then the same wit everything else.

btw jr ra means jump register return address 'jumps to the return address

also dnt 4get to subtract 08800000 from all ur addresses. and put all the addresses in real(address+08800000) so flash is normally 0055fa2c(well in real its 08d5fa2c

Thanks. But is there a certain area hooks that you use? Or do you nned the hook?

oh you need the hook absolutly. w/o it the code wont work. um. lets see. ill find you a hook. lemme look through ps2dis for a min

----Added 30/11/2008 at 4:51 PM----
ill give you an example. gimme a code to joker and you could follow off that example. plz make it a short one. long codes take too long

No, what I am asking is if there is a way to search for hooks and use them in your code. Like which of all the hook addresses should I use?

um you search for them in ps2dis. take a function that is constantly called and use its jr ra.

Quote:

---

Originally Posted by GodzMercy1337

Note: for a joker to work it must have a controller address. which is the address the button value will be stored on. basically the address for the buttons. now ive seen 2 but actually found one myself. its 09a80230, ive also seen tonic using 09a8e1e4, i dont think it matters.

---

Thats the 1.5 controller address. Its actually 09a7e1e4 but you bump the address up 1 if the second half is for than 7fff. You know what i mean :P but good tutorial. There is many ways to joker and the one I learned off it uses a BNE if its not equal and jumps to a couple lines after where it stores the original i think.

But do you expect the guys on here to rep + you.? Unless they have more than 100 posts they will ask you what that is.

posts dont matter i still know what im doin and they should recognize im helping them and rep+...

They leech & spam to get their post count up and don't know anything. But good tut im gonna make me a joker now.

& I wasn't talking about your posts. I was talking about theirs. Your familiar with VB from TSH.

oh yup. hope this guide helped

jokering codes now wont help u except get u banned.

yea true ... ooo how i wish it wasn't...

wow...thanks god....

Very nice tutorial mercy..even thou jokers are instant banns now but still very nice tut :)

i thought joker codes get banned ?

omg this was posted before the ban came out.

Quote:

---

Originally Posted by GodzMercy1337

omg this was posted before the ban came out.

---

o..well its still a nice tutorial :)

gud tut rep+

dude when i put my dump in it dosnt ask for an address but it used to is there something wrong with my dump or ps2dis?

No skyance that is only if you want to automatically set it to find that address, there is nothing wrong.

thanks man this really helps...you too zeus your good help

cool dude

nice find

#Inf.Health Jokered
;hold L
0x00001800 0x3c08004c
0x00001804 0x3c0909a8
0x00001808 0x8d2a0230
0x0000180c 0x340b0040
0x00001810 0x154bf9fb
0x00001814 0x00000000
0x00001818 0x8d0c9628
0x0000181c 0x3c0d0000
0x00001820 0xad0d9628
0x00001824 0x08000000
0x00001828 0x00000000
0x0000182c 0x3c0e0001
0x00001830 0xad0e0000
0x00001834 0x00000000
0x00001838 0x03e00008


what did i do wrong?
it doesn't freeze me but it don't work at all
i hold L and i don't get inf health

Quote:

---

Originally Posted by GodzMercy1337

lh t0, $e1e4(t0) <----loads the last half of the controller address into the first register(its now 09a80230
lw t2, $fa2c(t1) <----loads the second half of flash into register 1

---

your description of both of these commands is wrong

lh t0, $e1e4(t0) <--loads the last two bytes of the value found at 0x09a8e1e4 into register t0

lw t2, $fa2c(t1) <--loads the value found at address 0x08d6fa2c into register t2

this guide is riddled with errors but im not gonna sit here and re-label the whole tut

if this tutorial somehow works when followed that makes me think that you just copy and pasted the template from somewhere and labeled the commands as to what YOU THINK they do

WtF x5 Rep -

this tutorial needs to be fixed or taken down because it is teaching people the wrong thing and making them farther from knowing how to code

Quote:

---

Originally Posted by ShaneO

your description of both of these commands is wrong

lh t0, $e1e4(t0) <--loads the last two bytes of the value found at 0x09a8e1e4 into register t0

lw t2, $fa2c(t1) <--loads the value found at address 0x08d6fa2c into register t2

this guide is riddled with errors but im not gonna sit here and re-label the whole tut

if this tutorial somehow works when followed that makes me think that you just copy and pasted the template from somewhere and labeled the commands as to what YOU THINK they do

WtF x5 Rep -

---

THANK YOU ShaneO
everytime i try to do anything with this templete it fucks up my code
if you ever had the time could you possibly post a tut???
i would rep+ you soo much

Quote:

---

Originally Posted by raumulin

THANK YOU ShaneO
everytime i try to do anything with this templete it fucks up my code
if you ever had the time could you possibly post a tut???
i would rep+ you soo much

---

sure buddy but i gotta learn to do this shit first.. lol

i know hes wrong because i know mips commands

i might be able to figure out how to joker by looking at other tuts on the site and by examineing the commands in successful jokers

i cant believe no one has caught this yet.. there is soo many erors and this was posted over a year ago

you should definitely learn basic mips commands like lui, sll, srl, or, ori, sw, lw, j, beq, bne

PM me and i'll reply to it with a link to a site where i learned the commands

i know basics about mip commands like jr ra is the jump register one and lui is load upper immediate and stuff like that but i'm just trying to get used to all of it