[NUB-PROOF] Jokering On/Off Guide!

**_L96AW_RUSTY_** · 09-11-2010, 01:42 AM

Today I will be showing all of you my guide to Jokering On/Off.

I will try to make this as nub proof as I can.

SKILL: You must know how to Sub-Routine.

BNE:
Stands for - Branching Not Equal.
The first BNE would load the address of the second BNE.
The second BNE would load the address of $Jump to jr ra, or the address of the jr ra.

Basic Mips:
IMOK's Tutorial to the basic Mip commands

You Will Need:
PS2DIS
Socom Fireteam Bravo 2 Dumps

Open Up PS2DIS.
Drag and drop The Socom FTB2 - 1.60 Dump.ram onto PS2DIS.

A window should pop up with the title "Unknown Format".

The box will say:
Load from : 00000000
Address from: 00000000

Change the "Address from" to:
Load from : 00000000
Address from: 08800000

Press the G button and a box with the title "Specify address in Hex form".

Enter 09000000 and hit enter.

Controller Address:
The controller address is different for every psp game. So we will need to find it.

How to find the Controller Address:
1. Start up your psp game.
2. Open up your cheat device. (NitePR, CoderPR, MKULTRA, etc...)
3. Tap the R Trigger twice until you get to the [PRX] tab.
4. Set "Pause Game" to True, close your cheat device.
5. Hold down a button, like [], keep holding it down and dont let it go, then open up your cheat device again.
6. Press the R Trigger once until you get to the [Searcher] tab.
7. Click "Find exact value", and search in the hex 0x00008000.
6. After when your search is finished, close your cheat device. Do not press anything!
7. Then open your cheat device back up, exact search 0x00000000 in the hex.
8. You can repeat this process as many times as you need.

Real Addressing:
Now we are going to be learning how to put an address into Real Addressing.

Most cheat devices use False Addressing but in order to do Real Addressing, you can use a hex calculator and add 08800000.

In my case, im using the Controller Address for Socom Fireteam Bravo 2:
0127e1e4

Now I am going to do Real Addressing:
0127e1e4 + 08800000 = 09a7e1e4

Positive and Negative Hex Values:
In the hex value, the last 4 numbers, will tell us if it is positive or negative.

If the numbers are between 0000 and 7F80, the hex is positive , which means we dont have to do anything.

If the numbers are between 7F80 and FFFF, the hex is negative, which means we need to add 00010000 to our Controller Address:
09a7e1e4 + 00010000 = 09a8e1e4

NOTE: This also does apply for other addresses you might use.

Template:
lui t0, $ First 4 of your real address (+ 0880 + 0001)
lui t1, $ First 4 of your contoller address
lw t2, $(t1) Last 4 of controller address
ori t3, zero, $ The button value
bne t2, t3, $ Branches to the next bne
nop
sw zero, $(t0) Second half of the real code address
ori t3, zero, $ Button value to de-activate
bne t2, t3, $ Branches to the jr ra
nop
ori t4, zero, $
sw t4, $(t0) Second half of the real code address
jr ra

The code we will be using is a simple Infinite Health:
#Infinite Health
0x004c9628 0x00000000

Here is the original Joker Template:

lui t0, $08cd
lui t1, $09a8
lw t2, $e1e4(t1)
ori t3, zero, $8000
bne t2, t3, $0900001c
nop
sw zero, $9628(t0)
ori t3, zero, $1000
bne t2, t3, $09000030
nop
ori t4, zero, $0001
sw t4, $9628(t0)
jr ra

Here is the On/Off Jokering Template:

Lui t0, $09a8 First half of the real controller address
Lh t0, $e1e4(t0) Second half of the real controller address
Lui t1, $08cd First half of the real code address (use the Negitive Rule)
Ori t2, 0, $0100 Button value to activate
Ori t3, 0, $0200 Button value to de-activate
Lui t4, $3C0B First half of the hacked value
Ori t5, t4 $0000 Second half of the hacked value
Lui t6, $0000 First half of the hex
Ori t6, t6 $0000 Second half of the hex
Bne t0, t2, $09000030 Branches to the next bne
nop
Sw t6, $9628(t1) Second half of the real code address
Bne t0, t3, $0900003c Branches to the jr ra
nop
Sw t5, $9628(t1) Second half of the real code address
Jr ra

Fake Addressing:
Now remember! This is Real Addressing, we need to put the code in Fake Addressing.

You will have to subtract 08800000 from 09000000, which will become 00800000.

Hook:
We will need to add a hook. I am going to be using 0x00000098 0x0a400000.
Thats the main hook I always use.

But remember! You cant have 2 jokered codes enabled at the same time when they are both using the same hooks.
So i suggest you use a different hook for each code you joker.

You must take the second half of hacked value and the second half of hex and delete them as they are 0000.

So here is our final result:
#Infinite Health Jokered
0x00000098 0x0a400000
0x00800000 0x3c0809a8
0x00800004 0x8d08e1e4
0x00800008 0x3c0908cd
0x0080000c 0x340a0100
0x00800010 0x340b0200
0x00800014 0x3c0c3c0b
0x0080001c 0x3c0e0000
0x00800024 0x150a0002
0x0080002c 0xad2e9628
0x00800030 0x150b0002
0x00800038 0xad2d9628
0x0080003c 0x03e00008

There you go!

Thanks.

Guide Credit: _L96AW_RUSTY_ (Me)

**Jinzo** · 09-11-2010, 02:00 AM

Yesss thankyou!!!

**-LeetGamer-** · 09-11-2010, 05:13 AM

:| Now try explaining how it works and what each MIPS line does for it to be a great guide ;)

**_L96AW_RUSTY_** · 09-11-2010, 05:48 PM

*updated*

**-LeetGamer-** · 09-11-2010, 06:47 PM

Originally Posted by _L96AW_RUSTY_

*updated*

If your update was to my post then that is not what I ment. I ment what each mips command does, example with the lui command:

Lui - Load Upper Immediate
Lui t0 $0880
t0 = 0x08800000
Loads an immediate value into the upper half of a register.

=/

**_L96AW_RUSTY_** · 09-11-2010, 07:28 PM

I updated it with IMOK's Tutorial to basic mips, Thats why.

**-LeetGamer-** · 09-16-2010, 10:04 AM

Are you Otle at OHG? If not someone named Otle posted your guide, he gave credit to you but it was in a contest so =\

**_L96AW_RUSTY_** · 09-16-2010, 06:34 PM

Yes I am haha. Sorry it didnt match the contest...

**_L96AW_RUSTY_** · 07-06-2011, 10:09 PM

yeeeer

Menu

User Tag List

Thread: [NUB-PROOF] Jokering On/Off Guide!

Thread Tools

Display

User Info Menu