PDA

View Full Version : Explaination of the N64 Codes?


Lexsym
31st January 2011, 12:10 AM
Is there any more of an explaination of the N64 Codes? This is all I have so far:


80 - Continuous 8-bit replacement (range 0-255)
81 - Continuous 16-bit replacement (0-65535)
88 - GS Button-activated 8-bit replacement
89 - GS Button-activated 16-bit replacement
A0 - 8-bit replacement only on startup
A1 - 16-bit replacement only on startup
D0 - 8-bit read (checks the address given for the specified value)
D1 - 16-bit read (checks the given address and the one after for the specified value)


Is there something like how the Nintendo Wii's code are, where you can store values into a register? And then Load the value from the register into the Address?

Here's a breakdown of a Wii Sports Resort code I made (so you know what I mean):

Island Flyover Teleporter [Mal1t1a]
2086E024 00000100 <- This is reading the WiiMote's Button Handler Checking to see if the button "2" is pressed. The button "2" has the value of "0100". The start of the "if" statement.
82210001 00D2DA94 <- This is a Save Float to Register code. It saves the Floating-Point value of the address 0x80D2DA94 to the first register (As given by the "0001").
82210002 00D2DA98 <- This is a Save Float to Register code. It saves the Floating-Point value of the address 0x80D2DA98 to the first register (As given by the "0002").
82210003 00D2DA9C <- This is a Save Float to Register code. It saves the Floating-Point value of the address 0x80D2DA9C to the first register (As given by the "0003").
E0000000 80008000 <- This is a end statement, meaning that if the button "2" is not pressed, it will skip to the second check statement.
2086E024 00001000 <- This is reading the WiiMote's Button Handler Checking to see if the button "Minus (-)" is pressed. The button "Minus (-)" has the value of "1000". The start of the "if" statement.
84210001 00D2DA94 <- This is a Load Float from Register code. It loads the Floating-Point value from the register into the address 0x80D2DA94 (As given by the "0001").
84210002 00D2DA98 <- This is a Load Float from Register code. It loads the Floating-Point value from the register into the address 0x80D2DA98 (As given by the "0002").
84210003 00D2DA9C <- This is a Load Float from Register code. It loads the Floating-Point value from the register into the address 0x80D2DA9C (As given by the "0003").
E0000000 80008000 <- This is a end statement, meaning that if the button "Minus (-)" is not pressed, it will skip this line, and then if there is no code below, do nothing, as expected.
Press 2 on the Wiimote to save your position, and press Minus to teleport to the saved position.


Is there anything like that? Or is there anything I'm missing from what I have gathered?

HatCat
31st January 2011, 12:17 AM
don't know how Wii codes work ... lots of documentation about AR64 functions here
http://liveweb.waybackmachine.org/http://doc.kodewerx.org/hacking_n64.html

Lexsym
31st January 2011, 12:48 AM
Wii codes are very similar to this.

0xXXYYYYYY ZZZZZZZZ
XX = Operation to perform, I believe 80 is 32 bit write.
YYYYYY = Address (from base 0x80)
ZZZZZZZZ = 32 bit value to write to address (There's alot of codes that just use 00000001).
And that's a simple explaination.




This is apparently an N64 Gameshark function (nothing to do with the Wii, lol)

Repeater/Patch Code
5000XXYY ????
8ZZZZZZZ VVVV


xx addresses to write
yy offset between each address
???? value to add to vvvv
zzzzzzz base address to write vvvv to.

Too bad this couldn't be used to increment the value of an address, like the Moon Jump, heh.

HatCat
31st January 2011, 01:42 AM
Oh interesting.

Well while on that subject, the second command has just the HO nybble defined to '8', but you said that XX is the operation. Does that mean like, the second statement can begin with "8?" where ? is any hex digit? Ah but you defined the digit after to be part of "zzzzzzz", well I was confused cause it seemed like a contradiction.

Yeah though, doesn't look like you can use AR64 to write to N64 registers, except indirectly by writing an instruction to target the register. :D

Lexsym
31st January 2011, 02:13 AM
Oh interesting.

Well while on that subject, the second command has just the HO nybble defined to '8', but you said that XX is the operation. Does that mean like, the second statement can begin with "8?" where ? is any hex digit? Ah but you defined the digit after to be part of "zzzzzzz", well I was confused cause it seemed like a contradiction.

Yeah though, doesn't look like you can use AR64 to write to N64 registers, except indirectly by writing an instruction to target the register. :D

I'm not "exactly" sure what you're referring to or trying to say. But from what I can guess, you're talking about the Wii Code.

When you use a button activator in the Wii, you can have as many statements inside of it as you want, just so long as you have a terminator at the end "E0000000 80008000"

Pseudo-language:


If Button.isPressed then

Write the Value of "4" to The Address 0x80D2DA94
Write the Value of "16" to The Address 0x80D2DA98
Write the Value of "2500" to The Address 0x80D2DA9C
//Whatever else I want to do can be done in here.

End If


Actual Wii Code:


2086E024 00000100
04D2DA94 00000004
04D2DA98 00000010
04D2DA9C 000009C4
//Whatever else I want to do can be done in here.
E0000000 80008000




As for The Repeater/Patch Code, that works for Project 64, kinda. It writes to all of the addresses instantaniously.

HatCat
31st January 2011, 02:22 AM
Oh okay, I understand that.

My question was about this.

This was the example code you gave earlier.

Repeater/Patch Code
5000XXYY ????
8ZZZZZZZ VVVV


The second command is in the format: 8#######.

This is the specification for Wii codes you gave earlier.

Wii codes are very similar to this.

0xXXYYYYYY ZZZZZZZZ
XX = Operation to perform, I believe 80 is 32 bit write.
YYYYYY = Address (from base 0x80)
ZZZZZZZZ = 32 bit value to write to address (There's alot of codes that just use 00000001).
And that's a simple explaination.


A command must begin with "XX", a two-digit (in hex) operation code.

So my confusion, is if the above statement is true, why it is that your second line of code is 8ZZZZZZZ, where there is just one defined digit at the beginning?

Lexsym
31st January 2011, 02:35 AM
Oh okay, I understand that.
So my confusion, is if the above statement is true, why it is that your second line of code is 8ZZZZZZZ, where there is just one defined digit at the beginning?

Well, that's only for N64 only. It has to be a write, so it's going to be: 80/81/88/89.

Also, There is an extra "Z" because I copied it from an article I was reading. Technically it should be 8XZZZZZZ, sorry about that.

I was reading through this page you gave me: http://liveweb.waybackmachine.org/http://doc.kodewerx.org/hacking_n64.html#gs_code_types

HatCat
31st January 2011, 02:38 AM
8-Bit
80XXXXXX 00?? Writes 1 byte (??) to the specified address (XXXXXX) repeatedly. All
16-Bit
81XXXXXX ???? Writes 2 bytes (????) to the specified address (XXXXXX) repeatedly. All
8-Bit GS Button
88XXXXXX 00?? Writes 1 byte (??) to the specified address (XXXXXX) each time the GS Button is pressed. All
16-Bit GS Button
89XXXXXX ???? Writes 2 bytes (????) to the specified address (XXXXXX) each time the GS Button is pressed. All
Conditional Codes
8-Bit Equal To
D0XXXXXX 00??
YYYYYYYY ZZZZ If the byte at XXXXXXX is equal to ??, then the code on the next line is executed. All
8-Bit Equal To (GS Button)
D8XXXXXX 00??
YYYYYYYY ZZZZ If the byte at XXXXXXX is equal to ?? and GS button is being pressed, then the code on the next line is executed. All
16-Bit Equal To
D1XXXXXX ????
YYYYYYYY ZZZZ If the 2 bytes at XXXXXXX are equal to ????, then the code on the next line is executed. 3.0+
16-Bit Equal To (GS Button)
D9XXXXXX ????
YYYYYYYY ZZZZ If the 2 bytes at XXXXXXX are equal to ???? and GS button is being pressed, then the code on the next line is executed. 3.0+
8-Bit Different To
D2XXXXXX 00??
YYYYYYYY ZZZZ If the byte at XXXXXXX is NOT equal to ??, then the code on the next line is executed. 3.0+
8-Bit Different To (GS Button)
DAXXXXXX 00??
YYYYYYYY ZZZZ If the byte at XXXXXXX is NOT equal to ?? and GS button is being pressed, then the code on the next line is executed. 3.0+
16-Bit Different To
D3XXXXXX ????
YYYYYYYY ZZZZ If the 2 bytes at XXXXXXX are NOT equal to ????, then the code on the next line is executed. 3.0+
16-Bit Different To (GS Button)
DBXXXXXX ????
YYYYYYYY ZZZZ If the 2 bytes at XXXXXXX are NOT equal to ???? and GS button is being pressed, then the code on the next line is executed. 3.0+
Special Codes
8-Bit Write On Boot
F0XXXXXX 00?? Writes 1 byte (??) to the uncached address (XXXXXX) only once. These are most often used to disable certain types of protection that some games use to disable cheat devices. F0/F1 only works on boot, but they are handled AFTER the CIC checksums are calculated (allowing the codes to patch the executable code without causing a checksum failure, interrupting the boot process). A maximum of 50 F0/F1 type codes can be used at one time. Hackers should also be aware that F0/F1 codes aren't added to the active codes list once the game starts. This can allow for more active codes alongside assembly hacks on some games. 3.0+
16-Bit Write On Boot
F1XXXXXX ???? Writes 2 bytes (????) to the uncached address (XXXXXX) only once. These are most often used to disable certain types of protection that some games use to disable cheat devices. 3.0+
Disable Expansion Pack
EE000000 0000 Attempts to keep the game from using the expansion pack. Can also increase code generator stability with some older games. The actual effect of the code is the same as using:
F1000318 0040
F100031A 0000
It can be helpful to know those addresses. For example, Zelda requires that you have the code generator on or use EE000000 0000, but using F0000319 0078 instead allows the game to run just fine whether the code generator is on or not. 3.2+
Additional Enable Code
20000000 0000 Clears Memory 0x80000200 - 0x80000300. This might have been added as a precaution for games that check that area on boot. To the writers' knowledge, this code has never actually been needed. 3.2+
Change Exception Handler
CC000000 0000 The GS/AR patches the exception handler in order to get the code engine running. This code type changes the default patching method, probably for a non-standard exception handler (like for a newer PSYQ lib). Another code type that slipped through the cracks. It has never been used. 3.2+
Enabler
DEXXXXXX 0000 Used to select the executable entry point (0x80XXXXXX). This is necessary with games that utilize certain protection chips. This code is typically used in conjunction with a key code. The address specified can only be 0x80000000 - 0x80100000. Any address above 0x80100000 (EG 0xDE100400 0000) will default the entry point down to 0x80000400. 1.08+
Set Store Location
FFXXXXXX 0000 Tells the device to store active codes starting at XXXXXX. This is required on some games that use the expansion pack. 3.3+
Repeater/Patch Code
5000XXYY ????
8ZZZZZZZ VVVV Used to make extremely long, sequenced codes shorter. XX is the number of addresses to be written, YY is the offset between addresses, ???? is the amount to increment the value (VVVV). Note that this increment is signed, so values higher than 0x8000 will subtract from VVVV rather than being added. These can be preceded by any 'D' code type (EG 0xD0144604 0022) to enable them on demand. The code to be repeated is not limited to constant writes. Any 80/81/88/89 code type appearing below a '50' code should work. 3.0+

^ all the GameShark opcodes usable on the N64 on the page that I linked

Yeah but like, how can your second line be 8ZZZZZZZ? I mean, on the Wii, is there such thing as an operation identified using a single hex digit? 8?ZZZZZZ makes more sense to me.

Lexsym
31st January 2011, 03:18 AM
no no, that was in no relation towards the Nintendo Wii, sorry about the confusion.

Mdkcheatz
31st January 2011, 03:24 AM
http://liveweb.waybackmachine.org/http://doc.kodewerx.org/hacking_n64.html

you have gone from hero to zero, then back to hero, just fucking like that! Cool Story Bro ;)

HatCat
31st January 2011, 03:26 AM
oh ok well nevermind about that, apart from the encoding of that one instruction I got all that

Anyway at least that link contributes some more opcodes to your list though.
the ones on it you didn't list in your OP:
D2, D3, D8, D9, DA, DB, and some special stuff added in later versions of the GS model

Where did you read about A0 and A1 though? I don't remember seeing those being used in unencrypted cheat.

Lexsym
31st January 2011, 03:34 AM
Where did you read about A0 and A1 though? I don't remember seeing those being used in unencrypted cheat.

http://www.videogamesource.com/genie/gg/create/make_n64_gs_codes.html

An old 1998 website :p

Lexsym
31st January 2011, 03:35 AM
I got it from an old 1998 website, http://www.videogamesource.com/genie/gg/create/make_n64_gs_codes.html

That was all it pretty much said. heh.

Lexsym
31st January 2011, 03:36 AM
From an old 1998 website: http://www.videogamesource.com/genie/gg/create/make_n64_gs_codes.html

Lexsym
31st January 2011, 04:53 AM
I wonder if this post will actually work

I got it from an old 1998 website http://www.videogamesource.com/genie/gg/create/make_n64_gs_codes.html

HatCat
31st January 2011, 07:16 PM
How strange. Totally unmentioned in the page I linked, yet it's used in the official CHT database and online apparently. Maybe they skipped it on purpose or something.

Oh well, it's not a very important identifier I guess. The conditional codes are much more important to me I think and can accomplish the same thing except perhaps a little less efficiently.