How to create B200+ codes with UPS
This tutorial deals only with B200+ cheat codes.The difference between B200 and B200+ is that B200 is very limited
and does not accept all addresses, while B200+ is not limited.
B200+ is still at the beginning of investigations there is a lot i don't know but also a lot i can say with certainty.
Besides B200 + is not a guarantee of success for some games but the majority can be easily cracked.
I think if you do everything right B200+ codes should be 99% stable.
"And what about the last 1% ! Is that important? Not really! ;-)."
What is needed to start:
1. Psvita Firmware 3.65 + ( Note: all firmware below 3.65 are not suitable)
2. VitaCheat plugin z.06 ( Note: all versions below z.06 are not suitable)
3. noASLR.skprx (Note: a plugin for Vita it keeps Seg1 stable very important)
4. UPS (Universal Pointer Search)
VitaCheat plugin z0.6 https://github.com/r0ah/vitacheat/tree/master/plugin/v365-z06beta
noASLR.skprx https://github.com/CelesteBlue-dev/PSVita-RE-tools/tree/master/noASLR/release
UPS (Universal Pointer Search) https://github.com/BullyWiiPlaza/Un...er/blob/master/Universal-Pointer-Searcher.jar
noASLR.skprx https://github.com/CelesteBlue-dev/PSVita-RE-tools/tree/master/noASLR/release
UPS (Universal Pointer Search) https://github.com/BullyWiiPlaza/Un...er/blob/master/Universal-Pointer-Searcher.jar
How to install: VitaCheat / noASLR / UPS
-Install Vita Cheat:
I recommend to install AutoPlugin 2 vpk. first because you can install many plugins online also Vita cheat.
https://github.com/ONElua/AutoPlugin2/releases
-Install noASLR.skprx:
This plugin can not be installed with AutoPlugin 2 vpk and must be done manually with Vita Shell.
Here are two pictures how to do it, it should not be difficult because it is clear (hope).
If you write in tai.config txt then be carefully and do not make mistakes (this is not a playground) take your time.
-- Move noASLR.skprx to ur0:Tai (folder).
--Open config.txt and write the name of the plugin manually.
If everything is done restart Vita.
-Install UPS (Universal Pointer Search):
https://github.com/BullyWiiPlaza/Universal-Pointer-Searcher
Please read the instructions carefully how to install UPS, the important part is that you also need to install Java.
Some people have issues with UPS if the wrong java is installed, whether everything is installed correctly you can only see that If UPS shows pointer results.
I recommend to install AutoPlugin 2 vpk. first because you can install many plugins online also Vita cheat.
https://github.com/ONElua/AutoPlugin2/releases
-Install noASLR.skprx:
This plugin can not be installed with AutoPlugin 2 vpk and must be done manually with Vita Shell.
Here are two pictures how to do it, it should not be difficult because it is clear (hope).
If you write in tai.config txt then be carefully and do not make mistakes (this is not a playground) take your time.
-- Move noASLR.skprx to ur0:Tai (folder).
--Open config.txt and write the name of the plugin manually.
If everything is done restart Vita.
-Install UPS (Universal Pointer Search):
https://github.com/BullyWiiPlaza/Universal-Pointer-Searcher
Please read the instructions carefully how to install UPS, the important part is that you also need to install Java.
Some people have issues with UPS if the wrong java is installed, whether everything is installed correctly you can only see that If UPS shows pointer results.
How do I create Dumps?
How to write down Seg1?
-Create Dumps:
Open Vita cheat /Cross-Memory/Export Memory Safe Mode ( Note: If money address is 81B7E6D4 make the range 81000000-83000000 click Circle to start) Vita cheat will now create a dump & txt file you can find the dump in ux0:vitacheat/mem and txt file important for Seg1.
-Find Seg 1 range:
Seg1 is very important because it shows you where to look to find the right pointer-Code.
The correct pointer codes are always inside Seg1 everything below or above Seg1 is "not important".
The main task here is to find the Beginning and the End of Seg 1.
This is quite simple (note each game has its own Seg1).
Look here at the picture it will look confusing but trust me you will find your way very quickly.
What can be seen on the picture:
- 2x Normal addresses for Money (left-top)
- 2x Dumps (bin) with 2x txt (middle-top
- Module 00 shows Seg1 open txt file. (right-top)
- in the middle how to find out Start and End of seg1.
- Left-Bottom is the final product Seg1 Start and Seg1 Ending which we need to finally continue with UPS ;-)
(There is a simple solution to find Seg1 with Vita cheat alone,
but you will probably have figured that out yourself.)
Open Vita cheat /Cross-Memory/Export Memory Safe Mode ( Note: If money address is 81B7E6D4 make the range 81000000-83000000 click Circle to start) Vita cheat will now create a dump & txt file you can find the dump in ux0:vitacheat/mem and txt file important for Seg1.
-Find Seg 1 range:
Seg1 is very important because it shows you where to look to find the right pointer-Code.
The correct pointer codes are always inside Seg1 everything below or above Seg1 is "not important".
The main task here is to find the Beginning and the End of Seg 1.
This is quite simple (note each game has its own Seg1).
Look here at the picture it will look confusing but trust me you will find your way very quickly.
What can be seen on the picture:
- 2x Normal addresses for Money (left-top)
- 2x Dumps (bin) with 2x txt (middle-top
- Module 00 shows Seg1 open txt file. (right-top)
- in the middle how to find out Start and End of seg1.
- Left-Bottom is the final product Seg1 Start and Seg1 Ending which we need to finally continue with UPS ;-)
(There is a simple solution to find Seg1 with Vita cheat alone,
but you will probably have figured that out yourself.)
Main-Settings UPS
The Search
The first Pointer-Search for Dragon Fantasy (US).
Settings 1
- 2 dumps
- Pointer level 2
- Range 2000
- Normal Search
For some reasons UPS does not show any results.
This is the beginning of the end, no no no we don't give up so fast...
Let's try a new setting
Settings 2
- 2 dumps
- Pointer level 2
- Range 2000
- Negative search
Yes, now pointers are displayed (a lot) but which one should be the right one and how do I make a B200 code with it?
Let's take a closer look at these results:
[[0x810B1854] + 0xDF8] + 0x54
[[0x810FC2A4] + 0xFFFFFF48] + 0x54
[[0x8114FC08] + 0xFFFFE068] + 0x54
[[0x8114FC28] + 0xFFFFE048] + 0x54
[[0x8114FC38] + 0xFFFFE004] + 0x54
[[0x81180078] + 0x14B8] + 0xFFFFEBB4
[[0x81180078] + 0x968] + 0xFFFFF6D4
[[0x81180078] + 0x980] + 0xFFFFF714
[0x81180078] + 0x54
[[0x811801F8] + 0xFFFFFD1C] + 0x54
[[0x8127F95C] + 0xFFFFF32C] + 0x54
[[0x8127FCB0] + 0xFFFFF2C8] + 0x54
[[0x8127FCD0] + 0xFFFFF0B0] + 0x54
[[0x8127FD0C] + 0xFFFFFBB4] + 0x54
[[0x8127FFAC] + 0xFFFFE678] + 0x54
[[0x81280C54] + 0xFFFFFBAC] + 0x54
[[0x81280FB0] + 0xFFFFE13C] + 0x54
[[0x81338414] + 0x1078] + 0x54
[[0x813D0A84] + 0xD04] + 0x0
There are 19 results in this case i was lucky, sometimes you get 1000+ results but don't panic with my help you will quickly notice what is important and what is unimportant all in a few seconds.
-----------------------------------------------
Next step , the easy part of sorting the possible correct pointers.
Here Seg1 is needed to choose the right pointers
Seg 1
81180000--81207938
now we take all pointers out that are within seg 1
[[0x81180078] + 0x14B8] + 0xFFFFEBB4
[[0x81180078] + 0x968] + 0xFFFFF6D4
[[0x81180078] + 0x980] + 0xFFFFF714
[0x81180078] + 0x54
[[0x811801F8] + 0xFFFFFD1C] + 0x54
--------------------------------------------------
The Final-Kick, how to make B200 code with it
Example pointer:
[[0x81180078] + 0x14B8] + 0xFFFFEBB4
81180078 - 81180000 = 78
_V0 Inf.Money test code 1
$B200 00000001 00000000
$3202 00000078 000014B8
$0000 00000000 FFFFEBB4
$0000 00000000 00000000 <---- Money value
[0x81180078] + 0x54
_V0 Inf.Money test code 2
$B200 00000001 00000000
$3201 00000078 00000054
$0000 00000000 00000000 <---- Money value
I think now everything has become clear how to make B200+Codes.
----------------------------------------------
If you have no luck with other games then this might help.
Try to change these values:
- Use multiple dumps to minimize the results
- Set Range 1000/2000 or 10000 ...
- Set Pointer Level 1/2/3 or 4...
- Use Negative or Positive search (Negative search needs a lot of power (crash) I would always start with pointer level 2)
- will come soon 1
- Top Secret
Now it depends on you what the next steps are and how to get the maximum out of it.
NOTE! To become an expert you need to have more than this tutorial and that is experience like chess
------------------------------------------------
Settings 1
- 2 dumps
- Pointer level 2
- Range 2000
- Normal Search
For some reasons UPS does not show any results.
This is the beginning of the end, no no no we don't give up so fast...
Let's try a new setting
Settings 2
- 2 dumps
- Pointer level 2
- Range 2000
- Negative search
Yes, now pointers are displayed (a lot) but which one should be the right one and how do I make a B200 code with it?
Let's take a closer look at these results:
[[0x810B1854] + 0xDF8] + 0x54
[[0x810FC2A4] + 0xFFFFFF48] + 0x54
[[0x8114FC08] + 0xFFFFE068] + 0x54
[[0x8114FC28] + 0xFFFFE048] + 0x54
[[0x8114FC38] + 0xFFFFE004] + 0x54
[[0x81180078] + 0x14B8] + 0xFFFFEBB4
[[0x81180078] + 0x968] + 0xFFFFF6D4
[[0x81180078] + 0x980] + 0xFFFFF714
[0x81180078] + 0x54
[[0x811801F8] + 0xFFFFFD1C] + 0x54
[[0x8127F95C] + 0xFFFFF32C] + 0x54
[[0x8127FCB0] + 0xFFFFF2C8] + 0x54
[[0x8127FCD0] + 0xFFFFF0B0] + 0x54
[[0x8127FD0C] + 0xFFFFFBB4] + 0x54
[[0x8127FFAC] + 0xFFFFE678] + 0x54
[[0x81280C54] + 0xFFFFFBAC] + 0x54
[[0x81280FB0] + 0xFFFFE13C] + 0x54
[[0x81338414] + 0x1078] + 0x54
[[0x813D0A84] + 0xD04] + 0x0
There are 19 results in this case i was lucky, sometimes you get 1000+ results but don't panic with my help you will quickly notice what is important and what is unimportant all in a few seconds.
-----------------------------------------------
Next step , the easy part of sorting the possible correct pointers.
Here Seg1 is needed to choose the right pointers
Seg 1
81180000--81207938
now we take all pointers out that are within seg 1
[[0x81180078] + 0x14B8] + 0xFFFFEBB4
[[0x81180078] + 0x968] + 0xFFFFF6D4
[[0x81180078] + 0x980] + 0xFFFFF714
[0x81180078] + 0x54
[[0x811801F8] + 0xFFFFFD1C] + 0x54
--------------------------------------------------
The Final-Kick, how to make B200 code with it
Example pointer:
[[0x81180078] + 0x14B8] + 0xFFFFEBB4
81180078 - 81180000 = 78
_V0 Inf.Money test code 1
$B200 00000001 00000000
$3202 00000078 000014B8
$0000 00000000 FFFFEBB4
$0000 00000000 00000000 <---- Money value
[0x81180078] + 0x54
_V0 Inf.Money test code 2
$B200 00000001 00000000
$3201 00000078 00000054
$0000 00000000 00000000 <---- Money value
I think now everything has become clear how to make B200+Codes.
----------------------------------------------
If you have no luck with other games then this might help.
Try to change these values:
- Use multiple dumps to minimize the results
- Set Range 1000/2000 or 10000 ...
- Set Pointer Level 1/2/3 or 4...
- Use Negative or Positive search (Negative search needs a lot of power (crash) I would always start with pointer level 2)
- will come soon 1
- Top Secret
Now it depends on you what the next steps are and how to get the maximum out of it.
NOTE! To become an expert you need to have more than this tutorial and that is experience like chess
------------------------------------------------
