I need help to see if I can exploit this game?

[joshbarnettlloyd]

Hi everyone,
I'm trying to look for exploits and found another potential game that could be exploited. I have done all the technical parts I can do that I know I'm doing right for sure. I have the disasm and found the memory address in ram and the location in the save file too. Here are the images for them. I have complete control over registers $a1, $a3, $t0, $s1, $s3.
If you look at the crash image you will see that sparta string is line 2df in the middle of the line in the hex editor and that athens is line 2bc at the beginning of the line.Thanks for any help. I don't want to be one of those people who complains that they don't have an exploit and that someone should give them one. I'll do my own work if i can.

Here's the crash:
[spoiler][/spoiler]

Here's the disasm:
[spoiler][/spoiler]

here's the memory in ram for the string sparta:
[spoiler][/spoiler]

Here's the memory in ram for athens:
[spoiler][/spoiler]

here's a link to the images to download if needed too. Sorry about link issue.:
https://www.dropbox.com/sh/p6pibduzg3fj ... 5YaQ7a-RRa

Advertising

[qwikrazor87]

None of your image links are working.

Advertising

[joshbarnettlloyd]

Do I just take the address fou d for Sparta and Athens and plug it in the save where it is influencing registers?

[qwikrazor87]

There's nothing interesting with this crash, something better could be ahead of it though.

[joshbarnettlloyd]

Why not I have control over registers a1 a3 s1 s3 and t0 there just changed in save satay already to Sparta and Athens so if I changed save file those registers would be 61

[qwikrazor87]

That's why I said you might have a better crash later, there's nothing interesting with this particular crash.

Code: Select all

int somefunction()
{
    u8 *control = (u8 *)yourcontrol;

    if (control[88] == 0)
        return 0;
    else
        return ret; //ret in this case == $v0
}

in this case you can control returning $v0 or 0, nothing too interesting, something might happen down the road.

[joshbarnettlloyd]

Ok what would be my next step I get the code you wrote and understand that so would I put in address like before and see what happens?

[Darton Staker]

If I was able to find a sw based crash (store word) but I don't have this game available on any PSN stores, so even if the exploit was viable then it wouldn't be possible to make use of this exploit? And another thing, I also recall some years ago when I had monster hunter in its prime as the PSP scene was flaming with potential I came along cw cheats and was able to modify the game save data, and using that I was able to generate multiple crashes on the game, due to editing the games inventory and other things, i had frequent backups of the normal one just in case. But I lost these due to a hard drive crash a year or two years ago.

[Kankertje]

If I was able to find a sw based crash (store word) but I don't have this game available on any PSN stores, so even if the exploit was viable then it wouldn't be possible to make use of this exploit? And another thing, I also recall some years ago when I had monster hunter in its prime as the PSP scene was flaming with potential I came along cw cheats and was able to modify the game save data, and using that I was able to generate multiple crashes on the game, due to editing the games inventory and other things, i had frequent backups of the normal one just in case. But I lost these due to a hard drive crash a year or two years ago.

Next time don't waste time with games like that

Most of MH games were exploited in the past