Slashdot Mirror
Finding Cheat Codes For A Living
selan writes: "The Baltimore Sun has an article about the guys from GameShark who spend their time digging up cheat codes. 'For hours on end, hackers here squint over thousands of lines of numeric coding that translate to great feats of accomplishment on a video game.'" Good work, if you can get it.
Why don't they simply press up-down-up-down-left-right-A-B and get themselves infinite cash?
What's the big deal with this? You can sometimes find stuff with strings or a hex program.
when you play Tiger Woods Golf, you get a hole in one every time
Tiger Woods game: $40
Gameshark: $60
Realizing that you spent $100 to watch a golf game play itself: Priceless.
I remember, as a young lad, wondering how anyone ever came up with the cheats that were published monthly in my favorite ZX Spectrum (and later Commodore Amiga) magazine. I just assumed that somewhere, someone would get the infomation out of the programmers by sleeping with the despectacled geeks. Oh, how innocent I was when I was younger...
What they are doing is illegal...
Sad, isn't it?
you can prob find all sorts of stuff. remember that backdoor in Quake that lets you root other machines in online play......
perl -MIO::Socket -e 'IO::Socket::INET-new(PeerAddr="some.windoze.box:1
I remember the original Game Genie for the Nintendo Entertainment System. Much fun was had having infinite lives and all the money you could want in RPGs and fun things like that.
Of course, when you can beat the game without even trying, the fun goes away.
Looks like they'd be handing themselves out to dry every time they bypass a copyrighted game's system for acquiring health, weapons, points, etc.
Remember, if we use cheat codes to make our games easier, then the terrorists win.
Who came up with the idea of cheat codes (Easter eggs) in Video Games? I have always wondered why a company/programmer would leave the inserted cheat codes in their game when its released. I can understand for testing purposes that they are helpful but why for the consumer? And if they leave them in, why don't they just tell you what they are? Obviously they are not making any money selling the cheat codes to Game Shark.
Strange women lying in ponds distributing swords is no basis for a system of government.
"'...For hours on end, hackers here squint over thousands of lines of numeric coding that translate to great feats of accomplishment on a video game.'" Good work, if you can get it.
I'm not sure I agree with that one. Personally, squinting over thousands of lines of hex code for hours at a time does *not* sound like good work.
Maybe the great working is playing the games for a living... looking at bare hex/assembly all day sounds a bit too much like debugging other people's code to me. (Which is only fun if they are around to make fun of...) And god help these guys if the DMCA nazis get a hold of them... "We liscenced you the game, we didn't say you could look at it."
Now you:
Buy the game
Buy the strategy guide
Get all the cheat codes
Get bored because it's no fun anymore
Repeat cycle
To each their own...
A feeling of having made the same mistake before: Deja Foobar
Game Genie/Game Shark codes...
Trainers either, for that matter.
When I was about 15, I mowed lawns all summer in order to afford to buy NES cartridges. One of the 'cartridges' I bought was a Game Genie adapter.
Once I had done all the 'special effects' on the games I owned, I realized that any of the difficulty-altering codes took all the challenge out of the game.
Sure, it was fun to always have the elusive Hammer suit in SMB3, but at the same time, if you don't have to work hard and stay alive all the way through World 6 or 7, then you don't really appreciate it as much and don't play so carefully in order to keep it.
Now days, even the graphics altering abilities of such devices or programs aren't that impressive. There's very little you can do graphics-wise to a 3D, immersive game that doesn't break the game play. One of the few legitimate uses I've seen for this is to allow the player to play as characters that he wouldn't usually get to... such as Bowser in Super Mario 64. Even then, the animation and clipping is broken, hurting the play experience.
Some trainers do have positive uses. Here, I'm thinking about the trainers that exist for games like Roller Coaster Tycoon that allow the player to more or less play in the 'Free Form Building' mode that everyone agrees is missing from the game.
The conclusion that I've drawn from these observation is that trainers usually detract from gaming... at least for people who are interested in playing. If a game needs a trainer in order to be enjoyable, such as RCT... then there's something wrong with the game.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Good work, if you can get it.
How is "squinting" over thousands of lines of code good work? Basically the job we are looking at here is looking at code for hours and hours so you can find that one number that make a character immortal or whatever. Now I don't know about everyone else, but I prefer to writing my own stuff rather than spending hours reading over someone else's work (which has to be reverse engineered to read, so goodbye comments, formatting, etc.)
Like I said, this may just be me. But personally I can't see the attraction of a job that involves reading code when you can get one writing it.
-Xenopax
I always saw cheat codes as a way to further the experiences of a game and I think they work great as a reward for finishing the game. I always find it fun to go back to a board using cheat codes that took forever to complete and wreak havoc.
I think the optimum setup is when they are intergrated into the gameplay, so you don't have to go through hoops in order to get them to work.
I've often wondered why more developers don't utilize them as a feature of the gameplay.
When i was a child, i dreamed of growing up to be a video game designer(didn't everyone in my generation?). When i got a little older, it was the cheat codes that fascinated me. I was never too fond of using them myself(except for the ones that corrected OBVIOUS errors in the game[that damn heat guage in excitebike... bye bye with the gamegenie]), i always preferred the original degree of challenge of the game. But still... there was a certain allure to hacking into somebody elses code, figuring out how it works, and sticking in your own little "improvements". The heart of a reverse engineer.
In reality, many slashdotters are able to(and perhaps already have) done this sort of thing for themselves in their spare time. The thing that amazed(and still amazes) me was that someone would actually be willing to pay people to do this. capitalism is a CRAZY thing i guess.
anyway, i really enjoyed this article.
Nice work if you can get it.
lysergically yours
The Anti-Blog
Last christmas I got my little brother a GameShark for his N64. I ended up monopolizing it the entire christmas break to hack on Mario Kart 64. While I only came up with 3 codes, and have many programming challenges at my job, it was the most enjoyable hacking experience I've had in a long time. There's just something about trying to get inside the heads of the game programmers, finding clues to indicate how they coded a particular feature, persevering by spending a couple hours looking over numbers, and finally finding a result that impresses even your non-geek friends.
Increase/Decrease for power bars
Add/Sub for number of lives
Flag toggles
So the MAME and Genie cheats force certain RAM bytes to a desirable value...
I am not exactly sure how they make "big" money on this...maybe there is a side of marketing that I am not thinking about but when is the last time you saw anybody pay for cheat codes?
Well, the codes themselves aren't big money, as (as far as I know) nobody sells just the codes. However, the codes do enable them to sell the hardware (or you could say hardware sales subsidize the code finding efforts). And every code they develop and make available adds one more reason for someone to buy a Game Shark
Looking at this another way, suppose you are play video games and are not opposed to the idea of a game shark. If the Game Shark didnt support any of the games you play, would you buy it? Probably no, but what about if it had codes for a handful of the games you play. Then you might buy it. If it supports every game you play, you are more likely to buy it. But what if it does support new games as they come out. That would make you less likely to buy it. In otherwords, to ensure sales of Game Shark, they need to support as many games as possible, and continue to support new games as they come out. This way they build a loyal following. Then, as new games systems come out every couple of year, they quickly come out with a new product for that system and have millions of instant repeat customers.
The guys at Game Shark are a bunch of morons and slackers. The Guys at the Game System Code Creator's Club (cmgsccc.com) were the real brains behind Game Shark's codes. Once Code Master (Creator of the GSCCC) left Game Shark, they have been slacking.
Without a cheat code, how do you get to Diablo under 5 minutes ? ... ?
... ?
How do you beat Diablo with a Level 1 Paladin and a big and nice 4hits points dagger
How can you test that the green monster will follow you, that the AI is good
Without the codes, all the testers would have to make that 85 hours playgame in order to get to that last scene they have to test, then be killed within 5" because that monster is Really a boss...8)
+ Without cheat codes, I would !NEVER! have finished Doom2.
I'm not even sure it's possible to finish it without cheating...
So, here's the answer : cheat codes are mostly for testing the game.
In the old time, you screened the Hex and looked for change (everytime you got hit, a handle changed,...) and, after "much" Try and Crash, you got what you wanted (EF FF in strengh and Stamina...)
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
In the days of the Sinclair Spectrum or in the US, the Timex TS2048 the programs came on tape. Initially (especially for games by Ultimate-Play The Game [now RareWare]) the tape would contain a small BASIC loader, which then loaded the binary game code and executed it.
One of the skills was to load the BASIC program, break it (stop it running) and find out where the binary game code loaded. Then you'd possibly manually load the binary and start looking around at the code. Using your trusty Z80 opcode-list you'd look for places where counters were decreased (lives reduced?). You'd also look for places where initial values were set (number of lives/amount of energy). These were pretty easy to do at the start.
Once you knew the location, you could create a modified BASIC loader containing POKE statements. These would modify the contents of memory after the binary had loaded, but before it was executed. That way you could change the number of lives, or amount of energey or whatever..
Then things got a bit tricker. The developers would embed some machine code into the first line of the BASIC program. This special code would load the binary code, but using a different (non-standard) speed. This was the advent of the 'turbo-loader', the bane of most spectrum owners. With higher speed loading came the delicate balancing of the volume and tone controls on the tape desk. Get the controls wrong and the game would refuse to load.. or worse, the game would load all the way to the end, but crash either dumping you to the '(c) 1982 Sinclair Research' initial screen, or show flashing coloured blobs (sorta the equivalent of BSOD).
The other problem with turbo loaders was that you couldn't just load the binary on its own, you needed a special loader. Each game developer had their own set of routines for storing the binary data on tape. Some had cool things like counters, music or animated loading screens whilst you wait for the game to load.
People would 'decrypt' the developers loader and create their own programs to load the turbo-loader games and then hack them....
Anyway, I'm rambling..
..suffice to say, this isn't new. More complex, harder, maybe? More fun... hmmm. There's a big difference between doing this for a job, and doing it to get a namecheck in a crappy Sinclair Magazine!
So let me get this straight.. You're reading a book ... about using a device ... to automatically play ... a computer simulation ... of an activity that can't exactly be called a sport?
That's about as close as you can get to being an inorganic life form.
--
Mod up a post Rob doesn't like and you'll never mod again
"another way would be to store -1 or something"
Congrats. You just described the "Sudden Death" Issue.
Look, this is life points you speak about. -1 means you are dead for a few seconds.
I know. I tested for quite a long time and -1 in life is almost always fatal.
Just as the old trick of having "EF FF" in life is better than having "FF FF".
"FF FF" usually ends up with your player @ -65 465 in life , instead of +65...8|
Shocking to see the effect on vampire weapons 8) (Diablo 1 Players welcome 8)
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
Interestingly, Phantasy Star Online, a popular space adventure in the online gaming circuit, is not one of Interacts's primary targets. John Hays says that's because of the "moral issues" involved with providing cheat codes for players in head-to-head online gaming.
"We could do it, but we don't," Hays said.
Are they lying? Or are Phantasy Star cheats found elsewhere?
m00.
I would not say that some methods were all that innocent. Although this might not be all that good for the brain cell count.
"It is a greater offense to steal men's labor, than their clothes"
A bit of social engineering could really up the value of the Gameshark and similar. I know I've often put some queer things into my own games and removed them at compile time, or in the last minute rush, left them resident without adding a way to activate them because I never got them past management/legal. If someone had been nagging me just after shipping, while I still had my map file handy, I'd have been more than happy to share the location of one nifty thing or another. I'd wager many other developers are just like me.
Get a hold of the publishers and they may see implementing leakable codes as a way to get a second bump in the sales chart.
Do a little digging and get a hold of the programmers themselves, and they may share things they put in for their own joy and benefit. A little push or some free gear, and they may even put bonus flashy extras in there as a side project.
Cheat codes are usually put in by coders for debugging purposes and sloppy Q&A practices or, perhaps more sneaky, left in intentionally to drum up additional interest in the game. Winning the game becomes less the point, knowing how to cheat and where to find specials is the paradigm.
"Dude, I just came up with the greatest keyboard sequence to reveal a cheat code!"
"Yeah? Alright! Let's design a game around it!"
A feeling of having made the same mistake before: Deja Foobar
I don't know about that. Can you imagine replaying levels over and over again, in some sort of hellish attempt to try something else. Over and over again, that must get old, no matter how much 'fun' it is. That must really suck after a while...
Sort of like recompiling a new kernel with every minor relea... oops, never mind.
There's still plenty of gamers like me who still like playing classic NES games even today... I'm one of those fascinated at the Americanization of many of the games first released on the Famicom. For instance, in Japan, Contra had (in comparison to the US version) double the size of both of its ROMs and a non-Nintendo memory mapper that allowed the game to include extra cut scenese and special effect like trees rustling in the wind on the background of level one.....
;)
A while back, I discovered the joy of making Game Genie codes when decided to make my four-score famicom compatible (e-mail me for info)... I lost (and still need to replace (if you are from Japan and can help me out, email me!)) my copy of Nekketsu Kakutou Densetsu, and needed something to test my converted adapter on. Knowing that the Famicom version of Super Dodge Ball had 4 player mode, but that it was removed from the NES version because of incompatibility, I simply spent some time to make a game genie code that would allow a four player beanball game on the NES.... "GEUOLZZA"
Click here for a screenshot of it.
I kept going too....
How about coed Super Spike V'Ball? (it uses unfinished/prototype characters that were not completely removed before production.)
That's "AEXGXYGE", or "AAKGNTGE" if on the same cart as NES World Cup....
I've even made a code that unlocks 3 player games in Stinger.
Any, I find this stuff loads of fun. All of it will be up on my site some day, when I get a little more time and a digital camera to show off the construction of my modified four score.....
So, to all those trolls whining about cheating and gamesharks being no fun, nyaaaaah to you. There's no way I'd ever play as Wolverine on THPS3 if I didn't make my PSX memory card reader
-rah
(ahgaray atyay ahgaray otday omcay)
2) Game Shark (according to the article) does not use the cheats made by the companies, although, I suspect that if they are reverse engineering it, they could view the cheats. But what they do is write/edit the RAM (memory) at given moments to enhance a feature. Let's say that in memory location 255, the game Mortal Kombat stores the maximum health of player 1. What the GameShark does is, instead of letting the game store 100% there, it writes in 500% (let's say) which gives you more health. Or another way would be to store -1 or something that the program doesn't expect.
Does anyone remember the good old C64 games, where you cheated by resetting the machine, issuing a few POKE commands and restart the game using a SYS command? That utilized the exact same tecnique - POKE stored a value in RAM and SYS started executing the game.
Usually, however, these POKEs didn't rewrite RAM locations where the number of lives were stored. Instead, it replaced the actual machine code that decremented the life counter. So instead of doing:
dec $5463
The game now did:
nop
nop
nop
Which uses the same number of bytes of RAM.
There even existed hardware devices (called cartridges) that enabled you to automatically scan the memory for the locations of life counters and such. Once the life counter was found, the game code was patched in the way outlined above.
Ahhh, those were the days!
Back in the DOS days, there was a program called "Gametools" that worked like a Game Shark for PC games. It was a whole lot more useful, though, because you could easily come up with codes yourself by searching through memory for interesting values as you played the game.
(You could also use it to write cracks for your software. Some day, this kind of software will probably end up being illegal.)
These days there are SoftICE and GDB, but programs are getting a whole lot bigger and more complicated. It's just not as fun...
I cannot believe that the mod community hasn't been brought up. There are some games (namely id-based games) that have extremely long lives because of the mod community.
People make new maps, player models, enemies, etc. to create new experiences within the game. Without cheat codes, level creation would be near impossible.
Game developers use cheat codes to debug and test the gameplay. If they took the cheats out before release, there would be no mods for the game and the lifespan would be much shorter.
Basically, he'd edited the internal representation of the basic loader so that it started the programme 3 bytes on from what the loader appeared to say when looking at the code. e.g. although it claimed to start executing from memory location 31000, it actually started at 31003.
Hmmm... I think I can figure this one out; Spectrum BASIC had two representations for a number - 5 bytes for arithmetic and as many numeric ASCII bytes as necessary for Us Dumb Humans. IIRC, there was no requirement for the ASCII representation to match the underlying arithmetic representation (though, of course, for any non-twiddled bit of BASIC, they would match...)
--
thanks for the pointer to red. I've been forced onto my old mac while awating a new mobo and been playing Marathon again. I'll have to check it out...
DO NOT DISTURB THE SE
Wasn't the PET the computer you could POKE a certain memory location with to get it to catch fire or something?
The DMCA covers copy protection. It has NOTHING to do with this. In fact, here's a subsection of DMCA *maintaining* the right to reverse engineer in this way:
`(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
Please, for the love of god, read the text of the DMCA before ever mentioning it again. It's fairly short and to the point.
Text of DMCA
-
For anyone that cares, there's a huge archive of Game Shark codes at CheatZilla.com. That site has been around for years, and (at least for SNES and Genesis codes) can convert between various code formats for you.
http://www.warrenrobinett.com/adventure/
psxndc
The emacs religion: to be saved, control excess.
Wholly trusting client-side packets in a MMORPG (or any competitive client-server system) is Bad Programming
The corallary to this is, don't send the client anything more than they REALLY need to know.
Why? Because you have to assume that if you send the data, it will be displayed. Even if you don't build a display for it (e.g. - numeric data used to display some other message) or you have conditions for it being displayed (e.g. - invisible things). Someone _will_ crack your data stream and figure out a way to get the info either inside the game or outside of it.
Witness ShowEQ for Everquest. There's not a great many hacks that have been done on the game (yes, a few memory editors... and to my knowledge using them results in your being banned sooner or later), but the ShowEQ author and later developers figured out the datastream and have broken every encryption since. Verant has become clued about these things slowly and is doing fewer stupid things. Instead of sending a monster's hit points, they now send a percentage (which is all that's displayed to the client anyway). Instead of sending a number indicating exactly how much you are liked or disliked by a group of monsters, they send a number indicating what level of faction you have (again, all that was displayed anyway).
The downside of not being able to trust the client is that you require a lot more server bandwidth - particularly CPU wise. And you do run into client side issues when you start talking about limited disclosure (e.g. - invisible players/monsters/etc) because in order to do it Right, changing from visible/invisible means that you change what data you're sending. If you have collision between PCs and other moving objects then how do you handle someone trying to walk through an invisible object? You either have to tell them it's there all the time (but don't display), or you have to let them walk through it and get corrected back by a server update, which is very confusing for the player. Fun fun fun.
In the only game that matters, it's easy. Just type "X", and you're in explore mode and can go on forever (but can't get a high score or ascend).
hawk
I find it kind of amusing that this articles constantly mentions the programmers "hacking into the game system" as if they are gaining unauthorized access to some machine on the Internet. When will the press use this term correctly?
void women (int money, time_t time);
How would you stop it though? If I play the single-player version of PSO, and hack myself a +99 whatever, how would it detect the cheat when I brought it online? This isn't a rhetorical question, by the way, I'm actually curious as to the best way to prevent this.
> The corallary to this is, don't send the client anything more than they REALLY need to know.
The name for this is called "selective disclosure."
You're post is correct & informative -- selective disclosure doesn't magically make a game "hack proof" -- it just raises a lot of (other) thorny issues.
> the damn game developers [ensemblestudios.com] or Microsoft, I don't know which one
...
Ensemble Studios are the game developers. Microsoft is the publisher
> do some sort of a check on the size of your dat files which holds game data during game play, i.e. like 10000 gold, 20000 food, 10000 stone etc etc, and if your file size is greater, it is what is called a "Sync Error"
Everyone has to be using the same networking code (i.e. game version)
One person out of sync means the game is in unknown game state, which is bad for peer-2-peer gaming.
One of the programmers who worked on Age of Kings wrote up this interesting article on hacking/cheating:
How to Hurt the Hackers The Scoop on Internet Cheating and How You Can Combat It [07.24.00]
Cheers
The folks at HomeFair say that a Baltimore $28k is a Bronx $33k, a Brooklyn $35k, and a Manhattan $77k (!)
Besides, hardly anybody in Hunt Valley gets eaten by CHUD.
This next song is very sad. Please clap along. -- Robin Zander
I've discovered a cheat code myself. While poring over the Super Mario Bros. hex code, I found the sequence "04 03 02 00 24 05 24 00 08 07 06". My previous experiments had confirmed "24" to be the game's code for a space character, and that world -1 was actually world (SPACE)-1, that is, 36-1. I realized that these codes matched the codes for the game's warp zones. After changing the 02 to 24, I was able to make the pipe at the top right of World 1-2 that normally takes the player to 2-1 to take the player to -1. The code is (in BASIC) POKE $87F4, $24 or (in Game Genie) GXNAGY.
Details on how I accomplished the hack
Will I retire or break 10K?
You quoted the words "shipping every unit", but somehow you managed to miss reading them.
Now though they do things a little differently they used to with respect to loading memory, it still doesnt matter. Unless game makers start ENCRYPTING all of their code (not just pieces as they do now for copy protection), the dmca simply doesnt apply.
As many have mentioned earlier, these types of devices give replay power and could possibly even sell more games by giving people who suck at games a chance at beating them. Why would any game company be against that?
Anyway, 26,000 words is tiny for a legal document.... I found the DMCA an easy read compared to many other copyright documents...
-
Return the game and demand a refund. Anyone who makes a multiplayer game that accepts those sorts of commands from a client is defective. Even a game that lets a player specify the ammount of money they have is broken.
Go play a real game from a real company that attempts to patch these kind holes.
Allow people to import a multi-player game for single-player play, but not to go the other way.
If you store characters locally they CAN be hacked. This is a proven fact. Encryption can't help here.
Even if no game-shark devices are available a moderately skilled embedded systems engineer can rig one from their job tools.
Even if you implement checks on single-player characters (disallowing 99th level for example) the cheaters just have to use more subtle cheats.
The problem with this is that the online service needs to store characters and then needs to bother with passwords to protect them. But there's no way around this. Any worthwhile online service either doesn't allow saved characters (Q3, Counterstrike) or stores them on the server.
If you really want details on this, I don't mind going into it in email.
You're both lame. Him for having to prove his dick size with a game and you for not just pointing and laughing.
It's just a single-player game, using it as bragging rights is pathetic. Like bragging about how often you win at solitaire.
There are many reasons for cheats, like simply wanting to play the game you bought in the manner you like. I don't show my high-scores to anyone, or bother looking at theirs, if I cheat in a game it's because this bit is boring and I want to move on.
Every unit of what? You didn't specify what constituted a "unit."
Yes, I did, quite clearly, in English. Go back and READ the post this time, before replying.