November 21, 2024, 05:20:32 AM

Author Topic: Blitzmaster5000 hacks  (Read 20370 times)

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Blitzmaster5000 hacks
« on: July 13, 2016, 01:13:03 AM »
I will deposit most of my hacks I have here. I figured it would be best to stick it here as they cover a variety of hacks. This will be a constantly updated thread, as I want to separate the various hacks that maybe unrelated but people may want. For now, they will be mixed together, but I will separate each eventually so if people want specific hacks they can incorporate them.

BLITZ_CHANGE_LOG
latest stable version: 4.0
major changes:

1. increased speeds of players to be similar to blitz 2001 (notes not in here)
2. increased size of playbook for offense and defense. Still need to work out bugs for multiplayer and custom plays. // DONE!!
3. Increased playbook timer to 20 seconds to allow for more time with larger playbook. // DONE!!

Changes planned for next major release (4.5):
1. Include plays from 2001  //sort of done
2. Deactivate "use team plays" cheat // DONE!!

Changes planned for Version 2.1:
1. Fix bugs with custom playbook - page #, B-button action //DONE!
2. Fix custom playbook defensive plays //DONE!
3. Fix custom playbook for P2,3,4 - need to increase the write function to fill all the plays //DONE!


TODO: 1.   ADD IMAGES FOR 2001 PLAYS
     2.   FIX "FLIP PLAY" ISSUE (UPDATE POINTERS) //DONE!!!!
=================
changes to version 4.5
======================
many changes. Dumped a bunch of data for plays up to 6, ran out of room. started to get strange behavior in other parts
added all play data for 2001. however, plays 6-9 are not authentic. used data from other plays.
no serious issues nonetheless.

 
========================
changes to version 4.1
========================
1.   updated page 6 (2001 plays) names
2.   moved pointers for defensive play names to make room for page 6
3.   updated custom plays so last offensive page is custom page + page flipping (see V2.0 & 2.1 below for changes)

//adding new 2001 offensive play pointers (6ad7c) and names (71b60)
NEW POINTERS TO PLAY NAMES STARTING AT
0x6AD7C
0x71b60      80070F60   SHORT JET
0x71b6C      80070F6C   STACK IT
0X71B78      80070F78   SMACK YOU
0X71B84      80070F84   DEEP ATTACK
0X71B90      80070F90   FLOOD SLIT
0X71B9C      80070F9C   POST DRAG
0X71BA8      80070FA8   TASTY TREAT
0X71BB4      80070FB4   KOMBAT
0X71BBC      80070FBC   BLACK RAIN   

//moving defensive play names so we can expand the offensive play names
0xd19f0   lui at, $8029   //originally $8028
0xD19F8   V0 0xADD0 (AT)   //originally V0, 0x405C (AT)

=======================
changes to version 3.7c - BlitzXL2016_V37c.z64
=======================
added plays:
SHORT JET
STACK IT
SMACK YOU

========================
changes to version 3.6 - BlitzXL2016_V36_stable.Z64
========================
team plays deactivation hack - with the extended playbook, this cheat is no longer necessary, so this turns off using team plays

0x328B8   SW V0,0x0000 (T0)   //sets cheat to 1 for all cheats
0x328BC J $80070D88         //jump to 0x71988; originally SW S3, 0x0010 (SP)
0x328C0   SW S3, 0x0010 (SP)   //originally SW R0, 0x0014 (SP)
0x71988 SUBU T0, T0, T0      //CLEAR T0
0x7198C   LUI T0, $8028      //LOAD UPPER HALF OF TEAM PLAYS ADDRESS   
0x71990   ADDIU T0,T0,$2E64   //LOAD LOWER HALF
0x71994   SUBU V0,V0,V0      //CLEAR V0
0x71998   SW V0, 0X0000(T0)   //SET TEAM PLAYS VALUE TO 0 TO DISABLE
0x7199C   SW R0, 0x0014(SP)   //from original code
0x719A0   J $0024BBA4         //JUMP BACK to 328C4 in rom; 8024BBA0 in ram



========================
changes to version 3.5 - TO DO STILL
========================
////////another one /////
starts at 0xD197C - still need to fix! used for flippd play names

///here are all the LW v0,0x0000(a0) if you need to fix
0032D71C
0032D8EC
0032D914
0032D938
00330A58
003311FC
003318FC


========================
changes to version 3.4
========================
//fixing another place where it loads offense data
D5240   J $80070D60      //originally lw v0, $0000 (A3); 71960 in ROM
D5244   subu v0,v0,v0   //originally addu v0,v1,v0
71960   lui v0, $802B
71964   addiu v0,v0,$1988
71968   addu v0,v1,v0
7196C   J $803311F8
//same for defense
D5260   J $80070D74      //originally lw v0, $0000 (A3); 71974 in ROM
D5264   subu v0,v0,v0    // originally addu v0,v1,v0
71974   lui v0, $802B
71978   addiu v0,v0, $1988   
7197C   addu v0,v1,v0
71980   J $80331218      //D5268 in ROM

=======================
changes to version 3.3
=======================
deleted all USE TEAM PLAYS data. The cheat still works, need to delete it

      
=======================
changes to version 3.2
======================
actually fixed the previous. This is the definitive version of the extended playbook, as it no issues with custom plays that the others did.
//THIS FIXES THE MULTIPLE PLAYBOOK ISSUE, CHANGES SOME PREVIOUS THINGS IN V2.0//////
//offense -images
0xD192C      8032D8DC   J $80070D1C   //original sll v1,a1,0x3; jump to new part; 0x7191C in ROM
0xD1930         SLL V1, A1, $3      //move top down here; original ADDU V1,V1,A1
0x7191C         ADDU V1,V1,A1      //from original code
0x71924         SUB V0,V0,V0      //set V0 = 0
0x71928         LUI V0, $802B      //set upper to 802A
0x7192C         ADDIU V0,V0, $1988   //set lower to DF20
0x71930         J $800D0D34         // jump back; 0xd1934 in rom
//offense - names
0xD1958   J $80070D4C         //originally LW V0, $0000(A0); 7194C in rom
0xD195C   SUBU V1,V1,V1      //originally ADDU V0,V1,V0
0X7194C   LUI V1, $802B
0x71950   ADDIU V0,V0, $1988   //
0x71954   ADDU V0,V1,V0      //from original string
0x71958   J $8032D910         //JUMP BACK TO D1960
//offense - picking right play
0xD1750   J $80070BE0
0xD1754   NOP
0x717E0   LUI V1, $802B
0X717E4   ADDIU V1,V1,$1988
0x717E8   ADDU V1,V1,V0
0x717EC   ADDU A1,S3,R0
0X717F0   J $8032D708
//defense
0xd19a0   lui v0, $802B
0xd19a4   ADDIU v0,v0, $1988
0xd19a8   NOP
0xd19B0   NOP
0x71938   lui v0, $802B
0x7193c   addiu v0,v0,$1988
0x71640   ADDU V1, V1, V0
0x71948   J $0032D994
//defense- picking right play
0xD171C   SUBU V1,V1,V1 //CLEAR OUT ALL OTHER VALUES
0xD1720   LUI V1, $802B   //SET PLAYLIST TO LAST ONE
0XD1724   ADDIU V1,V1, $1988   //SET BOTTOM HALF OF ADDRESS
//END OF MULTIPLE PLABOOK ISSUE/////////////////

=======================
changes to version 2.3
=======================
Fixed P2,P3,P4 custom playbook + extended playbook.
Game now reads all plays for default plays from the P4 play table at A0 = 0x802B1988 & 0x802B2CD6.
This way we're not writing/being written over the first 3 playbooks.
//offense
0xD192C      8032D8DC   J $80070D1C   //original sll v1,a1,0x3; jump to new part; 0x7191C in ROM
0xD1930               SLL V1, A1, $3      //move top down here; original ADDU V1,V1,A1
0x7191C               ADDU V1,V1,A1      //from original code
0x71924               SUB V0,V0,V0      //set V0 = 0
0x71928               LUI V0, $802B      //set upper to 802A
0x7192C               ADDIU V0,V0, $1988   //set lower to DF20
0x71930               J $800D0D34         // jump back; 0xd1934 in rom
//defense
0xd19a0   lui v0, $802B
0xd19a4   ADDIU v0,v0, $1988
0xd19a8   NOP
0xd19B0   NOP
0x71938   lui v0, $802B
0x7193c   addiu v0,v0,$1988
0x71640   ADDU V1, V1, V0
0x71948   J $0032D994
=======================
changes to Version 2.2
=======================
Fixed defensive play issues
0xD2980      8032E930   XORI V0, S3, 0x0002      //moves actual custom custom play data to last page
=======================
changes to Version 2.1
=======================
//fixing default play flipping issue w/ play 5
8032E7E0   SW T1, 0x002C (SP)   //stores into 800C2C84; flip play - boolean 0 or 1; each is for normal or flipped
0xD7298      8032E748   XORI V0,S3, 0x0005   //Fixes flip page issues for custom plays, must be == to number of pages; originally 0x0002
0xD27AC      8032E75C   SLTI V0,S3, 0x0006   //Fixes flip page w/ default plays; must be > # of pages; originally 0x0004
==========================================
changes to ROM blitzXL_V20.z64
==========================================
//extending playbook - default and custom
0xD2590      8032E540   ADDIU V0,R0,0x0005      //sets 5 pages for default playbook
0xD25D0      8032E580   SLTI V0,S3,0x0006      //sets 6 pages for custom playbook
0x34130      8024D410   ADDIU V0,A1,0x1399      //original 1369; moves defensive play data back to make room for new plays
0x34150      8024D430   SLTI V0,A3, 0x0023      //original 0009; allows all play table data to be written
//fixing playbook to read/write correct plays
0xd1924   J 0x80070C28      //ORIGINALLY addu a0,v0,v1 ; 71828 IN ROM; jump to new area to make playbook pages correct
0xd1928   addu a0,v0,v1      //ORIGINALLY LW V0, $0000 (A0)   
0x71828   LW V0, 0x0000 (A0)   //line needed from original function
0x7182C   ADDU S4,S5,R0      //sets correct page number; may not work w/ custom plays
0x81730   ADDU A1,S5,R0      //sets correct page number; may not work w/ custom plays
0x71830   j 0x8032D8DC      //jump back; D192C IN ROM; this is address from NEMU; calculated one didn't work
//move custom pages around - puts custom plays last - still need to fix page #
0x37B44      80250E24   ADDIU T0, A2, 0x1350   //original 0x1370; writes the entire first playbook; truncate may damage last play; make sure to only truncate play data
0xd2558      8032E508   XORI V0,S3, 0x0005      //original 0x2; sets playbook on the last page (versus 3rd)
0xd2a20      8032E9D0   ADDIU T1, R0, 0x0005   //original 0x2; sets playbook on last page; not changing this freezes game
//fix how to load in data for multiple playbooks for p2,p3,p4
         80250E00   BEQL V0,R0, $XXXX      // originally SUBU V0,V0,A0;    jump to 80250E10 if first playbook
         80250E04   NOP                  // originally SLL V0,V0, 0x4;   delete for branch
         80250E08   SUBU V0,V0,V0         // originally SUBU V0,V0,A0;   set V0 = 0
         80250E0C   ORI V0,V0, 0x13C0      // originally SLL V0,V0, 0x3;   set size of playbook to be larger
//fixing page 4 custom - above fixes the graphics and text, but this will fix actually loading correct play data
0xd1750      8032D700   J $00070C3C            //originally lui v1, 0x8037; is 7183C in ROM
0xd1754      8032D704   lui v1, 0x8037         //originally addu v1,v1,v0
0x7183C               addu v1,v1,v0         //entry point at jump
0x71840               addu a1,s3,r0         //copy s3 value (correct page #) to a1      
0x71844               J $8032D708            //jump back to RAM address; is d1754 in ROM
//DEFENSE - add more pages (currently 2, default 1)
0xD26B8               BEQ R0, V1, 0x000D26B8   //branch if custom play or not; same as original code
0xD2698               SLTI V0,S3, 0x0003      //puts custom play page last; originally 0x0002
0xD26A4               ADDIU T1, R0, 0X0002   //increases to 3 pages for custom playbook; originally 1
0xD26B8               J $80070C70            //jumps to same page change code as offensive, just with page total = 2; 0x71870 IN ROM
0x71870               **page change code**   //same code as that for offensive play select (found at 0x8032e5a4)
0x71890               SLTI V0,S3, 0X0002      //set playbook size to 2 pages (for defense); ORIGINALLY 1
0x7189C               ADDIU T1, R0, 0X0002   //set playbook size to 2 (no custom plays)
0x7199C               **end of page change code**
0xD2980               XORI V0, S3, 0x0002      //moves actual custom custom play data to last page

//Increasing playbook timer //
//Time stored in 800BCB68
//800BCB98   similar to timer
0xd7710      LW S0, 0x0000(A0)
0xd7714      J 0X80070C4C         //originally LWC1, F2, 0x0004(A0); 7184C IN ROM
0xd7718      LWC1, F2, 0x0004(A0)   //originally CVT.S.W F2, F2
0x7184C      CVT.S.W F2, F2
0x71850      SUB S0,S0,S0         //SET S0 = 0
0x71854      ORI S0,R0, 0X0014      //INCREASE TIMER TO 20 SECONDS
0x71858      J 0x800D6B1C         //JUMP BACK TO D771C IN ROM

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #1 on: August 04, 2016, 09:32:58 AM »
I figured out how to do incorporate a button activator. I was able to use it to toggle regular/low gravity in game. Additionally, I know how to change the cheats to do other things. I replaced the "show field goal %" cheat with a low gravity one (actually just appended it, so it still shows FG %), so now you don't need to use a stand-alone ROM or gameshark cheats. Here's an example of this.

Custom Cheat Hack

this hack allows you to trigger custom cheats at the versus menu, such as low gravity, player speeds, etc.
It requires what ever variable you want to change (speed gravity, etc)  to look at the address where the cheat is and find it's value.
0 = off, 1 = on. These values are in memory and can be read during the game.
general hack strategy:
1. find function to modify
2. find address of cheat Boolean that you can replace
2. read the value (either 1 or 0)
3. toggle function as necessary
Code: [Select]
// toggle gravity - added to SHOW FIELD GOAL % (- - 1 D)
// 0x80282EB4 address of boolean in RAM

0x65BB8 J $80071424 //ORIGINALLY LUI AT, $BDA3; 71FF0 IN ROM
0x65BBC NOP //ORIGINALLY ORI AT,AT,0XD70A
0x72024 LUI T4, $8028 //store boolean in T4: chosen because T4 not used in function
0x72028 ADDIU T4, T4, $2EB4
0x7202C LW T4, $0000 (T4)
0x72030 BGTZ T4, $00072014 //branch if greater than 0
0x72034 nop
0x72038 LUI AT, $BDA3 //set normal gravity value if no cheat
0x7203C ORI AT, AT, $D70A
0x72040 J $00064FC0
0x72044 NOP
0x72048 LUI AT, $BCD0 //set low gravity value if cheat
0x7204C ORI AT, AT, $D70A
0x72050 J $00064FC0

0x949C8 J $800713F0 //ORIGINALLY LUI AT, $BDA3; 71FF0 IN ROM
0x949CC NOP //ORIGINALLY ORI AT,AT,0XD70A
0x71FF0 LUI T4, $8028 //store boolean in T4: chosen because T4 not used in function
0x71FF4 ADDIU T4,T4,$2EB4
0x71FF8 LW T4, $0000 (T4)
0x71FFC BGTZ T4, $00072048 //branch if greater than 0
0x72000 nop
0x72004 LUI AT, $BDA3 //set normal gravity value if no cheat
0x72008 ORI AT, AT, $D70A
0x7200C J $00093DD0
0x72010 NOP
0x72014 LUI AT, $BCD0 //set low gravity value if cheat
0x72018 ORI AT, AT, $D70A
0x7201C J $00093DD0
« Last Edit: August 05, 2016, 09:11:16 AM by blitzmaster5000 »

jaker3

  • Administrator
  • Sr. Member
  • *****
  • Posts: 334
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #2 on: August 07, 2016, 06:45:41 PM »
love this! We should try and get a patch made for the start of the season.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #3 on: August 08, 2016, 09:29:02 AM »
That's the plan! I think as far as custom cheats go, I will do the following:

1. ultra low gravity/slow motion tackles
2. Low gravity - this version is a bit more playable than (1)
3. Fast tackling
4. 2000 speeds (currently I have the default set to 2001 player speeds)

What's cool about doing these hacks this way is you can pick and choose which hacks to play with.

The extended playbook (currently w/ the 5 offensive pages and 2 defensive ones from 2000; still working on consolidating the 2001 play data) is going to be a default feature as of right now, but I could add a cheat to trigger this as well. I.e., the default is still 3 off/1 def pages, but then the cheat increases to 5. What do you think?

One other thing - Texans need away jerseys, so I need to figure out that as well.

If you think of any others let me know.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #4 on: August 21, 2016, 07:35:57 PM »
It has been a while! Been dealing with real world stuff lately, but plan on releasing a patch with the extended roster (no 2001 plays unfortunately) with custom cheats such as 2000 speeds and low gravity. As soon as it's uploaded I'll put the link here.

jaker3

  • Administrator
  • Sr. Member
  • *****
  • Posts: 334
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #5 on: August 23, 2016, 06:16:43 AM »
Been super busy myself, excited to see what you come up with and the speed hack sounds awesome! I'l see if I can whip up a Texans away jersey.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #6 on: August 25, 2016, 10:32:05 PM »
Here's the 2000/2001 speed toggle cheat code. I've realized JALs and JR RAs are way easier than just Js. Makes it much easier to jump in and out of the functions as needed.

Code: [Select]
// toggle 2001/2000 speeds
// 0x80282E94 address of boolean in RAM

//toggle QB lat/forward speed
0x9be00 J $80071458 //originally lui at, $4005; jump to check boolean
0x9be04 NOP //originally ori at, $1eb5
0x72058 LUI S3, $8028 //store boolean in s3: chosen because s3 not used in function
0x7205C ADDIU S3, S3, $2E94
0x72060 LW S3, $0000 (S3)
0x72064 BGTZ S3, $0007207C //branch if greater than 0
0x72068 nop
0x7206C LUI AT, $4005 //set normal gravity value if no cheat
0x72070 ORI AT, AT, $1EB5
0x72074 J $802F7DB8
0x72078 NOP
0x7207C LUI AT, $3FCC //set speed to 2000 for QB
0x72080 ORI AT, AT, $CCCD
0x72084 J $802F7DB8
0x72088 SUB S3, S3, S3
//toggle QB backleft speed
0x9be64 JAL $8007148C //originally lui at, $4005; jump to check boolean
0x9be68 NOP //originally ori at, $1eb5
0x7208C LUI S3, $8028 //store boolean in s3: chosen because s3 not used in function
0x72090 ADDIU S3, S3, $2E94
0x72094 LW S3, $0000 (S3)
0x72098 BGTZ S3, $000720B0 //branch if greater than 0
0x7209C nop
0x720A0 LUI AT, $3FF5 //set normal gravity value if no cheat
0x720A4 ORI AT, AT, $CCCD
0x720A8 JR RA
0x720AC NOP
0x720B0 LUI AT, $3FB9 //set speed to 2000 for QB
0x720B4 ORI AT, AT, $999A
0x720B8 JR RA
0x720BC SUB S3, S3, S3
//toggle QB back speed
0x9be90 JAL $0007148C //jump to same function right above (uses same variables)
0x9be94 NOP
//toggle QB backright speed
0x9bebc JAL $0007148C //jump to same function right above (uses same variables)
0x9bec0 NOP



from ram
802F7DB0 sets QB 3c014005 2016 3FCCCCD 2000
802f7e14 QB backleft 3C013FF5 2016 3FB999A 2000
802f7e40 qb back 3C013FF5 2016 3FB999A 2000
802f7e6c qb bckright 3C013FF5 2016 3FB999A 2000

3FB9999A //speed of def (no turbo) in 2000/2016/2001
3FECCCCD //speed of def (turbo) in 2000/2016/2001

jaker3

  • Administrator
  • Sr. Member
  • *****
  • Posts: 334
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #7 on: September 07, 2016, 12:00:23 PM »
awesome! Sorry about being not being active the past month. Been super busy and have had alot of fantasy football drafts fill my free time haha... Hope to get some work done this weekend.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #8 on: September 08, 2016, 08:52:25 AM »
No problem at all, I have had similar commitments. I did find a bug with the patch and extended playbook - if you audible it will freeze the game. Besides that, I haven't had any issues with it. I'll release an updated patch once I fix it.

jaker3

  • Administrator
  • Sr. Member
  • *****
  • Posts: 334
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #9 on: September 27, 2016, 08:30:07 AM »
Hey Blitz master,

do we know where we want to insert the custom plays yet? I could start developing the code to insert it into the rom if we know.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #10 on: September 30, 2016, 03:54:46 PM »
Sorry I've been MIA, have tons of things going on. We could do one of two things:

1. Put it in empty space early in the ROM, similar to how I stuck some of the default 2001 play data. This would probably be best because the custom play data isn't nearly as bulky as the default data, and should fit easily into a chunk of unused space.

2. Put it at the end of the table data near the end of the ROM. I'm planning on doing this for the 2001 play data to consolidate it in one place (versus have it spread out all around the empty parts of the ROM).

Either should work - if we go with (1), I can find a good address with plenty of empty space after it we can use.

jaker3

  • Administrator
  • Sr. Member
  • *****
  • Posts: 334
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #11 on: October 12, 2016, 05:48:23 PM »
Alright, going to try and finish the play editor this week/weekend and get some team uniforms updated.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #12 on: October 16, 2016, 10:42:58 PM »
Sounds good Jake! I'm fixing the audible issue I mentioned earlier. I will then start putting in the 2001 play data. I've decided it's best to dump it at the end of the rom and just increase the amount of addresses loaded into ram for the play table, just leaving a bunch of empty space in the ROM for new images or what not you might add using your tool.

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #13 on: October 17, 2016, 06:46:22 PM »
Here is the code necessary to fix the audible glitch with the afformentioned extended playbook. I didn't test this with multiple players nor custom plays, so it may still be an issue with those (probably the custom plays more than the multiple players).

Code: [Select]
0xD4A54 LBU v0,0x134E(V0) // originally 0x1372
0xD4CA4 LBU v0,0x134E(V0) // originally 0x1372
0xD4A64 SLTI V0, A2, 0x0003 // originally 0x001b
0xd4cb8 SLTI v0, A1, 0x0003 //originally 0x001b

blitzmaster5000

  • Full Member
  • ***
  • Posts: 150
    • View Profile
Re: Blitzmaster5000 hacks
« Reply #14 on: May 28, 2017, 03:57:49 PM »
The custom playbook on the ROM hasn't been released yet, but I have found a glitch that I'm not sure I can fix so I will post it here. It's pretty minor though.

If you let the timer expire on a custom play (this is with the 20 second timer), the game will freeze. Pretty small glitch, but it's there.