How to Make your own PS4 & PS5 Game Cheats

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what is going on guys it's moded Warfare here welcome back to another PS4 and PS5 tutorial so in this one I'm finally doing an updated guide on how to create your own game cheats and Trainers for your PS4 and PS5 games now I did do a video on this a few years back that barely scratch the surface so I want to go into some more detail in this video so it will be quite a long video uh compared to most of the other videos on the channel here especially since I've received so many requests to cover this topic especially for the PS5 since there aren't that many cheats or trainers available for the PS5 yet now you can follow this on the PS4 or the PS5 because it's the same tools that we're using to create the cheats for both consoles it's the same process for both now I would highly recommend getting yourself a wired network connection to do this you can do this over Wi-Fi but it's going to be slower and you're more likely to run into timeout issues uh which are going to be a problem so you know if you want to make life easier for yourself definitely set up a wired connection before doing this cuz it's going to be much better so to get things set up on the consoles you want to grab your consol's IP address and then go over to the exploit host and run the PS4 debug payload if you're on the PS4 and of course if you're on the PS5 you're going to want to head over to the ps5s exploit host and run the PS5 debug payload once you have those payloads running you can then launch the game that you want to create the cheats for so once you got the game loaded up in this case I'm doing Demon Souls because that's what that was quite highly requested I'm just going to use this one as an example but of course the concepts and the stuff that I'm talking about here in this video will apply across the board to other games so anyway let's go ahead and switch over to our computer here and get set up with the software so there's two tools that we're going to be using for this there is the PS4 cheater application which is our scanner tool that's the tool that we use to find the values in memory it's basically like cheat engine for the PS4 and then we have have our debugger which is Reaper Studio this is PS4 Reaper Studio by shinen gami which is a really powerful piece of debugging software and it's also got a trainer Builder built in and some really handy uh tools for building trainers so you can basically build the whole trainer in this tool and then export it as a trainer file or a cheat file that you can then import into other things so very very useful piece of software so we're going to be using that as well so we'll start off by getting things set up with Reaper studio so we're going to open up this application and what we're going to do here first of all I'm going to change this to dark mode because I think it's a bit clearer and we're going to go to file and options and you want to enter the IP address of your PS4 or PS5 in the IP Box and also enter your username in here so that any cheats you develop will show your username as the person who developed the cheat uh which is pretty handy so enter that information and click save and then we're going to click this button here to connect to the console so process list loaded please select a process we'll click okay and then from here we're going to select the process list and select our eboot.bin which is the main executable file for the game in most games we'll use eboot.bin some games will have a different executable file but the majority of them will use eboot.bin so we'll select that and then we can create our project so I'm just going to call it Demon Souls 104 which is the game update I'm on for Demon Souls 1.04 which is the latest update I'll click okay and it grabs the information there and creates our project file so if we switch over to the console we'll start with the basics and then kind of work our way up to things that are a little bit more complicated so the first thing I'll do is ammo our ammo for our bow and arrow here which as you can see goes down when I fire obviously also our consumables like our health potions which also goes down we have a limited quantity so we want to get unlimited unlimited consumables unlimited arrows in our bow and arrow that's what we want to get first of all that's a nice easy one to start with so what we want to do then we can see that we have 46 arrows so we'll use this value to find it so we've got 46 arrows right now so we'll switch over to our computer again and open up PS4 cheater and get things set up to use this so we'll click refresh obviously enter the IP address of your console up here first and then click refresh and that will grab all of the processes for eboot.bin all of the sections of memory and then we're going to select all of them and then down in the value section we're going to enter 46 as the value that we're searching for and then we can select our value type which is probably going to be a 4 byte integer so an integer a 32-bit integer is 4 bytes long so it's probably going to be a 4 by value of course it could be like a 16bit integer which would be a two bite value it could be a one bite value in some cases or even a float if it has a decimal point it's going to be a float or a double instead of a integer but generally you know it's most likely going to be a 4 byte integer in most cases so we're going to select that and select an exact value and then we'll do a search and that's going to basically dump the memory and search for all the occurrences of the value 46 as a 32-bit integer and any of the values that it finds it will then add to the list and this will be a a huge list of probably multiple thousands of results for the first scan but you can see it's not actually taking too long we're at 3% 4% um it's going pretty fast here and this is again this is on a PS5 if you're on a PS4 it's probably not going to take nearly as long because you have less memory overall on the PS4 to search through okay so that took over 6 minutes but as you can see it found 71,000 results results so way too many to go through so what we need to do is thin out those results so reduce the value by firing the weapon a few more times to change the value we'll get it down to 43 and then we're going to search for the value 43 so we're going to enter 43 and do a next scan and what that's going to do is search through all the values it found in the initial scan and see which ones have changed to 43 and it will discard any that have not changed so that narrows it down to 42 results which is pretty good let's just do one more should probably do it here so let's change it all the way down to 40 and then from here we'll search for 40 and see if we can find it here so next scan and there we go narrowed it down to three results so it's bound to be one of these so we're going to right click and add to cheat list and then we're just going to go through these one by one editing the value and then we refresh and there we go you can see that changed all of them which means that's probably the right value there so yep you can see the value has changed to 99 so that was successful if we fire it to make sure it's not going to reset back to 40 nope it went down to 98 so we are good we have successfully found the value there so we can get rid of these other two and we have found it so obviously that's a very easy example um in some cases it's not going to be that easy some of the issues that you can run into of course if you don't find it as a 4 byte value you can search for it as a two by value one bite value a float um or a double even and you can search for it that way if you're still not able to find the value sometimes the value that's stored in memory does not match the value that is displayed in the game so that can happen sometimes for example when I was doing Ratchet and Clank Rift apart the health bar I think the health bar showed I had about seven out of 10 and in memory the value was stored as 70 out of 100 instead of 7 out of 10 so I had to search for 70 and instead of seven so situations like that can happen also if you don't know what the value is because sometimes the game doesn't tell you what the value is it's just like a health bar or a stamina bar and you don't know what the value is in those cases you have other search options that you can use so for example you've got things like when you do a first scan there's an option for unknown initial start value so you don't know what the value is you select that option and do a first scan and then if it was a stamina bar or a health bar or something you would reduce the bar in game do something to reduce the bar and then you can search for a decreased value which will narrow down the results and then you just keep doing that reduce the bar even more search for decreased value again keep doing a next scan maybe let the value increase in the game and then search for an increased value and by switching between increased value and decreased value you can also do unchanged value as well so decreased value increased value unchanged value and by switching between those different search patterns you can narrow things down maybe only a 100 or so results and then you can go through those manually to find the value that you're looking for takes a bit longer but it can work that way if you don't know what the initial start value is but in our case we managed to find it quite easily so we've got the value here now we can edit this value to whatever we want we can also lock the value so it keeps setting it in memory over and over again uh so we never run out of ammo now this is not a great thing to use though because this section of memory is in a dynamic section so it's going to be constantly changing all the time uh so if we die and respawn it could change or if we you know went back to the main menu and loaded up another save file then again this value could change to a different location and then this address would no longer take us to the value and we'd have to search for it again and every time we reload the game we would have to search for the value so that's not really handy for a trainer so what we need to do is we need to find the instruct struction that's actually setting this value in memory and we can do that with Reaper Studio by setting a watch point on it so if we right click on the value and go to edit and copy it here we can then switch over to uh Reaper studio and go to the debugger and attach the debugger to the console and then we can paste in the address up here in the watch Point list so we're going to enter the address in here value type is an in 32 so right only breakpoint type and then we've got length one will enable the watch point and what that will do is it will watch this address to see when the game changes the value and when the game changes the value at that location it will then Trace back where that came from so what function or what instruction actually changed that value in memory and then we can trace back and find the actual instruction that we're looking for so to do this we just go back into the game and Trigger the watch Point by getting the game to change the value by firing an arrow and then it freezes because it's actually paused the kernel and uh from there we can switch back to reper studio and you can see that it's actually hit the watch point right here so this is the actual instruction itself that's changing that value in memory so what we can do is we can copy that address and we'll reset the break point which will resume the game again so it's no longer being paused and then we can go to that address up here and disassemble and that will take us to the instruction and from here we can insert a cheat that will basically knop this instruction or nullify this instruction so it no longer writes the updated value in that memory address which will prevent us from losing any ammo when we fire our weapon So This Is Us basically creating the first cheat for our trainer so we're going to right click on the instruction and go to patch selection and direct which will insert a KN so you want to give this a label so I'm going to call this infinite ammo so infinite ammo we'll click okay then it's going to say do you want to find unique aob which means array of bytes so this is all about how it's going to locate the instruction in future you can either say yes to use an array of bytes and it will use a unique array of bytes to find that instruction in future or you can say no and it will just use the static memory address now because the PS5 uses aslr that might cause a problem with using static addresses so therefore it's probably advised to use aob with PS5 and with PS4 anyway it's just a good idea to use array of btes because it increases compatibility with your trainer allowing it to most likely work on other versions of the game as well so I'm on 1.04 of demon souls but if I use array of bites for all of my cheats there's a good chance that those cheats might work on other game versions besides 104 so it's just a good idea to use array of bites to to to increase compatibility with your trainer so we'll say yes to use array of bytes and this will create the the patch editor essentially so from here we can give this a label that will show up on our trainer so infinite ammo and we'll leave the index on zero because this is our first cheat and then all we have to do is hit save and that is saved right there so we've got the the default value and our activated value is knocking the instruction basically nullifying that instruction so we close out of that now and go back to the project info and click refresh we now have our first cheat for our trainer infinite ammo so we'll try and enable this by attaching the trainer to the console and then enabling infinite ammo and then if we go back to the game you can see we've got infinite ammo enabled trainer attached so let's see if this works we're on 97 and as I fire the weapon my ammo is no longer going down so we have successfully found UNL limited ammo for our weapon there and that will probably apply to other weapons and other stuff in the game like our consumables as well are not going down when I use them so we also have unlimited consumables so that works just fine right there now of course I can also turn it off and that should set it back to the default value so now my ammo should go down again and it is so that is all working so that works pretty well and you can do that on a bunch of different things in this game so for example this game also has weapon durability so you can see as you use your weapons the durabil the durability value lowers and I think it eventually breaks or gets too weak so what you could do is also find the value for that and then do the same thing and knop it so you could do this with a bunch of different things in a game in order to create a bunch of cheats just using the same method which is a fairly simple method of just knopping the instruction however there are situations where noing the instruction will not work so let's look at how we can kind of get around that issue so the next thing I'm going to try and do here is do unlimited Souls so our souls value in the game up here which is currently set to 18 which is our main currency value that we use to actually uh you know buy stuff in the game so a pretty important one to create a cheat for so let's go ahead and try and do that right here so we've got 18 right now and I'm going to go ahead and search for that in uh PS4 cheater so again because we've already found uh this value for the ammo in these sections of memory I can just search through that same section of memory because that way it's more likely that we're going to find the value in the same sections of memory that we already found the other value in so we'll search for it here so 18 we'll do a new scan again exact value four bytes and we'll do a first scan and see if we find it here and if we do find it that'll be great because you know it's not that many sections of memory to search through so it shouldn't take long so 13,000 results so now we need to change the value in game again which we can do by getting some more souls by killing some enemies I think there's a few guys up here so here we go so we'll kill this guy and then that gets us to 24 uh and then I need to get away from them so that they don't attack me while I'm testing this you can pause the kernel while you're searching um if you don't have a way to pause the game can be handy uh okay there we go got some more souls there so it went up to 32 all right so from here we can search for this value now so we'll do 32 and do a next scan and we only found two results so hopefully it's one of these two so we'll try changing this to 100 and refresh okay so nothing changed nope we're still the same so I'll put that back to 32 and then I'll change this one to 100 and hopefully yep it changed to 100 so there we go we found the value so once again we will copy this address and set a watch point on it so we'll enter the watch point right here and enable it okay and in this case full full screen this you can see here that it triggered the watch Point pretty much instantly so it looks like even if I hit resume which should then go to the next time it hits the watch point it hits it again straight away so in this case it looks like it's just setting the value in memory over and over again in a loop so it's just going to keep hitting the watch Point immediately normally you would have to do something in the game to change the value like we did when we fired the arrow for the first watch point but as you can see we've got it right here so we'll copy the address paste it in up here we'll go to the disassembler can get rid of that one now so as you can see we've got the instruction right here so knopping the instruction in this case isn't really going to help us much much because if you imagine I create a new game and I basically have zero souls or barely any Souls right at the beginning of the game and then I can KN the value by enabling a cheat that freezes it that doesn't really help us because then maybe I might not be able to gain any more souls while I have that enabled and I don't have enough to buy anything with it so what we really want to do is change the value of our souls to make it get maxed out completely so the way that we can do that is by changing the instruction itself so first of all we need to kind of understand what this instruction is actually doing so this is a Mau instruction which is moving the value that is stored in the eax register which will be the value for our current Souls which is 100 right now so it's taking that 100 value that's stored in eax and it's writing it to this location RDI plus 0x80 which is going to be our address that we found here on PS4 cheater this address right here and we can tell by checking if we go to our break point which is still enabled you can actually see the registers here on the left so you can see that if we take a look let's see the the address here is RDI plus 0x80 so if we go here and look at what we have at RDI so here's RDI here so it's 217 1e6 B30 and if you add 80 and hex to that you will get our value that we found here uh this one right here so it's setting the value at eax into that location and eax is the equivalent to our ax here in this register and you can see it is set to the value 100 so that's what the instruction's actually doing the reason why it's e ax here and Rax here is because the Rax is the 64-bit version of the value and the eax is the 32-bit version so eax is 32bit just like RBX would be EB X if we're talking about the 32-bit version so that is basically that so we can reset this now now that we've found the instruction and we know what's going on so we're going to right click and we're going to go to patch selection and instead of doing direct cuz we're not knopping the instruction we're going to do a code cave and then we're going to give this a name so I'm going to call this infinite Souls click okay we'll say yes to find unique array of bites which is what we want here so what this does is it's pretty clever actually so what it will do when we enable the cheat it's going to insert a jump instruction over the original instruction that we're inserting the cheat into and it will replace that this instruction here with the jump instruction that will jump to a free section of memory that it will write our custom instructions into it will then execute our custom instructions and then you can see here it then jumps back to the original code and keeps running the original code like nothing ever happened so what this will allow us to do is add our own instructions in here so so the way that I would do this is change the eax value instead of 100 to a really high number and then let it run this instruction again and it will just write that value into uh the souls address in memory so that's what we want to do right there so we can do this by doing m oov e ax comma and then the value that we want to move into eax so we can do that by going to the calculator so I'll do 999999999 and we'll convert that to hex and copy the hex value and we will paste that in there so that's going to write this really high number into eax and then it will just write that number to our souls location in memory and then it will jump back to the original code and we'll change the index to one because this is the next cheat in our list we'll give this a label whoops opened up the memory Thing by mistake so we'll give this a label of infinite souls and then we'll hit save and then we will give this a test so if we refresh we've got our infinite Souls now so we'll enable this attach the trainer get connected up and then enable infinite souls and as you can see it jumps all the way up to a maxed out number I may have gone a bit higher than I should have here because it looks like it can only display seven nines so this is a really basic code cave and when we disable infinite Souls of course it will not reset the value because it's already set it in memory so it will just keep setting the same value over and over again unless the value changes by something else in the game so we can go ahead and detach the trainer now but what we could do instead is give the user a little bit more control and let them enter whatever value they want to set for their souls value so if they want to set it back to a normal number they can or if they want to set it to a really high number they can and just give them the choice to enter whatever number they want and you can do that by adding a variable so Reaper Studio lets you do variables which is pretty cool so you can add a variable here if we click add variable and we'll give this the label of Souls and then the variable type is going to be a uint 32 and our editor is going to be a simple editor we'll give it a high number like uh seven nines again so 1 2 3 4 5 6 7 as our initial start value we click okay and then we can change this to our variable so we're going to do dword pointer open and close brackets and then put our souls variable in there and we can check validation to make sure the codee's valid you can see it is valid the reason why we need to do this is because just like this is what we do when we're writing to a memory address in this case we're reading from a memory address into the eax register and the point of this is the way that variables are done in Reaper studio is that it actually writes the variable to a free space in memory and then we need to read it from that location in memory and then read it into eax and then write it to our souls location in memory so that's what we're doing there so from here we can hit save click okay switch back here and refresh you can see we can now enter a value so if we enable the trainer again it's weird how it sometimes does that process not connected thing so now we can enter whatever value we want so if I want 100,000 we can enable infinite Souls switch back to the game you can see Souls edited to 100,000 and it's now changing to 100,000 so that has worked and then that way you can also just you know keep updating it 9999999 and then I'll hit refresh and then that should update it and there it goes jumps up to our value right there so that just lets the user enter whatever value they would like and if somebody obviously just wants to set it to unlimited then the default value is already 7 9 so they can just enable infinite souls and it will set it to a really high number so this just gives you a little bit of a better idea of some of the kind of extra things that you can do with the trainer Builder you can let people type in their own values you can create a list of strings say it was like a give weapon function where you had to have the weapon string name in order to set it then you could have a list of all the different weapons and you could select which weapon you want you know that kind of thing so there's a lot of cool stuff that you can do with this so anyway moving on from this we'll move on to our next thing now so I should also mention that if the value is a float value rather than an integer then the instructions are going to be different because they're different from floats to integers but they're not that different so for example like a Mau if it was a float it would be I believe a VM SS or something like that but it's basically doing the same thing and then instead of using registers like e ax or R ax or RBX it would be a value like X mm0 or xmm1 or two or Etc so in this case we're doing integers so it's just a Mau so there are some slight differences when it's a float the instructions are slightly different but it's more or less the same and of course when you hit break points or watch points and you're trying to find the float value it will not be in the regular registers you'll just select the float option and then it will show you all the floats xmm0 xmm1 Etc and you'll find your value in there we've done this we'll go ahead and close out of that we've got our infinite Souls so from here the next thing I'm going to show you guys is going to be health because this is obviously one of the main ones that you know typically you would want from a trainer would be the ability to do infinite health and the reason why I've left this one till later even though this is probably like probably one of the first ones that you would be trying to find is that it may be a little bit more complicated depending on the game uh which you will see here so we need to go ahead and try and find our health value so we've got a bar up here in the top left luckily in this game it tells you if you go over to status what the actual number is so in this case my my HP is 308 out of 308 so what I'm going to do here is search for that value in PS4 cheater so we're going to search for 308 we're going to do a new scan and we'll do a first scan for that and hopefully it will show up in the same location in memory as the other stuff uh if we're lucky if we're not lucky then it's probably going to be somewhere else so now I need to take some damage so we'll walk into some fire here and that's taken us down to 117 so from 117 we can go ahead search for that 117 next scan okay so we found a bunch of results here so let's go ahead and add each one of these in and we'll go through them one by one so we'll set this to 100 and refresh okay that reset so it's not that one do this one 100 okay this one changed to 100 so along with another address so that might be the one we're looking for let's see here yep you can see the bar just went down a little bit there and we're now set to 100 so we found our health value okay so unfortunately my game CR CR so I had to reboot but I found the value again for our health which is currently on 308 the maximum value if I change it down to 100 you can see we lose health so this is the correct value so once again we're going to copy that address and set a watch point on it so we'll enter a watch point right here enter the address and enable the watch point and here you can see it triggers the watch Point instantly just like our souls value which is not what we want in this case because this might not be the right instruction we we only want to trigger the watch point when we actually take damage so we know that we have the right instruction that's taking away our health when we take damage rather than this one which is just setting our health in a loop over and over again even when we're not even when the value is not actually changing which is not what we're after so there's kind of two ways we could do this we could knock this instruction so it no longer triggers the watch point and then we'll be free to trigger the watch point when we take damage or we could set a filter so if we try to set a filter here we can say that R14 is set to 100 which is our current health value so that seems to be the value for our current health so if we reset this we can set a filter where we say if R14 is less than let's say the max value of our health which is going to be 308 if I set my health back up to 308 and we'll say only if R14 is less than 308 then trigger the watch point so I could enable that filter right there and and then enable and then you can see it's no longer triggering the watch point however it does appear to be lagging the game quite significantly here and I don't want PS5 debug to crash so maybe we should just knock the instruction instead of using a filter but that's kind of an example of what you can do with filters there with break points and watch points but because of the lag I'm going to actually just let it trigger the the watch Point here and we'll just knock this instruction because then we shouldn't get any lag so we'll copy that go up here to the addresses go to the disassembler we'll just enter a patch on this instruction uh we'll call this KN health and find find unique array of bites we'll just quickly do this give it an index of two we'll save this and we'll go to the project refresh attach the trainer give it a few seconds to attach and then we'll KN health so that's now engaged so now that instruction should be kned so we should now be able to set the watch Point without the filter engaged and now it's no longer triggering so from here we can now check to see if it's the same instruction or not when we take damage so we need to find an enemy to hit us so that we can take some damage so let's go ahead and see here's one right here okay so he went to attack me and we triggered the watch point so it is a different instruction when we get hit so this is the memory address this is the instruction right here so we'll copy the memory address and then we'll head to it here go to the disassembler close out of this one so this is our instruction right here that's taking away our health so all we need to do I guess would be to knock this instruction okay so we'll select the instruction right click go to patch selection direct this will be infinite health so find unique array of bites and we'll go ahead and call this INF Health whoops INF Health there we go and we'll set this to index of three we'll save it and that should be it so if we close out of this go back to the project info refresh then attach the trainer again we don't need the KN Health anymore so we'll just enable the infinite health and that should hopefully be it so let's see if we can take damage now so find some more enemies should hopefully be some up here there's one let him attack and as you can see I'm no longer taking any damage so infinite health is in fact working however the reason why I didn't do this at the beginning is cuz there's a slight problem with this which is that if I try and attack the enemy they also have infinite health so this is one of the common problems you run into with infinite health it's the same with one hit kill as well is that it affects the enemy and the player so it's not really very useful if we have infinite health but the enemy also has infinite health in fact every enemy in the game will also have infinite health right now which is uh a slight problem so this is the issue that we need to fix now there's two ways that we can solve this I guess kind of an easy way and a harder way um both both ways are kind of valid I'll show you both of them in this video uh how use one method for infinite health and I'll use another method for uh one hit kill so let's go ahead and look at the first method which I consider to be a little bit easier here so what we want to do while we're being attacked is in fact we'll turn off infinite health just now we'll turn that off and then get rid of this guy okay so we'll switch back over here we'll disconnect from the trainer I guess we'll get rid of the infinite health patch because it's clearly not working in its current state also giving the enemies infinite health so if we head back to the instruction itself we're going to set a break point on this instruction so we're going to right click on the instruction and add break point so we put a break point on it right there and then from here if we switch back over into the game once again we want to take a hit from something preferably an enemy so find another enemy up here somewhere here's here's a couple of them over here we want to take a hit which will trigger the break point so break point triggered and you can see here so so the first method to separate the enemy's damage and the players damage is to go to the stack info and we're going to get stack info for let's say three and we'll click get stack this gets the kind of call stack so all the other instructions or the other functions that led up to our damage function being called in this instance when we were hit by the enemy so basically you can kind of Trace back to see all the other functions that that led up to our function being called and you can see there's a bunch of them here so these all lead up to or are related to our damage function here and what we want to do is kind of go up in that stack to see at what point does it separate between the player and the enemy and we can do that by taking a screen shot of everything that we have here so these current addresses that are in the call stack when we're attacked and then we're going to compare that to the addresses that we see when the enemy gets hit and see if any of these are different so let's go ahead and take a screenshot of this so stack info we'll take a picture we'll open an image editor I'll also just put in a little label down here that says uh that player was hit just to make sure that we know exactly where we are here so I'm using greenshot for this you can use share X or Snipping Tool that's built into Windows just take a screenshot and then we're going to reset things so we'll reset the break point which is uh going to get me attacked by these guys again we just get rid of them we need a controlled environment here so what I'll do is I'll hit one of these guys with an arrow and I'll set another break point here so instead of me being hit it's going to be an enemy being hit this time so we'll set another break point on this instruction okay so we're going to hit this guy with an arrow here and that triggers the break point and now we're going to get the stack again and we're going to compare that to what we found when the player was being hit so let's line up these addresses and see if there's any differences so we can see this first one is the same so if we knock that call it's not going to change anything it's still going to be the same for affecting the enemy and the player if we knock this one 997a that's also the same so there's not going to be any difference there but the third one down is different as you can see there are collar stack two we've got 1 fbe and this one is 43 F40 so this is where it diverges between the enemy and the player so but if we knop this instruction here that seems to be only for the player then it shouldn't affect the enemy cuz the enemy uses a completely different instruction that's in a different place so that's what we want right there so if we reset our break point again now we're probably going to get some enemies coming for us which we are so let me just breako that again when I get hit so that it will trigger there we go so this is the value here when we get hit that's different the fbe one so I'm going to copy that uh we'll reset this for now so that we can just uh quickly oh before I die there we go all right so from here we're going to paste in that address up here disassemble so this is the location so it's 1 fbe and it's not highlighting any in green which means it can't it's not able to locate it so it was at 1 fbe so we'll have to go down and find it manually so 1 f b B3 B6 BC so it looks like it's this one here so this call to qword pointer R8 plus 0x 390 that must be calling to our damage function or one of the other functions that leads up to the damage function being called so that is our call right there so if we just knock this hopefully this will do the trick here so we'll call this one infinite health and yeah we can have a space in it because it's a direct not a code cave so we'll just go ahead and do that and give it an index of three save infinite health saved let's refresh let's try this attach the trainer I did reset the break point Didn't I yeah I did okay good otherwise that would have crashed okay so we'll enable infinite health now knopping that instruction and let's see what happens here so well see if we get hit oh I died and respawned that skeleton must have chased after me and got me all right let's see okay here we go so as you can see in this case because it's kind of further up in the call stack or further down I'm not sure the right terminology but since it's kind of like higher up as more of a parent function it's not even triggering the function that actually makes you like get hit and stumble so it's not even registering that I'm even being hit right now now when I knock that call so that gives me infinite health but because it was a different address for the enemies I should still be able to strike the enemies and kill them just as normal so we successfully separated uh the player Health from the enemy Health by doing that and we didn't even have to use code cave for that either uh so yeah we can't even get hit so it's kind of like a better infinite health because we don't even stumble while being hit even though our Health's not going down we just don't even get hit at all it's like they're not even there their hits are just not even registering which is pretty sweet so that's one way that you can separate the player Health from the enemy health and I'm going to show you the other way because the other way also would allow us to do one hit kill which this doesn't really allow us to do one hit kill so let's go ahead and look at the other method that you can use to separate the players's health from the enemy health so that we can do one hit kill you could also use this method for infinite health as well because of course in some cases you might not be able to you know do the method that we just did here maybe the call stack for you for the enemy and the the player are all using the same functions the same addresses the same function calls in which case this method might not work so let's look at the other method that we'll use for one hit kill so we can exit out of this now we'll disable infinite health for now and detach the trainer uh hopefully we don't get attacked all right so let's look at one hit kill and the other method so if we go back to the original damage function so this is the original function call for the damage that when we knocked it it would give us infinite health for us and the enemies so with this one we'll once again set a break point on it just like we did for the previous method so we'll attack an enemy here to trigger the break point there we go think I just grazed his shoulder there okay so if we go back to the disassembler we've hit hit the we've hit the point here so instead of using the stack info what we can do is look at the registers and see if there's any register differences between the player and the enemies so if we just take a screenshot of the registers this time so let's screenshot the registers we will open an image editor and again I'll add a label just to keep me right on this so I know which which screenshots which so this will be um so this will be player hits enemy and we've got that right there okay so with that we will then resume okay so back in the game I'm going to get hit by an enemy this time and that will trigger the break point again and this time we want to see if there's any main differences between the registers when we get hit and when an enemy gets hit so this is where we get hit here so some differences as you can see RSI is zero RSI is 131 here R8 and R9 are at zero uh when it's the player that gets hit when it's the enemy they have a large numbers in them like addresses by the looks of things and then r10 is equal to zero when the player hits an enemy and when the player gets hit r10 has a large number in there instead so that's a bit of a difference okay so I'm going to set a break point on this again and this time we'll do environmental damage so I've got got killed and respawned here so this time I'll run on some fire and take damage from that so instead of being hit by an enemy it's now environmental damage so you can see RSI is a different value so we can't use that uh to tell the difference between the player and the enemy uh cuz it seems to change no matter what and then R8 and R9 are still zero and r10 still has a number in there whereas when we hit an enemy r10 is zero and R8 and R9 have values in them so we could use potentially R8 R9 or r10 as our value to tell the difference between the player and the enemy so I'm just going to use r10 we'll see if it we'll see if it works out uh so we'll go ahead and use that we can also see that because I died and respawned my health was previously set to 308 after respawning which is the highest uh you know health value that I can have right now and 172 must be how much health I have after I've taken damage so R14 is how is the updated health value that gets written to our health value in memory right here with this instruction so what we want to do is we'll just reset this and we'll right click on our instruction here go to patch selection code cave and we'll call this one one hit kill and we'll do this and then we'll give it the label of one hit kill and we'll give this index of four and okay so we should be good so what we want to do in here then is just change the value of R14 D to a really low number basically zero if we just set it to zero then every time we hit an enemy they'll just die straight away so to do this we'll do a Mau and we'll say that R14 D will equal zero so that is the basic code mode but of course we need to tell the difference between the player and the enemy because if we don't then we'll also die in one hit not just the enemies so before this we need to add a compare instruction a CMP instruction which is going to compare and we're comparing our r10 value and we'll do r10d which is the 32-bit version r10 would be the 64-bit version r10d is the 32-bit version so we'll compare r10d to zero now we know from this that when we hit an enemy R 10 will equal zero so when we're hitting an enemy we want it to run this code and then we're going to do JN which means jump if not equal to so we're going to jump if it's not equal to zero which means it's the player being hit then we can just jump straight back to the original code and continue running the original code without ever running this that is one way that we could do it although you may notice that if we do this it's also going to skip the main fun itself it's never going to run this function to take our health away so this will actually be infinite health plus one hit kill uh we'll try that first of all so let's save this one hit kill saved we'll head back to the project info we'll refresh we'll attach the trainer get this enabled we don't really need this KN Health function anymore we can get rid of that so let's go ahead and activate one hit kill okay one hit kill enabled let's see what happens here so I'll take hits from this guy and it will also be infinite health so you can see unlike the other infinite health we still stumble and we still get hit but we don't take any damage but when I hit an enemy it just kills them in one shot so one hit kill is indeed working with this but obviously we have the problem of you know if we just want to enable one hit kill without giving ourselves infinite health then we're going to have to change this we already have an infinite health cheat so we don't actually need this to be doing infinite health and one hit kill we just need this to do infinite health so let's go back to the patch and change it so to change it what we'll do instead is we will use a reference point so we'll create a new reference point called um is player so jump if not equal to is player and then what we'll do is we will copy these and paste them in underneath and then we'll create our reference here which is is player just like that so zero is when we're hitting an enemy so if r10d is equal to zero it will not jump and it will set R14 D20 and then write that in as the damage value for the enemy and then jump back to the original code if it is the player and r10d is not equal to zero then it will jump if not equal which it will not be equal so it will jump to is player which is this reference here so it will jump here and then run the normal code which just sets the normal damage value for the player and then jumps back to the original code so that will give us our one hit kill without affecting our health as the player so let's go ahead and save that and then we'll head back here we'll refresh we'll attach the trainer again get that attached okay and then we'll enable able one hit kill and then that gets us our oneit kill okay so let's see let's stand on some fire and I took damage right there as you can see so I'm taking damage as I should be but it's not killing me in one hit and let's take a look at the enemies here so I can kill them in one shot just as before let's try and arrow on this guy see if we can kill him in one hit apparently I can't aim okay I definitely can't aim okay yeah so you can see I'm still definitely taking damage but I can kill every enemy in one shot but yeah as you can see there one hit kill is working and I'm still taking normal damage which is awesome which means we can also use this now with our infinite health if we want one hit kill plus infinite health because our infinite health is in a different location it's not going to affect our one hit kill kill so I still have Infinite Health Plus One Hit kill and that way I can easily decide using the trainer if I want one hit kill on its own or infinite health on its own or Infinite Health Plus One Hit kill now I have discovered one potential problem as you'll see here if I use a health potion with one hit kill enabled it just kills me instantly so clearly it must be setting r10 to zero when we take a health potion so the code is running as if you know it's an enemy when I take a health potion and it's setting my health to zero so these are some of the edge cases that you can run into now we could just kind of patch that uh fairly easily so to fix that issue we'll disconnect everything here head back over here so if we add another break point so we'll add a break point I'll take some damage from something so let's take some damage from this guy okay so you can see we've got r13 308 is my previous health value and then this is my updated health value after I've been hit by the enemy so what we could do is obviously whenever we're hitting an enemy the enemy's health is going to reduce so so R14 should always be lower than 308 when somebody's taking damage whether I'm taking damage or an enemies taking damage then R14 should be lower than 308 because uh you know damage has been taken however if I'm taking a health potion then R14 could be higher than r13 or it could be the same as r133 so what we could do is just add another check in our code cave that says hey if R14 is the same or higher than r13 then Health must be being added not taking away therefore or don't set the health to zero cuz I'm probably taking a health potion and I don't want to die instantly cuz that's the opposite of what health potions are supposed to do so let's add that extra check in there so we'll reset this I know I'll get killed in game but we'll go ahead and hop back over here and add the check so we don't need to add the check in here because if the value is not equal to zero anyway it will skip that and this is only happening when the value is equal to zero cuz it's running this code setting our health to zero which it should only be doing it for the enemy so we'll add another compare in here before that before we set the health to zero just as a double check that says if R 13d is compared to R14 D and if R14 D is higher or the same as r3d we will jump if lower or equal to and we'll jump to the is player location so yeah if R14 is so if r113 is lower or equal to R 14d then obviously damage has not been taken it must be increasing or staying the same so it will just set the normal damage value instead of setting it to zero just as a double check so we'll go ahead and save that again there could be other situations in the game that break this but we'll go ahead and just uh see if that works for now we'll attach the trainer um give it a few seconds there we go and we'll enable one hit kill again and we'll head back into to the game one hit kill enabled okay so let's see if everything works out now so we'll get this guy in he's still going down in one hit I still take normal damage but one hit kill still working and if I apply a health potion you can see my health goes up as normal it's no longer killing me whenever I take a health potion now again there could be certain scenarios further on in the game that this doesn't apply to for example maybe there's some enemies in the game that recharge their health over time or if you hit them with a certain weapon it increases their health or doesn't change their health and that could cause a problem and that would stop one hit kill working on them so obviously there are certain edge cases where it might not work it's really best to make a trainer for a game that you actually know and that you've played through and you know what different scenarios happen in the game to make sure that your your cheats are actually going to work all the way through the game uh which I don't know cuz I've not played this game through before so uh yeah but you get the general idea so that should work right there we've got our one hit kill we've got our infinite health infinite ammo all of that stuff is done we can get rid of this KN Health function now this cheat cuz we don't need that that was just for testing we can get rid of that so I'll probably expand this a little bit and then you know provide the trainer file in the description for anybody who wants to try it so yeah hopefully this gives you a good starting point though to get started in creating your own cheats and trainers I think we covered a decent amount of stuff in this video you know you how to actually find the original values set watch points so that you can find the instructions KN the instructions which you can do a lot with just knopping the instructions and then also doing stuff like you know working with variables for the trainer Builder so people can enter whatever value they want to apply to the game you also have the ability to separate the player Health from the enemy Health now and a couple of different ways you can do that by using the call stack or by finding a register value that's different when it's the Enemy versus the player and you can create a custom code cave to separate them and you can do one hit kill you can do infinite health various different stuff like that so hopefully that covers a good array of uh techniques there so I'm going to go ahead and Export this now so once you've created your trainer and you're ready for people to use it you can click the export button to export it as an actual cheat file so we've got the project here it's going to be a SN EXT file so that type of cheat file I'm hoping that uh Reaper Studio might expand in future to allow you to export it as other cheat formats like mc4 or shn or Json uh which would be handy but right now it's shn next so if we save that that will save our cheat file right there so there it is we've got our cheat file okay so I'm going to rename this cheat file so it shows up as Demon Souls so we'll call it uh demons Souls yeah I think I can have spaces in the file name so we've got our cheat and we can load this cheat file in multi- trainer so if you give it to somebody they don't need to use Reaper Studio to load it they can just use the multi trainer here so this has all a bunch of different uh trainer files over 700 trainers loaded and what we can do is we can go to our documents folder here for the trainer trainer route if we copy that location and we just paste it in up here and head to the sh next trainers all we need to do is copy our trainer file in there so we could give our trainer file to somebody they could copy it into their trainer folder for uh multi- trainer and then from there they could just refresh if we reload the trainers here we can see our Demon Souls trainer shows up and we've got our IP address entered here so they could just select the trainer and here is our trainer loaded up here in multi- triner 2 and we can just connect that to the game that it is attached trainer attached and then we can activate everything we can put our one hit kill on we'll enable that we'll enable infinite health and we'll also enable our infinite souls and switch back over and you can see that's all set so yeah there you go now you could also post your trainer file in the uh Reaper team Discord and I think that might allow it to be eventually uploaded to the repo for all the other trainers so instead of people having to you get the trainer file manually and install it they could just you know update their trainer list in uh the train trainer 2 software and it would just download from the repo and your trainer could be included in that which would be great otherwise though you can just share the file with anybody who wants to use it and they can use it inside trainer 2 but I definitely hope that Reaper studio will include the option to export in other cheat formats in future because it would be definitely handy to be able to use our trainers in the gold hand sheets uh built into gold handen sheets that would be handy but on PS5 the trainer 2 software is the only software that actually works for applying cheats to your games right now just this and Reaper Studio but that will probably change over time as you know other Homebrew apps and payloads are developed to include cheats so uh yeah anyway that's basically it for this video it's a very long video I hope you guys managed to get through it all I'll be very surprised if anybody's actually managed to get to the end here but if you did give yourself a pat on the back and I hope you guys enjoyed this video or found the information useful if you did please leave a like And subscribe and I'll hopefully see you guys in the next video [Music] [Music]

Info

Channel: MODDED WARFARE

Views: 20,796

Rating: undefined out of 5

Keywords: PS4, PS5, PlayStation 4, PlayStation 5, Cheats, Mods, Modding, Trainers, Cheat Engine, PS4 Cheats, PS5 Cheats, PS4 Trainer, PS5 Trainer, Tutorial, Walkthrough, Guide, Education, Discussion, Deep Dive, Reaper Studio, Games Reaper, PS4 Cheater, ps4debug, ps5debug

Id: g5ryP7FG5yE

Channel Id: undefined

Length: 59min 12sec (3552 seconds)

Published: Sun Jan 21 2024