Skip to content

How to find cheats (Hex Editor)

Jump to bottom
Damián Parrino edited this page Feb 22, 2021 · 2 revisions

Originally by Ginger from ps3cheating.net

For folk who are unsure on how to mod or cheat your PS3 Saves, please watch these videos. They are for Game Genie for PS3. But the concepts are the same.

https://youtu.be/RVvesQEQeIo

After watching these videos, if you are wondering how you can apply this knowledge to BruteforceSaveData, follow these steps.

  1. After you have “Decrypt PFD”
  2. Double Click the Save Data in the bottom left window. Not PARAM.SFO. It will launch HEX Editor.
  3. Now launch Windows Calculator. Set it to “Programmer”, “Digit grouping” and “Basic”

Now you need to know what you want to change in your game.

Example in-game:

  • Upgrade Points - 12, but you want to change it to 99.

In Windows Calculator make sure the radio button is in “Dec”, now key in 12. Change the radio button to “Hex”. You will get C or in other words 0C. In the HEX editor search for 0C. You will most likely get many search results or just one. It depends. Look at the value before and after the region of the search results. If you are sure that it could be the value. You can change it to 99. But you can’t just type 99. It has to be in HEX. Which is 63.

  1. After editing and saving, return back to BSD.
  2. Encrypt PFD
  3. Verify PFD
  4. Transfer save. If can’t be done via XMB use FTP or MM
  5. If cheat or mod is not working, game crashing/not loading.
  6. Restore save & try again. Usually, you won’t always get the first time right. Don’t give up & Try again!!

More Videos: https://youtu.be/BY8LuiAFhjU

Note: the PlayStation 3 is Big-Endian so data in save-games is usually in big-endian order too.

Some basic skills are required in order to reverse engineer. You must be familiar with the types of data used by games, and how this data is stored inside files. The integer (a whole number, such as 1000) is extremely common. Since data is usually examined in a hex editor, the values are written in hex. Thus the value 1000 is 3E8 in hex (in order to distinguish between hex and decimal, the rest of this guide will prefix hex numbers with 0x, as the C programming language does - therefore 1000 is the same as 0x3E8.)

There are different variants of integers, but the most common are 16-bit and 32-bit. 16-bit integers occupy two bytes of space, and 32-bit integers occupy four bytes of space. In hex, every two digits are a byte. So 0x12 is one byte (8-bit), 0x1234 takes up two bytes (16-bit), and 0x12345678 takes up four bytes (32-bit). If you were to store 0x12 in a 32-bit integer, it would be 0x00000012 (the leading zeroes are ignored, like in decimal 1000 is the same as 001000.)

When these integers are written to a file, however, the order of each byte is different. The value 0x1234 is written as two bytes, 0x12 and 0x34. However because DOS/Windows is little-endian, the order is reversed. Thus when looking at a file with a hex editor, the two bytes will appear as 0x34 followed by 0x12. A 32-bit number might look like this in a hex editor: 78 56 34 12

Reversing the order of those bytes reveals the number 0x12345678. Likewise, this might be another number seen in a hex editor: 23 67 01 00

This is where reverse engineering skills come into play. Is this a single 32-bit integer (0x00016723) or two 16-bit integers (0x6723 and 0x0001)? Being able to determine which is which is a skill a reverse engineer must learn. (In this case it is most likely to be a 32-bit integer, because the first 16-bit integer is so large and the second is so small. Usually sequential numbers are similar in value.)

In order to examine game data, a hex editor must be used. It is important to know how to read data in a hex editor, as well as how to edit data. When opening a file, the data will appear something like this:

00000000 61 62 63 64 65 66 67 68 abcdefgh

Here, the first number is the offset. The very first byte in the file is at offset 0. The second byte is at offset 1, and so on. The first number tells you where in the file the data is positioned. The next set of numbers (61 to 68 above) are hex values of the data. In this case, the first byte in the file is value 0x61. The third byte in the file is value 0x63. After the numbers come ASCII (text) representations of the same numbers. In the example above, the first character is a lowercase a because 0x61 is the ASCII code for a lowercase letter A.

It is important to note that the numbers (61 to 68 above) and the letters (a-h above) are different representations of the same data. This is because sometimes it is easier to look at the data in numeric form, and sometimes it is easier to look at it in text. Having both views of the same data on the screen at the same time makes it easy to switch between the two. By way of example, if you were trying to decode a 32-bit integer (as described in the previous section) you'd be looking at the hex numbers, but if you were trying to read some filenames it would be much easier to look at the text. After all, reading 6D 61 70 73 2E 64 61 74 is a lot harder than reading maps.dat but they are both the same data!

This is why, when editing data using a hex editor, if you change the numbers the text will also change, and likewise if you type over the text the numbers will change accordingly.

Clone this wiki locally