Walk through of making a simple ASM cheat

Here is a walk through of making a simple ASM cheat using Breeze

In this example we shall make a code to hack the coin count

We be making a cheat for "Double Dragon Gaiden : Rise of the Dragons 1.0.1 TID: 010010401BC1A000 BID: 5D072C126CE0DBA1"

Start searching for the value we see on screen

We found 124 candidates

Play the game then search again

We have narrowed it down to one candidate

Hack the memory to see if that is the correct one

Edit the memory and go back to the game to check Some game don't refresh the number on screen until the game changes the value, in this example you have to get some coin to see if the hack works

Go to memory explorer and set a break point on this memory

Activate these buttons "SetBreakPoint", "Gen2Attach", "Execute Watch"

Play the game a bit for the game code to have a chance to access the memory

Check the result in Gen2 Menu

When you are satisfied that you have given the game code enough time to be captured stop the watch with "Gen2Detach" There are two instruction captured, ldr is a read instruction and str is a write instruction.

Check if the code only access the target we want to hack

Place a watch on the instruction "Select", "Watch instruction", "Gen2Attach", "Execute Watch". Go play the game a bit. We are lucky and on first try we found a code that access only one memory address "Gen2Detach" and it is the address that we want to hack

look at the disassembly of the code target found

"Select" the address field of the watch and it will bring you there The add instruction looks interesting

Add the found code to cheat

Modify the added code to get the result that we want

"copy", "paste below", select the second line and edit it with "ASM/keycombo edit" We speculate that w1 has the delta and a lsl#4 is making it 2^4 time bigger.

Test the code

Test the code by playing the game to verify that it is indeed changing the behavior of the game correctly.

Other variation of code to hack the coins

We can also hack the quantity directly, refer to the disassembly above, the game code read the value, add to it then write it back, we can do a hack of the read instruction to put any value that we want the coin to be A limitation of in place hack is a single ARM64 instruction is fairly limited in what it can do, for example here the biggest number we can have is 0xFFFF. If we want a bigger number we need to have a code cave to have more instructions to make what we want happen

Making a cheat with code cave

You can edit with just Breeze or you can edit with some other text editor. The file name is the label for the cheat (the file name is shown on the screen)

• ldr w8, a //This line load register w8 from the label a
• return: b code1+4 //This line returns from the code cave
• a:.word 10000 //This is where you put the value you want to load Use the "Add ASM" button to assemble the code.

Making off code

All ASM cheats requires a off code to turn off. I kept the off code in the first line of the cheat which subsequently get override by the next code. This button can be used to make the off cheat with that.