xbox: How To Hack Sega GT 2002 To Allow It To Accept Hacked Game Save Files
Up until now, the main obstacle encountered when trying to hack game saves was that the game would detect that you tried to hack it by comparing the game save data to the "signature" (CRC) of the game save file(s).
However, DEatHrler has found a way around that! He has successfully modified the main game file itself (default.xbe) to bypass the CRC check. Thus, hacked game saves will load and work despite the CRC not matching the data.
Below is a little tutorial that he wrote up related to hacking the Sega GT 2002 default.xbe file to allow hacked game saves to load. While specific to this game, the principals apply to any game.
[ Update ]
Although you initially need to hack default.xbe to load a game save that you hack, you can then resave the game and will have a valid game save file with the proper CRC recalculated. The save can then be used by anyone with the game, regardless of whether or not they have hacked their default.xbe file. This is certainly very good news for those who are less inclined to hex edit their default.xbe files.
If you just want to hack sega gt, go to the section "Actualy Hacking the .xbe" everything else is technical for cracking other games...
Fist, open CXBX (0.4.4 was what was available, all should work)
Go To File/open .xbe file
open your default.xbe of the game you want to crack
and then go to File/export to .exe...
now you have your .exe file to dissasmble in W32Dasm
Open her up and you see something like this; if you've never used w32dasm all the buttons get confusing so just go to dissasembler/open file to disassemble
open your file and it'll go to work. you should get a screen that looks like this; disassembling takes a while so give it time.
when you're done go to refs/string data references
locate the file that you susspect to be the save state. In Sega GT it's gdata0.dat there are other files but they aren't crucial
Double click the file and it'll bring you to the instance it suspsects the file is being accessed
there might be several instances of it being accessed; usually one for saving and one for loading.
You can tell that this particular instance is for loading because the previous one has idata0.dat accessed before hand which isn't read for data, it's only used in the load menu.
Here comes the arbitrary part: you must determing which function is being used to checksum the files
It's rather obvious in Sega GT because on one of the calls you come to a bit of code that looks like this:
I'm not exactly sure what it is doing line by line but it looks to me that it is what I need to get rid of
Look near the bottom of the W32dasm window when you have the call selected and you should see, in the status bar,
"Line: ######## Pg ##### and ##### of #### Code Data @:###### @Offset 0006DD5Ch in File:default.exe"
The data that you are interested in is the number that I have bolded, it will be different for every game but this is what it happens to be for Sega GT
Actualy Hacking the .xbe
Open up WinHex and click Position/Go To Offset
Make sure that the button next to the text box is set to "Bytes" or you will get the wrong place
Enter the offset (6DD5C for Sega GT) from the previous step in the text box and hit OK. It'll jump you to the offset that the call function is on
Now find the offending call in the .xbe and nop it out (put 90s in for all of the addresses the call function takes up)
You should now have a cracked .xbe, FTP it to your XBOX and load some hacked save states
An Example of a hacked save state... unfortunately the engine doesn't deal with really large numbers, it limits itself to $9,999,999 but ~$10,000,000 works
I'll try to document the save state to make modification easier; the most notable offset is 00000018 through 0000001B which is for money,
values of FF FF FF 04 will give you around $10.5 mil, I wouldn't suggest going over because the engine doesn't like extremely large money values (wont let you buy if you have too much)
