Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Dec 29, 2021 at 8:48 AM       12,688       63      
Status
Not open for further replies.
Proceeding the Ricochet Anti-Cheat Kernel-Level Driver, PS4_Cheater Homebrew App for 9.00 and MW2 Remastered PS4 Mod Menu Loader for 9.00 today developer Avan06 (aka @avan) released a Beta of his PS4CheaterNeo Application to find PS4 Game Cheat Codes based on PS4Debug and .Net Framework 4.8 for the PlayStation 4 Scene to test out. 🀩

Download: PS4CheaterNeo (Latest Version) (includes PS4CheaterNeo.exe, Be.Windows.Forms.HexBox.dll, GroupGridView.dll and libdebug.dll) / GIT

He notes that if you want to execute SendPayload to enable ps4debug, you must manually download ps4debug.bin and place it in the specified directory: the same path as PS4CheaterNeo.exe\payloads\[FW version]\ directory.

Here's more from the README.md: PS4CheaterNeo

Overview


PS4CheaterNeo is a program to find game cheat codes, and it is based on ps4debug and .Net Framework 4.8. Currently in beta:

Table of Contents
TOC generated by markdown-toc

Building
  • Open PS4CheaterNeo.sln with Visual Studio (Community also available) and built with .Net Framework 4.8.
Description
  • User interface re-layout and design to dark mode.
  • The cheat window and the query window are separated.
  • Hex Editor can be opened from the cheat or query window.
  • Pointer finder can be executed from the cheat or query lists.
SendPayload
  • Opening the PS4CheaterNeo program will automatically detect whether ps4debug is enabled.
  • If not enabled, SendPayload will be executed to enable ps4debug.
  • You must specify the ps4 connection IP in SendPayload.
  • SendPayload requires the ps4debug.bin file that conforms to the FW version.
  • Port is 9090 when using GoldHEN2.0b to Enable BinLoader Server, Other Bin Loader tool port is usually 9021.
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06.jpg


ps4debug
  • You must manually copy ps4debug.bin to the same path as PS4CheaterNeo.exe\payloads\[FW version]\ directory.
Code:
path\PS4CheaterNeo\bin\Debug\payloads\[FW version]\ps4debug.bin
path\PS4CheaterNeo\bin\Release\payloads\[FW version]\ps4debug.bin
Cheat window
  • The cheat list can be loaded with cheats file, and the cheat value can be edited and locked.
  • The cheat list has a group expandable/collapsible mechanism, and the cheat description with the same beginning will be set to the same group.
  • You can add the address to the Cheat List from the Query window or Hex Editor, and can also be added manually.
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 2.jpg

PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 3.jpg

PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 4.jpg

PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 5.jpg


Add Address
  • You can manually add addresses to the Cheat List.
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 6.jpg


Query window
  • Opening the query window will automatically refresh processes list, if eboot.bin already exists it will be selected.
  • Support query multiple targets, Multiple query windows can be opened at the same time.
  • In addition to query types such as Byte, Float, Double, Hex, etc., it also supports Group types.
  • Make the section of the suspected target more obvious.
  • The query value will skip the filtered section list when the filter checkbox is clicked.
  • The preset section filter rules is libSce, libc.prx, SceShell, SceLib, SceNp, SceVoice, SceFios, libkernel, SceVdec, these rules can also be customized.
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 7.jpg

PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 8.jpg

PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 9.jpg


Section
  • The memory address of the PS4 game is the start position of the specific section plus the relative offset value.
  • The start position of sections is dynamic and will change every time you start the game or load the game save or just go through a scene in the game.
  • This program will reload the sections when executes the lock or refresh the cheat codes to ensure that it is correct.
Group ScanType
  • Use group search when you already know the data structure of the query target.
  • Input format: [ValueType1:]ValueNumber1 [,] [ValueType2:]ValueNumber2 [,] [ValueType3:]ValueNumber3...
  • The ValueType can be 1(Byte), 2(2 Bytes), 4(4 Bytes), 8(8 Bytes), F(Float), D(Double), H(Hex) or not specified.
  • The ValueType is preset to 4 bytes when the value type is not specified.
  • The ValueNumber can be specified as an asterisk(*) or question mark(?) when the value is unknown.
  • The delimiter can be comma(,) or space( ).
Example:
Code:
Assuming the target structure is 63 00 E7 03 00 00 AB CD 00 00 00 01
Group scan can be entered as 2:99 999 ? 2:256
Hex Editor
  • Display the detailed information values of the address value of the current cursor position.
  • Make address values greater than zero more obvious.
  • You can add the address to the Cheat List from the current cursor position.
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 10.jpg


Pointer Finder
  • Make the base address of the pointer be in the executable section when FastScan is clicked.
  • If there is no result, you can try to click NegativeOffset.
  • The finder will skip the filtered section list when the filter checkbox is clicked.
  • The preset section filter rules is libSce, libc.prx, SceShell, SceLib, SceNp, SceVoice, SceFios, libkernel, SceVdec, these rules can also be customized.
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 11.jpg

PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06 12.jpg


Reference
Cheers to MSZ_MGS for the initial heads-up on this project via Twitter! 🍻
PS4CheaterNeo App to Find PS4 Game Cheat Codes by Avan06.png
 

Comments

JackFlap

Senior Member
Contributor
Verified
Is it possible to add an option to increase or decrease a value with keyboard input?

Like for example you have a float address for the camera position, you lock write on the address, then press a key to increase/decrease the value on this locked address and move the camera around?
 

JackFlap

Senior Member
Contributor
Verified
@avan 🀞 I hope it's possible, I have a couple of games where I would like to explore the environments with their photomode cameras.

As a total noob I attempted to make a tool but couldn't find how to add the address and control the value to move the detached camera.

This is what I ended up with: Driveclub+Camera+Control.zip (62.45 KB)
 

avan

Developer
Member
Contributor
Verified
@JackFlap
To be able to adjust the value with the keyboard up and down or the scroll wheel, use the NumericUpDown Control. In addition, If you want to know how to convert the value, you can refer to the following example

1. Converting bytes to numeric values can be done with
BitConverter.ToUInt16
BitConverter.ToUInt32
BitConverter.ToUInt64

2. Converting the numeric value to bytes can be done with
BitConverter.GetBytes

For example:
Code:
byte[] bytes2 = { 0xC4, 0xC1 }
BitConverter.ToUInt16(bytes2, 0) => 49604
BitConverter.GetBytes(49604) => { 0xC4, 0xC1 }

byte[] bytes4 = { 0xC4, 0xC1, 0x78, 0x29 }
BitConverter.ToUInt32(bytes4, 0) => 695779780
BitConverter.GetBytes(695779780) => { 0xC4, 0xC1, 0x78, 0x29 }
Hi all,

Updated 0.9.5.0-beta version in github.

Added feature that allows Cheat Value to be adjusted with the keyboard up and down or the mouse wheel in main window. (Thanks @JackFlap for the suggestion)

This feature will check if the Cheat Value is a numeric value, if it is not a numeric value (Hex or text) it is just a TextBox.

Changelog history:

0.9.4.10-beta

  • Improve query and pointerFinder
  • Add new options
  • QueryBufferSize:
    • Set the minimum buffer size (in MB) in querying and pointerFinder, enter 0 to not use buffer,
    • Setting this value to 0 is better when the total number of Sections in the game is low.
    • If the game has more than a thousand Sections, Buffer must be set.
0.9.4.9-beta
  • Rewrite and improve PointerFinder.
  • Improve query and refresh in query window.
  • Added section size filter option in query window and PointerFinder.
 

JackFlap

Senior Member
Contributor
Verified
Nice πŸ‘

When you're changing the value could it be made to write the value to the address constantly without hitting enter?

That would give smooth camera movement control.
 

avan

Developer
Member
Contributor
Verified
Hi, you can refer to the following: If you want to write the value to PS4 after pressing the button, then create a Click event for the increase and decrease buttons respectively, and execute the function of writing to PS4 in the event.

If you want to establish a lock value function, you can add Forms.Timer Component to the form, and set the call interval to periodically execute the function of writing to PS4.

Hi @JackFlap: The value in editing is called dirty value in GridView, and cannot be obtained before hitting enter by default.. to get the dirty value in editing, it needs to be handled in a dedicated event.

After researching for a while, I finally tried it out. I added this feature in the 0.9.5.3-beta version.

New feature
  • Editing cheat values in UpDown can be automatically written to PS4 when CheatCellDirtyValueCommit is enabled.
  • Added option CheatCellDirtyValueCommit, Determine whether to automatically write to PS4 when editing cheat values in UpDown, Default enabled.
In addition, some experimental features were added in the 0.9.5.2-beta version

Added experimental feature.
  • game process can be paused or resumed or SlowMotion in query window, experimental feature requires Attach ps4 Debugging,
  • after Attach ps4 Debugging, be sure to close query window before closing the game, otherwise the PS4 will crash. be sure to close query window before closing the game, otherwise the PS4 will crash. be sure to close query window before closing the game, otherwise the PS4 will crash.
  • performing SlowMotion will require Enter the SlowMotion interval
    (in milliseconds, larger intervals will be slower)
Fixed a 0.9.5.2-beta issue in 0.9.5.4-beta.
  • Fixed the issue that canceling AttachDebugger failed when executing SlowMotion.
 

JackFlap

Senior Member
Contributor
Verified
@avan
It's perfect - amazing work, thank you πŸ‘

A little test video


Every game can now have some sort of freecam with this always write feature.

So far I've tried Driveclub, Days Gone, Ghost of Tsushima and Dying Light 2 and all is good. 😎
 

avan

Developer
Member
Contributor
Verified
Create a new SectionID encoding rule in 0.9.5.5-beta version.
  • To process memory addresses, the program needs to use SectionID to obtain the corresponding Section. The original PS4_Cheater's rule for establishing SectionID is to sort Sections from low to high address, and obtain the count value as SectionsID. for example, if the SectionID is 100, the Section in the 100th position will be read.

    What is the problem? When the number of Sections is low, the order will not be wrong, but if the number of Sections is from one hundred to more than one thousand, it is easy to obtain the wrong Section, because the game is started at different times, the value of Section often changes.
  • This program attempts to create a SectionID that can correctly correspond to a Section at different times,
  • SectionID is abbreviated as SID below, and its encoding rules are as follows(rules established before 0.9.5.5-beta):
  1. The 1st code is idx used to count multiple Sections generated by the same MemoryEntry
  2. The 3rd to 6th code is sIdx will continue to count until the Prot value changes and will be reset
  3. The 7th to 8th code is ProtCnt will count when the Prot value changes
  4. The 9th code is the TypeCode when the Section has a name it is 1, otherwise it is 2
  • After a while, I found that the above rules are still not enough, and the new encoding rules from 0.9.5.5-beta are as follows:
  1. The 1st code is idx used to count multiple Sections generated by the same MemoryEntry
  2. The 3rd to 5th code is sIdx will continue to count until the HighBits or TypeCode or Prot changes, it will be reset
  3. The 6th code is ProtCnt which counts when the Prot value changes and resets when the TypeCode changes
  4. The 7th code is the TypeCode when the Section has a name it is 1, otherwise it is 2
  5. The 8th to 10th code is HighBits which will be taken from the high-order bits of the address, such as AB12345678 => 171(AB)
  • Saving will automatically update the SID value when loading cht cheat files from older versions.
  • For example:
  1. If the destination address we found is 3890012345, its Section is 3890000000, and the relative address is 12345

    The current Section table is as follows:
    Code:
    AddrStartγ€€γ€€Protγ€€countγ€€γ€€γ€€SIDv1γ€€γ€€γ€€γ€€γ€€SID
    34E6200000γ€€γ€€3γ€€γ€€1076γ€€γ€€200006300γ€€γ€€522000600
    34E7800000γ€€γ€€3γ€€γ€€1077γ€€γ€€200006400γ€€γ€€522000700
    3890000000γ€€γ€€3γ€€γ€€1078γ€€γ€€200006500γ€€γ€€562000000 <-- Section of the destination address
    3890200000γ€€γ€€3γ€€γ€€1079γ€€γ€€200006600γ€€γ€€562000100
    3890600000γ€€γ€€3γ€€γ€€1080γ€€γ€€200006700γ€€γ€€562000200
  2. Each Section does not exist every time, causing the total number of Sections to increase or decrease, suppose the next time you start the game, add Section 34EA200000, and its SID will change to the following use the "count or SIDv1" of the previous save and you will get the wrong Section
    Code:
    AddrStartγ€€γ€€Protγ€€countγ€€γ€€γ€€SIDv1γ€€γ€€γ€€γ€€γ€€SID
    34E6200000γ€€γ€€3γ€€γ€€1076γ€€γ€€200006300γ€€γ€€522000600
    34E7800000γ€€γ€€3γ€€γ€€1077γ€€γ€€200006400γ€€γ€€522000700
    34EA200000γ€€γ€€3γ€€γ€€1078γ€€γ€€200006500γ€€γ€€522000800 <-- Suppose this Section is added when the game is started this time, using count or SIDv1 will get the wrong Section
    3890000000γ€€γ€€3γ€€γ€€1079γ€€γ€€200006600γ€€γ€€562000000 <-- The actual Section of the destination address
    3890200000γ€€γ€€3γ€€γ€€1080γ€€γ€€200006700γ€€γ€€562000100
    3890600000γ€€γ€€3γ€€γ€€1081γ€€γ€€200006800γ€€γ€€562000200
 

JackFlap

Senior Member
Contributor
Verified
Resident Evil camera hack, works in gameplay and photomode.
It's best to run two instances of PS4 Cheater Neo with the .cht loaded as you're going to need to refresh the pointers to get the camera's current position and doing so will mess up the eboot changes that enable / disable the freed camera.

Same with Ghost of Tsushima, but the movement is way slower :(
 

Artilespesepero

Member
Contributor
So sad... i cant use it on my windows 7 and i dont know why but... do you think if is possible make a Force FPS Cheat code? by the way i will try install W8 and see if it works
 
Status
Not open for further replies.
Top