The newest, PS3-based incarnation of the Game Genie doesn’t share much of a lineage with the original line of similarly named, cartridge-based cheat devices nearly ubiquitous in the 8- and 16-bit eras; manufacturer Hyperkin picked up the rights to the name when Galoob’s original trademark recently lapsed. It doesn’t share exactly the same functionality as its namesake either. While the old Game Genies actively patched the ROM code being loaded from the game cartridge, the PS3 Game Genie is actually just a computer program that lets you decode and modify PS3 save files stored on a standard USB stick.
But one thing the old and new Game Genies share is the ability for a determined, patient hacker to create their own cheats by diving in to the vagaries of the hexadecimal code. While most users will probably be satisfied clicking checkboxes to activate pre-built cheats like maximum health and full game unlocks (just like most users of the original Game Genie were satisfied copying down codes from the included booklet or game magazines), the Game Genie software also offers an Advanced mode that allows for more direct save file manipulation.
The Game Genie documentation doesn’t offer much guidance on how to use this advanced editing option, so I reached out to Hyperkin Project Manager Wayne Beckett (a veteran developer of previous cheat devices like the Action Replay and Game Shark) to explain the basics of how the PS3 save file hacking works.
Breaking the encryption
While the interface the Game Genie uses for its save file hacking looks like a simple hexadecimal file editor, the software actually conceals a lot of behind-the-scenes work needed to make those files editable in the first place. "If you take a hex editor like Winhex on your PC and you open a PS3 save, the only thing you're ever going to do is break it,” Beckett said. That’s because those save files are protected by “encryption, compression, checksums, second level encryption, and so on,” he explained.
“So we basically make all of that invisible to the user. We'll actually decode the save on our server, then we'll send it to you, and then you make the changes, then we'll re-encode the save and send it back,” he said. (This process also makes it possible to re-encode a save file with the profile from another PS3 system, letting you easily transfer saves between hardware).
Unfortunately, this means that the Game Genie only works with a selection of about 70 PS3 games that Hyperkin has gone to the trouble of figuring out how to decrypt and decompress to be directly editable (the company is working to expand that list going forward with automatic online updates). Beckett said the involved process of unlocking the specific save format for a single game can take days or even weeks, especially for complicated files like those found in Skyrim or Max Payne 3.
To prioritize which games go through the process first, Hyperkin keeps track of player sentiment through Facebook and e-mail to figure out which games people want to cheat on the most. "Sometimes the most popular games aren't necessarily the games people want to most cheat on," Beckett said. “The ones people typically want to most cheat on are typically the hardest games. It's not exactly what you'd expect."
The memory hunt
For some of the games that Hyperkin has unlocked, editing the save file is a relatively straightforward process. Capcom’s Dragon's Dogma, for instance, stores the raw save data as a human-readable plain text file, making it simple to find the specific values you want to edit. For the vast majority of saved games, though, the save file you get back from Game Genie’s decryption process is just a wall of hexadecimal values (and perhaps a few stray human-readable ASCII variable names) that’s going to look like gibberish even to an experienced programmer.
One of the best ways to figure out which brick to chip away at in that hex wall is to cross-reference a couple of different saves for some known values, Beckett said. Say you have one save file where a character has 325 gold pieces, for example, and another where he has 500 gold pieces. If you search out all the memory locations with a hexadecimal value of “325” in the first save file, and those with “500” in the second file, you’ll likely find at least one location where the values seem to overlap. That provides a good clue as to where the “gold value” variable is being stored in the save file.
Performing these kinds of searches with the Game Genie software is relatively simple, thanks to a “find” function that automatically converts decimal values to hexadecimal. Unfortunately, the software doesn’t provide much help in comparing those discovered memory locations across two different save files. The program doesn’t provide the opportunity to run a simple “diff” operation between two different save files, which would make it relatively simple to see which memory locations are being changed between two largely similar saves states (Beckett said they hope to add this feature in the future). It’s not even possible to copy the raw data out to your own more powerful hex editor to find those differences for yourself, or to open two save files side by side to do a direct visual comparison. The only option is to copy down the memory values by hand and compare them that way, a tedious and laborious process.
Once you’ve found the key memory location, though, it’s just a matter of editing it to whatever hexadecimal value you want (Beckett noted that most experienced hackers have memorized the hexadecimal value for 9,999,999 for this very reason). It may take a few trial-and-error passes to figure out exactly how extensive the edits should be (does the gold value take up 8 bits or 16 bits, for instance?) but the Game Genie backs up the original saves, so you don’t have to worry about screwing up your save file permanently.
The master of unlocking
What about cheats that don’t have a distinct numerical component, like those that unlock hidden characters or levels? Beckett said these are going to be harder for an average user to suss out for themselves—Hyperkin uses its own more advanced tools to figure out which precise bits control these elements of the save file. But at-home hackers have a chance to discover these kinds of things on their own simply by making some educated guesses.
“You could do it, especially if you see some of our codes,” Beckett said. “If you look around [the memory locations for known codes] and modify the bits immediately above and below, there's a very good chance there's something interesting around there, so that's another trick you can use.”
That kind of hunting can even unlock things that the developer had probably intended to remain totally hidden, as Hyperkin found out for itself when it unlocked a previously unknown “god mode” in the save file for Castlevania: Lords of Shadow. “It was probably a god mode that was built-in and probably left in for the developers, I guess, to give to magazines for reviews and things like that,” Beckett said. “That's something they probably never expected us to find it, but we have found it and we've unlocked it."
Unearthing your own gems in the mess of hex values that is a PS3 save file is largely just a matter of putting in the time to try things out and see what happens. “Some people come up with some quite amazing codes just by trial and error, and they've got a lot more patience than I have, let's put it that way,” Beckett said. “The main [strategy] is just to change the value and just look for places that have changed, especially when it's an actual numerical value, they're the easiest ones to look for. You just have to sort of go in and be a bit nosy, and look for information that will give you clues..."
Listing image by Hyperkin
reader comments
103