eatrawmeat391's MIPS ASM Hacking Tutorial


Staff member
Jun 18, 2011
Reaction score
You might wonder to yourself what the hell happened? Is this even real? Am I dreaming? Or is Mr.Genius (or Mr.Dumbass) ERM scheming something?

First off, I wanted to share my knowledge to people, but last time I only selected a few person who I think would be suitable for the jobs. Well turned out that the one who did SUCCEED turned on LOM, the one who didn't get selected got jealous and became leechers or stealers

Second, I only shared what I had gotten from myself, which may be programming skill, real life skill, hacking skill, education skill or anything. I don't steal any one secret tutorial.

Third, I never plan for my post, no not even once. So don't judge that I am not planning things well. I never got good memory, I always forgot things. One days I got an illness that took away ALL of my memory, I couldn't focus on gaining new memories. I think I was screwed. What I got is what I thought of at the moment, well think about the question 'If your mom or your girlfriend fell in the water, who would you save first?'. Well one guy answers it 'I would save the one WHO IS CLOSEST". Ok applying to the topic. Don't go too well into detail, when you are facing emergency you will have to just DO it. You don't think.

Fourth, when I was a hacker, I used to deal with other people with same knowledge or higher knowledge than me. My university friends, my teachers, anyone. But when I go to work professionally, I HAD TO DEAL with customers who don't have the knowledge or the technical detail but they can give me money. I have to be patient with them. I have to work in groups. My working alone skill doesn't help me. Would you call your customers 'dumbass, ignorant' or even 'unwise'? NO.

Fifth, the boss in your workplace might not be an IT person either. He might be a very good businessman who used his money to get you to do your things. You think you are pretty smart to have thought of such a 'good' process and sold for someone for 10$? Ok he might even praise you to heaven, but he will sell it to another company for 100$ or 1000$. Something you can't do. Ok I am that dumbass people, I am not a genius.

Sixth, there are 2 types of people who distrubuted things. See this: 'A person who is good at drawing arts sold all of his hard work art for 100$ each. He is a very good businessman/salesperson'.
See this sentence right there, does it make sense to you? If it is, then you are WRONG. I will decipher the sentence for you by adding the reality there.
'A loyal customer who keeps buying his art for 100$ sold all of its for a very good price, maybe 200$ maybe 300$ or even 1000$'.
He is a true businessman (sales person) people, they bought things from producers cheaply and resold high, taken no risk involved in the production process. So we are producers, not businessman (or salesperson). Well why some companies that produces things are so succeed?  Producers are the one who creates thing like wine, clothes, rice, even software, hardware, if you are selling mods (which isn't recommended) you are a producer too. I am an idiot I don't even know what is the difference between the 2 terms so I put it both here.

To succeed as a producer, you have to sell your things in MASS number. But what do you have here? What you created is (or should be) GUARANTEED to be sold, every bit of it if a salesperson or a businessman bought it.

You might think that make a businessman so great and so easy? When you think something is too easy. YOU GOT JEALOUS because you do the same things and you couldn't succeed, you might think of factors like luck, and you might 'worship' any kind of religion gods when you found out or heard that they could (or had brought) another person to their success, or you believe that you should steal or lower them down so you can destroy their reputation. Well think again.

A salesperson (businessman) should be confident. Did you ever hear anyone of them said? 'I worked so hard to get into that position, I took real risk?' Well they could say it but other salesperson will laugh at them and no one would believe (you for example) that a person who said this actually could provide you good things. You can only make large income if you CAN SELL ALL OF WHAT YOU BOUGHT FROM producers.

Seventh, don't focus too much on the obvious purpose of something. A true success person focuses on the things that no one could see, or even saw it coming. Well in that case a salesperson, everyone like to do it because it only requires 'soft skill', conversation skill , the skill to persuade people into actually thinking that the product was worth the price and making you feel like you made a very good decision into buy that. YES. Ok most of them only focus on money, okay. We don't talk about dollars here , we talks about the money in my countries VND (Vietnam Dong). Around 20k of our VND is equal to 1$. When I see someone doing business in my country and only focus on money, it is so obvious. They did all of what is possible to lower the prize down from 105k VND to 104k VND. Their arguments was that as a businessman/salesperson, they had to do all things to reduce the amount of money spent. Ok that is fine. But things took a very bad direction when you managed to trick people into buying your super cheap product made from toxic chemicals that was 10k when the original prize is 100k. They said to you like the other successful companies have tricked you and the prize was actually 10k. They attacked your feeling and your behavior to inject cancers into yourself for a cheap prize. They actually said 'Hey I injected cancer into your body and you had to pay me 10k VND and be thankfuls for it'

Eighth, I only turned heel for even a split second and I felt like you all turned against me (sorry for Yong21C, ryokudou and other members). Ok you might 'support' me in the background because you think this is cool or you think that your God can reward you better things and there is a belief that if you 'brag' about helping people that is not helping (or maybe you are just busy, I understand, your actions and thoughts at that point will decide what you feel when reading the sentence, I am not a god to list all people accordingly and say that I understand or this post will be super long). About an admin deleted my messages, I am not some wise guys who are good with words, I hate metaphor because when I was illed I felt all of that LITERALLY, you should take all sentences that I said literally for example if I ever said 'I feel like a bunch of insect crawling through my legs' that means that was one of the few days I actually felt like insects crawling through my legs. I am not calling you insects. It is NOT a metaphor. Not everyone is born good at Literature and you need a long time to become good at it. So I will keep it simple and using words literally helps achieve that.

Nineth , when someone like me actually steps through to tell the truth around here I am considered a 'God', a 'Siant', for real? Did you know what a Saint is supposed to do? Asking yourself this, what is the best action to make you a Saint? What is the best way to get a girl to love you? What is the best way to prove that you love someone? What is the best way to show that you are caring for your family? Well the answer is 'easy', ok see the word 'easy', I am not mocking you, don't try to add some salts that isn't there. Ok I will explain more , spending time with your family, if it is a workday, asking for a day off when there is a birthday of someone that you care. Seems easy. What a Saint does? A Siant is considered good because he is .............. ACTUALLY good. Being good for a Saint means to stay good and be able to BEAR with all of the people instead of turning into Adolf Hitler or someone that plans to eradicate all humans or even just a race. No asking for money, EEEEEEEEEEEEEEVER. So even if the people you loved betrayed you and killed you, you would not turn into a devil like Sephiroth in Final Fantasy 7. Any documents that said it differently is just mean to simplify the things to keep you interested or you might feel like they insulted you which meant loss of money. Don't go 'ooooooooooooooooooooooh' either, you are sending a message that if you want something to be the truth, you 'ooooooooooooooooooooooooooooh' and similar ways. Ok someone just have a final phrase cancer, if you can scream anything to make his cancer go away, I will apologize to you. And if you want me to delete it you will have to give all people the ability to scream to cure a person's sickness too. If everyone can't do it (after effort and time), that isn't true. Don't cheat life.

Tenth, but I'm not living in Vietnam, our problem is different. Yes actually there is a problem called post stealing or simple post-retranslation. I appreciated the latter but you will have to replace my example with YOUR nation's example. It showed how much you loved and appreciated the place that you were born. If you were using my examples you would look like someone speaking foreign language (it is a metaphor). Yes it is fun but no one understands it. I meant I considered algorithm very cool but I am not be able to express to someone that I pulled off something really good.

Eleventh, for the stealers and the leechers here or the person is saying the admins don't have time. Yes that true, we have personal life too.I will share my method so you guys may be open a group to practice it and maybe come back. Well the core problem for stealing things to happen is that there is no SYMPATHY and people are being pushed to a void or a dead end, with no way to come back. Ok an old person might steal a bread and say that this was for their grandkids, yes that is EXCUSE people but did anyone of you are sympathize enough to give the poor man what he wants? Yes works for it. Did you know how hard it is to get a job when you are 70 and your son just died? He saw he was getting through a dead end so he stole, simple. I will delete that if you step up to me saying that you are innocent all your life, also make it a trend. Well I might not be sympathize but I am not pushing you guys to a deadend that stealing is the only way to make a name for yourself because right now it seems like it.

Finally, actually reading the newspapers in your countries. A person talks his belief and died, a person tortures his mom because he thinks she is too much of a bother, a person increases the price of an essential medicine, why you are not being pissed off for that? ok that is too far. Your mom might be wishing you luck every day, always looking for you, your dad is the same but they are about to get divorced. Your friend stood up for you, saying something that you can't say and he got arrested, a person traveled all of the ways to propose a girlfriend and got rejected, are you pissed off for that? Are you pissed off for the person who are putting your kids poisons all the time while staying innocent, no you can't see it. But the importance thing is are you pissed off for thinking the person SHOULD get what he wanted or you are pissing off about fairness is not served or are you pissing off because humanity got screwed or you are pissed off because someone might TREAT you the same or you are pissed off about the person who did that to make your IDOL looks weak?

People are screaming now, glory for Vietnamese's football team!!!

-- Done


Staff member
Jun 18, 2011
Reaction score
Hi there in this example I am about to show  you how to use ASM hacking to hack the CPU.

Why you should learn MIPS ASM instead of memory editing:

- To solve the disadvantage of cheat devices, you know in SVR 2011 there is a feature called multiple pointers and this is just a simple way to render it useless. If you don't learn MIPS ASM you can maybe code your own cheat devices for real console, but you will need a SDK which is hard to set up on Windows or even getting it(at least for PS2 case).I am never able to install any SDKs in my Window. I can switch to Linux but I like easy things.
* Adding your own logic into the game. You can use something called conditional cheat device
* You will find out that everything is made 'easy' but when you found out you feel like it insults your intelligent. But what is really happening here is that you don't have the source codes, all functions are unnamed, memory address cannot be referred by PS2dis (YES it can but Yukes fooled the software). For example a pointer that points to its own structure. Like this

Address: X (always changing)
* data
* pointer (it contains X)

Our main aim is to figure out the STATIC (UNCHANGED, PREDICTABLE,...) address that the X comes from but it just links to itself. You will question yourself what is this magic, how is that possible? Is Yukes a magician or a witch? How can they work like this. You think that this is easy , YEAH. But you don't have the source code.

- A diverse method that works not for PS2, but for PS1, N64 or any console that used MIPS. When you learn something that is universal (or even look like universal) you know that you can do much more things than just hacking SVR 2011. So my tutorial might work for No Mercy, SD2, anything on that system it is just that the tutorial needs to be converted.
- Or maybe you just want a test of skill
- No one told it directly and there is no process for it.
- Well you want a feature in the game but it isn't implemented? Coding it yourself!!!
- Or maybe you want to figure out what file has your information? Or NO FILE HAS YOUR INFORMATION AT ALL AND YOU ARE WASTING YOUR TIMES ON SOMETHNG THAT ISN'T THERE
- Your trainer can edit code in memory too but it CANNOT KEEP UP with the emulators because emulator is designed to be pretty fast. This is called a Race Condition. (yeah no one can laugh at me for reading random PDFs and Wikis now. I only read what I want to read for my own need, I don't have to read through 800 pages of a PDF just to figure out what a Race Condition is.)

[offtopic]Well it is because I figured out Java wasn't my needed language for its strong error catching. You know even putting return at the top of the function to make other code not runnable is a compile error. If you are coding things that requires robustness (correctness) like spacecraft where it costs you someone else's whole life salary you should use Java.
- ... (add more reason there)[/offtopic]

My role model for this one:
- Captain Southbird


Staff member
Jun 18, 2011
Reaction score
You know one of the things people have asked me is how to do X things or Y things (a specific question). Do you know one of the reason why hackers/modders ignored your questions? Because they don't know how to give/express/explain to you their information since they figured it out 'naturally'. I had that problem too. I analyzed and I figured out that you HAVE TO LEARN THE BASIC first. Everyone ignored that and kept insisting us to help them doing that X things when clearly they are not LISTENING. Then they made a memes out of us (which confused me because I could not do what they did right now). Listening skill is actually a skill to listen to other people's method but I think to be sympathy with them as well. For example someone who is on the computer for 24/7 hacking might not have the chance to go out in the sun to meet new friends, figuring what is wrong with the world and suffering from mental illness such as high ego. Do you EXPECT them to have any strong arguments? When you do that you see that as COOL but I see that as poor communication skills (speaking-related). Listening skill is not AGREEING all of the other person's opinion like a copycat. HEY HEY, don't believe me. I will prove that later.

There are instructions exclusively for PS2 and PSP as well but I'm not going into something so specific. I will only cover the instructions that all MIPS might have.

The basics are MIPS CPU has 32 registers ( I will add them later). They are either named r0 to r31 where the first register is always zero, think of register as SUPER FAST MEMORY in the CPU , sure cache are fast but registers are faster.

- RAM Instructions: Loading something from RAM. It needs 3 parameter
* The destination register, the offset (16 bits signed int), the RAM register

lb c, 0xAAAA(b)
- Load a byte from offset at the address of (b + 0xAAAA) and stored it into register c

lbu c, 0xAAAA(b)
- Load an unsigned byte from offset at the address of (b + 0xAAAA) and stored it into register c

lh c, 0xAAAA(b)
- Load a half (2 bytes) from offset at the address of (b + 0xAAAA) and stored it into register c
* MIPS alignment rules: The address of b + 0xAAAA must be a multiple of 2.

lhu c, 0xAAAA(b)
Same as lh but unsigned

lw c , 0xAAAA(b)
- Load a word (4 bytes) from offset (b + 0xAAAA) and store it into register c
* MIPS alignment rules: The address of b + 0xAAAA must be a multiple of 4
!!! You don't need lwu if your console register size is 32bit.

- Math instruction (there is a fancy word for that too):
* add a , b, c
register a = register b + register c
Unless you are taking the extreme path of handling exception MANUALLY, never use this because if there is overflow occurs, your game will TRAP (Google it). I don't remember seeing this behavior in C.

* addu a, b, c
register a = register b + register c
Using this one because if overflow occurs your game will continue normally. Yes in software practice ignoring errors is deadly but you are a hacker there. You can't just have a mindset of a software developer. Adding even a single line of code is a big deal itself, if you handle exception it will be extreme. Software developer, programmer has everything taken care off by programming language for them. (yes appreciate C compiler or python or any compiler , interpreter people)

* addi a, b, 0xAAAA
* addiu a, b, 0xAAAA
register a = register b + 0xAAAA
Same as above but are you wondering if it all involves register then where does the constant comes from? Yes in MIPS they come from IMMEDIATE opcodes people. IMMEDIATE is a fancy word for 'CONSTANT' in this case and 'CONSTANT' is a fancy word for 'a value that never changes'.

* sub a, b, c
* subu a, b, c
SAME as add equivalent. There is no IMMEDIATE version of it because the one who works with CPU only implements what IS NEEDED. If there is something that can be converted into other thing they won't bother to create an opcode for it. This reduces cost and redundancy (maybe complexity as well?)
I only see one usage of sub is to quickly loads negative into a register from a source register.

* sll a, b, sa (shift left logical)
a = b << sa (sa is a constant but it has limited range)
this is equivalent to:
a = b * 2^sa.
A fast way to multiple to a power of 2. (integer division)

* srl a, b, sa (shift right logical)
* sra a, b, sa (shift right arthimetic)
a = b >> sa
a = b / 2^sa
A fast way to divide to a power of 2 (integer division)
What is the difference? Google.
Why there is no shift left arthimetic? Because they work the same as shift left logical. It saves us hacker from having to remember redundant things for no good reason. Going for a general way actually is a good way to 'connect' your memories together and to 'compress' your memories as well.
I am a hacker and even I forgot the difference between shift right everytime I encounter it, partly because I have never got the chance to use it.

* mult a, b
* mult c, a, b (this one is harder to encode)
hi register = (upper 32bit) a * b
lo register = (lower 32bit)  a * b (Just use the lo register for most case)
Multiplication opcodes!!! Take any kind of number and put in there!

* div a, b
lo register = a / b
hi register = a % b ( remainder of a / b)
Division opcodes!!! Take any kind of number and put in there!

-- Oh really you shouldn't use mult or div if there is a sll or shift right equivalent because the opcodes are 'general' , and 'general' things are slower if there is a limited-feature thing involved in CPU design. Sure for emulators you won't feel it but you might feel it when users complained about your code made the game slower especially for a code that gets executed every frame in real console. Hey hey don't believe me, google and research this for yourself.

* mflo a
* mfhi a
Move from lo register to register a
Move from hi register to register a

* Compare, Branching (fancy word for Condition)
slt a,b, c (set less than)
slti a, b, 0xAAAA (set less than IMMEDIATE)
sltiu a, b, 0xAAAA (set less than unsigned IMMEDIATE)

a = b < c
a = b < 0xAAAA
a = (b < 0xAAAA) unsigned

But ERM, I studied programming and a bool variable contains True,False!
Ok False is 0 and True is not equal to 0. In registers you only see values. This is only a recommedation , a programmer might put a CONSTANT True as 0 and False as 29 to laugh at people like you. And the extreme case, if 0,3,5,6,8 or < 13 or > 59 is true, the other is false. So you might need a programmer to decipher what the code actually means or make a table of 2^32 possible values, brute-force rules!
You will see if a game follows the definition, then the game developer is actually generous. I see hackers only appreciate the game developer that managed to annoy them. Game developers became evil when hackers released something that affects their income or their reputation, and hackers see that as a challegen!. Think about Hot Coffee mod for GTA SA. It is good that the GTAGarage put it down in respect to Rockstar.

beq a, b, address
// branch to address if register a == register b
bne a, b , address
// branch to address if register a != register b

In PS2 there are 'branch likely' opcode which executes the delay slot only when the condition is true while the above two execute the delay slot everytime.
There are branch greater or equal to zero as well but I used slti all the time. Those opcode saved code space (by a little)

and a,b, c
andi a,b, 0xAAAA (Andy !)
a = b & c
a = b & 0xAAAA

or a,b,c
ori a,b, 0xAAAA
a = b | c
a = b | 0xAAAA

xor a,b, c
xori a,b, 0xAAAA (Sorry !)
a = b ^ c
a = b ^ 0xAAAA

nor a,b,c
( I don't remember ever seeing a nori)
a = b NOR c
* A fast way to compare with -1

Google their truth table but I will show you that practice is the best.

// Table gotten from ... 05s03.html

// Wow tapatalk can let you paste table directly into your post people. In GTAGarage we did that by using BBCodes and in zetaboard I don't know how to do that. I just figured out that you can paste it directly. I am an idiot!

Register NumberConventional NameUsage
$0$zero Hard-wired to 0
$1 $f20 - $f31 Reserved for pseudo-instructions
$2 - $3 $v0, $v1 Return values from functions
$4 - $7$a0 - $a3 Arguments to functions - not preserved by subprograms
$8 - $15 $t0 - $t7 Temporary data, not preserved by subprograms
$16 - $23 $s0 - $s7 Saved registers, preserved by subprograms
$24 - $25 $t8 - $t9 More temporary registers, not preserved by subprograms
$24 - $25 $k0 - $k1 Reserved for kernel. Do not use.
$28 $gp Global Area Pointer (base of global data segment)
$29$sp Stack Pointer
$30$fp Frame Pointer
$31$ra Return Address
$f0 - $f3 - Floating point return values
$f4 - $f10 - Temporary registers, not preserved by subprograms
$f12 - $f14 - First two arguments to subprograms, not preserved by subprograms
$f16 - $f18 - More temporary registers, not preserved by subprograms
$f20 - $f31 - Saved registers, preserved by subprograms
- I am using the named register and PCSX2 and PPSSPP used named registers. They allow data highlighting as well and when something change, you will notice it.

Here is the structure of a MIPS function (but not means to necessarily follow through, it is a recommended process):
- Decreases the stack pointer.
- Saves the saved register to a stack.
- Processing argument registers.
- Calculating , printing, drawing.
- Returning data to v0.
- If it is 64bit, returning data to v1.
- Adding the stack pointer back to where it belongs.


Staff member
Jun 18, 2011
Reaction score
Ok here is some quick tips to get started:

// The spoiler in the post are for the people who wants to practise 'thinking-outside-the-box' , to do that first you have to 'thinking-inside-the-box'. Because if you don't know where the box is then how do you know where your thinking is.
// If you can't think of it based on the basic (Part 2), okay fine open it. You might think it is cheating but it is not in that case, life is fair. Even if you see them it won't make you remember it well like you managed to think of it by yourself. Or just lowering your standard/expectation to only prove that the method is fine. You can have big plans but if you took so long other competitors will do it and you MIGHT have to dump all of your work. Just thinking that they help you to improve your method and put you back into the reality. Do people appreciate you competiting with your 'demons' or you competiting with a real person? Demons did their best to show themselves to you and ONLY you because you detach yourself from people.

// While you still having to refer to this topic, then you are not getting your brain's certificate to use that. Cheating life means using a knowledge without your brain's certificate.

- How to load a constant
Problem: All IMMEDIATE opcodes requires at least 1 input register (exception)
Idea: Use a constant register
Recommended Knowledge:
- add opcodes
- boolean opcodes
- Why should I use 'OR' and when I can use 'ADD' code?
- How do I load a negative constant?

[offtopic]For example:
- Loading 0x39 into a3
addiu a3, zero, 0x39
a3 = 0x39

- Loading 0x18030 into register a3
lui a3, 0x1
ori a3, a3, 0x8030
a3 = 0x18030[/offtopic]
- Damn can't think of anymore, I will go straight into an example...