SSBM Exploit Code.txt

Buffer Overflow [wParam]

Starts at 8045D850 (Nametag start), places 0xD4 bytes of garbage in Nametag to overflow, sets the stack pointer, then points to address for shim function

Hex:
GARBAGE
...
GARBAGE
804EE8F8
8045D930
00000000

--------------------------------------------------------------
Buffer Overflow Shim Function to DOL location [wParam]

Sends to DOL location (8045E030)

ASM:
lis	r23, 8045
ori	r23,r23, E030
mtlr	r23
blr

Hex:
3EE08045
62F7E030
7EE803A6
4E800020

---------------------------------------------------------------
The Buffer Overflow Return [Apathy]

Returns to 80239E9C
ASM:
lis	r23, 8023
ori	r23,r23, 9E9C
mtlr	r23
blr

Hex:
3EE08023
62F79E9C
7EE803A6
4E800020

---------------------------------------------------------------
Unlock All Characters and Stages (1.02) [Datel]

Gecko Code:
0445BF28 FFFFFFFF
0445BF2C FFFFFFFF

ASM:
lis r7, 0x8045
ori r7, 0xBF28
lis r5, 0xFFFF
ori r5, 0xFFFF
stw  r5, 0(r7)
stw r5, 4(r7)

Hex:
3CE08045
60E7BF28
3CA0FFFF
60A5FFFF
90A70000
90A70004
60000000

----------------------------------------------------------------
Debug Menu Replaces Tournament Mode (1.02) [Magus, donny2112]
-Selecting Single Button Mode takes you to the Tournament Melee mode instead

Gecko Code:
0422D638 38000006
0422C644 3800002C

ASM:
lis r4, 0x8022
ori r4, r4, 0xD638
lis r5, 0x3800
ori r5, r5, 0x0006
stw r5, 0(r4)
nop
lis r4, 0x8022
ori r4, r4, 0xC644
lis r5, 0x3800
ori r5, r5, 0x002C
stw r5, 0(r4)
nop

Hex:
3C808022
6084D638
3CA03800
60A50006
90A40000
60000000

3C808022
6084C644
3CA03800
60A5001B
90A40000
60000000

----------------------------------------------------------------
Debug Menu Default Language [SypherPheonix]
DOL Mod
1.02 ────── 0x3F725B ─────── 00 -> ??
Values:
00 - Japanese
01 - US English
02 - UK English (PAL Only)
03 - German (PAL Only)
04 - French (PAL Only)
05 - Italian (PAL Only)
06 - Spanish (PAL Only)

Gecko Code: [SypherPhoenix, Apathy]
043FA258 00000001

ASM:
lis r4, 0x803F
ori r4, r4, 0xA258
lis r5, 0x0000
ori r5, r5, 0x0001
stw r5, 0(r4)
nop

Hex:
3C80803F
6084A258
3CA00000
60A50001
90A40000
60000000

-------------------------------------------------------------
Normal C-Stick Functionality in 1Player Modes (1.02) [Zauron]

Gecko Code:
0416B480 60000000

ASM:
lis r4, 0x8016
ori r4, r4, 0xB480
lis r5, 0x6000
ori r5, r5, 0x0000
stw r5, 0(r4)
nop

Hex:
3C808016
6084B480
3CA06000
60A50000
90A40000
60000000

-------------------------------------------------------------
Disable Final Destination Background Transitions (1.02) [Achilles, Dan Salvato]

Gecko Code:
0421AAE4 60000000

ASM:
lis r4, 0x8021
ori r4, r4, 0xAAE4
lis r5, 0x6000
ori r5, r5, 0x0000
stw r5, 0(r4)
nop

Hex:
3C808016
6084AAE4
3CA06000
60A50000
90A40000
60000000

------------------------------------------------------------
Disable Shy Guys on Yoshi's Story (1.02) [Zauron]

Gecko Code:
041E3348 60000000

ASM:
lis r4, 0x801E
ori r4, r4, 0x3348
lis r5, 0x6000
ori r5, r5, 0x0000
stw r5, 0(r4)
nop

Hex:
3C80801E
60843348
3CA06000
60A50000
90A40000
60000000

-------------------------------------------------------------
Flash Red on Unsuccessful L-Cancel (v1.02) [Achilles,InternetExplorer]:
*Do not use with "Flash White on Successful L-Cancel"*

Gecko Code:
C208D690 00000003
88A5067F 2C050007
4180000C 39E000D4
99E30564 00000000

C20C0148 0000000C
387F0488 89FE0564
2C0F00D4 41820008
4800004C 39E00091
99FE0564 3DE0437F
91FE0518 3DE0C200
91FE0524 3DE00000
91FE051C 91FE0520
91FE0528 91FE052C
91FE0530 3DE0C280
91FE0534 3DE0800C
61EF0150 7DE903A6
4E800420 00000000

ASM:
lis r8,-32760
ori r8,r8,54928

lis r9,-30555
ori r9,r5,1663
stw r9,0(r8)
nop



Hex:

3D008008
6108D690

3D2088A5 
60A9067F
91280000
60000000

2C05
0007
4180
000C 
39E0
00D4
99E3
0564

-------------------------------------------------------------
16:9 Widescreen Support (v1.02) [InternetExplorer]

Gecko Code:
C2021ABC 00000002 ;Insert ASM at 80021ABC
39C00001 38600006
60000000 00000000
C236A4A8 00000007 ;Insert ASM at 8036A4A8
C03F0034 2C0E0001
41820024 3C004080
90010030 3C004040
90010034 C0010030
EC210032 C0010034
EC210024 39C00000
281E0000 00000000

ASM:

Hex:
39C00001 
38600006
60000000

C03F0034 
2C0E0001
41820024 
3C004080
90010030 
3C004040
90010034 
C0010030
EC210032 
C0010034
EC210024 
39C00000
281E0000

----------------------------------------------------------------
Default Tournament Settings (1.02) [Magus, et all]
---Doesn't work without reloading the memory card

Gecko Code:
043D4A48 00340102
043D4A4C 04000A00
043D4A50 08010100
043D4A60 FF000000
043D4A70 00000000
043D4A74 3C000000
043D4A78 E70000B0

ASM:
lis r4, 0x803D
ori r4, r4, 0x4A48
lis r5, 0x0034
ori r5, r5, 0x0102
stw r5, 0(r4)
nop
lis r5, 0x0400
ori r5, r5, 0x0A00
stw r5, 0(r4)
nop
lis r5, 0x0801
ori r5, r5, 0x0100
stw r5, 0(r4)
nop
lis r5, 0xFF00
ori r5, r5, 0x0000
stw r5, 0(r4)
nop
lis r5, 0x0000
ori r5, r5, 0x0000
stw r5, 0(r4)
nop
lis r5, 0x3C00
ori r5, r5, 0x0000
stw r5, 0(r4)
nop
lis r5, 0xE700
ori r5, r5, 0x00B0
stw r5, 0(r4)
nop

Hex:
3C80803D
60844A48
3CA00034
60A50102
90A40000
60000000

3C80803D
60844A4C
3CA00400
60A50A00
90A40000
60000000

3C80803D
60844A50
3CA00801
60A50100
90A40000
60000000

3C80803D
60844A60
3CA0FF00
60A50000
90A40000
60000000

3C80803D
60844A70
3CA00000
60A50000
90A40000
60000000

3C80803D
60844A74
3CA03C00
60A50000
90A40000
60000000

3C80803D
60844A78
3CA0E700
60A500B0
90A40000
60000000

------------------------------------------------
Set Menu Music in Sound Test [Dan Salvato]
The last song you played in Sound Test will become your new menu music. Your choice is saved to the memory card as well, so it will be preserved between boots.

Gecko Code:
C224B4D8 00000007
7C7C002E 2C030000
40820008 3860FFFF
808D8840 98641851
3C808046 60849D40
9064005C 2C030000
40800008 38600000
60000000 00000000
C222E934 00000008
3C808046 60849D40
8084005C 2C040000
41820018 41810008
38800000 80AD8840
98851851 7C832378
3D808002 618C3F28
7D8903A6 4E800421
60000000 00000000