Return to site
Return to site

How To Find An In Game Timer With Cheat Engine

broken image


1

First, make sure that Cheat Engine and your game are running on your computer, then click the little PC icon in Cheat Engine to choose the game process.

Do you want to cheat on iOS games? Are you really get bored to wait 2h to receive a few points from your games? Here is a tip, you can try it with your games but it's not 100% guaranteed works!

How to find an in game timer with cheat engine 6.4

When the game is based on completely a server-client architechture, the job is almost done I think, but there is also wall hacks or something else. I made my own p2p game and some time later cheaters appeared. They were only scriptkiddies who used cheat engine and tried speedhacks and memory hacks. Most speedhacks hooks gettickcount. D o you know that you can cheat almost any games running on Bluestacks without the need to root it? By using a tool called Cheat Engine you can change game's value to meet your need. However, some online games can not be cheated this way because they store data online and not locally. So, lets get started.

2

You don't need jailbreak or something like that. To demonstrate this glitch works I will choose a game: CSR Racing by Natural Motion Remember: Not all games in the Store can be cheated like this!

3

How To Find An In Game Timer With Cheat Engines

4

CSR Racing!

5
6
7

As you can see, that racing game uses fuel (gas) to race and win experience,points,coins,level. Per day you have almost 10 tries and you need to wait some hours to have all fuel refilled;

8

In that picture as you can see I have 100% fuel

9

On a race, the game will grab -1 fuel until your fuel is empty and you have to pay some coins if you want to play more. Sometimes is really boring to wait so much!! UNTIL NOW!!

10

Here you can see my fuel is empty (0%) and I need to pay some coins or wait until next refill!

How To Find An In Game Timer With Cheat Engine 6.6

11

NOW! I will show you how you can glitch that game and have 100% fuel again; in 1 minute without waiting hours and also.. without jailbreak/root your device. Is 100% safe

12

Firstly sorry my phone is not in English language.. But I will explain! Go to Settings -> General -> Time & date

13

Here is 21.12.2013!! 00:03 am All you have to do is to change date with +1 day up!! :) If here is 21.12.2013 I will set to 22.12.2013 and.....

14

Tadaaa! All my fuel is 100% full. In addition you can try this method on your PC games with Windows

15

Remember!! Not all games can be glitched (example: HayDay, ClashOfClans) but if you have a favorite game you can try this method!! If you didn't know that method please like 👍 /share/ follow! Thanks

16

Genesis


--
Sega Genesis - Lotus II RECS - Timer Doesn't Decrease
Note: This is my first ever Game Genie code (for Genesis).
In this example, we will find the emulated RAM address for time using Cheat Engine.
After that, we will find the emulated ROM address that effects the emulated RAM.
And finally we will use a hex editor to edit the actual ROM address (the game it's self).
So, open Cheat Engine v5.6.1(+), then Fusion v3.64(+).
Use Cheat Engine's option to attach a debugger to the emulator.
http://img202.imageshack.us/img202/9338/attachdebugger.png

Note: Click on an image for it's full size.
Change the value type to one byte.
http://img259.imageshack.us/img259/6468/valuetypeisonebyte2digi.png
Use the emulator to load the attached (below) Genesis game:
Lotus II RECS (UE) [!].gen
Thing to know about Fusion:
Tab key = Reset
F5 key = Save
F8 key = Load
Backspace key = Fast Forward
Pause/Break key = Pause Emulation
Alt+G = Game Genie / PAR / True Emulation Pause
Press start over and over until you are in a race and see a timer on screen.
Once your in the race use the Pause keyboard key to pause emulation.
Press F5 to make a 'clean' save with no RAM/ROM modifications.
You should have 69 seconds to begin with...
http://img407.imageshack.us/img407/2100/pausef569seconds.png

With emulation still paused, use Cheat Engine to make your first RAM scan for the time of 69 seconds.
http://img34.imageshack.us/img34/5061/firstscanis69seconds.png
Press the Pause keyboard key to resume emulation, but only until the timer goes down a second, then re-pause emulation.
With 68 seconds showing on the game, make your 2nd Cheat Engine RAM scan for the new value of 68.
http://img192.imageshack.us/img192/9492/secondscanis68.png

Repeat as necessary until you are down to 2 possible results.
Once you've added the 2 results to your Cheat Engine code list, freeze one at a time to see which one is the correct address.
http://img10.imageshack.us/img10/3541/twopossibleramaddresses.png
Note: Your address shown in Cheat Engine are likely different than mine...
At this point, you could optionally use Alt+G and CE to convert the emulated RAM to AR (Actual Ram a.k.a. Action Replay).
http://img808.imageshack.us/img808/1869/ramemulated2actual.png

Now that we have an emulated RAM address for time, let's see what emulated ROM addresses modifies it.
Since that other useless RAM code will only cause confusion/get in the way, I'm gonna delete it from the CE code list.
With emulation paused, right-click on the good RAM address and choose Find out what accesses this address.
http://img689.imageshack.us/img689/9163/whataccessestheram.png
Resume emulation until the debugger shows that something accessed the RAM, then you can pause the emulator again.
Almost always, there will be 2 addresses shown in Cheat Engine's debugger, you can go ahead and click the stop button on the debugger.
http://img89.imageshack.us/img89/9140/stopdebuggingif2address.png

Now, you could have earlier, but you should by now un-freeze the RAM code in Cheat Engine.
You need to watch if the RAM value decreases or not, when testing your ROM modification.
You wouldn't want false hopes by accidentally leaving the RAM locked.
So do that, un-check the RAM address if you haven't already...
As far as the two address shown in the debugger; usually, but not always, the first line is reading the RAM.
The second code is usually the one we are after, the address that is writing to the RAM.
So now we double click the 2nd line, or highlight it and click the button that says More information.
http://img340.imageshack.us/img340/2756/doubleclickformoreinfor.png
Note: Again; the numbers in the images don't have to match yours...
In the new information box that pops up, ESI will always hold the address that we are interested in.
If that's not the exact code that we want, it's extremely close.
That address shown is our ROM address, and the last possible one.
If that's not the correct address, you subtract 1 from it until you have the correct one, you never add 1 to the address.
OK, so with the info box still open click the button add address manually.
Change the type to byte and type in the address at ESI to add it to your CE code list.
http://img211.imageshack.us/img211/7199/manuallyaddesitoce.png

Now, with the RAM unfroze lets try to NOP (00) the newly added ROM address.
Remember to have made a save, if your ROM altering is no good, just press F8 to load.
If you press F8 to load and the original ROM byte that you NOP'ed didn't come back, you'll need to load the game instead (or manually insert the original byte).
The game instantly froze after pressing the Pause key, so this address is no good.
Reload the game or whatever is needed to get back to the same spot.
Now we simply subtract 1 from the hex address, never add 1, always subtract.
Actually 9 times out of 10 you'll need to subtract at least 1 from the address given in the more info box...
http://img263.imageshack.us/img263/7660/subtract1andtryagain.png
So I just modified the code that was already in the CE code list by subtracting 1.
I then NOP'ed that address instead, for a now second try at a ROM code.
I start playing the game (yeah, didn't freeze this time) and watch the RAM address in CE to see if it decreases.
It never decreases, so the ROM modification is a success.
As usual, I subtracted 1 from the 2nd address given from the debugger for a successful code.
http://img340.imageshack.us/img340/8927/secondbreakesiminusonei.png

That was all it took for me, but if you still haven't found the correct ROM code:
1. Keep subtracting 1 over and over. If you do this over 10 tries, it's likely the wrong base address.
2. Remember how we started with the second break in the debugger, try the first...
Now, to convert the code from emulated ROM to actual ROM.
This is easy, just right click on your successful ROM code and choose Browse this memory region.
The top left byte is your ROM code, and the next few bytes after that is what you want to use to locate the code with the hex editor.
http://img52.imageshack.us/img52/9303/topleftbyteistheromcode.png
So with this window open, we know to search for 4E 75 72 00 30 2C 00 0E EE 48 02 40 FF F8 32 in the actual game.
So open the game with the hex editor and search for that string of hex values...
After locating the string, just replace the 0x20 before it to 00 for Infinite Time.
http://img257.imageshack.us/img257/7969/patchthe20to00forinfini.png

So after editing the 20 to 00 choose save as to not over write your ROM.
Open the newly created ROM with the emulator without anything changed in CE to test the mod out.
If you didn't use a program to fix the checksum of the ROM after altering bytes, just use the option in Fusion to auto fix checksums.
http://img844.imageshack.us/img844/8525/autofix.png

Damn, this game wasn't the best example (that's what I get for making a guide with my first try).
The game still won't boot, even if you fix the checksum.
Luckily, Tony Hedstrom made a Master Code for this game, to solve the problem.
Master Code (by Tony Hedstrom)
RH9T-860T (0FFFD0:4E71)
Use this code if you get a blank screen.
So, you can try out our hack by either:
1 Input the Game Genie code to bypass the black screen
2 Open the ROM, goto the hex offset 0FFFD0 and type 4E71 to hack your ROM to bypass the black screen
I can finally play the game and the timer indeed does not decrease.
But, at the same time, I notice a small glitch happening.
Anytime a code works, but not exactly as planed, you should try subtracting 1 again from our ROM code.
In the image above, you can see that before the 20 we patched to 00, there is already a 00, so we actually need to subtract 2.
Now we'll try to change the 6C to 00 and hope for a less buggy code.
Success, seems to work fine...
So the actual ROM address of 010E95 was changed from 6C to 00.
Since 010E95 ends with an odd number, subtract 1.
After that write down the 2 bytes that we want our Game Genie code to write.
So therefore:
010E94:5300
http://img811.imageshack.us/img811/1943/evennumbers.png
That's the ROM address, you can now convert it to Game Genie.
http://img88.imageshack.us/img88/9881/encryptdecrypt.png

LotusIIRECS(UE)[!].gen




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save