![[Main Page]](http://www.eurasia.nu/images/svico_t.gif)
Dump Code Type 2 Live Dumping
Written by: Codemasters Project Codehacking Team @ http://www.codemasters-project.net/portal-english/apportal/content.php?article.119
Note: Download the CMP Dump Saves CMP Dump Saves Download Page -=- Table of Contents 1. Introductions 2. Patterns For SceMc Functions 3. Finding the Jumper address for the Dump L1+R1 4. Finding Joker Address (Links to other Guide) 5. Code Break Down 6. Examples 7. Conclusion -=-
Introductions This is the True live Dumping code this code will allow u to Dump a game at any time During game play there is still many things being worked on with this code . this code does not work on all games .. but if u get it working on the game u want it will forever be the best Dumper u know .. Basically how this code works is it uses the CMP Save (that u put on your memcard) to Dump a Dump.bin.. then u would take the game save from your memcard place it on your computer and open it up using (PS2save Tool and then u have your dump :) The only thing that is Different with this ver of the code is that there are a few thing that are harder to find, that it can dump any time u want with out Corrupting your game save And u need The CMP saves,, Main things u will have to find for this Dump Code are Joker Address for (Multi Dump Save 28mbs) And (Dump L1+R1) Jumper For (Dump L1+R1) SceMcInit SceMcSync SceMcOpen SceMcWrite SceMcClose Patterns For SceMc Functions =--=-- sceMcClose -=--=-- 030005240100062430000824 24050003 addiu a1, zero, $0003 24060001 addiu a2, zero, $0001 24080030 addiu t0, zero, $0030 =--=- sceMcSync -=--=- 6000bfff1000b1ff030040140000b0ff ffbf0060 sd ra, $0060(sp) ffb10010 sd s1, $0010(sp) 14400003 bne v0, zero ffb00000 sd s0, $0000(sp) =--=- SceMcInit -=--=- 080041043000b0ff 04410008 bgez v0 ffb00030 sd s0, $0030(sp) =--=- SceMcWrite -=--=- This will bring u close to it .. its the First FNC above this pattern 23 28 02 02 21 18 22 02 Alternat (Use this one if the u dont find with the first one) This will bring u close to it .. its the First FNC above this pattern 24 10 43 00 23 10 44 00 Misc pattern... -=--= sceMcOpen & sceMcClose 3000001038ff0224 10000030 beq zero, zero, $002dd154 2402ff38 addiu v0, zero, $ff38 Notes: it leaves you going back and forth between sceMcOpen and sceMcClose no matter how many time you press F5. 2 birds with one stone, the only problem is figuring out which one is which, but since i already have one for sceMcClose then we are ok in determining which one is which
Finding the Jumper address for the Dump L1+R1 Basically this is vary easy to find .. all u do is open the elf in Ps2Dis and jump the the Master code address..(9 master type) Example Master code (GTA SA) 90532640 0C1538EC Address to master is 00532640 So u would jump to that address and find u are at a Jal look below this address for a Ja ra (03e00008) and that is the address u will want to use for the jumper for GTA SA its 00532674 so it will look like the below Example Full from GTA SA Dump L1+R1 D0700942 0000F3FF 20532674 08028000 <---- this is the jumper address D0700942 0010F3FF 20532674 03E00008<---- this is the jumper address
Code Break Down The Below Example is Based off of the GTA SA Live Dump Code Master code (U know what this is ) 9??????? 0??????? Save to CMP Save = (this is what tells the Code where to save) 200A0104 504d432f 200A0108 4d55442f 200A010C 49422e50 200A0110 0000004e Multi Dump Save 28mbs Press joker to Set Save File. = (This is used if u have say a 32mb card and your device only supports moving 7mbs at a time it will Dump 4 saves of 7mbs Just use the jokers to set the save then use the Dump Jokers to dump the game and it should dump to the right save) CMP=Select CM1L3 CM2=R3 CM3Start 200A0108 4d55442f 200A010C 49422e50 200A0110 0000004e 200A0058 3C060070<--- Stop in MB Address = 7mbs E002FFFE 00700942 <-- Joker 200A0104 504d432f 200A004C 3C050010<--- Start Address = 00100000 E002FFFD 00700942<-- Joker 200A0104 314D432F 200A004C 3C050080<--- Start Address = 00800000 E002FFFB 00700942<-- Joker 200A0104 324D432F 200A004C 3C0500F0<--- Start Address = 00F00000 E002FFF7 00700942<-- Joker 200A0104 334D432F 200A004C 3C050160<--- Start Address = 01600000 Note1: Remember to Change 90 Part of master to the right Master For the game use. Note2: Remember to change jokers if using multi Dump Do not turn on Start And Stop or CMP save when using multi Dump Saving Memcard sub (This is the main section that never Changes once this part is in it is always the same) 200A0000 27BDFFC0 200A0004 FFB00000 200A0008 FFB10010 200A000C FFB20020 200A0010 FFBF0030 200A0018 24040004 200A001C 3C06000A 200A0024 24C60104 200A002C FFBF0030 200A0034 24070203 200A0038 0040802D 200A003C 0220282d 200A0040 0240302d 200A0048 0200202d 200A004C 3C050010 200A0050 0200202D 200A0058 3C060070 200A005C 0220282D 200A0060 0240302D 200A0068 0200202D 200A0070 0200202D 200A0074 0200282D 200A0078 0200302D 200A0080 0200202D 200A0084 DFBF0030 200A0088 DFB20020 200A008C DFB10010 200A0090 DFB00000 200A0094 03E00008 200A0098 27BD0040 MemCardPort-MultiTap 1-4 = (This is for multiTap port) 200A0020 24040000 MemCardSlot-Slot 1-2 = (witch memslot u saving to) 200A0028 24050000 Start And Stop 200A004C 3C050010 <-- Start address 200A0058 3C060070 <--- Stop in MB Address = 7mbs GTA SA Dump L1+R1 (this is the section of the code that makes the dump when u press L1+R1) D0700942 0000F3FF 20532674 08028000 D0700942 0010F3FF 20532674 03E00008 SceMcInit 200A0014 0C14CEDE SceMcSync 200A0044 0C14D172 200A007C 0C14D172 200A0064 0C14D172 SceMcOpen 200A0030 0C14CFE2 SceMcWrite 200A0054 0C14D114 SceMcClose 200A006C 0C14D03A
Other Examples Shin Megami Tensei Nocturne Multi Dump Save 28mbs Press joker to Set Save File CMP=Select CM1L3 CM2=R3 CM3Start 200A0108 4d55442f 200A010C 49422e50 200A0110 0000004e 200A0058 3C060070 E002FFFE 0058f0c2 200A0104 504d432f 200A004C 3C050010 E002FFFD 0058f0c2 200A0104 314D432F 200A004C 3C050080 E002FFFB 0058f0c2 200A0104 324D432F 200A004C 3C0500F0 E002FFF7 0058f0c2 200A0104 334D432F 200A004C 3C050160 Dump L1+R1 D058f0c2 0000F3FF 202ca6cc 08028000 D058f0c2 0010F3FF 202ca6cc 03E00008 SceMcInit 200A0014 0C0B3724 SceMcSync 200A0044 0C0B39B4 200A007C 0C0B39B4 200A0064 0C0B39B4 SceMcOpen 200A0030 0C0B380C SceMcWrite 200A0054 0C0B3938 SceMcClose 200A006C 0C0B3868 Dark Cloud 2 Dump L1+R1 D03cb1c0 0000F3FF 2012174c 08028000 D03cb1c0 0010F3FF 2012174c 03E00008 SceMcInit 200A0014 0C0488EA SceMcSync 200A0044 0C048B7A 200A007C 0C048B7A 200A0064 0C048B7A SceMcOpen 200A0030 0C0489D2 SceMcWrite 200A0054 0C048AFE SceMcClose 200A006C 0C048A2E
Conclusion
This is a big time advanced hacker Guide .. this Guide is not to be used by ppl that don't know anything about how Hex/Coding works.. if u do use this code and u don't know what your doing and u mess up your memcard or anything .. It is not the CMPs fault .. (Just so every one know Members of the CMP have been using this code for some time now and not one of us have had a faulty card)
We at the CMP hope all the Ps2 hackers will find the guides we post vary helpfull ..