Monster Hunter Rise Sunbreak Table

Upload your cheat tables here (No requests)
User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Monster Hunter Rise Sunbreak Table

Post by Setzer »

I've been working on a table as I learn. There are only a few scripts at the moment, but I'm working on more. I'll re-upload here as I update it.

Tested for Monster Hunter Rise: Sunbreak 12.0.0.0
Last update: 2023-04-27

Current Features:
  • Infinite character edit vouchers
  • Material-less melding
  • Infinite Kamura points (I'll do Zenny soon since it should be just as easy)
    • Your count of points is still checked atm. I need to remove the check
  • Infinite hotbar items
    • Just the decrement is disabled atm. Another one I need to remove the check for.
  • HP Decryption - HP Values of the player and monsters are decrypted in memory - Not currently working. Does anyone use this?
    • Do not change the Marker value
  • Player value retrieval - gets several pointers to things I've found - not current working. Does anyone use this?
  • Max stamina - No stamina usage! Simple as.
  • Infinite wirebugs
Change log
  • 2023-04-27
    • Patched character edit voucher script
  • 2022-09-15
    • Update "Get player values" script to get a pointer to the player struct
    • Added pointers to other structs + values based on the player struct
  • 2022-09-14
    • Added infinite wirebug script
    • Fixed a bug with stamina Spiribird value retrieval in Infinite stamina


How to use this cheat table?
  1. Install Cheat Engine
  2. Double-click the .CT file in order to open it.
  3. Click the PC icon in Cheat Engine in order to select the game process.
  4. Keep the list.
  5. Activate the trainer options by checking boxes or setting values from 0 to 1
Attachments
MonsterHunterRise.CT
2023-04-27
(198.86 KiB) Downloaded 5215 times
MonsterHunterRise.CT
2022-10-03
(197.27 KiB) Downloaded 6252 times
MonsterHunterRise.CT
2022-09-15
(193.19 KiB) Downloaded 1588 times
Last edited by Setzer on Thu Apr 27, 2023 6:45 pm, edited 5 times in total.

nolook889
Noobzor
Noobzor
Posts: 8
Joined: Wed Feb 02, 2022 3:34 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by nolook889 »

can you add edit weapon usage number?

i wanna change every kind of quest type ( all, village quests, rampage, hub quests...

User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Re: Monster Hunter Rise Sunbreak Table

Post by Setzer »

nolook889 wrote:
Wed Sep 21, 2022 4:27 pm
can you add edit weapon usage number?

i wanna change every kind of quest type ( all, village quests, rampage, hub quests...
What do you mean by weapon usage number? Also not sure what you mean by changing every quest type. Sorry :)

nolook889
Noobzor
Noobzor
Posts: 8
Joined: Wed Feb 02, 2022 3:34 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by nolook889 »

guild card things

nolook889
Noobzor
Noobzor
Posts: 8
Joined: Wed Feb 02, 2022 3:34 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by nolook889 »



this

User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Re: Monster Hunter Rise Sunbreak Table

Post by Setzer »

Hm, yeah, I could look into that.

Normally I would think this would be an issue of save data editing, but I couldn't figure out how data is saved in the game. It seems to be compressed or encrypted in some way.

EDIT: I started looking into it. It looks like this is another weird value that the game obfuscates. I can find where the display value is being written to, but the return address is removed and the game goes through thousands or tens of thousands of lines of code where it continually calculates and pushes the return address onto the stack. That's all to say: maybe I can figure it out, but it'll be a process.

nolook889
Noobzor
Noobzor
Posts: 8
Joined: Wed Feb 02, 2022 3:34 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by nolook889 »

:P :P

User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Re: Monster Hunter Rise Sunbreak Table

Post by Setzer »

It's not exactly what you wanted, but I've pivoted to looking for how the save files are encrypted and decrypted since there's no working save editor. I'm thinking that a save editor might be easier than tracing through the obfuscated code while the game is running. So far I've found the instructions that write to the unencrypted file data before it's encrypted and written to disk. I think within the next few days (probably longer) I might be able to figure out where the key and such are. I still have no idea what the encryption is, but it could be blowfish since apparently MHW used that.

I'm pretty new at reversing and hacking, so if anyone wants to collab on this, I'm open. Send me a message and I can get you my Ghidra project and notes.

PS: pretty sure a stick of RAM just went bad on me. So, uh, it'll be at least until I can get some new RAM :') I was going to type something else but I totally lost my train of thought after that. Thankfully it was just RAM! I'm going to pick up some new RAM tomorrow morning. :)

For real, though, if anyone has experience with the Monster Hunter World save decryption, hit me up! I've looked at a few Github repos, but I'd like to hear about the process of researching and getting to that point.

Update 2022-09-25:

I was able to dump the memory of the complete unencrypted save file (the larger of the two). No idea how it's going to change for the title update coming out in a few days, though. The file in total is 6.1MB and is exactly 1 byte shorter than the size of data001Slot.bin in the save folder.

I'm still not sure what data00-1.bin is yet, but I saw a tweet that mentioned that the save files are compressed, so maybe that is the compressed version of this file since there is a lot of repetitive data in this file. I still don't know how this file is actually being encrypted as of now.

Interesting things about the save file are: the size, the amount of unused space and useless data, and the number of UTF-16 strings written to the file. The UTF-16 strings in particular might make dissecting the file easier.

Update 2022-09-26:

I've found where the first 16 bytes (The CSSS header) are being copied to the output buffer and, more importantly, the line of code that calls to the encryption function. Unfortunately, the encrypt call is call rax and the memory address for that call is conspicuously low in memory (0x08XXXXXX), far below the MHR start offset. I'm still a noob, so I don't know what that means. I also can't figure out the arguments to the function, also likely due to me being a noob. At the moment, I still think it's blowfish because blowfish on Windows takes both an input and output buffer as params and there are, of course, two buffers here: the plaintext and the ciphertext.

Idk if I'll be able to figure this out before the title update this week. The update is making me pretty nervous because I don't want to lose all of my research up until this point. 😅 Hopefully bindiff comes through when that happens and there aren't any new values encrypted or code obfuscated.
Last edited by Setzer on Mon Sep 26, 2022 3:26 pm, edited 4 times in total.

nolook889
Noobzor
Noobzor
Posts: 8
Joined: Wed Feb 02, 2022 3:34 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by nolook889 »

:wub:

User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Re: Monster Hunter Rise Sunbreak Table

Post by Setzer »

If anyone is using this table and any of these are broken after the patch, let me know. I wasn't able to bindiff the two executables because they're too large to even export from Ghidra. 🙃

If they are working, also let me know lol. I'll go through and actually test myself at some point as well.

nolook889
Noobzor
Noobzor
Posts: 8
Joined: Wed Feb 02, 2022 3:34 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by nolook889 »

:(

SiriXD
Noobzor
Noobzor
Posts: 14
Joined: Sun Jul 07, 2019 11:00 am
Reputation: 2

Re: Monster Hunter Rise Sunbreak Table

Post by SiriXD »

They don't work since Title update 2.

User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Re: Monster Hunter Rise Sunbreak Table

Post by Setzer »

SiriXD wrote:
Mon Oct 03, 2022 2:59 am
They don't work since Title update 2.
I just took the time to check and I'm not sure what you mean. Most of the scripts seem to be working (except for a couple I doubt anyone uses. Correct me if I'm wrong) and I've updated the currency pointers.

User avatar
killykyn
What is cheating?
What is cheating?
Posts: 3
Joined: Tue Oct 04, 2022 11:57 am
Reputation: 0

Re: Monster Hunter Rise Sunbreak Table

Post by killykyn »

First off i want to say thanks this is huge for me the voucher cheat is good so i dont spend 8 dollars on one which is a scam from capcom.
secondly is there anyway to add a name change in your table to change the hunter's name ?
thx for this though its awesome.

User avatar
Setzer
Noobzor
Noobzor
Posts: 10
Joined: Wed Aug 31, 2022 1:45 am
Reputation: 5

Re: Monster Hunter Rise Sunbreak Table

Post by Setzer »

killykyn wrote:
Tue Oct 04, 2022 11:59 am
First off i want to say thanks this is huge for me the voucher cheat is good so i dont spend 8 dollars on one which is a scam from capcom.
secondly is there anyway to add a name change in your table to change the hunter's name ?
thx for this though its awesome.
Hey, yeah, I might be able to make that happen. I have seen that the name is written out during the save process, so it's possible that you could save and reload with a new name to change it.

I unfortunately haven't been successful with either decrypting or bypassing the save process yet :')

Post Reply

Who is online

Users browsing this forum: AhrefsBot, Bing [Bot], BSWeaZL, creditor, czarnozeby, Einsen, elreydejordania, Empyrial, FunFastEfficienttt, Google Adsense [Bot], moryabro, Onidurum, p_Directive, Reaper1222, SubtleIQ, tampy, xXLashkeXx, Yosso