EvilEngine/PowerUp Event Exploit

From Heavy Iron Modding

The events GivePowerUp (in Battle for Bikini Bottom and onwards) and UpgradePowerUp (in The SpongeBob SquarePants Movie onwards) can be used to increment arbitrary bytes in memory by adjusting the first argument supplied to the event, as first demonstrated by Seil in January 2023.

Normally, the argument supplied to these events is within a small range, and is intended to give the player specific powerups based on the argument. However, it was shown that the argument supplied to these events is used as an index in a byte array, but the index is not restricted, meaning that the Link creator can modify arbitrary bytes within the system's memory, essentially allowing mod creators to utilise Action Replay codes, without requiring the mod player to enter it manually.

For example, in The SpongeBob SquarePants Movie NTSC GameCube version, sending the GivePowerUp event with an argument of 4815 will cause memory address 0x804AF828 to be incremented from 0 to 1, enabling the game's debug fly mode.

Disabling the UpgradePowerUp limit

By default, UpgradePowerUp can upgrade a move from Normal (1) to Macho (2), or increase the number of Health upgrades (increment a byte up to 3). Any memory addresses outside of the normal range are treated as a Health upgrade and can only be incremented up to 3 and no higher. However, using a hack that modifies the instructions in memory that limit the value to 3, we can increment the byte to any desired value.

Disable UpgradePowerUp limit (The SpongeBob SquarePants Movie, GameCube, English)

GivePowerUp -3613300.0000
GivePowerUp -3613291.0000
GivePowerUp -3613263.0000

Base Memory Addresses (GameCube)

Base addresses for the events in each Heavy Iron Game with the exploit.
Battle for Bikini Bottom The SpongeBob SquarePants Movie

TODO: Add addresses for subsequent games (Incredibles, ROTU, Rat Proto) assuming the exploit still works.


While the exploit is powerful, it does have some limitations.

  • Currently, the UpgradePowerUp is only known to increment a byte, and cannot decrement it—therefore, if a byte needs to be decremented, it will have to be incremented until it overflows, and then incremented back up to the desired value. This means changing a single byte can require up to 255 links, which is the maximum allowed on an object, so some memory modifications will need the links to be separated over multiple objects.