 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
1 user currently in Rom Hacking:  hukka |
| Acmlm's Board - I2 Archive - Rom Hacking - F-zero Maximum Velocity & GP legend |
 |  |  |
| Pages: 1 2 3 4 5 6 7 8 9 10 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| User | Post | ||
|
firemaker Level: 26  Posts: 139/247 EXP: 94178 For next: 8097 Since: 03-23-04 From: UK berkshire Since last post: 17 days Last activity: 11 days |
| ||
i think, iill show you this picture and yes it maches the memory but what i was talking about was the actual pices used to build up the tracks (the ones that were made out of the memory dump) the place where the tiles are made into bigger tiles. the memory dump stuff is at the address 361000 take a look at it with a tile editor set to 8 bpp as u can see things need to be colorised!! (edited by firemaker on 08-03-05 12:48 PM) |
|||
Heian-794 Red Super Koopa Level: 44 Posts: 781/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| Firemaker, your picture isn't showing up, but I found it in this page's source: http://www.freewebs.com/njosprites/tle.jpg Those are indeed the track parts we were looking at before. Any ideas on how they're put together? Maybe the course data compresses them somehow? I'll have to have a go at that tomorrow; it's getting late now!  ;Great work, though; where are all the other F-Zero fans? BGNG is carrying us here! |
|||
|
firemaker Level: 26 Posts: 140/247 EXP: 94178 For next: 8097 Since: 03-23-04 From: UK berkshire Since last post: 17 days Last activity: 11 days |
| ||
| i think they are compressed. if you look at the data before it seems that if you use a corrupter and let say corrupt from 360a00 to 3610000 with all the same byte it still has dfferent outputs. sorry about the grammar (edited by firemaker on 08-03-05 01:54 PM) |
|||
|
Heian-794 Red Super Koopa Level: 44 Posts: 782/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| Firemaker, if the graphics data are at 360A00 and later, and you corrupt that, you won't solve anything; you'll just make the course look weird. What you want to do is corrupt the areas where the game actually uses those tiles to form the courses. BGNG has listed them on the previous page: Offset Course..... Size ------------------------- 1C872A Knight 1.. 1,832 1C8E52 Knight 2.. 2,910 1C99B0 Queen 4... 2,596 . ... 1CE410 Pawn 1.... 2,014 . ... These are the areas that you want to try corrupting, and see how the bytes here relate to the course graphics that you found and the actual stuff on the course map. |
|||
BGNG Snifit Level: 22  Posts: 196/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| "Floor Something" is definitely the tile set for the floor. Likely a pointer to the data in ROM where the tiles are stored. The "Horizon Something" entries will, in no parcicular order, be the three following things: Tile data pointer, Horizon definition pointer, Unknown. The data at 08360B0C and 08364B0C are the following:  The top one is 08360B0C and the bottom one is 08364B0C. That's the exact same spot in the ROM, ecept that one is a single tile before the other. It appears to be the generic "course sides, ramps and land mines" tile set, but there's no telling why Silence uses it one tile off. |
|||
|
Heian-794 Red Super Koopa Level: 44 Posts: 783/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| Incidentally, BGNG, could you give more details of how you implemented the Silence track? I pasted the Silence course definitions from the area following 2B4F10 on top of another regular course (Empyrean Colony in my case) and then pasted the actual course data (following 1C872A) over one of the regular courses, taking care to overwrite a course that was smaller, and then filling the unused space with zeroes. The music, horizon, and floor were perfect, but the positioning was totally off. Just like when trying to edit tracks in SNES F-Zero, the car gets pulled towards the course if you're not on it (through the walls if need be) -- I found myself in an open purple field, with the car being gradually drawn to a distant part of the course. Once on the course, the walls didn't function and I could drive right into them, being immediately gravitated to another area. Does this mean that there's more course data defining not just points, but walls as well? |
|||
|
BGNG Snifit Level: 22 Posts: 197/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| The walls DO function, but differently than you'd expect. When you run off of the course and into the wall, the game automatically forces you back in the direction of the next path control point (that data I found at 319630 for Pawn 1). That's why, in the game, when you hit the wall head-on, you'll bounce back moving in the direction of the course. I have a huge post earlier, so I don't know if you caught the data... There's another info table at 2C2F20 in the ROM: 2C2F20 - Course Info Table B (28 bytes each) 00 03 - Unknown 04 07 - Path Coordinate Poitner 08 0B - Path Definition Pointer 0C 0F - Unknown 10 13 - Map Sprite 14 17 - Course to load 18 1B - Unknown How convenient, eh? You don't need to move any data around in the ROM. All you need to do is copy some values. Here's what I have prepared so far for the Silence patch (Championship edit) on the English ROM: 00F3B0 = 0C 6F 37 08 'Records mapHere's what that means: |
|||
|
Heian-794 Red Super Koopa Level: 44 Posts: 785/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| BGNG, that worked great! (Though I think I skipped the part where the map is transplanted on to the records screen.) Just finished a 1'53" run with the Stingray and a 1'51" with the Comet, but I haven't thought through any strategies really. I noticed that in the 2C2F20 "unknown" portion at the end, all the courses excelt Silence have 00 00 (Silence has FD 0E). Replacing that with zeroes doesn't seem to harm anything, but it doesn't force the floor background to animate or anything good like that. Also, I've made a patch which contains your Silence addition, plus the new fonts and new background colors for Bianca City. An unfinished work, but if people want to see my additions, I can't sum them up in a few easy steps like yours can! Picture here:  Should I release it, or do you want me to hold off? I just followed your instructions, but then again it is your work, so I don't want to release stuff involving other people's work without permission. One more edit: I noticed that the light on top of the Eiffel Tower-like building in Bianca City only blinks in the "Ultimate Circuit" version of the course. Is there sone flag indicating which courses have animated horizons and which are static? Have we found this yet? OK, this is my last edit today. The main thing we still need to solve in order to edit courses is to figure out how the tiles (referenced by Firemaker) are connected to form the course definitions that BGNG has laid out. In order to make this easier, I drew the positions of some of the tiles on top of the graphics, so that we could see them in action.  Firemaker, we were wondering if the tiles might be arranged like this a while back and it looks like they are. But 2000-3000 bytes isn't enough to hold all these little tiles, so there's some kind of compression. Now how do we crack that...? (edited by Heian-794 on 08-04-05 09:12 AM) (edited by Heian-794 on 08-04-05 09:16 AM) (edited by Heian-794 on 08-04-05 09:25 AM) (edited by Heian-794 on 08-04-05 01:51 PM) |
|||
|
BGNG Snifit Level: 22 Posts: 198/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| The deal with the blinking light is likely to be a trick with a palette change. The information that has to deal with palette changing hasn't been found yet. This will be required to animate the horizons and venue floors (as well as keep things the right color. Any horizon on Knight 2 automatically turns green when the race starts). I don't really see how a person can take credit for a ROM hack. It's not like an original work or anything. You can release a patch if you want, but I suggest you hold it off. There are still two errors to fix. There's not much sense in releasing an unfinished hack. My time on Silence, as seen in a previous screenshot, is 1'38"99. And since I did that in Championship mode, I got a free replay! I recorded a video and uploaded it to MFO: singlepak_bgng_13899.mpg |
|||
|
firemaker Level: 26 Posts: 142/247 EXP: 94178 For next: 8097 Since: 03-23-04 From: UK berkshire Since last post: 17 days Last activity: 11 days |
| ||
Originally posted by Heian-794 Well you're right I'm certain it is compreassion of some sort but how to sort it out is something entirely different. its beyond me. ive never wrked with compression b4!! but i'll see what i can learn about it ----------- the difference between a smart n00b & a stupid n00b is can they be willing to teac themselve things!! |
|||
|
BGNG Snifit Level: 22 Posts: 199/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| The GBA BIOS comes equipped with the following compression codecs, so F-Zero is likely to use one of them: Difference ([1, 2, 3, 4] becomes [1, +1, +1, +1]) Huffman LZ77 RL (look up RLE) The Nintendo logo in the cartridge header and BIOS (seen on the boot-up screen) is stored in Huffman, so you might want to look there first. I just remembered something I encountered earlier... Based on what I observed when corrupting the level data, changing the first few bytes had a HUGE effect on the tiles displayed, where changing the latter bytes only moved stuff around. Additionally, changing some things makes for repeated lines to appear on the tiles, which is implicative of LZ77... So I take back my earlier advice. Now I say: Go for LZ77. (edited by BGNG on 08-04-05 04:09 PM) |
|||
|
firemaker Level: 26 Posts: 143/247 EXP: 94178 For next: 8097 Since: 03-23-04 From: UK berkshire Since last post: 17 days Last activity: 11 days |
| ||
| i was just about to say thhe same thing about the level data. Any advice on how to decode LZ77 (HELP!! IM ASKING LIKE A n00b!!). ill take a look in google and see what i can dig up. | |||
|
BGNG Snifit Level: 22 Posts: 200/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| Looking at Martin Korth's (author of NO$GBA) documentation on the GBA BIOS functions, I've found that a compression file header is required by the GBA BIOS for it to decompress, regardless of which function is called. I'll post in a few minutes after examining the F-Zero Maximum Velocity level data to see if I can discern which type it uses. (edited by BGNG on 08-04-05 05:21 PM) |
|||
|
firemaker Level: 26 Posts: 144/247 EXP: 94178 For next: 8097 Since: 03-23-04 From: UK berkshire Since last post: 17 days Last activity: 11 days |
| ||
| I will see what i can also do (edited by firemaker on 08-04-05 05:09 PM) (edited by firemaker on 08-04-05 05:10 PM) (edited by firemaker on 08-04-05 05:10 PM) |
|||
|
BGNG Snifit Level: 22 Posts: 201/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| Most of the values that I found for the locations of track data matches a table I found in the ROM at 360AB0. However, I made some mistakes in my table, so here's the revised version: 1C872A Knight 1 1C8E52 Knight 2 1C99B0 Queen 4 1CA3D4 Pawn 5 1CABBE Bishop 4 1CB436 Bishop 2 1CBCBA Bishop 1 1CC3F2 Queen 1 1CCAD2 Pawn 2 1CD296 Knight 3 1CDC12 Bishop 3 1CE410 Pawn 1 1CEBEE Pawn 3 1CF626 Queen 3 1CFD4E Pawn 4 1D060E Knight 4 1D1100 Queen 2 1D19FA Queen 5 1D2344 Knight 5 1D2CD0 Bishop 5 1D3470 Championship 1D3C30 Single-Pak It does look like the data is in the GBA's version of LZ77 compression. There's no data header, though. Chances are, the game loads the compressed data into RAM and prefixes it with a header itself before sicking the BIOS on it. This is the specification verbatim that Martin Korth documented: Repeat below. Each Flag Byte followed by eight Blocks.This requires some knowledge of how LZ77 works, so you might want to look it up to do anything with this info. It appears that all the data is interleaved instead of having pointers to the compressed/uncompressed data like MIO0 did when I was working with F-Zero X. It ALSO appears as though each block specifies all the tile data in itself and there aren't any pre-defined "track pieces" like the original F-Zero. If this is true, then we will have 100% freedom over what the course looks like. Here's a piccie:  See how only that one spot changed? And see how it changed a LOT? This might be good news for us. EDIT: Following Korth's documentation, I wrote a program to scan through the "flag" bytes in the ROM and calculate how many bytes, depending on the data, should be used to store the data itself. The actual file size for Knight 1 is 1,832 bytes. When I ran my program, it calculated 1,834... I was about to pull out my hair wondering what I did wrong, but then I realized what was going on. It's likely that the final flag byte in the file wasn't used up in its entirety. If there's only 6 bytes left to encode, and you set the flag byte to 0, you can still calculate that 8 bytes need to be decoded, and overshoot it by 2. That's what I believe happened in my program. So if there's just one more byte to encode, then the value of the final flag byte should be 00 and there should be one byte after it, then the file ends. That means that the maximum "overshoot" value should be 7. But in my tests, I was getting overshoots of 10 or so for some courses. Korth's documentation states that flags set to 1 will read 16-bit values as opposed to 8-bit values, so that could signify a trend. If there is only one byte left to encode in a file, and all leftover flags are set to 1, then the value of the final flag byte should be 7F and there should be one byte after it, then the file ends. THAT would mean that the maximum overshoot value would in fact be 14. And indeed, I went through every course in the game and never overshot greater than 14. And I never undershot, either. So my conclusion is as such: The courses are compressed in GBA-style LZ77 I'll get to work on a decompressor and compressor to modify the course data. (edited by BGNG on 08-04-05 05:31 PM) (edited by BGNG on 08-04-05 07:38 PM) |
|||
|
Heian-794 Red Super Koopa Level: 44 Posts: 787/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| Wow, look at all this progress! I never knew much about compression, BGNG; that was very informative. The fact that this game doesn't first create "panels" out of tiles really does let us do whatever we like; this is gong to be great. I can't wait to have a nest of "twist circles" right after a shortcut jump! I made a patch which has the tile number written over some (not all; I'm lazy) of the tiles. Use this and you can see the codes of the tiles as you drive, or for an even clearer picture, select "Map Viewer" in VBA. At first I didn't know if this would work so I wasn't too diligent in making sure that all the numbers were the same size or in the same position; they're pretty ugly but they work. Here's the patch; it works with the English version of FZMV, and in fact contains the other stuff we've been working on such as Silence Championship, new fonts, and new backgrounds for Pawn 1: http://www.geocities.com/heiankyo794/Silence_NewFont_TileNumbers.zip |
|||
|
BGNG Snifit Level: 22 Posts: 202/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
| Some conclusion, eh? Turns out that by setting the offset to nearly anything in the range of offsets I need ends up... mysteriously... not undershooting or overshooting by 14... somehow... And I wrote an LZ77 decompressor. It works. I have painstakingly verified this. The thing is, though, the data doesn't work with it. It likes to specify a disposition value that's WAY too big... Consider the following picture:  That's a heftily altered Tenth Zone East. And it looks like it is, after all, made up of little 8 |
|||
|
Heian-794 Red Super Koopa Level: 44 Posts: 788/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| BGNG, that's too bad that the compression isn't something readily decodable. Are you familiar with how the SNES F-Zero compressed 2x32 rows of tiles into strips before making bigger panels of 32x32 tiles? I don't think anyone really cracked that compression, though VL-Tone of these boards made some progress. You can see more on that here: http://board.acmlm.org/thread.php?id=821; look for VL-Tone's June 6 and 7, 2004 posts. There are many from Firemaker and myself as well. I can't quite tell from the picture, but if blanking out 16 bytes results in 16 two-tile-wide rows being altered, we might be looking at the same kind of scheme. |
|||
|
firemaker Level: 26 Posts: 145/247 EXP: 94178 For next: 8097 Since: 03-23-04 From: UK berkshire Since last post: 17 days Last activity: 11 days |
| ||
Originally posted by BGNG so i take it were going to have to diassemble it?? if we do then i am going to have to teach myself both ARM & THUMB (edited by firemaker on 08-05-05 08:07 AM) |
|||
|
Heian-794 Red Super Koopa Level: 44 Posts: 790/896 EXP: 611014 For next: 271 Since: 06-01-04 From: Kyoto, Japan Since last post: 21 days Last activity: 10 days |
| ||
| Would it be helpful to map out the actual, uncompressed contents of a course, tile by tile? For that we would need to know where the first tile is. In the original game, the first tile was at the lower left of the screen's course minimap, proceeding upward for (IIRC) 32 panels and then returning to the second panel from the left on the bottom. When you guys turned the first bytes in a course's compressed code into zeroes, were the cells affected contiguous? BGNG's pictures look like they are, but if another part of the course far away were also affected despite being close by byte-wise, that would be a problem. Do either of you have any leads, or should I start mapping out each tile for one of the courses? Edit: I just downloaded Maple, the instrument sample ripper, from another thread here , and it reveals the locations of all the samples used in FZMV! The first one starts at 5B840 and the last one starts at 121680, so presumably we can eliminate that whole area of the ROM as having course data in it. (edited by Heian-794 on 08-05-05 11:55 AM) |
| Pages: 1 2 3 4 5 6 7 8 9 10 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| Acmlm's Board - I2 Archive - Rom Hacking - F-zero Maximum Velocity & GP legend |
| | |
