 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
| 0 users currently in ROM Hacking. |
| Acmlm's Board - I3 Archive - ROM Hacking - Favorable Hacking Techniques - Hacking For Dummies |
New poll |  |  |
| Add to favorites | Next newer thread | Next older thread |
| User | Post | ||
Guy Perfect                   Since: 11-18-05 Last post: 6285 days Last view: 6283 days |
| ||
| Forward:
The contents of this post have changed somewhat. Instead of it being a list of my own personal favorite techniques, it has become a list of various contributors' favorite techniques. I'm calling it the "Official List," even though there haven't been any official decisions, nor is there any entity to represent its officiality. Regardless, this is a community effort. Yeah, I've just become obsessed with more of my awexome neologinations. On a more serious note, however, I feel this forum could use a directory of hacking techniques. So let us put our heads together and share our favorite methods of hacking ROMs. And I don't mean making mods, just to clarify. This is for locating and decoding actual ROM data in a ROM that we might not know anything about. I'll start! Official List o' Favorable Hacking Techniques Favorable Hacking Technique #1: Look for Documentation If possible, try to find if anyone has already hacked the ROM and made a/some document(s) on it. If the work has already been done, then using someone else's notes can quite easily be a great solution. As such, make sure you always take good notes when hacking ROMs. Someone else might have to read them. BONUS: Favorable Hacking Technique #1½: Ask for Documentation If documentation isn't on the internet, don't be afraid to ask around for it. This forum is a good place to do so. Just because no tangible document exists doesn't mean no one did the work. It just simply might not be out there on Google. See if anyone has personal assistance to provide. Favorable Hacking Technique #2: Use an Existing Editor If no documentation is available, but an editor is, then you can do some reverse-engineering on the editor instead of the ROM itself. This will save many troubles down the road since it at least is a guarantee that you'll find the locations of resource data. Use a searching tool that can detect differences between files. Each byte that is different after using an editor is useful information. Favorable Hacking Technique #3: Do a Text Search After locating the level data for the first course in the Jack Cup of F-Zero X, I opened it up in a hex editor and found the word "JACK1" staring me in the face. No matter what kind of data you're looking for, at least try some simple ASCII searching. You'll never know what will come up, and it may very well make your job a lot easier. Favorable Hacknig Technique #4: Corrupt the ROM A corrupter is a program that can set a region of a ROM to a given value. For example: It can set all bytes from 0x00A0 to 0x00B0 to the value 0x78. Using one of these can help find resource data. Just change some bytes and load the resulting ROM in an emulator. Did your resource change? Then the bytes you changed are in part a part of the resource. BONUS: Favorable Hacking Technique #4½: Binary Elimination via Corruption Fancy words! You can exponentially locate resource data in a ROM by carefully corrupting the ROM. Start at the end and work your way to the beginning, since game program data is typically at the beginning of the ROM. Set the entire second half of the ROM to 0x00 using a corrupter. Load the result in an emulator. If your resource did not change, then you know that it is in the first half of the ROM and you can repeat the process. If your resource did change, then you know that it is in the second half of the ROM and you can repeat the process. It's a win/win! Favorable Hacking Technique #5: Do a RAM Search RAM can be used to locate data in ROM. Once you find out what some of the resource data looks like, you can find out more information by looking for it in RAM once the game is loaded into an emulator. In F-Zero X, some data in ROM is referenced with a pointer table full of RAM addresses, which isn't too helpful. Searching for the data in RAM allowed me to find the RAM addresses, which in turn helped me locate the pointer tables in ROM. Isn't it great how this all comes full-circle? Favorable Hacking Technique #6: Find Data with ASM (Provided by Euclid) Using varoius Assembly tools like a simple disassembler or a tracer can help you figure out what code is doing what. If you know where resource data is stored, for example, but don't know how it's being used, following the program code through each individual instruction can be very beneficial to helping discover how the data is used to represent various parts of the game. Favorable Hacknig Technique #7: Find the Differences Once you locate ROM data, carefully change it bit by bit and look to see what it does in an emulator. If it's level data, check how the level has changed. If it's compressed data, RAM mapping is always a good thing to have since you'll see the differences in how it was decoded. There is no better way to find out what happens than to make it happen. Favorable Hacking Technique #8: Use a Cheating Device (Provided by fzeroman) Using a GameShark or other such cheating device to force values in RAM to do certain things can be used to trace backwards where the data came from. In F-Zero X, for example, there are codes to alter the machines' stats such as weight, grip performance, booster configuration, etc. By analyzing the default values of the RAM segments altered by a cheating device, a chunk of data can be found which can also be found in ROM. In this manner, a RAM-altering cheat code can be patched to a ROM as well as help to locate said data in ROM. Also, I felt it might be a good idea to make a list of things that are NOT good things to do when hacking a ROM: Official List o' Unfavorable Hacking Techniques Unfavorable Hacking Technique #1: Request an Editor Foo'! Like anyone has much time to take from their projects to make one for you. If you aren't willing to look into the ROM to find the data to make your own editor, then you're just a lowly fan mod artist. Begone! Unfavorable Hacking Technique #2: Remove Data Never, ever, ever delete a region of bytes from a ROM. This will not likely help you find what you're looking for, but it will likely cause the game to crash. Assembly is full of jump instructions, just like Evil Knievel. And you know what happened to him when he missed his landing ramp. CRASH! Unfavorable Hacking Technique #3: Use Source Code You Don't Understand Magic wands are a nice thing, but they're useless if you're useless. If someone starts hacking a game and has some utilities out there, the most you're likely to be able to do with them is more of what they can already do. If you don't know what the source code is doing, find out. Otherwise, there's no way you can make improvements. Unfavorable Hacking Technique #4: Forget to Start at the Beginning If you've never hacked anything before, don't come into a forum and say "How do I hack this game?" The minute someone tells you to "search" for "bytes," you may very well get confused. Approach it from the ground up. Learn some techniques (like the ones listed on this page) before attempting to hack a game. There. I think that does it for now. Now you guys post what you like to do. I doubt I've covered everything. (edited by BGNG on 03-08-06 04:29 PM) (edited by BGNG on 03-08-06 04:31 PM) (edited by BGNG on 03-09-06 08:13 PM) (edited by BGNG on 03-09-06 08:17 PM) |
|||
Euclid Since: 11-17-05 From: Australia hmm... Last post: 6289 days Last view: 6283 days |
| ||
| One more to add.
Finding data with ASM If nothing is available, and you suck at corrupting (like me) and you understand asm, go ahead and start reading code from a trace log (of course do this after ram search, and a tracer is present.) If you have hacked a game before, try to draw your experience from that game, though chances are all the formats and stuff is wrong, but you will know what variables you'll need in the ram to do something. If you're a good programmer, that's also a plus, you can guess how the code should look like before even tracing it. |
|||
|
Guy Perfect Since: 11-18-05 Last post: 6285 days Last view: 6283 days |
| ||
| Along with what Euclid said, make sure you have an emulator that allows for various debugging functions like execution tracing and RAM searching/display.
Nemu64, for example, doesn't play the PAL version of F-Zero X with graphics, and it doesn't draw the course polygons for the other versions. Not good for playing the game, but the RAM search worked and was invaluable to my hacking efforts. |
|||
Omega45889 Shyguy Since: 11-18-05 Last post: 6316 days Last view: 6331 days |
| ||
| An interesting thread. I do have a utility to contribute to it, and i will do so as soon as it is complete. (edited by Omega45889 on 03-08-06 08:26 PM) |
|||
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6283 days Last view: 6283 days |
| ||
Originally posted by BGNG And if both of these cause the game to crash?  It's far more likely to work if you just corrupt one ROM bank (or half of one) at a time, and start narrowing it down once you find interesting results. It's also important to remember than just because the resource in question changed doesn't mean you found it - you could have messed up some code, graphics etc that caused it to look different. |
|||
Metal Knuckles Tendoru  Since: 12-21-05 From: New Hampshire Last post: 6283 days Last view: 6283 days |
| ||
| *Elects this topic for a pinning* | |||
dormento Red Goomba Since: 11-18-05 Last post: 6436 days Last view: 6283 days |
| ||
| ...awexome neologinations...
Mmm, groovy. I really think it deserves a sticky. |
|||
insectduel Lantern Ghost Not welcome here anymore.  Since: 11-18-05 From: Bronx, New York Last post: 6526 days Last view: 6321 days |
| ||
| That's exactly what I'm doing. It felt good doing it too. No notes equals lack of hacking your favorite game. (edited by Kirbynite on 03-09-06 02:33 PM) |
|||
|
Mega-Dog Since: 11-19-05 From: Minnesota Last post: 6304 days Last view: 6286 days |
| ||
| Mine would be picking an random hex offset and bashing my head on the keyboard in fustration to corrupt it and see what happens... | |||
|
Guy Perfect Since: 11-18-05 Last post: 6285 days Last view: 6283 days |
| ||
Originally posted by HyperMackerelI guess I should have clarified that if you find inconclusive results, then start the next step down. If corrupting either the first and second halves of the ROM causes the game to crash, then move onto the fourth quarter instead. Eventually (and I speak from experience), you'll probably end up finding that it's just one byte (or a small number) that makes the game crash. Once you find out where it is, you can skip over it. Changing some resources might appear to change the target resource without actually doing so. This is where it's important to think carefully about what you've found. In F-Zero Maximum Velocity, for example, the horizons are made up of a series of different image elements. After corrupting the ROM, let's say the horizon became totally black. Could this mean that part of the corrupted bytes were the horizon definition data? Yes. But don't assume that it is, since it could just as well have been that you overwrote the image data used for the horizon (thusly making it all black) and the horizon definition is actually somewhere else. There are no definites when it comes to ROM hacking, but it's the techniques that are important. Every ROM you'll ever hack will teach you something new. |
|||
fzeroman Micro-Goomba Since: 01-15-06 Last post: 6615 days Last view: 6615 days |
| ||
| just to let my hacking technique be more know even thought it might take a year or 2 to descover what you want
search as many addresses as possible search mostly every value as well yes it is time consuming but just look at what ive descovered the super/custom cars in the f-zero x rom and who knows you might find more interesting this in there dont be discouraged plenty of address will crash or be the same/slighty diffrent if need be try a random search or test codes that have already been discovered chances are theres something else there by the way the best method is testing addresses in project 64 or any other emulator cause you can test way faster than you would on the console |
|||
|
Guy Perfect Since: 11-18-05 Last post: 6285 days Last view: 6283 days |
| ||
| Ah, yes. Interesting point. Using cheating devices like GameShark to take note of which values change in RAM to which events can be useful in finding groups of data in ROM. An abstract idea, but I'm gonna put that up as one of my official Favorable Hacking Techniques.
So without further ado, thanks to fzeroman's comment, I make an ammendment: Favorable Hacking Technique #8: Use a Cheating Device Using a GameShark or other such cheating device to force values in RAM to do certain things can be used to trace backwards where the data came from. In F-Zero X, for example, there are codes to alter the machines' stats such as weight, grip performance, booster configuration, etc. By analyzing the default values of the RAM segments altered by a cheating device, a chunk of data can be found which can also be found in ROM. In this manner, a RAM-altering cheat code can be patched to a ROM as well as help to locate said data in ROM. I have added #6 and #8 to the list in the first post of this thread and renumbered the old #6 to #7. Thanks, fzeroman and Euclid! |
|||
|
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6283 days Last view: 6283 days |
| ||
Originally posted by BGNG That's what I was saying. I like to use values like 0x01 or 0x20 when doing corruption; this generally makes it a bit easier to see what happened. Take an ordinary top-down RPG for example: if you were to corrupt graphics, you'd see several graphics replaced with straight lines (assuming they aren't compressed). If you hit TSA, you'd see a lot of different objects that use all the same tile. If you corrupted the map itself, you'd be in a map made entirely of one repeating tile (and in most games, the collision data would reflect this). Using 00 would net pretty much the same results for all 3. Random data works well too, but that makes it impossible to recreate the effect. What's even better is if you know of an ASM instruction which is invalid (0xEB on the Gameboy, for example), and test in an emulator which reports these. This way if you corrupt code, when it's executed, you're likely to get an error along the lines of 'invalid instruction 0xEB' within the area you corrupted. |
|||
|
insectduel Lantern Ghost Not welcome here anymore. Since: 11-18-05 From: Bronx, New York Last post: 6526 days Last view: 6321 days |
| ||
| You know I was thinking. Since you made all these tips in the forum, I kinda need your ideas to host it on my site. It's easier for them. | |||
KeiiChi Kun Leever Learn some manners. Password changed to gibberish and IP banned. Since: 01-01-06 From: Sushi Bar Last post: 6296 days Last view: 6296 days |
| ||
| Why the hell isn't this topic stickied yet? | |||
Xenesis Blipper  Since: 11-19-05 From: Australia Last post: 6284 days Last view: 6283 days |
| ||
| I think one point that's important but hasn't been mentioned is this:
Know as much as you can about the game before you begin hacking. Eg: When I learned to hack Advance Wars 2, I already had an encyclopaedic knowledge of the commander's stats and abilities. That made discerning a lot of things a lot easier, as I could link back numbers and data that I'd found to specific places. Also, think about ways that data for something could be stored. Would it just be a string of numbers, or an ID number or something like that. A little foresight and knowledge can make hacking a lot easier because it makes it easier to notice changes, details or find nuances you wouldn't notice otherwise. It's a lot harder to work on a game that you know very little about, because it takes longer to notice any changes you've made because of a lack of familiarity. Now, I've kinda mangled my wording, but you get what I mean. |
|||
|
Guy Perfect Since: 11-18-05 Last post: 6285 days Last view: 6283 days |
| ||
| Like Xenesis said, knowing the exact numbers for things beforehand is very helpful. This is especially true for RPGs. If possible, obtain an official strategy guide for an RPG before hacking. That way, you'll have all the exact numbers for enemy HP and what-not. | |||
Parasyte + Red Paragoomba Since: 01-05-06 Last post: 6604 days Last view: 6604 days |
| ||
Learn to use a decent debugger and all of your problems will vanish. OK, not all; You'll still never finish your project in just your free time. 
I think a good debugger is the most useful of all hacking tools. Of course, if your emulator of choice does not have a good debugger, write your own! As with all things that are lacking, creating your own tools (either as a replacement for an existing tool or just because you have no choice) is easily my hacking tip. And well, if you can't program, find someone who can or study up so you may begin the process. |
|||
Imajin Bot Local Moderator Currently affected by 'No syndrome' ---!!!  Since: 12-05-05 From: Camineet, Palm Last post: 6284 days Last view: 6283 days |
| ||
| Hm, I've recently attempted to look for data in a certain SNES game (Donkey Kong Country 3), but my efforts have been worthless with corruption, however I know little about the "higher" techniques of finding data. Are there any guides out there specifically geared to finding data in SNES games? |
| Add to favorites | Next newer thread | Next older thread |
| Acmlm's Board - I3 Archive - ROM Hacking - Favorable Hacking Techniques - Hacking For Dummies |
| |
