 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
| 0 users currently in ROM Hacking. |
| Acmlm's Board - I3 Archive - ROM Hacking - Hack a game withouth editor |
New poll |  |  |
| Add to favorites | Next newer thread | Next older thread |
| User | Post | ||
Shiryu Gungun                   Since: 02-24-06 Last post: 6289 days Last view: 6287 days |
| ||
| I want to make a level hack of the NES Gradius, but there aren't any level editors and I couldn't find anything in google... anyone can tell me how can I find the level data and what tools I need? Thanks. | |||
Dragonsbrethren   440    Since: 12-01-05 From: New Jersey Last post: 6474 days Last view: 6474 days |
| ||
| From what I hear a popular method is to mess with FCEUXD's NES memory editor, I've never tried it myself. Most maps I've dealt with use simple RLE for compression, they have a tile number followed by how many of that tile to print. | |||
VinceIP Blue Octorok Since: 05-29-06 From: Ohio, USA Last post: 6455 days Last view: 6455 days |
| ||
| Basically, you should just mess around with different suspicious data and see what happens, then record any oddities and findings. If you somehow compile enough data about levels and how they are formatted, you could try writing an editor yourself or request one. | |||
Guy Perfect Since: 11-18-05 Last post: 6289 days Last view: 6287 days |
| ||
| For finding resource data, I am confident that perhaps the most effective method is to use a controlled series of corruptions.
Let's say that you have a super-huge ROM file that is 12 bytes large: 16 1B 83 81 9B 6C AE 94 6B F3 62 4B And that you're looking for level data. Let's pretend that the level data in question are the bytes 6B F3 in that "file" above. First, corrupt the entire second half of the ROM. That's where the programming usually isn't, so you won't likely cause the game to crash. Use 0x00 or some other controlled value. The file will look like this: 16 1B 83 81 9B 6C 00 00 00 00 00 00 Now play the edited ROM in an emulator. Did the data you're looking for change? Yes. In fact, there's no level data whatsoever. So now you know that it's in the second half of the ROM somewhere. So take only the second half, and corrupt the latter half of that; effectively the fourth quarter of the ROM file. What you get is this: 16 1B 83 81 9B 6C AE 94 6B 00 00 00 Play that in an emulator, and you'll find that the first half of the level is correct, but the second half of the level is all messed up. You know from this observation that the area you corrupted is part, but not all, of the level data you're looking for. Doing multiple corruptions in this manner will enable you to find most kinds of resource data in ROMs fairly easily. I've used this method to crack level data multiple times. |
|||
|
Kyoufu Kawa Intends to keep Rom Hacking in one piece until the end  Since: 11-18-05 From: Catgirl Central Station Last post: 6287 days Last view: 6287 days |
| ||
| Ah, binary tree search... how I love thee so. | |||
|
Shiryu Gungun Since: 02-24-06 Last post: 6289 days Last view: 6287 days |
| ||
| The corruption thing always crashed, so I tried to mess with random data in TileMolester, Hexecute and virtual nes memory viewer. I found in TM some vertical lines, I guess that's the level data. I messed up with it and I messed the whole level (it crashed the first time, but the second it modified some enemies positions)
Thanks for your help ^^ |
|||
|
Kyoufu Kawa Intends to keep Rom Hacking in one piece until the end Since: 11-18-05 From: Catgirl Central Station Last post: 6287 days Last view: 6287 days |
| ||
| Always crashed? You should keep searching. Keep track of the blocks you've had. | |||
|
Guy Perfect Since: 11-18-05 Last post: 6289 days Last view: 6287 days |
| ||
| With the binary elimination search, you'll get a series of Yes's, No's and Maybe's.
Example... Let's say that you corrupt the Xth/Nth of the ROM... Such that "3/4" would read as the "third fourth" 2/2 Corrupted: Game Crashes -> Maybe 4/4 Corrupted: No Change -> No 3/4 Corrupted: Game Crashes -> Maybe 6/8 Corrupted: Change Made -> Yes 12/16 Corrupted: No Change -> No See how that's all kept track of? If I make those observations, I can tell just from that that what I'm looking for is in the "eleventh sixteenth" of the ROM. You just have to be patient and be careful with what you do. EDIT: To clarify, this is what will happen to the file when you corrupt it as mentioned: 2/2 Corrupted: ########00000000 4/4 Corrupted: ############0000 3/4 Corrupted: ########0000#### 6/8 Corrupted: ##########00#### 12/16 Corrupted: ###########0#### Notice how the amount of potential ROM space is eliminated by half each time, regardless of what the result is. Even for a 64MB file, it could only take you 26 passes to narrow down to a single byte in the file. (edited by BGNG on 06-25-06 01:15 PM) |
|||
Unicorn_Poop Micro-Goomba Since: 12-21-05 From: Knox-Vegas Last post: 6461 days Last view: 6461 days |
| ||
| I haven't done any NES hacking in a while, so I don't know what tools you have at your disposal. However I suggest the following:
Find a good emulator that allows you to view all of the NES's RAM and ROM and that can set breakpoints when specific memory locations have been accessed (Read, Written to, or Executed). Next, search in RAM for the place where level data is loaded. This really shouldn't be that hard to find. It should be a rather large chunk of RAM that is only changed during level transitions. Just systematically corrupt what you think may be level data and look for changes in the level. Once you have found the level data in RAM, set a breakpoint for any location in the level data that will halt the program when written to. When the program does stop, look at what code is being executed. You have just found the decompression routine (if there is one, or the equivalent program that writes data from ROM to RAM). Since the decompression routine needs something to work on, just examine the ASM and the current state of the processor and bingo! you should find the ROM address for the compressed level data being accessed for that specific level. In addition you will have gotten a good start on understanding the compression parlance used to compress the data. From there you just have to figure out what the level data represents (i.e $00 = Empty Sky, $01 = Wall, $02 = Floor, ...etc...) Enemies are a completly different story. Every game handles them differently, and they are most definitly not part of the physical level data. However, just apply the same method above and you should figure things out eventually. Unfortunately this method requires a little knowledge on ASM, but knowing assembly is your most powerful tool as a hacker. It really isn't that hard to learn, just very different. In addition, this will only show you how to find the built in level data, not how to create your own fully customized levels. So unless you spend a lot of time figuring out how to load the game engine to do what you want it to do (which is very rewarding), you will only be able to edit levels within the original memory and level constraints. I hope this helped. Feel free to ask questions. |
|||
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6288 days Last view: 6288 days |
| ||
Corrupting half the ROM is likely going to crash it.  I like to stick to corrupting one bank at a time, then start narrowing down when you find the bank that has the effect you want.
Also it's good to use a value like 0x20 instead of zero or random, because it's easier to tell what's changed. Suppose you use zero and when you start the game, your character is standing on nothing. How do you know what you did? Maybe you wiped out the level, the tile arrangements, the palettes, the graphics, etc. With 0x20 it should be easier to tell. If you wiped the level you'll be standing on garbage; if it's tile arrangements the level will be just the same 8x8 tile over and over; if it's palettes everything will be an odd colour, and if it's graphics, usually all of the graphics will be reduced to vertical lines. |
|||
Celice Gordo  Since: 11-17-05 From: Oroville, CA Last post: 6292 days Last view: 6288 days |
| ||
| For the NES, one could try saving a stipped iNES ROM with FCEUXD. Works, but not all the time (from what I've found).
One thing I always look for when looking forany kind of data is their pointer tables: you should be able to find them easily. I just change a few bytes, open my ROM, and see if I found the right one(s). |
|||
|
Guy Perfect Since: 11-18-05 Last post: 6289 days Last view: 6287 days |
| ||
| If you look at a ROM in a graphics viewer, you can genrally spot pointer tables by the presence of vertical lines. That's what pointer tables look like when expessed as pixels. | |||
|
Shiryu Gungun Since: 02-24-06 Last post: 6289 days Last view: 6287 days |
| ||
That's a good idea, I'll try that.
Thank you again for your help ^^ About my current progress: For what I've found, levels seem to be made like the objects in SMB that edited if the next part was a hole, had celling, etc. but there are ones for each different height part (I think there are only up and down parts but I don't know.) Also the places I recognized were completely intact, but in other positions... that confuses me a bit... here are two screenshots of the same position of the level Original 
Edited 
I'll make a thread for this when I get enough data to know what I'm doing XD (edited by Shiryu on 06-25-06 08:33 PM) (edited by Shiryu on 06-25-06 08:35 PM) (edited by Shiryu on 06-25-06 08:37 PM) |
|||
drjayphd Torosu OW! BURNY!  Since: 11-18-05 From: CT Last post: 6290 days Last view: 6288 days |
| ||
Originally posted by BGNG Not only that, but you'll be able to knock out a good chunk of the ROM by finding the graphics. Won't necessarily be able to say what they are, but you can tell what isn't there. |
| Add to favorites | Next newer thread | Next older thread |
| Acmlm's Board - I3 Archive - ROM Hacking - Hack a game withouth editor |
| |
