Hello guys!
I'm new here but I was watching this site for a long time (6-7 years
).
I have a question for you from a total noob, I have some nes hacks pretty awesome and I'l like to ask you how they were made.
https://www.youtube.com/watch?v=R8VpR1sgYqY Look at this hack DB 3 Rosetta Stone... how is that even made? How can you hack a game and use its bosses? What you need to know? You need to use debugger, assembly or what? I'm total lost with debugger. Any answear will be appreciated.
Thanks a lot and sorry for this english xD (not native speaker).
What is your native tongue?
Quote:
how is that even made?
Lots of hard work.
You would need to identify the code and graphics for each boss, and redirect the hero's code to use that instead of his own.
Probably, you would disassemble the ROM, and run the game in a debugger with CDL (code/data logger) running, and mark each bit of code that each boss used, and which code the hero uses, etc. Rewrite and reassemble.
It could take a year, or more.
This would not be a first project. It would help if you studied 6502 opcodes, NES architecture, game cartridge mappers, and reverse engineering techniques.
Sounds like you need a lot of work...
But, my last question is:
When you use a debugger, lets's say Mesen's debugger, how can you find a specific value for speed or for special attack, for changing how powerfull your character to be and stuff like that.
You guys have any idea?
Best wishes,
fourtwenty.
This is a long discussion.
First, it would help if you knew what you were looking at (in a disassembly window). So, study all the opcodes of the processor. Study all the hardware registers.
Then you want to isolate the exact moment that an event happens, with save states. If you save the game at 1 or 2 frames before "a speed value changes", you can then do a trace on those 2 frames, and see all the code that occurs, then you read every line, and write down every RAM address that it could be, and then test every one, one by one.
Or you could try the corruption method. And just poke at every RAM address, one by one, and take notes about what happens. Eventually you will get lucky and find it. Really, you only have about 1500 (0x600) addresses to test.
It's boring and slow, but it works.
My two prefered methods for the first steps of reverse engineering a rom's code are:
1 - use cheat search to find relevant ram addresses and locate in rom where they are manipulated.
2 - "comment" (replace with EA EA EA) jsr's in certain loops marked by code data logger, for example, in a main menu, and detect what behavior changed. This usually does not break the game and is great for doing broad RE.
After that it is more tedious, but I find fceux's debugger great for mapping everything, labeling rom and ram addresses and adding bookmarks.
Sound easy
But, sounds easier if you could make a tutorial... let's say super mario bros, make it to jump higher, do a tutorial with trace logger, debugger and stuff... only to have a little clue from where I can start.
Best wishes,
fourtwenty.
Attachment:
VennDiagram.png [ 26.09 KiB | Viewed 5237 times ]
I don't have time. Maybe some future day.
I was exaggerating a bit on the 1500.
If I can get a save state exactly before an event happens, I can look at the RAM, and reload the save state over and over, and I can usually narrow it down to about 50 just by watching how values change.
That still takes an hour.
koitsu wrote:
Attachment:
VennDiagram.png
Nice one, but in theory, I know how an airplane is made but i can't make one.
If someone can make a good tutorial about how can you get specific values in debugger would be great.
I mean how can I find values of Mario jump, to change how high you can make him jump.
Sorry if i'm too noob for skilled hackers/programmers like you (i'm a total noob at this, I can't understand this debugger things, but I was amazed about these games since I was child).
Best of luck,
fourtwenty.
I wrote this:
viewtopic.php?p=138364#p138364It's debugger agnostic, because different emulators have different debuggers and controls. FCEUX's tools, RAM Search allows one to narrow down values as described in that post.
Debug, Debugger opens a way to find the code that changes these variables. Add, under breakpoints in the top right lets you set the conditions. If the above information doesn't get you there, I mean... Understand that there's not much incentive to write about how to specifically change Mario's jump height, because it ends up glossing over lots of the prerequisite knowledge.
I don't consider hacking to be a good first step to programming, because hacking often relies on intuition that only comes with rather extreme programming experience. Modifying open source things is a slightly better start, because then at least you can get some of the intention of what's there. (Variable names, comments.)