Hacking the ST rom...

11011121416

Comments

  • undamnedundamned Wake up! Time to die! Joined: Posts: 1,686
    edited September 2014
    FaithLes wrote: »
    Hallo. I found this video on youtube showing a Naomi arcade version of Street Fighter Alpha 3 Upper. Can anyone here confirm if this is legit or just a prank?
    Legit. As Jed mentioned, people have been working on this stuff a lot (seems the last year or so). From what I understand there are 3 popular ways to load games onto your NAOMI:

    Netboot - NAOMI loads games from your PC
    CF Card loader - NAOMI loads games from Compact Flash Card
    Raspberry Pi Netboot - similar to first option, but rather than NAOMI loading files from a PC, it loads from a Raspberry Pi with an SD card (which stores all your games)

    There's some discussion in this thread:

    http://forums.shoryuken.com/discussion/188522/the-sega-naomi-thread/p1
    -ud



  • FaithLesFaithLes Joined: Posts: 4
    undamned wrote: »
    FaithLes wrote: »
    Hallo. I found this video on youtube showing a Naomi arcade version of Street Fighter Alpha 3 Upper. Can anyone here confirm if this is legit or just a prank?
    Legit. As Jed mentioned, people have been working on this stuff a lot (seems the last year or so). Also net boot stuff is popular where you have the NAOMI pull game images from your PC. There's now something that uses a Raspberry Pi as a game loader, too, but I've not looked into how that works. There's some discussion in this thread:

    http://forums.shoryuken.com/discussion/188522/the-sega-naomi-thread/p1

    -ud


    I would sure like a rom dump of this.

  • OGSFOGSF Joined: Posts: 713
    edited September 2014
    I don't recall ever seeing WW dictator using a sliding fierce. I believe it is either it's a bug in the hack, or the CPU never uses it.

    No, it is part of the game but WW dictator hardly, if ever uses it. It's just like Shang Tsung has a superman punch in MK1 arcade versions, but he hardly uses it if ever. Maybe he used it in the prototype versions or something. Also, Kintaro has a kick in MK2 arcade versions, but same thing, the CPU never uses it if ever. Claw also has an airthrow in WW. I have seen the CPU use the airthrow on me about 22 years ago on an arcade cab in a Mountain Mike's Pizza place. I like your sig. It is the best thread ever!

    EDIT: has anyone played SFA3 Upper in an arcade?
    "The few prosper, while the rest suffer." - OGSF
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    OGSF wrote: »
    EDIT: has anyone played SFA3 Upper in an arcade?
    I believe it was a Japanese only release. Not only did the players hate the changes. CvS was literally around the counter.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    edited September 2014
    I think i found a very ugly mistake on the routine that determine how much frames each character have to special cancel normals...
    Discovered by accident cuz i wanted to nerf O.Gat's special cancel window by 1 frame...
    Watch point used: wp ff85e3,1,w
    Address ff85e3 contains how much special cancel frames are left.
    Here is the routine, from the rom itself:
    07F02E: 4A2E 03B6                  tst.b   ($3b6,A6)                        //Tests for Old character
    07F032: 6708                       beq     $7f03c                             //Branches to 07F03C if not
    07F034: 1D7B 0016 0195             move.b  ($16,PC,D0.w), ($195,A6)        //Update special cancel value, if Old Character
    07F03A: 4E75                       rts
    07F03C: D000                       add.b   D0, D0
    07F03E: 1D7B 000C 0195             move.b  ($c,PC,D0.w), ($195,A6)        //Update special cancel value, if New Character
    07F044: 1D7B 0007 02B0             move.b  ($7,PC,D0.w), ($2b0,A6)        //Same thing but for Super cancel ??
    07F04A: 4E75                       rts
    07F04C: 0607 0506                  addi.b  #$6, D7
    07F050: 0607 0607                  addi.b  #$7, D7
    07F054: 0607 0607                  addi.b  #$7, D7
    07F058: 0506                       btst    D2, D6
    07F05A: 0607 0607                  addi.b  #$7, D7
    07F05E: 0607 0607                  addi.b  #$7, D7
    07F062: 0607 0607                  addi.b  #$7, D7
    07F066: 0506                       btst    D2, D6
    07F068: 0506                       btst    D2, D6
    07F06A: 0607 0607                  addi.b  #$7, D7
    
    First line simply tests if the current character is Old or not.
    So, if its a old character, it executes the line at 07F034, else it executes 07F03E and 07F044
    As you can see, both 07F034 and 07F03E is modifying the value at ff85e3 (address register A6 contains 0xFF844e (if P1), + 0x195 = ff85e3, which is the special cancel address).
    From 07F04C to 07F069 there are 32 different values (1 byte long each) for special cancel. Even though they are shown as ADD instructions by the debugger, they never get executed. Since i am not really an ASM programmer, it took me a while to understand this, the programmer just left the values on the code itself, but they are never interpreted as instructions, they just work as a table of values...
    Anyway, before branching on 07F032, D0 contains the character ID (Ryu = 0, Honda = 1, Blanka =2, Guile = 3, ... etc)
    At that point, its easy to notice that the instruction on 07F03C that was supposed to "update" the value for New characters is faulty: even though the table has 32 values, it reuses some values and others are never used.

    Lets examine that:

    At this point we can define the formulas used to determine the address to pick a value from:
    For old characters: PC + 0x16 + D0
    For new characters:PC + 0xC + (D0+D0)

    The first 2 values from each sum end up being the same (do the math, remember the implicit 0x2) which is 0x7F04C
    For old characters: 0x7F04C + D0
    For new characters:0x7F04C + D0*2

    Proof that different characters may use the same value:
    With character ID = 1 on D0 (Honda), for N.EHonda we get: 0x7F04C + 0x1*2 = 0x7F04C + 0x2 = 0x7F04E
    Wich character ID = 2 on D0 (Blanka), for O.Blanka we get: 0x7F04C + 0x2 = 0x7F04E

    So, both N.Honda and O.Blanka uses the value from the address 0x7F04E, which is 5.
    (I have a table in excel format which contains the address for all characters, and a lot of them actually share values.)

    Judging by how the values are arranged, if you consider that they are ordered by character ID, with 2 values each(First new, then old OR first special, then super), you'll notice a very simple pattern: 6,7 5,6 6,7 6,7 6,7 .. that is, the second value is always bigger by 1. My guess is that they planned as a general rule for O.Characters to always have 1 frame more for cancelling OR for Super cancel windows be bigger by 1 (notice that the instruction on 07F044 always picks the value that comes exactly after the value picked by the instruction that sets the special cancel value) and then Old charcters would always use one of these values for special cancels, but the routine on 07F03C is faulty and just doubles the value on D0 which is responsible for determining which valeu to use. It's fair to assume that due to ST being rushed, some characters ended up having different cancellation windows than planned (O.Blanka having a vey mediocre one and O.Honda having a very good one), following the same logic though, its not possible to say that O.Gat having a larger cancelation window is a mistake, which i would really like to be true...

    Anyway, its possible to fix this issue of values not used/valeus being shared, by changing the routine on 07F03C thep roblem is that it would require more rom space, 2 bytes is not enough AFAIK.
    Post edited by Born2SPD on
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    Yeah alot of data is shared in ST. So, cancel windows doesn't surprise me at all.

    Also, Assembly uses a ; for commenting

    I did a little work on Vsav yesterday since nobody was having any problems on my Valkyrie Profile script.
    Vsav uses a simple Subroutine to determine if you're in the right place to be in a rival stage.

    It's that branch sub routine to $92be (bsr $92be)
    Bhh3NjI.png
    Looking at the code that is plenty enough room to put in a simple check on the global timer to check it's odd or even then tell it to write the flag for the rival/vsav2 stages.



    Let's end it with some HSF2.
    I'm beginning to toy with the of fixing HSF2 to "fix" it.
    Turbo in the game is completely different than what is done in.
    It's stored at FFDF20 as 4 bytes. The high number the faster it goes which is the reverse of ST.
    The table is at E8A76 starts with Normal speed.

    (These are hexadecimal numbers)

    0001 0000 Normal
    0001 3000 T1
    0001 5000 T2
    0001 7000 T3
    0001 8000 Unused

    I find Unused speed too fast for To be ST's T3 so the value I used is 0001 7800.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    edited September 2014
    Hey jed, what would you do to discover if some part of code is executed at all?
    I ask this because, i think near the routines i mentioned on my last post, there's some unused bytes, and if thats true, then i'm planning to use 16 bytes for the old characters values and then just change the instruction:
    07F034: 1D7B 0016 0195             move.b  ($16,PC,D0.w), ($195,A6) 
    
    ... to use another offset instead of 0x16, since the original table already works perfectly for New chars.

    Here's the code (inside spoiler tag), what you think?
    07EFFA: 1F0B                       dc.w    $1f0b; ILLEGAL
    07EFFC: 8A15                       or.b    (A5), D5
    07EFFE: 3515                       move.w  (A5), -(A2)
    07F000: 553A                       dc.w    $553a; ILLEGAL
    07F002: 4506                       dc.w    $4506; ILLEGAL
    07F004: EED4                       dc.w    $eed4; ILLEGAL
    07F006: 2B66 0505                  move.l  -(A6), ($505,A5)
    07F00A: 0505                       btst    D2, D5
    07F00C: 0505                       btst    D2, D5
    07F00E: 0505                       btst    D2, D5
    07F010: 0505                       btst    D2, D5
    07F012: 0505                       btst    D2, D5
    07F014: 0505                       btst    D2, D5
    07F016: 0505                       btst    D2, D5
    07F018: 7000                       moveq   #$0, D0
    07F01A: 102E 0391                  move.b  ($391,A6), D0
    07F01E: 4A2E 03BD                  tst.b   ($3bd,A6)
    07F022: 6704                       beq     $7f028
    07F024: 103C 0010                  move.b  #$10, D0
    07F028: 4A2E 038E                  tst.b   ($38e,A6)
    07F02C: 670E                       beq     $7f03c
    07F02E: 4A2E 03B6                  tst.b   ($3b6,A6)                                ; Start of code shown on my last post
    07F032: 6708                       beq     $7f03c
    07F034: 1D7B 0016 0195             move.b  ($16,PC,D0.w), ($195,A6)
    07F03A: 4E75                       rts
    07F03C: D000                       add.b   D0, D0
    07F03E: 1D7B 000C 0195             move.b  ($c,PC,D0.w), ($195,A6)
    07F044: 1D7B 0007 02B0             move.b  ($7,PC,D0.w), ($2b0,A6)
    07F04A: 4E75                       rts
    07F04C: 0607 0506                  addi.b  #$6, D7
    07F050: 0607 0607                  addi.b  #$7, D7
    07F054: 0607 0607                  addi.b  #$7, D7
    07F058: 0506                       btst    D2, D6
    07F05A: 0607 0607                  addi.b  #$7, D7
    07F05E: 0607 0607                  addi.b  #$7, D7
    07F062: 0607 0607                  addi.b  #$7, D7
    07F066: 0506                       btst    D2, D6
    07F068: 0506                       btst    D2, D6
    07F06A: 0607 0607                  addi.b  #$7, D7                                 ; End of code show on my last post
    07F06E: 4A6E 01F2                  tst.w   ($1f2,A6)
    07F072: 6702                       beq     $7f076
    07F074: 4E75                       rts
    07F076: 3B6E 005E A8EA             move.w  ($5e,A6), (-$5716,A5)
    07F07C: 426D A8EC                  clr.w   (-$5714,A5)
    07F080: 4A2E 0049                  tst.b   ($49,A6)
    07F084: 6626                       bne     $7f0ac
    07F086: 4A2E 0123                  tst.b   ($123,A6)
    07F08A: 6600 0188                  bne     $7f214
    07F08E: 4A2E 01FC                  tst.b   ($1fc,A6)
    07F092: 6600 00F4                  bne     $7f188
    07F096: 4A2E 02A0                  tst.b   ($2a0,A6)
    07F09A: 6600 00BC                  bne     $7f158
    07F09E: 102E 0055                  move.b  ($55,A6), D0
    07F0A2: 4880                       ext.w   D0
    07F0A4: 323B 0008                  move.w  ($8,PC,D0.w), D1
    07F0A8: 4EFB 1004                  jmp     ($4,PC,D1.w)
    07F0AC: 4E75                       rts
    07F0AE: 004C                       dc.w    $004c; ILLEGAL
    07F0B0: 004C                       dc.w    $004c; ILLEGAL
    07F0B2: 004C                       dc.w    $004c; ILLEGAL
    07F0B4: 0072 0072 004C             ori.w   #$72, ($4c,A2,D0.w)
    07F0BA: 0074 009A 004C             ori.w   #$9a, ($4c,A4,D0.w)
    07F0C0: 004C                       dc.w    $004c; ILLEGAL
    07F0C2: 004C                       dc.w    $004c; ILLEGAL
    07F0C4: 004C                       dc.w    $004c; ILLEGAL
    07F0C6: 004C                       dc.w    $004c; ILLEGAL
    07F0C8: 004C                       dc.w    $004c; ILLEGAL
    07F0CA: 004C                       dc.w    $004c; ILLEGAL
    07F0CC: 004C                       dc.w    $004c; ILLEGAL
    07F0CE: 004C                       dc.w    $004c; ILLEGAL
    07F0D0: 004C                       dc.w    $004c; ILLEGAL
    07F0D2: 004C                       dc.w    $004c; ILLEGAL
    07F0D4: 004C                       dc.w    $004c; ILLEGAL
    07F0D6: 004C                       dc.w    $004c; ILLEGAL
    07F0D8: 004C                       dc.w    $004c; ILLEGAL
    07F0DA: 004C                       dc.w    $004c; ILLEGAL
    07F0DC: 004C                       dc.w    $004c; ILLEGAL
    07F0DE: 004C                       dc.w    $004c; ILLEGAL
    07F0E0: 004C                       dc.w    $004c; ILLEGAL
    07F0E2: 004C                       dc.w    $004c; ILLEGAL
    07F0E4: 004C                       dc.w    $004c; ILLEGAL
    07F0E6: 004C                       dc.w    $004c; ILLEGAL
    07F0E8: 004C                       dc.w    $004c; ILLEGAL
    07F0EA: 004C                       dc.w    $004c; ILLEGAL
    07F0EC: 004C                       dc.w    $004c; ILLEGAL
    07F0EE: 004C                       dc.w    $004c; ILLEGAL
    07F0F0: 004C                       dc.w    $004c; ILLEGAL
    07F0F2: 004C                       dc.w    $004c; ILLEGAL
    07F0F4: 004C                       dc.w    $004c; ILLEGAL
    07F0F6: 004C                       dc.w    $004c; ILLEGAL
    07F0F8: 004C                       dc.w    $004c; ILLEGAL
    07F0FA: 102E 01FD                  move.b  ($1fd,A6), D0
    
    As you see, before the routine itself, there are 7 btst isntructions which aren't even used... atleast apparently. Though they could be just values thrown on the code(like on the special cancel values), but they're are all the same so i think its unlikelly.. They wouldnt give me enough space though...
    Also, starting on 07F0C0 theres a lot of ILLEGAL instructions thing, so this is surelly not executed at all, they could be values left near the code, but why would they exist if they're are all the same ?? Do you think its safe to insert the values on that region?
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    edited September 2014
    Jizzon wrote: »
    I have been messing around with the debugger trying to find where and how the special move movement data is stored so we can play with it. Unfortunately, I'm not a programmer, and it feels like I'm learning Greek here. Any specific ideas or tips? Or has anyone done this before who has or could make a tutorial? Hell, even a guide to how to read the most common and useful commands in the code would be great.
    The only idea i have is to set a watchpoint on write mode on the addresses that hold the actual X and Y positions and analyse where the values come from. You can get these addresses from Pasky's ST HUD lua script, so its easy to start messing with that.
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    Born2SPD wrote: »
    Hey jed, what would you do to discover if some part of code is executed at all?
    I ask this because, i think near the routines i mentioned on my last post, there's some unused bytes, and if thats true, then i'm planning to use 16 bytes for the old characters values and then just change the instruction:
    07F034: 1D7B 0016 0195             move.b  ($16,PC,D0.w), ($195,A6) 
    
    ... to use another offset instead of 0x16, since the original table already works perfectly for New chars.

    Here's the code (inside spoiler tag), what you think?

    As you see, before the routine itself, there are 7 btst isntructions which aren't even used... atleast apparently. Though they could be just values thrown on the code(like on the special cancel values), but they're are all the same so i think its unlikelly.. They wouldnt give me enough space though...
    Also, starting on 07F0C0 theres a lot of ILLEGAL instructions thing, so this is surelly not executed at all, they could be values left near the code, but why would they exist if they're are all the same ?? Do you think its safe to insert the values on that region?

    I just mess with till it crashes.So, if a opcode is changed and it crashs then I don't touch it if not I will till it crashes.

    But, what you're showing could be a tile map, another table, or literally garbage. You don't have to use the move PC+D#.w+$X read a table unless you want it encrypted.

    This makes it so easy to keep track of hitbox changes. I only have it for A2,A3, and Vsav.
    g8N1qwM.png

    Also, if anybody wants to mess with colors. Give a shout I'll explain how to use it.
    My color viewer script. Supports CPS1, CPS2, CPS3, Groove on Fight, Old School MK, Jackie Chan in Fists of Fire, and Neo Geo
    https://www.dropbox.com/s/9jz7123zwhjiql4/colortest.lua?dl=0

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    A script like that for ST would be very useful man!
    I was wondering some time ago, would a lua script to preview changes on hitboxes possible?
    Of course, to actually persist the changes, an hex editor would still be needed, but, would it be possible to change parameters of a hitbox, given its address, via lua scirpting? So its possible to preview the changes and then modify with the hex editor only once, instead of having to hex edit multiple times till you get its properties perfect.
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    Yeah, switch the memory view to "Region 'maincpu'" and edit away they stay until you hard reset or load a state with out the changes.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    I tested putting the old character special cancel values in that region with the ILLEGAL instructions, but no luck.. the game crashes when the opponent gets hit... Must be a table of something... Damn!!
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    What exactly is the code you're trying to do?

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    edited September 2014
    Since the existing table works as expected for new characters, what i tried to do was: create a new table with the specific values for old chars and then point to it, instead of using the same table for both, this way i could change the special cancel window from O.Gat without messing with Ken's suepr cancel data (they are sharing). I just wanted to fix the issue of the shared values... the problem is, the place i thought that was filled with garbage data is actually used for something related to characters being hit, i dont know... when i whiffed the normals i was getting the expected values so its not a problem with my modifications... but as soon as a normal hit, the game crashed. what i did exactly was: change the first of these 004c 004c (the ILLEGAL "instructions") with 0607 0506 0607 0607 0607 0607 0506 0607 and then change the 0x16 on the move instruction with the correct offset.

    I was thinking about a different method though: since the Super cancels are already always equals to special cancel +1, instead of having a value specific for them, i could just have the value for special cancel, and then add 1 to it to have the super cancel value.. that gives me extra 16 bytes on the table to use for the old chars... Though i would still need some bytes for the additional instructions... meh.. ill try to mess with these repeated btst instructions next time, though i am starting to think that wont work as well..
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    Born2SPD wrote: »
    Since the existing table works as expected for new characters, what i tried to do was: create a new table with the specific values for old chars and then point to it, instead of using the same table for both, this way i could change the special cancel window from O.Gat without messing with Ken's suepr cancel data (they are sharing). I just wanted to fix the issue of the shared values... the problem is, the place i thought that was filled with garbage data is actually used for something related to characters being hit, i dont know... when i whiffed the normals i was getting the expected values so its not a problem with my modifications... but as soon as a normal hit, the game crashed. what i did exactly was: change the first of these 004c 004c (the ILLEGAL "instructions") with 0607 0506 0607 0607 0607 0607 0506 0607 and then change the 0x16 on the move instruction with the correct offset.

    I was thinking about a different method though: since the Super cancels are already always equals to special cancel +1, instead of having a value specific for them, i could just have the value for special cancel, and then add 1 to it to have the super cancel value.. that gives me extra 16 bytes on the table to use for the old chars... Though i would still need some bytes for the additional instructions... meh.. ill try to mess with these repeated btst instructions next time, though i am starting to think that wont work as well..

    I'm asking for the code take a screen shot of the disassembly window(Ctrl+D) if you still have it available.

    If you're going to try and fixed the shared values for all characters and the versions. it's going to be a lot harder than that as you have to rewrite the checks.

    Here is an example what I would
    move.b playeradr + CharID, D0
    add D0,D0
    move pc+anumber+D0, D0
    jmp pc+anumber+D0

    ;after the jump
    tst.b playeradr + oldslot
    beq oldcancel; branch to the old character cancels
    ;New character cancels

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    edited September 2014
    I dont have it anymore... but my modification wasvery simple.
    EDIT: Ok here they are:
    Before:
    vYpiZi1.png
    After:
    2RjHxs1.png

    I dont understand what you meant by rewrite the checks.. the code already has an if-else construction:
    if its old character, then 07F034 is executed
    else, 07F03E and 07F044 are executed.

    My idea was to just modify the offset (0x16) on 07F034 to point to a new table i would create (0x16 points to the same table as newchars). Though i would be limited to a offset of 0x7f for the offset, cuz 0x80 to 0xff are for negative representations. The first or so bytes on these ILLEGAL instructions are "reachable" but they are already used for something so it wont be possible to throw my table there. The btst above are probably used as well, since the branch that goes to this subroutine starts on 07F018, and sicne theres no branch or rts before it, then these btst are garbage or a table of some sort... have to test that though.

    Do you know addresses of some unused areas? i think i will just jump to a new location if its old character, and put my table there, before an rts, of course.

    EDIT: Ok i tested modifying the values on the btst "instructions".. i tried some absurd values like 55 and 78, and it didnt crashed. Not that it means much but thats a start.. i think ill just place my table in that area, and if something strange happens i 'll just revert it.

    Yet another edit:
    Okay, it works! Setting the offset to 0xD2, and changing all the 16 bytes with 0x05 as value to "0607 0506 0607 0607 0607 0607 0506 0607" ( these bsts "isntructions") works, and the game didnt crashed. Though i dont know if something strange is hapening.
    Post edited by Born2SPD on
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • JizzonJizzon ...or Thenarus, whichever. Joined: Posts: 650
    This is all very interesting! Imagine how the old characters would have turned out if they were implemented correctly:

    Chun, Dhalsim, Zangief, Fei Long, DeeJay, Claw, and Sagat all work as intended; that is, they cancel one frame after their new counterparts. (Dictator might, but he holds the distinction of not mattering much either way, so long as his window is either 6 or 7 frames.)

    Blanka and Cammy are actually worse than their new counterparts, canceling only within 5 frames instead of 6 (where it should actually be 7 for them). Imagine being able to cancel Blanka's far standing strong, or better yet, Cammy's far standing forward or the tip of her far standing fierce! This would be in addition to all of the cancels they "lost" from their new counterparts as well.

    As far as I can tell, Ryu, Ken, Guile, T.Hawk, and Boxer cancel in the same number of frames as their new counterparts, making them a single frame "worse" than they should be. For the shotos, Guile, and T.Hawk, this would add a few cancels, but nothing groundbreaking for them. Boxer, on the other hand, would be able to cancel close strong, and more importantly, crouching forward!

    E.Honda is actually better than he should be (cancels in 7 frames instead of 6, or two frames better than his new counterpart), but it only really seems to affect crouching fierce.

    I love seeing what everyone keeps coming up with here. Keep up the good work!
  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    edited September 2014
    Oh I think i was wrong with that hipothesis though. I now think that CAPCOM wanted to make the Super cancels to be 1 frame after, since the routine makes a lot of sense for new cahracters, but for old characters it just gets values in sequence which doesnt make sense. The thing with the old characters using the same valeus is just a big mess and I dont really know what was their real intention... I think they didnt wanted to give old characters a buff at all, and it was simply just a mistake. All in all it was a nice addition though, with the exception of Old Sagat of course. And some people dont think ST was rushed.. lol.
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    Born2SPD wrote: »
    snip
    I thought there was some RNG in the command is the reason I thought of it weird code. That's what I get for not reading

    Also, that move function moves another two bytes 7A is actually 7C. What I used was 7E so PC + 0x80 + D0 it worked as well. It has to do with the operation some reason it doesn't like it moving to something ending in 0xA.

    Hopefully, you can see the values in the video.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Born2SPDBorn2SPD SPD Fanatic Joined: Posts: 276
    Strange, i tried storing the tables near the place you stored them, twice (not exactly on the same place on each time) and on both times it crashed, one was crashing for soft knockdowns, and the other was crashing when being hit by airbone attacks, so i had no option other than undoing that... Placing the table on 07F008~17 worked for me though.
    I keep reading stuff about ST revival, about bringing this game back to life...
    Its nice to see big tourneys happening and old top players giving this game a chance again...
    But what we really need is new players... And having a strong scene obviously helps...
    But in my opinion what will really bring new players to our community is good tutorials/character guides so they can learn easily and have something to start... So, actually good players, stop being selfish and write stuff about the chars you know! The wiki is lacking so much basic content... Stop being lazy and do something about it.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    That was my results
    7A = crash
    7C = crash
    7E = reading 80 ahead

    Anyway hitbox tools, make an edit take a snap data it has been taken note. These are hopefully easy enough to read so you can add data too to it.
    Lua Hotkey 1 freezes the cell of animation doesn't work to well with air attacks.

    ST
    https://www.dropbox.com/s/ypnf2rsbzr015ci/ST Hitbox tool.lua?dl=0

    Vsav
    https://www.dropbox.com/s/7529ry1vgcblvjq/Vsav Hitbox Tool.Lua?dl=0

    A2
    https://www.dropbox.com/s/2ybtt62sqzxmu2n/A2 Tool.lua?dl=0

    A3
    https://www.dropbox.com/s/5ugu1tfxtw6t8gp/A3 Tool.lua?dl=0
    Post edited by jedpossum on

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • alien nose job.alien nose job. Joined: Posts: 88
    edited September 2014
    jedpossum wrote: »
    Also, if anybody wants to mess with colors. Give a shout I'll explain how to use it.
    My color viewer script. Supports CPS1, CPS2, CPS3, Groove on Fight, Old School MK, Jackie Chan in Fists of Fire, and Neo Geo
    https://www.dropbox.com/s/9jz7123zwhjiql4/colortest.lua?dl=0

    Hey Jed, I tried to make this work earlier, but had no luck :/

    I launched 3S in FBArr, started your lua script, and to make things simple checked on ESN's site the adress for Oro's LP colour (as I had chosen it) to edit it in your script (ramstart line) and... that's it. I have only black color swatches.
    I'm afraid I have no idea how this works.
    Could you give me pointers on what I should do something very basic, so I could try and extrapolate ?

    Don't rush to answer in depth, I won't have time to mess with it again before a while, but I definitely will at some point.
    Also, I downloaded Born2SPD's pdf guide on ST hacking, so this should also give me some insight, but I won't have time to dig in it before a while.

    And by the way, impressive work there !
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    jedpossum wrote: »
    Also, if anybody wants to mess with colors. Give a shout I'll explain how to use it.
    My color viewer script. Supports CPS1, CPS2, CPS3, Groove on Fight, Old School MK, Jackie Chan in Fists of Fire, and Neo Geo
    https://www.dropbox.com/s/9jz7123zwhjiql4/colortest.lua?dl=0

    Hey Jed, I tried to make this work earlier, but had no luck :/

    I launched 3S in FBArr, started your lua script, and to make things simple checked on ESN's site the adress for Oro's LP colour (as I had chosen it) to edit it in your script (ramstart line) and... that's it. I have only black color swatches.
    I'm afraid I have no idea how this works.
    Could you give me pointers on what I should do something very basic, so I could try and extrapolate ?

    Don't rush to answer in depth, I won't have time to mess with it again before a while, but I definitely will at some point.
    Also, I downloaded Born2SPD's pdf guide on ST hacking, so this should also give me some insight, but I won't have time to dig in it before a while.

    And by the way, impressive work there !

    Well it's meant to be used with the memory viewer that's in mame where you can actually edit the colors.

    First you gotta make sure the size is right. If it isn't then it's going to skip colors.
    uEh8bL4.png

    There is a function you need to edit here to tell which color setup to use since I didn't put in a detector.
    uV4KLZ9.png

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • wazeemwazeem Joined: Posts: 11
    Hi there, sorry if this is a little off topic.

    I am a new to rom hacking, and for the life of me I cannot seem to get the X.C.O.P.Y tool to decrypt the roms correctly (so that I may apply the change I have found). I have tried the one linked in this thread earlier and what I think is a newer release of the tool.

    So, Jedpossum how are you decrypting and encrypting the roms, specifically SFA3 (as I saw some neat hacks posted earlier).

    Thanks
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    I advise start out using the phoneixed versions (which are fully decrypted) and can run on mame. With that you can test edits while it's running.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    Gonna do a better check on being hurt then release.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • undamnedundamned Wake up! Time to die! Joined: Posts: 1,686
    jedpossum wrote: »
    Gonna do a better check on being hurt then release.
    You gonna do max super meter, too?
    -ud
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    undamned wrote: »
    jedpossum wrote: »
    Gonna do a better check on being hurt then release.
    You gonna do max super meter, too?
    -ud
    I don't need to do the full 99 meters. when I do it I probably have it at 5 levels like the max in CFJ.

    After I do an encrypted set, I have another idea I'm going to do.
    DCyV1y0.png
    There is only 7 character spaces so it's going to be Romaji.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    Vsav Training mode patches
    Adding a meter refill kept crashing the game.

    Euro Encrypted set
    https://www.dropbox.com/s/ybsu1q286dy6l83/Vsav Training Hack(EuroEncrypt).zip?dl=0

    Razoola Phoenix set(Euro)
    https://www.dropbox.com/s/rzdiu4g67c9ytk3/Vsav Training Hack(RazoolaPhoenix).zip?dl=0

    Avalanche set doesn't work at all.

    Actual Notes
    Vsav Training Mode Roms
    
    ;Lives selection
    ;FF80A4
    
    
    Timer
    Location : 9822
    Byte Code: 532D 010A 6A14
    
    Death write
    Location : 18A7C
    Byte Code: 337C 0090 0050 337C 0090 0052	 
    
    Death write Command Grabs
    Location : 2980A
    Byte Code: 337C 0090 0050 337C 0090 0052
    
    Lives A61C bsr to A684
    Location : A6A0
    Byte Code: 132D 03B0
    
    
    
    -------------------------------------------------------------------------------
    The Refill JSR
    Location : 281A6 
    Byte code: 4EB9 000F FD20
    Player Addresses A4 A6
    
    
    ;Code at ffd20(7Fd20)
    4A2C 03F0
    6710
    
    4A2E 0005
    6604
    532C 03F0
    4EF9 0001 559E
    
    ;Refill
    197C 0040 03F0; Timer
    303C 0090
    3D40 0050
    3D40 0052
    4Ef9 0001 559E
    
    
    ------------------------------
    ;Return to Character Select
    ------------------------------
    
    ;Deselect
    Location : 2090E 
    Byte code: 1D7C 0000 0004
    
    JSR
    Location : 223EC
    Byte code: 4EB9 000F FD60
    
    4A2D 0060			tst.b ($60,A5);Checks Start input
    660C 				bne; PC+0C | branch if start isn't pressed
    1B7C 0080 6000 		move.b #$30, ($6000,A5); Refill Timer
    4EF9 0002 9F12		jmp $29f12.l
    
    4A2D 6000			tst.b ($6000,A5); start timer check
    6610				bne; 
    
    7000
    3B40 0004		move.w D0, ($4,A5)
    3B40 0008		move.w D0, ($8,A5)
    3B40 000C		move.w D0, ($c,A5)
    4E75			rts
    
    
    ;Timer countdown
    532D 6000 
    4EF9 0002 9F12		jmp $29f12.l
    
    
    
    -----------------------------------
    ----------Other Byte Code----------
    -----------------------------------
    
    
    ;X pos
    302C 0010
    322D 02A0
    9041
    3940 03C0
    
    ;Y pos
    302C 0014
    322D 02A4
    9041
    3940 03C2
    
    

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • 7 5 07 5 0 Joined: Posts: 458
    Kudos to both Jed and UD.
    my dream is to see a modified ST with cps1 sfx. Now THAT will make my life neat.
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    New Version of the Vsav training mode



    Razoola's phoenix set
    https://www.dropbox.com/s/rzdiu4g67c9ytk3/Vsav Training Hack(RazoolaPhoenix).zip?dl=0

    Euro set(aka vsav.zip)
    https://www.dropbox.com/s/ybsu1q286dy6l83/Vsav Training Hack(EuroEncrypt).zip?dl=0

    Notes Dump
    Some of the branches in the notes might be place holders.
    Vsav Training Mode Roms
    
    ;Lives selection text
    ;FF80A4
    
    Text 1062A
    54 4F 52 45 4D 4F 20 20
    
    
    Timer
    Location : 9822
    v1 Byte Code: 532D 010A
    v2 Byte code: 4EF9 000F FE70
    
    4A2D 00A4
    6712
    4A2D 010A 
    6704
    532D 0109
    6A06
    4EF9 0000 9828
    4EF9 0000 983C
    
    
    -------------------------------------------------------------------------------
    Death write
    Location : 18A7C
    v1 Byte Code: 337C 0090 0050 337C 0090 0052	 
    v2 Byte Code: 
    
    4EB9 000F FE20
    4EB9 000F FE40
    
    Jump 1
    4A2D 00A4
    6608
    337C 0090 0050
    4E75
    337C FFFF 0050
    4E75
    
    4A2D 00A4
    6608
    337C 0090 0052
    4E75
    337C FFFF 0052
    4E75
    
    -------------------------------------------------------------------------------
    Death write Command Grabs
    Location : 2980A
    v1 Byte Code: 337C 0090 0050 337C 0090 0052
    v2 Byte Code: 4EB9 Location
    
    ^^^^^^^^^^^^
    4EB9 000F FE20
    4EB9 000F FE40
    
    -------------------------------------------------------------------------------
    Lives A61C bsr to A684
    Location : A6A0
    v1 Byte Code: 132D 03B0
    
    v2
    4EF9 000FFDE0
    
    Jump
    4A2D 00A4
    6706
    532E 03B0
    6B04
    4EF9 0000 A6A6
    4EF9 0000 A6B4
    
    
    
    -------------------------------------------------------------------------------
    The Refill JSR
    Location : 281A6 
    Byte code: 4EB9 000F FD20
    Player Addresses A4 A6
    
    
    ;Code at ffd20(7Fd20)
    
    
    4A2D 00A4
    6610
    
    4A2C 03F0
    6710
     
    4A2E 0005
    6604
    532C 03F0
    4EF9 0001 559E
    
    ;Refill
    197C 0040 03F0; Timer
    303C 0090
    3D40 0050
    3D40 0052
    4EF9 0001 559E
    
    
    -------------------------------------------------------------------------------
    Return to Character Select
    ;Deselect
    Location : 2090E 
    v1 Byte code: 1D7C 0000 0004
    v2 Byte code: 4EB9 000F FDB0
    
    4A2D 00A4
    6608
    1D7C 0000 0004
    4E75
    1D7C 0004 0004
    4E75
    
    -------------------------------------------------------------------------------
    JSR
    Location : 223EC
    Byte code: 4EB9 000F FD60
    
    4A2D 00A4
    660C
    4A2D 0060			tst.b ($60,A5);Checks Start input
    660C 				bne; PC+0C |
    1B7C 0080 6000 		move.b #$30, ($6000,A5); Refill Timer
    4EF9 0002 9F12		jmp $29f12.l
    
    4A2D 6000			tst.b ($6000,A5); start timer check
    6610				bne; 
    
    7000
    3B40 0004		move.w #$c, ($4,A5)
    3B40 0008		move.w #$2, ($8,A5)
    3B40 000C		move.w #$10, ($a,A5)
    4E75			rts
    
    
    ;Timer countdown
    532D 6000 
    4EF9 0002 9F12		jmp $29f12.l
    
    Post edited by jedpossum on

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Zero1_Zero1_ Combo fraud Joined: Posts: 642
    Decided to dive in and bought an EEPROM programmer, UV eraser and some EPROMs. Don't really know what I'm doing but going to have a bash and figure it out. One thing though - I couldn't find the modified ROMs for the ST training mode in this thread? I saw something for the Avalanche ROM set? But the board I'm wanting to run training mode on is an original/non phoenixed JP board. Would anyone be kind enough to upload the ROMs for me if they exist, or Jed if you would be able to upload the two modified ROMs so I can burn and go?

    Thanks a bunch guys.

    These ROMs plus the UD CPS2 are the biggest things to happen to ST in a long time. Not only do we have arcade ST at tournaments all over the UK now, but we have training mode just around the corner too :)
  • Zero1_Zero1_ Combo fraud Joined: Posts: 642
    Oh also, I was going through some old photos of when I changed the battery in my board and notice there is an unpopulated socket in there. At first I started to think, "What if you could put all the training mode data onto that and only have to insert one ROM" but as soon as I thought that, I realised that you'd still need to edit ROMs 3 and 4 anyway to reference code in the new ROM. Then I got thinking about using the unpopulated slot for training mode anyway? Would it be possible to edit the game ROMs to read information from the currently unpopulated slot which would contain the code required for both training mode and regular ST? Maybe if you hold the coin button down for 5 seconds at the title screen or something to swap between them or have an option in the service menu. With the increased storage you could maybe even put "training mode" text on the title screen somewhere?

    I know nothing about coding, but maybe you could get the game to read the life data etc. from ROM 10 instead of 3 and 4, and with that increased storage do some other cool stuff.

    Just wondering if there is a more permanent solution rather than having to swap ROMs each time. Fortunately for me I do have 2 boards for when I run tournaments so I can have one as a training mode board until I need it for a setup, but I don't like the idea of constantly removing/plugging in ROMs into 20 year old sockets
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    edited September 2014
    There is, look at the Vsav training mode above it's just a lot more jumps I have to do to make it work in ST. For every change I did that is a jump to new code that is with a check in the settings there was only 4 or 5 new jumps I had to implement along with the code I made. Now double that and add the mess that is ST you can see why I didn't do it with ST.

    Any way a simple Neo Geo Hack a friend requested.
    Vid


    Download
    https://www.dropbox.com/s/qi6mvujsn1cxjiw/rotdnowallshack patch.zip?dl=0

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Zero1_Zero1_ Combo fraud Joined: Posts: 642
    Ah ok I see now. I knew ST was a mess but I didn't realise how much more difficult it would be.

    Do you happen to have the training mode ROMs for the original/non phoenixed IIX JP board? I can't seem to find them in the thread. I saw an exe from like 7 months ago, but was wondering a) if there was an updated version and b) if I modifiy some ROMs from a zip set if that would work? I assumed all the ROMs out there were decrypted and putting some decrpyted ROMs in a board with encrpyted ROMs would fuck something up or wouldn't work
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    I use ips patches since it's the most common way of patching rom hacks.
    Pof, posted up what the actual hex edits that are needed to be done for an encrypted set.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • Zero1_Zero1_ Combo fraud Joined: Posts: 642
    Thanks for the info dude, you've been very helpful :)

    Also whoops. I ordered the wrong EPROMs thanks to ebay's fuzzy search. Typed in 27c4096 in the search and selected UK only as I wanted them ASAP but it turns out it also bought up results for 27c512, and of course at 3 am or whatever, I just blindly ordered without checking hah.

    So would some AT27c512r be useful for anything? Are they used in CPS2 boards at all or other consoles? At least I have some dummy chips to play with to make sure I get the voltages right and stuff without creating dud 4096's
  • jedpossumjedpossum Ok, Darling Joined: Posts: 4,227
    cps1.c says Forgotten Worlds/Lost Worlds uses one as it's sound program rom. I'm sure there is more uses for it else where.

    I occasionally stream so you can see how boring poking around in the memory is. www.hitbox.tv/jedpossum

    [8/6/2014 8:19:53 PM] Pasky: jedpossum, hacker of the obscure fighting games

  • fluxcorefluxcore Fighting Kiwi Joined: Posts: 311
    cps2 ST with a toremo flag in the dip settings would be a killer app :)
    There is no knowledge that is not power
Sign In or Register to comment.