Hacking the ST rom


#457

I should do another update where the graphic part of life would refill. Since, I found those jump subroutines that does nothing and add the sort of random stages(Based on the frame counter of Character select screen).

As for the Vsav hacking.

http://i.imgur.com/80TFx9X.png

I had to rewrite a sprite table for this which include all the small portraits. And, only after doing it I decided I need to make a script to make it easier if I decide to do more work with background sprites. Never thought I would get more use out of my old window lua script.

Edit:
Random Stage Hack for the Japanese set (like the training hack)
I had this for awhile there is no second checks like what pasky wanted, but it still…

“Makes ST more Enjoyable” - Falken
Regular Ol’ IPS patches

Edit2:
It is a known bug that’ll you’ll keep fighting Ryu indefinitely in single player.


#458

Some weeks ago I was wondering: what if old dj could juggle with his MGU? Would it be a decent anti air? Would it be interesting? I always had the impression that capcom actually wanted it to be like that, but “didnt knew how”… i dont know… they only implemented a propper juggle system on ST…
I was so intrigued by that idea that I actually hacked the rom to see how would that look like: (sorry, I couldnt get the sound working)


I think it looks neat! The low damage on O.Dj’s MGU obviously helps on the balance. Maybe it should do less dizzy, but its actually hard to land all four hits so it may be already balanced.


#459

I believe Nin, said there was a juggle system in one of CPS1 versions and removed most of it but Dhalsim managed to slip through the cracks.


#460

Update to the character axis code I made earlier.
The code.

http://i.imgur.com/bS2h24j.png

Result

Update 2

http://i.imgur.com/iDvFO0M.png

Works on both characters also found out how many frames late it is. Which is 2 frames late. So keep that in mind when you’re using this jsr.



0019D8: jsr   $fff000.l

FFF000: 41F9 00FF 844E             lea     $ff844e.l, A0
FFF006: 49F9 0091 0000             lea     $910000.l, A4
FFF00C: 610C                       bsr     $fff01a
FFF00E: 41F9 00FF 884E             lea     $ff884e.l, A0
FFF014: 49F9 0091 0010             lea     $910010.l, A4

FFF01A: 3028 0006                  move.w  ($6,A0), D0
FFF01E: 322D 0ED4                  move.w  ($ed4,A5), D1
FFF022: 9041                       sub.w   D1, D0
FFF024: 3140 6CB2                  move.w  D0, ($6cb2,A0)

FFF028: 303C 00F8                  move.w  #$f8, D0
FFF02C: 3228 000A                  move.w  ($a,A0), D1
FFF030: 342D 0ED8                  move.w  ($ed8,A5), D2
FFF034: 9242                       sub.w   D2, D1
FFF036: 9041                       sub.w   D1, D0
FFF038: 3140 6CB6                  move.w  D0, ($6cb6,A0)

FFF03C: 3028 6CB2                  move.w  ($6cb2,A0), D0
FFF040: 3228 6CB6                  move.w  ($6cb6,A0), D1
FFF044: D07C 0038                  add.w   #$38, D0
FFF048: 0040 E000                  ori.w   #$e000, D0
FFF04C: 3940 0230                  move.w  D0, ($230,A4)
FFF050: 3941 0232                  move.w  D1, ($232,A4)
FFF054: 397C 801D 0234             move.w  #$801d, ($234,A4)
FFF05A: 397C 0019 0236             move.w  #$19, ($236,A4)
FFF060: 4E75  



#461

Please turn on Audio.


#462

Besides the japanese set any others you want to be included in this release?

https://www.youtube.com/watch?v=DgkY8b9hQdE


#463

very nice. i know it’s supposed to be a patched rom so you can burn to actual cps2 if you wanted, so I’m not sure if there is a way to make p2 stays in crouching position like the pof mame cheat (but then there is no mame cheat menu in patched rom).


#464

Most solutions will involve a rubber band, but i’m only using one of 3 known jumps to 10efc. Someone could hack in a menu eventually.

Also, Xcopy isn’t good at decrypting.


#465

What problems does xcopy have? I’ve put some simple asm hacks in the ssf2t rom with it without any problems… it worked perfectly


#466

It’s Decrypting a part that isn’t asm.

Encrypted Rom (ssfxj rom4)

http://i.imgur.com/9fi5r8a.png

Avalanche Decryption Effort (ssfxjdi rom4)

http://i.imgur.com/pU5NRYy.png

Xcopy (ssfxj rom4)

http://i.imgur.com/sevVivB.png

I keep checking if anything is wrong even used the custom encryption option to see if it was a wrong key.

And yes I need 80 bytes for asm.

cps2 keys
http://mamedev.org/source/src/mame/machine/cps2crpt.c.html

If you’re wondering how this problem didn’t pop earlier.

I do asm in the memory like the unused network memory(0x660000 - 0x663FFF). Optimize, till I can’t get rid of anymore code. Then find a place in the rom for it.


#467

If that proves to be a big issue, I should be getting a dead SSFIIX in the next few weeks, which I could put Avalanche EEPROMs in.
-ud


#468

IPS patches
Razoola’s Phoenix Set
Avalanche JP AM Set

The new code
Life Refill assembly



;19D8
4EB9 000D 6A80		jsr $d6a80.l;

;D6A80 (56A80)
;Address setting 28 bytes
41F9 00FF 844E			lea $ff844e,A0
43F9 00FF 884E			lea $ff884e,A1
45F9 00FF F100			lea $fff100,A2; 1P timer - Send undamned network memory test
6108				bsr; PC+$08
C149				exg A0,A1
45F9 00FF F200			lea $fff200,A2; 2P timer

;Timer set and countdown 6
4A2A 0000			tst.b ($0,A2);checks if there is a timer already
6710	 			beq; PC+$?? | Timer = 0 branch to refill 

;Hurt check and Subtraction 16 bytes
4A29 0003			tst.b ($3,A1)
6608				bne; PC+$08 | If hurt skip subtraction
102A 0000			move.b ($0,A2), D0
5300				subq.b #1,D0
1480				move.b D0, (A2)
4E75				rts

;Refill 30 bytes
157C 0096 0000 			move.b #$96, ($0,A2); Refill Timer
117C 0030 02B4			move.b #$30, ($2B4,A0); Refill Super
303C 0090			move.w #$90, D0
3340 01BC			move.w D0, ($1bc, A1); Refill Graphic
3340 002A			move.w D0, ($2a, A1); Refill Life
3340 002C 			move.w D0, ($2c, A1); Refill Life
4E75				rts



#469

Thanks jedpossum!

Updated my ssf2xj mame cheat file with your last training mode hack.


#470

Just posting to notify the Avalanche JP AM set is up.

And I do test the roms before making patches.
Even the Avalanche roms. 09 is giving the error since there is no boot up menu on avalanche’s set.

http://i.imgur.com/4mDm9vj.png


#471

Hey @jedpossum, can you post the patch for the encrypted ssf2xj rom set as well? it’s useful for playing in ggpo’s unsupported room.


#472

Is this for all cps2 games? After testing some custom drop patterns on Dreamcast puzzle fighter, I was thinking of hacking them in the puzzle fighter arcade rom…

How did you get this information? or how would I go about figuring this out for puzzle fighter?


#473

You can look above and see the problem of doing an encrypted set. Even using Xcopy on the avalanche ST Roms doesn’t solve the problem.

Mame Source, messing around with said games, and Razoola’s notes on making a phoenix set.
http://mamedev.org/source/src/mame/drivers/cps2.c.html

The Graphics memory(0x900000-0x93ffff) area can and will be quite different with each game.

Edit
Example



Vsav
0x900000 8x8
0x904000 32x32
0x908000 16x16
0x90C000 Palette Bank

0x918000 Dark Force 16x16
0x91C000 Dark Force Palette Bank



Notice the Hud isn’t stored in the graphic memory.


#474

Trace of the SSF2 Tournament Battle Terminal Check
http://pastebin.com/ZDn9T6EL
Interesting note there isn’t a check in the network memory.

Sorry, didn’t see this part earlier.

I would find out what is dropping the blocks and trace back till there is a command reading the player’s character and multiplying by how big the table is to get it’s slot.


#475

Thanks.I’ll give it a try, as well as razoola’s notes a read.


#476

Reminds me of this thing I made a few years ago.