Hacking the ST rom

Hi, I’m really interested.

I know about bits, bytes, hexadecimal numbers. I have some little experience with macros in excel and even tried to modify some colors in last blade using Hexplorer, sadly no results at all ;_;

Could you please upload the guide again? I think the links are dead and I really want to learn how to mod ST.

This is what I was looking for! I bought the HD remix version last year and really like the tweak to the special motions, because I remember how tedious was to get some moves in the original version, like the 720 motions or even those that finished in up-forward, like sagat tiger knee; Dhalsim teleport command is just almost impossible on a pad. So days ago I decided to look for a hack with easier controls but just found cheats and macros that let you do the special moves by just pressing a single button and that was not what I was looking for. I have the time and will to learn, so please upload the guide again and if you need some help with your own hack let me offer you any help you need.

In brief, I’m ready to learn whatever is needed to make a hack possible (just need a new link to your guide because the current links are dead); and if you still want to make a rebalance hack I’m offering my labor force to help you :). Please accept me senpai.

Uploaded it again, get it from this mediafire folder: https://www.mediafire.com/folder/tsu2b5ndrl0ut/ST_hacking
I’ve also uploaded the not easy to find xcopy (i had to dig very deep on some random japanese forum lol), a program that lets you decrypt/encrypt CPS2 and CPS3 roms. This is needed to hack the assembly code (unless you’re going to use the phoenixed rom…). You can do a lot of hacking without having to debug and hack the assembly itself (which its what is shown on the guide I wrote), but for certain stuff you need to hack the assembly.
As for a rebalance hack, I do have some stuff here that I did for fun (including, my version of Gief lol plus pontual changes on certain characters to make it more fair for Gief lolol), but i think a successful rebalance hack will never happen cuz It must not be made by one person, but by the comunnity (look at HDR, it has good ideas, but also has bad ones) and as of now, we had 0 big names interested in this, and without it, i dont see this being accepted by the community (James Chen did liked the idea, though it was just a facebook discussion, nothing really happened), which kills the purpose of it… why spend so much time on it if no one going to play it? Also, this can bea very tedious process, once you understand how its done, hacking frame data and hitboxes can be very straightforward, but are also time consuming.

I say the main reason there isn’t one nobody is really pushing for it showing enough info and changes to get going or some cool changes you can do with the engine. Or talk about the limitations. To some people it seems to limited at the moment. Then again I’m making a hack with the word stupid in it’s title(it’s not A2).

Knowing the frame/cell data you can have a lot of fun with it. In A2 I can give Sagat a new attack box and a just frame with the new attack to cancel into a medium punch.

Thanks Born2SPD, I will read it and search for additional information by myself, but if I get stuck in a problem after looking all over the internet, then please don’t get bother if I ask you for a little help, I will try to make it little as possible though. Again, thanks for the guide and wish for the best.

More asm work.

When I figure out how to undo selected characters it’ll go to character select instead of a not really random lifebar colors.


Double post time

Training Mode Hack update

Added a way to return to character select (Hold start till it pauses then release)
Removed junk code replaced with zeroes (0x19EA - 0x1A6C)

The new 68k asm code

Total Size 68 Bytes

20 bytes
45F9 00FF F080		lea $FFF080,A2 ;Set address for timer
4A2D 007E			tst.b ($7E,A5);Checks Start input
6608 				bne; PC+08 | branch if start isn't pressed
157C 0030 0000 		move.b #$30, ($0,A2); Refill Timer
4E75				rts

6 bytes
4A2A 0000			tst.b ($0,A2); start timer check
6620				bne; PC+20 | branch if timer isn't 0

18 bytes
;Set Scene aka Set it to be character select 2
3B7C 000C 0004		move.w #$c, ($4,A5)
3B7C 0002 0008		move.w #$2, ($8,A5)
3B7C 0010 000A		move.w #$10, ($a,A5)

14 bytes
;Deselect characters
102A 0000			move.b #$0, D0
1B40 07DD			move.b D0, ($7dd,A5)
1B40 0BDD			move.b D0, ($bdd,A5)
4E75				rts

10 bytes
;Timer countdown
102A 0000			move.b ($0,A2), D0
5300				subq.b #1,D0
1480				move.b D0, (A2)
4E75				rts

Avalanche JP AM set

If you want one for razoola’s set just say it. And I’ll work on it.

Bug Fixed
What I thought was junk code is actually code to help load a few stages. (Boxer, Claw, Dee Jay, Cammy, T. Hawk)
So as of right now this mod has a 5 in 16 chance of crashing after character select I’m working on fixing it with new code in it’s place.
It’s too entrenched to redo it especially where it jumps back to specific locations form code later on.

But it gives me an idea what 10efc used to be. My guess was code to show the sprite axis.

Look at this mess


It turns out that your previous patch file (old mediafire link) which apparently should have had zeroed code on 19EA and the current patch file (new dropbox link), both produce the same sfxjdi.03c output patched file. (The code at 0x19EA - 0x1A6C is not zeroed nor touched at all).

Maybe my IPS patcher is buggy (I’m using JIPS 3.0 on Linux):

JIPS 3.0 Logfile
Chunk number: 1 Offset: 19da Bytes: a
Chunk number: 2 Offset: 19ea Bytes: 0 RLE char: 0 Lenght: 130
Chunk number: 3 Offset: 39a6 Bytes: 6
Chunk number: 4 Offset: 49c4 Bytes: 2
Chunk number: 5 Offset: 49e8 Bytes: 1
Chunk number: 6 Offset: 4a78 Bytes: 2
Chunk number: 7 Offset: 4a96 Bytes: 6
Chunk number: 8 Offset: 4db0 Bytes: 2
Chunk number: 9 Offset: e2fe Bytes: 1
Chunk number: 10 Offset: ecc0 Bytes: 1
Chunk number: 11 Offset: eccc Bytes: 1
Chunk number: 12 Offset: fe90 Bytes: 1

Anyway, I updated my mame cheat file for ssf2xj with your new training mode update. Thanks again!

I replaced the one on mediafire before I made a dropbox account. So you could of gotten the new version regardless. Or I mistakenly never used the one with the zeroed out code.

never mind… btw, I made an encrypted ssf2xj using your patches and xcopy to encrypt the rom files. It works perfect on mame. I can post it if anyone is interested, it’s useful for having the new training mode on ggpo :slight_smile:

I’m pretty sure posting roms is no-no at these forums, but you could at least post the patches.

pau@maco:/tmp/xcopy/ssf2xj$ radiff2 sfxj.03c e_patched_sfxj.03c 
0x000019da 9f51b2c8 => 85e4677b 0x000019da
0x000019e0 70d1da03 => c572e4d5 0x000019e0
0x000039a6 1764dfdd19e6 => 97c6645894fa 0x000039a6
0x000049c4 7fb7 => c29e 0x000049c4
0x000049e8 9e42 => 097e 0x000049e8
0x00004a78 cab4 => dda6 0x00004a78
0x00004a96 86742d53a63c => ceaf782702b7 0x00004a96
0x00004db0 7289 => 1fc6 0x00004db0
0x0000e2fe 48e1 => 069e 0x0000e2fe
0x0000ecc0 9593 => f799 0x0000ecc0
0x0000eccc e5d2 => 18a3 0x0000eccc
0x0000fe90 26ac => ba01 0x0000fe90

pau@maco:/tmp/xcopy/ssf2xj$ radiff2 sfxj.04a e_patched_sfxj.04a 
0x0003e64e ed92 => 74aa 0x0003e64e
0x0003ebae ee54 => 9b02 0x0003ebae
0x0004cc10 d75a859da3ec434ee9bcfa7a188e6510 => 1665f4bbd1b07f7704052f2cecacbc92 0x0004cc10
0x00056a80 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 => 8eecc6cebd9dc7b090e8705a61cf8a524ad83c6bdd4de17240226d07ed7067ca9e8a69c8f4828826a940d5964b4d490a5ac6a86e93aaf79286c8ea669e200338c32a285c926e55fe8195bcc0e1ce2227 0x00056a80
0x00056c60 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 => f693d4f007304757db257e2028afdc4863c5b82751e4b1de216aa7def78f8ebdbdffeab8dd34aa1b727752cab28339562e4464bd0ad939409319844e46bbfb50 0x00056c60
0x00056ca1 000000 => 7d4e5c 0x00056ca1

I tried to play it on ggpo, but mightymar couldn’t get it to load correctly. It works on GGPOFBA for me at least.

I already told jed, but the latest training mode is running fine on my SSFIIX B board. When I can, I’ll make a video running normal game, swap EPROMs, and run training mode, all in one take so people can see everything working on the original hardware. Thanks for all your work on this jed! Incredible to have something so useful on the original board and so simple to use!

I tried to play it on ggpo with yogaboy and Xgamerz, worked like a charm. Make sure you don’t have other rom sets with the .03c and .04a files inside, otherwise ggpofba might take the non-patched ones from the other rom sets.

Warning not ST
Since, there is no other rom hacking thread.
Alpha 3

The change
807C2 move.w #90C0, ($20,A5); To keep the same palette bank

Character Select (Encrypted)

FF0C 071A 0802 FFFF 0018 1B1D 1C19 013F
FF0F 0616 0510 FFFF FF63 0E0D 11A1 FFFF

3F3F 3F0A 3F3F 3F3F 3F15 0304 0B1F 3F3F 
3F0C 071A 0802 3F3F 0018 1B1D 1C19 013F 
3F0F 0616 0510 3F3F 3F23 0E0D 111E 3F3F 
3F3F 3F09 3F3F 3F3F 3F3F 3F3F 3F3F 3F3F 

Return to selected Character (Encrypted)

Graphic Portrait(Switch 18 to 1B)

Portrait Back (Encrypted)
085CF0: move.w  #$560, D0
085CF4: move.w  #$1100, D1

085CF0: move.w  #$25CC, D0
085CF4: move.w  #$1116, D1


Hey, decided to check out the training mod using pyqtggpo, but i keep getting this even after running the patch:

The following ROMs are invalid:
~ essential program ROM sfxj.03c has a CRC of EB156C41 (correct is A7417B79).
~ essential program ROM sfxj.04a has a CRC of 2792FE07 (correct is AF7767B4).

Another thing, and plz don’t laugh at my noobiness (lol), but in order to actually run the game in the unsupported room, I have to challenge myself correct?? i just want to make sure

It’s supposed to give errors as checksums shouldn’t match if the file was edited. It should run fine.

Got ya buddy! Great job with the training mode man

Remember when I shown the code for old characters?
Here is a quick example what you could do. Took me longer to write this post than write the code.

This is a test to show it’s easy to replace entering a cheat to select the old characters with your own code.

Just a simple jump at 0x14EC0 to my code that is in the network memory.(And yes I should of put the compare before the write)

at 14ec0
4EF9 00660000

In network
102D 001C 0200 000F 0C00 0009 6EF2 1940 03B1 4E75

A3 = Opponent’s memory if p1 selected it’ll be p2’s.
A4 = Player memory. If P1 selects it’s his slot and vice versa.

Undamned asked for the differences between US ST 940323 and 940223

Rom 3 differences
0x001CE has 0100 0100 Default settings changes. Free select and 3/Easy instead of Turbo and 4/Medium
0x0B6CA Changed. Switched a beq to a nop.
0x1C190 Changed to 33 to show the different revision(Ascii for the boot up)
0x336E8 Palette changed (Dunno what it's used for)

Rom 4 Exactly the same
Rom 5 Exactly the same

Rom 6 differences
0x1EBD1A for 5 bytes
0x1EBFB6 for 1 byte
0x1EC024 for 45 bytes

Rom 7 differences
0x264BCE for 43 bytes

Rom 8 Exactly the same
Rom 9 the same (only Razoola's phoenix set is different)