Hacking the ST rom


#562

I’m busy with another project.
Left: CPS2
Right: CPS1’

https://pbs.twimg.com/media/ByUAwoZIUAEUhTU.png:large


#563

I know we communicated briefly about referencing the Q-Sound CPS1 games but if you want to see a direct CPS1(non-Q-Sound)-to-CPS2 done by Capcom themselves, they ported the first Rockman/Megaman: Power Battle to CPS2 (for some crazy reason).
-ud


#564

I should take a look at it anyway. Even, if it isn’t a direct port. To see what they had to change.

Edit:
I could drop Mbomber duo and go with sf2 and reuse the qsound chip from sf2 versions on cps2. So I don’t have to deal with the protection that is on Muscle Bomber.


#565

CPS1 to CPS2 gfx notes

SF2:HF rom
Only partially got the graphics interleaved correctly.
s92-1m.3a interleaves with s92-2m.4a and this is for the left 8x16, and only works till 0x1000 in the graphics viewer on 16x16 even then

http://i.imgur.com/VIOLnQK.png


#566

Hey guys, hope im not breaking too many rules by posting this here (but the other rom hacking threads look a bit dead).

Thanks Jed for the pointers, they really helped!

Here is what I have done so far, now all I have to learn is to get into an encrypted rom, manipulate the crc checks and then it should be good to play on GGPO (I think).

P.S. Sorry the quality is so bad of the videos, my laptop just isnt strong enough to record at a better setting :frowning:


#567

Don’t worry about it I posted a lot of Vsav stuff in this thread all the time and now working on porting a cps1 game to cps2.

Also, feel free to use my A3 hacks which the notes are posted in this thread for removing the counter hit flash and adding the hidden characters to the select screen.

FF86AD aka Player Address + 0x2AD - Status Timer
FF86AE aka Player Address + 0x2AE - Status

Flags for Status
0E - Pure white / air tech
10 - Lighten / throw tech
12 - Red / Priority
14 - Pink / Damage Reduction
16 - Light Blue / Just Defend


#568

Sweeeet! Thanks Jed, I really wanted to add the flash after you mentioned it but after many wasted hours I gave up, just couldn’t find the byte that dictated this. :smiley:


#569

Here is my notes for the changes so far.

Currently im putting my code in the test menu text location, since I figured it was safe to use that location as im not aware of anyone confirming a3 has an intact debug still flaggable.

Also not in the videos I also check for X-Dhalsim and give him a smaller push block strength.


jump instruction for guard cancel: 034820
value max guard: 00FF864C

alpha counter removal - 2EE78 : 042E 0010 024C
replace with (jump to next instruction!): 4EF9 0002 EE7E

Data needed for pushblock during subroutine: 0291BE bsr 2920C

do b@FF8502 = c ; Character is Dan
do b@FF8532 = 1 ; Char is Vism
do b@FF8771 = 03
do D0=7

29278 = the call to do push block animation
Flash screen : do w@80410A=9280

Override who can do PB (all X ism chars)
replacing 2920C: 0C2E 001F 0102
with: jmp 016300 : 4EF9 0001 6300
016300 : cmpi.b 1f, (102,A6) : 0C2E 001F 0102
016306 : beq 01631E : 6716
016308 : cmpi.b ff, (132, a6) : 0C2E 00FF 0132
01630E : bne 016324 : 6614
016310 : move.b (24d, a6), d0 : 102E 024D
016314 : addi.b 1C, d0 : 0600 001C
016318 : cmp.b d0, (24c, a6) : B02E 024C
01631C : bgt 016324 : 6E06
01631E : jmp 029224 : 4EF9 0002 9224
016324 : jmp 029212 : 4EF9 0002 9212
01632A : 

Modifying how much push block is given:
replacing 29258: (move.b 1f, A4) 197C 001F 02C2
with: jmp 01631C : 4EF9 0001 632A
01632A : move.b 1f, (2C2, a4) : 197C 001F 02C2
016330 : cmpi.b 1f, (102,a6) : 0C2E 001F 0102
016336 : beq 016372 : 673A
016338 : cmpi.b ff, (132, a6) : 0C2E 00FF 0132
01633E : bne 016372 : 6632
016340 : move.b ff, (24b, a6) : 1D7C 00FF 024B
016346 : move.b 1C, (29a, a6) : 1D7C 001C 029A
01634C : addi.b 1C, (24d, a6) : 062E 001C 024D
016352 : addi.b 1C, (24f, a6) : 062E 001C 024F
016358 : cmpi.b 0f, (102,a6) : 0C2E 000F 0102
01635E : bne 016366 : 6606
016360 : move.b 15, (2C2, a4) : 197C 0015 02C2
016366 : moveq 0, d0 : 7000
016368 : moveq 3a, d3 : 763A
01636A : moveq 2f, d4 : 782F
01636C : jmp 02927C : 4EF9 0002 927C
016372 : jmp 02925E : 4EF9 0002 925E

return to 2925E for regular anim, jump to 2927C to skip anim so remain in block.

do b@FF864B = Timer to initiate gauge recharge
do b@FF869A = :FF869A = v: 1343 029A
do b@FF864D = 24:FF864D = v+(FF864D): D729 024D
do b@FF864F = 24:FF864F = v+(FF864F): D729 024F


#570

I had an idea for the right side all day. And it seemed likely it would work I didn’t do it at first. I just wanted to figure out how to get past the 0x1000 hurdle more.

Unmodified Palette

http://i.imgur.com/Ta6iJjG.png

CPS1 Palette with some liberty

http://i.imgur.com/6gZjy2H.png

The the idea was to use 4 as the base interleave it with 3 for the left side graphics.


#571

Huh, I thought it was only 2 days of silence.

http://i.imgur.com/vv9CvC8.png

http://i.imgur.com/pvY9l9D.png

Need to get rid of the doubling that lasts from 0x2000 to 0x3FFF and etc


#572

Dude, if you or anyone ports cps1 audio into ST a reality, I will donate an arcade cab.


#573

Jed is already making room for your cab.
-ud


#574

Not going to happen, unless some one wants to do a hack job of wiring the Kabuki on to your cps2 board. I’ll be using the q-sound still. Probably going to just reuse ST sound programming and samples. Then maybe, switch to HSF2 at a later for the CPS1 character voice samples. But this is way down the line I still need to fix the graphics, get past the ram checks, rewrite memory locations, fix inputs, fix any bugs, then either settings rewrite or sound.


#575

Dah, I forgot about the Kabuki chip. Isn’t that just a custom Z80? I wonder if anyone’s ever sussed out the differences between it and a vanilla Z80.

I figured there would be a lot of nagging manipulation like that. Once you have a game fairly well ported (as a proof of concept), it would be awesome to get some other people on board working on the whole CPS1 library. Especially with Darksoft’s CPS2 flash cart coming soon (I was shocked to discover how far along he is). That would be amazing to have the CPS1 & CPS2 libraries running on the same hardware. And since it will be easily updatable, people will be contributing bug reports & fixes (similar to what we see in the MAME community). Also all sorts of hacks and homebrew will likely pop up. For those of you not following, here’s the interest thread on neo-geo: http://www.neo-geo.com/forums/showthread.php?254247-CPS2-Multi-Game-Cartridge
-ud


#576

Here’s the differences sound hardware wise.
There is more than just the Z80 that is different. Kabuki custom Z80 with encryption, YM-2151 and OKIM6295 for the sound processing. Cps2 uses Z80 with a q-sound chip. CPS1 dash forgoes the Z80 and uses the main 68k and q-sound for sound as well reading q-sound data and ram for protection.


#577

So any idea how I would go about getting my changes into the sfa3.zip (encrypted) romset?

I figured I could just play the decrypted rom on ggpo via the unsupported room but sfa3ud.zip rom isnt supported by ggpofba.


#578

@wazeem: use XCopy to decrypt & re-encrypt the roms - https://www.mediafire.com/folder/tsu2b5ndrl0ut/ST_hacking


#579

@pof‌ I have tried already but no version seems to work.

Does it have to be a specific version or something?


#580

SFA3 I believe is one of those games that got a redump of atleast the encryption key between ggpofba and current version of mame.

So you have to use the custom option for it.
from cps2crpt.c



	// name                 key               upper                  watchdog
	{ "sfa3",     { 0x6abfc8e0,0x2780ddc1 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfa3u",    { 0xe7bbf0e5,0x67943248 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfa3ur1",  { 0xe7bbf0e5,0x67943248 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfa3h",    { 0x8422df8c,0x7b17a361 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfa3hr1",  { 0x8422df8c,0x7b17a361 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfa3b",    { 0xd421c0b2,0x8116d296 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfz3j",    { 0x7d49f803,0x0cbe2d79 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfz3jr1",  { 0x7d49f803,0x0cbe2d79 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfz3jr2",  { 0x7d49f803,0x0cbe2d79 }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfz3a",    { 0x990b9301,0xa4e42c7e }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0
	{ "sfz3ar1",  { 0x990b9301,0xa4e42c7e }, 0x100000 },    // 0C80 1C62 F5A8  cmpi.l  #$1C62F5A8,D0



#581

SF2HF CPS2 roadmap
Get graphics ported correctly
Pass the ram checks
Fix Inputs
Sound
Add a Settings Menu

I’m still stuck on step 1
So imagine if capcom still used cps1 fonts.

http://i.imgur.com/VuUOfMq.png

http://i.imgur.com/cEnTRVA.png