logo
 drop

Main

Community

Submissions

Help

84241171 visitors

Author Topic: Help with Checksum Mega Drive  (Read 1598 times)

ØX-Carnage

  • Newbie
  • *
  • Posts: 8
  • Location: Brazil
  • Group Monkey's Translations
    • View Profile
    • Monkey's Traduções
Help with Checksum Mega Drive
« on: May 14, 2012, 10:13:33 am »
Hello everyone, after a long time I'm posting again on the forum, personal life takes a long time.
Well we would like if possible to clarify a question about Checksum the Mega Drive.
For some time he was trying to translate the Road Rash 1 for PT-BR but when editing any byte rom crashes.
In another rom, The Punisher, was the same problem but managed to solve Checksum changing the game, what I did was to compare the original with the edited rom and see the debug to where the fighting took place and changed via the Checkcum hex​​.
But in a Road Rash, The Immortal among other games can not follow the same procedure, and in most games and reading Checksum follows the same pattern.
I wonder if anyone has any idea how to edit this rom without giving problems with Checksum.
PS
I have used some tools to fix Checksum, but not solve the problem.
PS1:
Sorry for the lack of agreement in sentences and phrases, I am using the Google language translator to write this post.
« Last Edit: May 14, 2012, 11:33:13 am by ØX-Carnage »

FAST6191

  • Hero Member
  • *****
  • Posts: 766
    • View Profile
Re: Help with Checksum Mega Drive
« Reply #1 on: May 14, 2012, 12:53:19 pm »
If indeed it is troubled by the checksum the way "to edit this rom without giving problems with Checksum" is either to forge the hash (find some other data and change it so it matches aka forge a collision) or if the game only hashes part of the rom (you said any byte though so that is out). Equally that sort of method is only really useful to that hacking games with online components or hacking a system in the first place so no need to go into that, it is probably viable here as the megadrive would not spend resources on a hard to forget hash (modern systems tend not to be worth it but this is not a lesson on proper hacking).

After this you have two main options
1) Figure out how the hash works and edit the ROM all you like before hashing it again. Being for the megadrive it is probably brutally simple (I would not be surprised at all to head it was just a simple bytesum), unless you get lucky

2) Patch out the hashing routine. Although 16 era consoles did OK on the anti piracy (AP) front (this is the usual reason for adding a hash) it is probably not hidden away, obfuscated and checked several hundred times over the course of the game unlike say the later AP patches for the likes of the DS. This means ASM hack and if the ROM fails to boot right away it probably means the check comes early on and I would not be surprised if that was the one and only check in the entire game. You get to either stop the check from happening (the "best" way), allow the check to happen and force the "good" outcome (the original would read something like "if check failed crash else carry on from where you left off" where the new would read "if check failed carry on where you left off else carry on where you left off), or make the check return the "correct" value and carry on from there (sometimes easier if the developers got clever and tried to set a pass flag or something) but if you have someone that can do ASM hacking this last sentence would have been very obvious.
I have read http://www.romhacking.net/documents/227/ and http://www.romhacking.net/documents/275/ but I am not terribly clued up on my megadrive hacking so I am afraid I have not got much on specifics for this.

KingMike

  • Forum Moderator
  • Hero Member
  • *****
  • Posts: 4856
  • *sigh* A changed avatar. Big deal.
    • View Profile
Re: Help with Checksum Mega Drive
« Reply #2 on: May 14, 2012, 02:53:08 pm »
I think I heard a lot of EA games used checksum protection.
First, you might want to look up if using a Game Genie requires a "Master Code". (a good way to do that would be to do a Google search for Game Genie codes for the game you want to hack)
If so, you'll need to look up a GG converter program to decrypt the Master Code (get the address and value), then go to that address in the ROM and change it to the specified value, in order to remove the protection.
Quote
Sir Howard Stringer, chief executive of Sony, on Christmas sales of the PS3:
"It's a little fortuitous that the Wii is running out of hardware."

ØX-Carnage

  • Newbie
  • *
  • Posts: 8
  • Location: Brazil
  • Group Monkey's Translations
    • View Profile
    • Monkey's Traduções
Re: Help with Checksum Mega Drive
« Reply #3 on: May 14, 2012, 04:52:54 pm »
If indeed it is troubled by the checksum the way "to edit this rom without giving problems with Checksum" is either to forge the hash (find some other data and change it so it matches aka forge a collision) or if the game only hashes part of the rom (you said any byte though so that is out). Equally that sort of method is only really useful to that hacking games with online components or hacking a system in the first place so no need to go into that, it is probably viable here as the megadrive would not spend resources on a hard to forget hash (modern systems tend not to be worth it but this is not a lesson on proper hacking).

After this you have two main options
1) Figure out how the hash works and edit the ROM all you like before hashing it again. Being for the megadrive it is probably brutally simple (I would not be surprised at all to head it was just a simple bytesum), unless you get lucky

2) Patch out the hashing routine. Although 16 era consoles did OK on the anti piracy (AP) front (this is the usual reason for adding a hash) it is probably not hidden away, obfuscated and checked several hundred times over the course of the game unlike say the later AP patches for the likes of the DS. This means ASM hack and if the ROM fails to boot right away it probably means the check comes early on and I would not be surprised if that was the one and only check in the entire game. You get to either stop the check from happening (the "best" way), allow the check to happen and force the "good" outcome (the original would read something like "if check failed crash else carry on from where you left off" where the new would read "if check failed carry on where you left off else carry on where you left off), or make the check return the "correct" value and carry on from there (sometimes easier if the developers got clever and tried to set a pass flag or something) but if you have someone that can do ASM hacking this last sentence would have been very obvious.
I have read http://www.romhacking.net/documents/227/ and http://www.romhacking.net/documents/275/ but I am not terribly clued up on my megadrive hacking so I am afraid I have not got much on specifics for this.

Dear friend thanks for the explanation and the links, already downloaded and then give a studied, very interesting.
But in my case is only changing the hex-checking, changing this value will cause the checksum verification but normal, but will not crash the rom, unfortunately I have no further information as prints, because I'm at work right now.

I think I heard a lot of EA games used checksum protection.
First, you might want to look up if using a Game Genie requires a "Master Code". (a good way to do that would be to do a Google search for Game Genie codes for the game you want to hack)
If so, you'll need to look up a GG converter program to decrypt the Master Code (get the address and value), then go to that address in the ROM and change it to the specified value, in order to remove the protection.

KingMike Friend, I've done this procedure did not work, decoded characters and 6:08 manually downloaded tool here and see the site, but failed.
The strange thing is that after decoding the code it points to a particular address is the same address as rom The Punisher (Genesis) which I translated and changed the Checksum, I did another test with the rom Street Fighter II (Genesis) and the same goes Offset .
As said before I believe strongly that the following default address for all games, but the code is changed to be different.
Unfortunately I have no further information at home only.
Then I'll post the prints to better understanding.
Even more.
« Last Edit: May 14, 2012, 05:01:32 pm by ØX-Carnage »

RadioShadow

  • Sr. Member
  • ****
  • Posts: 270
    • View Profile
Re: Help with Checksum Mega Drive
« Reply #4 on: May 19, 2012, 01:03:47 pm »
Dear friend thanks for the explanation and the links, already downloaded and then give a studied, very interesting.
But in my case is only changing the hex-checking, changing this value will cause the checksum verification but normal, but will not crash the rom, unfortunately I have no further information as prints, because I'm at work right now.

KingMike Friend, I've done this procedure did not work, decoded characters and 6:08 manually downloaded tool here and see the site, but failed.
The strange thing is that after decoding the code it points to a particular address is the same address as rom The Punisher (Genesis) which I translated and changed the Checksum, I did another test with the rom Street Fighter II (Genesis) and the same goes Offset .
As said before I believe strongly that the following default address for all games, but the code is changed to be different.
Unfortunately I have no further information at home only.
Then I'll post the prints to better understanding.
Even more.

Err... KingMike's method does work.  I think you might have misunderstood him.

First, this guide explains how to make "Master Codes". http://www.angelfire.com/games2/codehut/ImprovedMasterCodes.txt 

These are required for Genesis / Mega Drive games that have extra protection that basically don't work if the game has been edited.  To get round this problem, we simple "disable" the checksum, which is what the "Master Code" does.  Once they are disabled, you can edit the rom as much as you like and fix the checksum.  As a bonus, the game will start up quicker. :)


Luckily for us, there is a "Master Code" already made for "Road Rash" here: http://www.angelfire.com/games2/codehut/RoadRashGG.txt

In this case, the code is: RH9T-R60T

Using the "Game Genie Code Converter" (http://www.romhacking.net/utilities/23/), we can get hex code of what is being changed.  The result should be this: 07FFD0 : 4E71

I'm not much of an expect on how Genesis / Mega Drive codes work, but I can tell you it is a rom offset and it adding a "do nothing" command.  Simple open the rom in a hex editor and go to the "offset": 07FFD0

Replace the values "66 02" with "4E 71". 

Now you can make any changes you like.  Don't forget to fix the checksum using this: http://www.romhacking.net/utilities/342/


EDIT: Just a screenshot of some of the text edited, to show the above method works:
« Last Edit: May 19, 2012, 01:17:23 pm by RadioShadow »

Tony H

  • Jr. Member
  • **
  • Posts: 89
    • View Profile
    • The Code Hut
Re: Help with Checksum Mega Drive
« Reply #5 on: May 21, 2012, 12:03:31 am »
If you're interested, here's an "Improved" master code for Road Rash...

At ROM address $07FFAC, change the "D0 98" to "4E 75".  This will make the game load much faster, and you can make as many changes to the ROM as you want.

In this particular game, they don't use the "built-in" checksum total at ROM address $00018E.  In this case, the checksum total is located at ROM address $07FFCC (4 bytes).

Here's what it looks like in an assembly trace:

07:FFCA  B0 BC  CMP.L   #$FE407B8A,D0            A0=000C0001 A1=00000000 A2=00000000 A3=00000000 A4=00000000 A5=00000000 A6=00000000 A7=00FFFFF2 D0=FE407B8A

It's comparing the correct checksum (FE407B8A) to the value in register D0 (which is the same). 

The next instruction is: 07:FFD0  66 02  BNE     #$02 [07:FFD4]           

This is the instruction that the "regular" master code changes.  BNE = Branch if Not Equal.

The improved master code does this:

07:FFAC  D0 98  ADD.L   (A0)+,D0                 A0=00000000

This is where the game starts to add up all the bytes in the ROM.  It takes the game roughly 4 seconds to do this.  By changing this "D0 98" (ADD.L) to a "4E 75" (RTS) instead, the entire checksum process is bypassed. 

Oops, getting a little too involved here. :-)
The Code Hut: http://www.angelfire.com/games2/codehut/

Game Genie codes and ROM hacking guides

ØX-Carnage

  • Newbie
  • *
  • Posts: 8
  • Location: Brazil
  • Group Monkey's Translations
    • View Profile
    • Monkey's Traduções
Re: Help with Checksum Mega Drive
« Reply #6 on: May 26, 2012, 09:11:39 am »
RadioShadow, could make changes in the roms, I was making is that the wrong procedure.
I appreciate the help of friends.
Screen Test Road Rash.