« on: October 06, 2014, 04:38:45 am »
I have only cracked the musical byte code of a couple of sound engines, but I belive what I have done can help. I am probably one of the first romhackers ever interested in this since I first cracked the byte code for Secret of Mana + Final Fantasy Mystic Quest + Final Fantasy V + Hanjuku hero (they have identical sound engine) something like 10 years ago (but I kept everything private for a very long time). Only this year I made a (very dirty) program to convert it to MIDI for my FF5 advance hack. The key to craking byte code is, as usual, pointers.
On the GBA this was relatively easy because it's very obvious if a word is a pointer or not, all ROM pointers ends with the 0x08 byte. On the NES or GB there's no equivalence unfortunately, so your best guess is see words of increasing values following themselves, then you have a chance of them being a pointer table.
A good way is to know the RAM pointers that points to the musical byte code of each track. (in the case of the GB/GBC you'll have 4 pointers) If you have a debugger/RAM viewer, you should see them increase little by little as the music plays. If you see them increase by 1 (or 2) every time a new note plays, then it's definitely the pointers to musical byte code. Once you have the location of musical bytecode of a particular piece, everything is open to you : Just change it randomly and see what this changes, noting everything it does.
Another good way to do this is locate where the sound engine is located, disassemble it, and study.
However I'd definitely recommand a mix of both for easier & faster results. Usually music engines involves notes of many different lengths, and it's hard to "crack" the lengths just by hearing, so by looking at a part of the disassembly you'll figure out the relation between byte code and note length. Also some effects are sometimes hard to notice in some circunstances by just randomly trying bytecode, so disassembly will definitely help.
Some japanese guy however cracked much more byte codes than I did, mainly for the SNES, I guess his pseudo was lovemu or something. You could ask him for better advice.
In order to know what to expect, here is an very typical exemple of what a musical byte code could be :
0x00-0x0F : Play C note with different lengths
0x10-0x1F : Play D note ....
0xB0-0xBF : Play B note with different lengths
0xC0-0xCF : Play silence with different lenghts
0xD0-0xFF : Some random commands such as octave change, instrument changes, vibratos, end track, etc, etc...
It's also common to see "subroutine calls" or repeats in the byte code.