News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: SNES SRAM checks  (Read 3132 times)

Sonny_Jim_Pin

  • Guest
SNES SRAM checks
« on: July 10, 2013, 10:31:55 am »
I made myself a LoROM development cart for my SNES a while ago and have been trying out different ROMs/hacks and one thing I've noticed is that some games check for the amount of SRAM on the PCB and refuse to boot if it's wrong.  My LoROM cart was built out of a JAP Mario Paint and thus has 256KBits SRAM

I'm looking to remove the SRAM size check on a particular game (Ouchan no Oekaki Logic) as I don't really want to cut traces on my dev cart just for this game and because it only uses 16KBits of SRAM I've have to chop quite a few of them.

When the SRAM size is incorrect for this game, it just hangs at the title screen and doesn't allow you to press start.  I've confirmed this on hardware (by putting an EPROM into my dev cart with 256Kb SRAM) and also on an emulator (changed 0x0081D8 from 01 to 05) and it behaves the same both ways.

I've done a *small* amount of ROM hacking before (edited TNZS arcade ROM to include freeplay) but this is my first attempt at a SNES rom.

What tools should I be using (MESS atm)? Any documents that I might find handy?

p.s I have already tried UCON64 to remove the checks but didn't seem to make a difference.

July 10, 2013, 12:33:17 pm - (Auto Merged - Double Posts are not allowed before 7 days.)
Ok, so I just about figured it out using the debugger in MAME/MESS.  What the game was doing was this:

Code: [Select]
SEP #$20
LDA #$aa
STA $7007ff
LDA #$55
STA $700fff
CMP $7007ff

My ASM is pretty shocking but even I can figure out how to get around that one :-)
« Last Edit: July 10, 2013, 03:15:34 pm by Sonny_Jim_Pin »

justin3009

  • Hero Member
  • *****
  • Posts: 1647
  • Welp
    • View Profile
Re: SNES SRAM checks
« Reply #1 on: July 10, 2013, 01:27:15 pm »
Does it jump off to anywhere else?  Cause it looks like it stores to 7007FF then later on tries to compare #$55 to 7007FF which may cause a hang since both values are stored right there.

I'm confused on what it's attempting.  You store both values right away then try to compare them when they're different.  If it's a loop that jumps back to the same code, that would be why it hangs.  Though I think more information is needed to know what exactly is going on? (I think anyway)
'We have to find some way to incorporate the general civilians in the plot.'

'We'll kill off children in the Juuban district with an infection where they cough up blood and are found hanging themselves from cherry blossom trees.'

Sonny_Jim_Pin

  • Guest
Re: SNES SRAM checks
« Reply #2 on: July 10, 2013, 02:45:19 pm »
What it is doing is writing $aa to 0x7007ff (end of the 16KBit SRAM area) then writing $55 to 0x700fff, which corresponds to the end of the 32KBit SRAM area.  It then looks to see if 0x7007ff is $55.

In an 16Kbit SRAM cart, any memory above 16KBit is mirrored, so when $55 is written to 0x700fff, it'll also get written to 0x7007ff, so when it's compared at the end it should equal $55.

In a cart with a larger SRAM, the write to 0x700fff doesn't change 0x7007ff, so it stays at $aa and the game knows it's being run by a copier.

KingMike

  • Forum Moderator
  • Hero Member
  • *****
  • Posts: 7015
  • *sigh* A changed avatar. Big deal.
    • View Profile
Re: SNES SRAM checks
« Reply #3 on: July 10, 2013, 03:02:52 pm »
Yes standard SNES procedure.

Code: [Select]
16kbit = 2KB
.....111 11111111  Uses these bits of the address value
-----              These bits are ignored.
So writing to
00000111 11111111 (7FF) will have the same effect as writing to
00001111 11111111 (FFF) as well as
00011111 11111111 (1FFF), etc.

256kbit = 32KB
.1111111 11111111 Use these bits of the address value
.....111 11111111 Remember 2KB only used these bits.
As you can see, the 32KB RAM chip has 4 more bits of significant value.
What an anti-copier measure will do is set some of those extra bits.
It won't have an effect on the lower-capacity chips the real game will affect the resulting address on the higher-capacity chip.
"My watch says 30 chickens" Google, 2018