News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Paper Mario 64 - General Hacking Tool  (Read 25408 times)

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #20 on: August 19, 2014, 11:47:32 pm »
Hi guys, there are some things I would like to say in this new. To begin, I would like to thank Rew for his work to make a full tracklist on Paper Mario 64, I invite everyone to look over at http://www.hcs64.com/mboard/forum.php?showthread=37772 to see the results. So, I just want to say because I will come back to school I will have to slow down my researches for a long time. :P Here are the last things I have found on the game, others things aren't enough accurate to talk about them.

I managed to get all interactive objects we can find in any areas along with save blocks and health blocks :
https://drive.google.com/file/d/0BzSek_0oxKC-TFFLUkJQbjBoLWs/edit?usp=sharing

It's not quite new because I already did a demo with the health blocks, but this time there're very many more objects to mess with. My next trial will be to understand the process of some of them because they just don't have only positions as paramaters, otherwise I would be able to switch a blue pipe into a tornado easily. I did some tests and that brings out some interesting things :
  • When you move a blue pipe, the trigger doesn't follow it.
  • If you move a wooden panel and let it intact, the hole leads you to an OOB.
  • If you tap a hammer block which was a spring box, you will be although ejected.
  • A star piece hole is independant from the ground.
Anyways I will continue to bring discoveries around theses objects. See ya folks :)

     
   

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #21 on: September 13, 2014, 05:09:51 pm »
Hi guys :D, today I will announce an info about blue pipes and a new thing of possibilities.

To begin, I can say I'm able to fix the problems with moving a blue pipe. Did you remember my article about DD (direction data), it's the same thing execepted the measures are shifted. Example : if your blue pipe's X is [00 96] and DD's X is [43 16], making 96 to b6 makes 16 to 36. I also found where the blue pipe chooses its exit and its DD, but it's useless unless you want to create your own.

Otherwise, maybe I will begin the hack of sprites in areas, though it's very VERY difficult. :P All my knowledge is very basic, but it's already very good. On the next picture you can see what is a typical pattern of sprite in an area. Notice, sprites data are scattered throughout the area data, so it's impossible to get them very efficiently... What you see in black is a function which has 2 functions : the first byte is a id, "02" means it's the 3rd one in the row. The other is the two lasts bytes. I have theories but nothing of consistent. In red it's the position in XYZ, they are like blue pipe position setting. Finally, the hardest is the blue section where we have a bank of animations sticked together. "83" is the "spritesheet" used for the sprite. Example : 7f = Crystal King, 83 = Toad and 76 = General Guy. The byte after "83" is for variants like Ninjakoopas and Toad (colors). Others things are unknown, but in general only the first ones matter probably because there are always less animations than 16. Notice, if you can find the blue section in the right array, then you can easily find any others patterns. :)


Beside that, I tried to change an ennemy for an other, but it will be very difficult because data are not dynamic. So, if you want to change a pokey for a bandit, you will have to fix his : skin, hitbox, animations, behaviors, etc... I tried to show you what you can do with the next picture. Like you can see, I moved some toads in X and Y (he walks in air). I didn't mention it, you can see General Guy because I changed the "spritesheet" byte, but changing the "spritesheet" byte leads to a crash in 99% of cases. :o So that's all folks, it's an important source of search. I will continue slowly but surely. ;)


luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #22 on: September 24, 2014, 08:13:34 am »
Hi guys :D Today I will tell you all results about my researches about sprites in areas. This is a bit better than the last time because I can do many more things. So here we go :).

I will explain my stuffs with the code's image in the last post. A sprite's pattern has always 16 series of 4 bytes. I will pick up a serie and explain each byte because there is a utility for each one. The 1st [83] is the id of the "spritesheet", it's connected with the 2nd [00] which is a variant index of the "spritesheet". The two bytes decide which sprite will be shown. In this case, [83] is a normal Toad in Toad Town and [00] next to it decides he is red. With the second you can, generaly, change the color of the sprites like : Ninjakoopas, Shy Guys, Clubbas, etc... The 3rd [01] determines which animation will be played, [01] is generaly an idle animation. The 4th [00] separates two series. In function of which animation the sprite will play, it will load the approppriate serie.

When you enter into a area (or get out from a battle) the sprite will load its spritesheet once and from a specific serie. If you enter into an area (or run away) the sprite will load the #1 serie to play the idle animation. Afterward if the sprite chases you, it loads the #4 but don't refresh its spritesheet, but it DOES for the variant byte. You should just replace all of firsts 2 bytes if you want to deal easily with it. 8)

So, do we need all theses 16 series? The answer is I'm not sure, but I'm pretty sure there are similitaries for some of them. I do a list with all functions of them from 1 to 16 :

#1 : Idle & Run Away
#2 : Walk
#4 : Chase
#7 : Death*
#8 : Hit
#9 : Before Attack
#10: Attack
#11: After Attack

Death is only used to load the variant and the animation.

There can be more functions, I would need to do more tests. Notice, they are for ennemies, that involves exceptions. :P For NPC, there are functions to load animations which aren't in the patterns. Example : if you want to talk to a NPC, a function above the pattern will load an animation. In some cases, one function can load animations for many sprites.

Now, I will talk about the big issue you can have with messing with sprites. According to me, the game has a limit about the number of spritesheets it can load. More you load spritesheets, more it leads to a crash. Worse than that, some of spritesheets (especialy the bosses) are heavier than normal ennemies. That's means if you can load maybe 5 SS you can barely load 2 bosses (which explains why I was just able to load General Guy). However, the number of sprites which have a heavy SS doesn't matters and to have many variants with the same SS doesn't count as loadings.

I would add all that stuffs can be use to search data linked to animations in area's data and ennemy's data. That's all for now, there is a image of what it looks like if you're lucky, because of that limitation. See you next time :D.


luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #23 on: October 09, 2014, 08:59:19 am »
Hi guys :D, since I got a PM encouraging me to continue my hacking tool, I get back to work and bring today a new about it.

I added a shops' feature where you can change the item, the price and the description which is independant. This works for all 9 shops in the game. However, for the description I will ask to testers to give me feedback because changing descriptions is a little bit tricky. :P

Description for items in shops needs 3 bytes. The 1st one is for the type of text you want : 24 is shop's descriptions, 26 is the label of objects, these 2 include badges as well. The 2 others are to specify the text itself. [0000] is Fire Flower and [002a] is Fright Jar. The problem is when you change the description for a item which is not normally in a shop, the text is either "no data" or "nothing". However, if you change the 1st byte to 23, it's the same excepted the text is there for all items. I cannot tell if it's a really big matter if I decide on purpose to change 24 to 23, but without that users couldn't choose items from recipes because of the descriptions issues.

I will probably wait some time before posting a pre-released version because I feel my software's structure is really bad and I want to continue to optimize it. Also, if shops' data were easy to gather, my ennemies' data are very fragmentary and I didn't work on it since the time I posted the first screenshot of it on this topic.

So that's all, I hope my changes won't take so long, see ya folks. ;)


luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #24 on: October 26, 2014, 12:02:30 am »
Hi guys :D, today I can post a WIP of my tool to get feedback from you. Of course, my tool isn't finished yet because I don't have all enemies' stats so it can't be used for an accurate hack. Also, it will allow me to know if there are bugs.

I should precise a thing (though I can talk about it in a Readme.txt), but attacks that can make Mario frozen have a glitchy rate. Example : if you can mess with rate of poison and the number of turns Mario is sick, modifying rate of freezing make the number of turns you're affected always at 3, nonetheless what is the turn byte's value. For this reason, I lock this feature when the status equals "Frozen", if it's a bad idea I would like to know. :)

So there is the link, unfortunately I have some issues with Ultra Bowser and Kent C. Koopa. Ultra Bowser's attacks status are in an arbitrary-like place unlike normal attacks, exception call. :P For Kent C. Koopa (it's not limited to him), attacks that make Mario's ally stunt isn't a status but an attack as well, so I don't know if I will add an attack for Mario and the ally or add an extra counter for this attack... :-\

I will have to adjust my tool again (changing the name maybe?), but I hope that you will enjoy that tool. If you have an idea to improve it or to report something you can PM me or posting, it would be great than my tool get better and be able to be reused anywhere else. 8)

https://drive.google.com/file/d/0BzSek_0oxKC-Q1g2RXlzckIzcDg/view?usp=sharing

Iamdehf

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #25 on: October 26, 2014, 03:18:27 am »
Seems like i stumbled upon this at just the right time. The shop feature seems fairly fleshed out. Your only missing some of the more obscure/cooked items and everything worked. As for the stat modifier (albeit limited), the only problem I ran into was when I tried to change Tutankoopa's Defense to 1 and then saved the rom causing the program to crash. I think it still changed the value as when I brought it back up, it showed 1. I'm not quite sure why that happened but it didn't crash when I reverted the value back to 0. Anywho, good work so far. Combining this program with Origami 0.1 and an additional double damage mod, I'll be able to have quite a unique run through of the game already. Looking forward to the rest of the monsters and potentially changing partner damage values, item effects, badge bp costs, & star powers. I'm also hoping that the level cap can be changed or removed (if that is even possible). :thumbsup:

Edit: So after viewing the files directly and noticing how easy it is to modify them, I was able to go ahead and add in the rest of the missing items for the shops
         as you already gave all of the values in a seperate file. I also tried to just throw badge ID's in to see if that was possible but sadly it was not.
« Last Edit: October 27, 2014, 12:02:04 am by Iamdehf »

henke37

  • Hero Member
  • *****
  • Posts: 643
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #26 on: October 27, 2014, 08:49:46 am »
How about the actual script? The one that contains the dialog and such. It's sure to have tons of fun control codes.

CrashingThunder

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #27 on: November 04, 2014, 12:29:15 am »
You've inspired me to get into hacking Paper Mario. After a little messing around and referencing this thread, I was able to find the offsets for several locations and alter the exit locations. (I could do stuff like making the exit from Toad Town Plaza go to the inside of the whale  :happy:). You said the exit locations are located at the end of the data for the level, so I used that info and searched backwards for the "music key" (the 05802D5D4C value for regular background music) and also found the hex offsets for the levels.

My question is: is there any demand for these offsets? One could find them using information in this thread, but it's fairly time consuming. Is there an existing list of offsets for these levels (and their attributes like exit destinations and music tracks) that already exists? If not, I would happily continue to generate these lists of offsets so making tools would be a little easier for you people who have a better idea of what you're doing. After 15 minutes or so (things started slowly too) I came up with this:

Code: [Select]
   Toad Town Plaza
      822F30 : Exits
      80913B : Music
   Pleasant Path 1st Zone
      9FA720 : Exits
      9F6A03 : Music
   Pleasant Path 2nd Zone
      A00250 : Exits
      9FC943 : Music

This shows the offsets of the exit locations for that level, as well as where the music track is located. I'd gladly continue to generate this information if people wanted it!  ;)

More questions:

I was trying to understand the shops. Your tool already does it all, but I'm trying to make sense of the item descriptions. If this stuff is true (which it is):

Code: [Select]
Item Slot Format: AA 00 00 00 BB 00 CC 00 DD 00 00 00
   AA = Item ID
   BB = Item Price
   CC = 24 --> dont know why yet
   DD = Item Description (See ID_tag table)
   
ID_TAG TABLE

DD : ITEM NAME (ITEM ID)

00 : Fire Flower (80)
01 : Snowman Doll  (81)
02 : Thunder Rage (82)
03 : Thunder Bolt (84)
04 : Shooting Star (83)
05 : Dusty Hammer (86)
06 : Pebble  (85)
07 : Stone Cap (88)
08 : Volt Shroom (8B)
09 : Mushroom (8A)
0A : Super Shroom (8C)

Why is the order all screwy? Looking at the ID Column, it starts off with 80, 81, 82...but then jumps to 84, then back to 83. I'm trying to make sense of why these jump around instead of going up in a linear fashion. I did it to 0A to see if I could find a pattern but I can't see one yet.
« Last Edit: November 04, 2014, 04:41:52 pm by CrashingThunder »

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #28 on: November 05, 2014, 09:02:48 am »
In fact, the item slot format is more like : 00 00 00 8F 00 00 00 0A 00 24 00 26

And there is their function :
8F = Item ID (Sleepy Sheep)
0A = Item Cost (10)
24 = Text Group (Descriptions)
26 = Item Description

IDs and costs have 4 bytes (that would explain the holes between them). Also, IDs aren't increased from left to right. Example : Fire Flower is 0080 and not 8000. You're right, IDs and descriptions don't follow themselves correctly, but it's not like it's necessary to understand why. I fill up my list with these differences, it doesn't matter more than that.

I didn't talk about text groups for the moment because it's a very big subject. For any texts in the game you have to set a group and pick up a text. Here is a list of some groups :

23 = Objects Description
24 = Normal Objects Description
25 = Objects Description
26 = Items Name
28 = Allies Attacks Description
2B = Allies Attacks Titles
1D = Texts (a huge general group)

So it can explain what does "24".

My question is: is there any demand for these offsets? One could find them using information in this thread, but it's fairly time consuming. Is there an existing list of offsets for these levels (and their attributes like exit destinations and music tracks) that already exists?

For the music there is already someone who gathered all musics IDs, check in past posts. Also, I already have a big list of exits so it's likely I have what you got. But if you want to help, you can use these both files to make easier the collect of data. Don't hesitate if you have others questions.

https://drive.google.com/file/d/0BzSek_0oxKC-cWNfejZfMXVBUFU/view?usp=sharing for Areas Data
https://drive.google.com/file/d/0BzSek_0oxKC-N1gxOGJFWlNKbEk/view?usp=sharing for Areas ID

CrashingThunder

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #29 on: November 05, 2014, 10:25:32 am »
Thanks for the files, especially the information about where the data resides for each area. It seems like you've basically got the whole ROM already mapped out for the most part (at least in general), which is fantastic.

Anyways, I'll be continuing my efforts to find something that hasn't been found yet. I remember searching the internet a couple of years ago, wanting to find something exactly like this and Origami64, but ended up disappointed. It looks like the Paper Mario nut is about to be cracked  ;D

EDIT: I think I actually found something nobody else has, or at least not documented anywhere I've seen. The Little Oinks! Their data range is [0x841000, 0x841077] and have a similar format to items in shops that I have yet to figure out. Each Lil' Oink has a 4-byte Item ID (like shops), and two other 4-byte pieces of information that are  [00 00 00 01] and [00 00 00 64] for every single of the 10 piggies. I'm going to mess with these values later to see what they mean, but I tested my theory by setting the IDs for each piggie to be cake mix [00 00 00 AA] and that was exactly what they dropped  :laugh:

Code: [Select]
LITTLE OINKS
   Offset : 00 00 00 AA 00 00 00 BB 00 00 00 CC ITEM NAME
      AA = Item ID
      BB = 01 (why?)
      CC = 64 (why?)
   
   841000 : 00 00 00 8D 00 00 00 01 00 00 00 64 DRIED SHROOM
   84100C : 00 00 00 8C 00 00 00 01 00 00 00 64 SUPER SHROOM
   841018 : 00 00 00 80 00 00 00 01 00 00 00 64 FIRE FLOWER
   841024 : 00 00 00 82 00 00 00 01 00 00 00 64 THUNDER RAGE
   841030 : 00 00 00 95 00 00 00 01 00 00 00 64 LIFE SHROOM
   84103C : 00 00 00 A3 00 00 00 01 00 00 00 64 MAPLE SYRUP
   841048 : 00 00 00 83 00 00 00 01 00 00 00 64 SHOOTING STAR
   841054 : 00 00 00 97 00 00 00 01 00 00 00 64 REPEL JEL
   841060 : 00 00 00 A2 00 00 00 01 00 00 00 64 JAMMIN JELLY
   84106C : 00 00 00 8E 00 00 00 01 00 00 00 64 ULTRA SHROOM

« Last Edit: November 05, 2014, 04:15:12 pm by CrashingThunder »

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #30 on: November 11, 2014, 10:17:57 am »
Hi guys :D, I bring today a new of my research. However, it's not what we can call a discovery because there are no ways to test it. So, it's more like a question I'm asking to advanced hackers than a new thing. To begin, I was looking for the number of bars you need to use a Star Spirit attack and as I get exhausted I decided to do somehing else than looking randomly adresses. With text groups, I know titles and descriptions data of : items, badges, allies, places, Spirit Stars. I supposed there are data alongside them, ex : Fire Flower (title = 00260000) would be near 03 because it does 3. As I began, I found interesting things at around 0x60000.

Around there, there are maybe a full database. Here are a few examples :
Code: [Select]
0025 is the objects description
0026 is the titles group

Looking for items values

Fire Flower (0x63CE0-63CFF)
(00 26 00 00) 01 20 00 00 00 00 80  02  00 04 00 00
(00 25 00 00) 00 23 00 00 10 06 00 (03) 00 00 00 00

Shooting Star (0x63D40-63D5F)
(00 26 00 04) 01 24 00 00 00 00 80  02  00 0F 00 00
(00 25 00 04) 00 23 00 04 10 06 00 (06) 00 00 00 00


001D is a general group
Respectively the title's attack and its description

Looking for number of needed stars bars

Smooch (0x6AE10-6AE23)
(00 1D 00 19) 00 00 00 08 (00 1D 00 25) 00 00 00 00 0A (03 03) FF

Time Out (0x6AE24-6AE37)
(00 1D 00 1A) 00 00 80 02 (00 1D 00 26) 00 00 00 00 0A (02 02) FF


002B is the allies attacks titles group
0028 is the allies descriptions group

Looking for FP values

Power Bomb (0x6AFDC-6AFEF)
(00 2B 00 0A) 00 00 80 04 (00 28 00 1E)(00 28 00 25) 0B (06) 00 03

Mega Bomb (0x6AFF0-6B003)
(00 2B 00 0B) 00 00 80 02 (00 28 00 1F)(00 28 00 26) 0B (08) 00 03

So, as you can see it would be logical to conclude there is a bunch of useful adresses there, but there's a problem. No matter what I modify (even a 00 in the middle of nowhere) it says I'm in a loop and the emulator can't fix it. :huh: It's always like it around sub 0x200000. So I would like to know if it's normal and if these values can be useful or not. Otherwise, I would get back on my search, but it will have soon reached the state of testing each byte. :banghead:

Zoinkity

  • Hero Member
  • *****
  • Posts: 557
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #31 on: November 11, 2014, 11:56:25 am »
That sort of thing would be easier to work out using an in-memory debugger, but if you want to go the ROM route...

N64 ROMs have an internal checksum on data from 0x1000 to 0x101000 kept in the header at 0x10.  The checksum scheme should correspond to the type of CIC chip the cartridge uses.  Paper Mario (USA) used a CIC-6103, first found in Diddy Kong Racing.  there's a few options when recalculating them:
  • Use a standalone recalculator like the one here.
  • Poor Man's Method: use Nemu64.  Before opening the ROM open the memory editor and set a read breakpoint on 10000010.  Run the ROM, then write the generated values from the registers to ROM when the program breaks.  Regs are usually A3 and S0.
  • Use the python script below.  Might be the only cross-platform option at this point.

Code: [Select]
def calccrc(rom, cic='6102', fix=False):
    """Recalculates the CRC based on the CIC chip version given.
    Set fix to True to revise the crc in rom."""
    def rol(v, n):
        return (v % 0x100000000)>>n

    cic_names = {
        "6101":0x3F, "starf":0x3F,
        "7102":0x3F, "lylat":0x3F,
        "6102":0x3F, "7101":0x3F, "mario":0x3F,
        "6103":0x78, "7103":0x78, "diddy":0x78,
        "6105":0x91, "7105":0x91, "zelda":0x91,
        "6106":0x85, "7106":0x85, "yoshi":0x85,
        }

    from array import array
    s = cic_names.get(cic)
    if s in (0x78, 0x85):
        seed = 0x6C078965 * s
    else:
        seed = 0x5D588B65 * s
    seed+= 1
    seed&=0xFFFFFFFF
    r1, r2, r3, r4, r5, r6 = seed, seed, seed, seed, seed, seed

    # Unbyteswap if swapped.
    if rom[1]==128:
      a = array("H", rom)
      a.byteswap()
      rom = a.tobytes()

    # I wish there was a less horrifying way to do this...
    l = min(0x101000, len(rom))
    m = array("L", rom[0x1000:l] + bytes(0x101000 - l))
    m.byteswap()
    # Zelda updates the second word a different way...
    if s == 0x91:
        from itertools import cycle
        n = array("L", rom[0x750:0x850])
        n.byteswap()
        n = cycle(n)
    # Read each word as an integer.
    for i in m:
        v = (r1+i) & 0xFFFFFFFF
        if v < r1: r2+=1
        v = i & 0x1F
        a = (i<<v) | (rol(i, 0x20-v))
        r1+=i
        r3^=i
        r4+=a
        # You have to limit the result here to 32bits.
        r1&= 0xFFFFFFFF
        r4&= 0xFFFFFFFF
        if r5 < i:
            r5^= (r1^i)
        else:
            r5^=a
        if s == 0x91:
            r6+= (i ^ next(n))
        else:
            r6+= (i ^ r4)
        # Ditto here.
        r5&= 0xFFFFFFFF
        r6&= 0xFFFFFFFF
    # Assemble upper and lower CRCs
    if s == 0x85:
        r1*=r2
        r4*=r5
    else:
        r1^=r2
        r4^=r5
    if s in (0x78, 0x85):
        r1+=r3
        r4+=r6
    else:
        r1^=r3
        r4^=r6
    # Make sure they fit within 4 bytes each.
    r1&= 0xFFFFFFFF
    r4&= 0xFFFFFFFF
    if fix:
        if isinstance(rom, bytes):
            rom = bytearray(rom)
        rom[16:20] = r1.to_bytes(4, 'big')
        rom[20:24] = r4.to_bytes(4, 'big')
        return rom
    return (r1,r4)

Using it would be something like:
Code: [Select]
with open(filename, 'rb') as f:
  rom = f.read()
with open(output, 'wb') as f:
  f.write(calccrc(rom, "diddy", True))


Since there seems to be some confusion on how this is done, here's a little script to unbyteswap a ROM. 
Code: [Select]
def unbyteswap(rom):
    from array import array
    if rom[0]==128:
      return rom
    a = array("H", rom)
    a.byteswap()
    return a.tobytes()

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #32 on: November 20, 2014, 09:40:20 pm »
Hello guys :D I bring today an update of my data. You could overwrite the old XML file to see the new enemies. This is still incomplete but it's decently more filled than what it was before.

https://drive.google.com/file/d/0BzSek_0oxKC-Y3BZYlFSdC1LQzA/view?usp=sharing

Just a little word about your answer Zoinkity, I'm not sure if it confirms or not my theory and I'm not familiar with pointers and instructions of that kind of thing. Also, I prefer editing the rom directly otherwise my founds would sound meaningless to me. Free to everyone to investigate on it :)

I will take this opportunity to clear some things about the defense, because there're a few people that are complaining about the fact there are wrong data while it's not the case. The first thing is obviously to take this sort of rom : Paper Mario (U) [!].z64, taking anything else is subject to lead to a crash. After, defense stats are really annoying since there can be 3 defenses for an enemy. It only happened on Koopas, I think, but changing a defense value can change one type of attack. So I may be wrong, but it can be for an other reason.

- Mario's Jump (with some partners attacks)
- Mario's Hammer
- Partner Attacks (verified with Parakarry's 2nd attack)

EDIT : Seems like I can modify Mario's Jump at some places by just 1 and I don't manage to check it everywhere, it's how defenses value hunting is :'( (at least for the 00 ones)

Unfortunately, some enemies couldn't join the list soon because they have different troublesome data. The different defenses are an example, but there's also the fact that a few attacks don't have the pattern I use to locate them, even none. The problem is attacks status aren't at the same distance of attacks than normal ones, which cause a crash. As I'm more focusing on collecting data than my tool it will take a moment before I add Jr. Troopa 1 and Ultra Bowser.

Last thing, enemies attacks on partners are alike to attacks on Mario (damages amount = stun turns). Changing status effects doesn't seem to change anything, so it's included as well.
« Last Edit: November 21, 2014, 12:05:22 am by luigi1er »

CrashingThunder

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #33 on: December 06, 2014, 06:30:58 pm »
How goes the progress on hacking this game? I've come along a fair ways, but I'm still getting used to the process. I'm sure many people know about this tool, but I stumbled upon a program called Cheat Engine that allows you to actively search for specific values (such as Mario's health), and then make subsequent searches on all of the results that turned up, allowing you to narrow down which one is right (ex: Mario's HP is currently 7, you search for 7 in Cheat Engine. Then you eat a Mushroom and Mario's HP is 10. You search again in Cheat Engine for 10, and the results get narrowed down even further). And once I find the location in RAM (not ROM, so you wouldn't find this in the .n64 ROM file), I can set a breakpoint there to view code that is being run when that location is accessed. Then, I find code that was running when the breakpoint was triggered and it can lead me to where the game is looking for specific values, such as the price of an item in a shop.

I also use Nemu64 for the in-game debugger, allowing me to view ASM code that is being run, and to set breakpoints when certain parts of memory are written or read from. Using these things, I was able to change a SUBI command (subtract immediate value) to an ADDI (add immediate value) so that when I bought a particular item from the store, it gave me money instead of taking it away  :laugh:

Anyways, I recommend using those programs if you (or anybody else reading this) aren't already using them or something similar.

Edit : Did the same thing with attacking a particular enemy lol (attacking with Mario gives them HP). But I don't think what I'm doing is changing the game itself -- just modifying the RAM that is being used by the emulator. I am totally speculating, but I believe I need to find the code that writes to the RAM. The code that loads the enemy stats (which you've found) and puts them in the temporary memory when you're in a battle.
« Last Edit: December 06, 2014, 09:57:57 pm by CrashingThunder »

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #34 on: December 17, 2014, 02:07:34 pm »
Hi guys :D, today I bring some new things. There is the new version of enemies file that contains more enemies in Chp 2, Chp 6 and here and there.

https://drive.google.com/file/d/0BzSek_0oxKC-Y3BZYlFSdC1LQzA/view?usp=sharing

I have also found the stats for the luck to make running out enemies with fright jars and succeeding to use Up & Away. I tried to frighten Kent C. Koopa and even if it said nice he didn't run out. Looks like if the enemy doesn't have the animation with this item, it stays. :'( I'm not planning to integrate it soon, but it could be something to considerate to integrate in a tool. :)


I also tried to edit the level cap, but I didn't succeed. According to me, there are five stats for that : HP cap, FP cap, BP cap, level cap in a battle stage and in the overworld. The last two may be confusing. The first is when you are at 26 and you pass over 99 star points in a battle, the counter stops to 0. If you increase that stat, the counter doesn't stop at 0 if you have more, but there is an overworld level cap which reinitializes the counter when you actually level up to 27 (meanwhile the upgrade blocks appear or if you change manually your level in MSH anywhere). I just have the 4th, the 5th would be cool to catch.

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #35 on: January 04, 2015, 08:33:47 pm »
Hi guys :D, today I complete my post about stats of chance with the fear and Up & Away and etc... For this, I will use this picture to explain what is generally enemies pattern, this is a regular goomba in Goomba's Village.


1st colors group :
    Black = Defense's Value
    Yellow = Stats Group
    Orange = Stats Pattern
    Brown = Respectively : Sleep, dizzy, shock and clock
    Blue = Other pattern below the group

In an enemy's data, you're supossed to find that. At the beginning, you can find the blue pattern to know where is the yellow one (before it). Because the 9 "d" can be "." you can use the orange pattern, vertically 09 04 0B 0A 1F, to know where is the first "d". Brown adresses are chances of enemies to be afected by status, "shock" means when enemies are paralyzed. I learned status are shared by attacks and items. Ex : Mamar's Lullaby's rate is the same than the sheep item one, Dizzy Dial is the same than Dizzy Toss from Kooper. The black adress is the defense adress. It's not always true, but, generally, it's two units above the orange pattern. Otherwise it's a bit above.

2nd colors group :
    Red = Respectively : Name, star points and HP
    Green = Respectively : Fear's % and Up & Away's %

Thanks to Scelux, I learned that star points are aside of HP. The name is litteraly the enemy name's id. Nothing to say about green adresses besides they seem to be always +0x20 after the HP's adress.

I think it's all I can say about the attribution of stats. There's unfortunately exceptions to that too. It seems modifying values in the yellow pattern doesn't change anything for the 6th Jr. Troopa. I don't think I will implement it sooner, I'm considering it's more important than I continue to search and complete my database. So, see you next time :)

TopOfAllWorlds

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #36 on: January 15, 2015, 04:04:10 pm »
I can't wait to see more  come from this, paper mario is my favorite game and I would love to make a paper Luigi (as Nintendo should have totally done by now)

90s Retro Gamer

  • Full Member
  • ***
  • Posts: 149
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #37 on: January 15, 2015, 05:32:33 pm »
Paper Mario was the first time I bought a game on the first day it came out with my own money that I saved. I think it was back in March 2001? I was a little boy then.

Anyway it was a fun game. I fell out of games as a teenager so I never had a Gamecube to play Thousand Year Door, but I will always cherish the memories I had playing PM64 in 5th grade. PM was different from other RPG's like SMRPG (SNES). A lot of it was very "tactical" (which badge to wear, which ally to have, using a star power or not), I credit that from being developed by Intelligent Systems (who did the Wars games).

luigi1er

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #38 on: February 09, 2015, 02:02:48 pm »
Hi guys :D, I know it's been a long time since I post my last post so I bring some news even if it's not something of big. To begin, I did some researches to change the areas' skybox, but I'm 100% sure now it's not inside the data block where is the music value. Also, I didn't succeed to find where are the level cap adresses, I just found the first one at 0x18cdab (if someone want to play with it) which only serves to get all star points even if you level up at the final level.

For the stats, I have done 60% of the collect. It's a bit annoying to do the rest (especially with the colored magikoopas) because enemies are in many spots. Furthermore, because some enemies have : no attacks, irregular attacks pattern, many defenses and many hp (colored magikoopas :() I will have to tweak a lot my program once I'll be done with the collect.

There is the point, hopefully it doesn't take too long. I will let my file since I progressed although. See you next time 8)

https://drive.google.com/open?id=0BzSek_0oxKC-Y3BZYlFSdC1LQzA&authuser=0

Iamdehf

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Paper Mario 64 - General Hacking Tool
« Reply #39 on: March 02, 2015, 08:32:47 pm »
Nice work so far. The ability to alter enemy stats and add status effects have already made the game more interesting for me. Widespread Status effects really bolster the A-block's usefulness as well as the feeling fine badge. A one turn dizzy/sleep effectively acts a non infinite one turn stun that forfeits your attack for the next turn and long poisons make drawn out battles more difficult. Although I'm in no rush, once this project has been fleshed out, I'll be able to distribute my settings to some of my friends for quite a challenge.  ;)