News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Paper Mario Hacking Documentation  (Read 2547 times)

CrashingThunder

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Paper Mario Hacking Documentation
« on: November 06, 2014, 05:19:09 pm »
Paper Mario 64 Hacking Documentation : https://drive.google.com/file/d/0B1jH-2gfskuzaEVlajBEVE12Vms/view?usp=sharing

Seeing as there is hardly any Paper Mario 64 documentation in regards to hex editing, I've decided to make it myself! A lot of what is on my document is derived from Luigi1er, who is currently working on a tool to edit many aspects of the game (http://www.romhacking.net/forum/index.php?topic=17948.0). There's also Skellux, who made Origami64(https://www.youtube.com/watch?v=OtrXti801aY). So, I'm putting all the information together into one place. I don't claim to have discovered the information in my document -- I just think it would be beneficial to the people who want to help hack Paper Mario 64.

And, it's a work in progress, as I can't explain something I don't understand well. But, I hope it will be used as a tool for getting started with hacking Paper Mario.

Cheers  ;)
« Last Edit: November 06, 2014, 05:32:09 pm by CrashingThunder »

henke37

  • Hero Member
  • *****
  • Posts: 643
    • View Profile
Re: Paper Mario Hacking Documentation
« Reply #1 on: November 07, 2014, 06:00:52 am »
I can't help but suspect that some of the mentioned data could be part of the game script. And as such, shouldn't be listed in quite that manner. Instead you should list the control codes available and where different sections of the script begin.

Also, I hate the idea of byte swapping. Fix your tools to use the correct endian instead!

CrashingThunder

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Re: Paper Mario Hacking Documentation
« Reply #2 on: November 08, 2014, 11:42:33 pm »
Which parts? My idea for this is to provide information about how different things are stored and in what format so they can be easily edited.

I agree with the idea of having the tool use the correct endian instead, but HxD doesn't seem to support swapping bytes (as far as I could tell). If someone stumbles upon the document and has a non-byteswapped ROM, I just want them to know how they can fix it and keep on rolling.

henke37

  • Hero Member
  • *****
  • Posts: 643
    • View Profile
Re: Paper Mario Hacking Documentation
« Reply #3 on: November 09, 2014, 09:03:55 am »
It is the shops and music that I suspect is hiding control codes. It is the kind of content that I suspect being script powered.

Also, all those zeros look suspicious.

CrashingThunder

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Re: Paper Mario Hacking Documentation
« Reply #4 on: November 09, 2014, 12:26:32 pm »
Well the zeros are there for a reason. Let's look at the entire hex information that encapsulates the northern toad town shop. The item slots are stored in memory linearly, one after another. There's no room for control codes in between the slots. That's not to say they aren't somewhere else nearby, but this is exactly where they are. The zeros are just part of how the variables are stored in memory. Items have four bytes, prices have two bytes. It can't be any other way because that's how the shop data is laid out.

Here are the first two item slots, separated by the || :

   [00 00 00 98] [00 00 00 05] [00 24] [00 2A] || [00 00 00 8F] [00 00 00 0A] [00 24] [00 26]

00 00 00 98 is a fright jar. 00 00 00 05 is the price (5 coins). 00 24 is the text group (always 24 for shop items). 00 2A is the descriptor. Changing this changes what shows up on the item description.
00 00 00 8F is a sleepy sheep. 00 00 00 0A is the price (10 coins). Same text group. Different descriptor for a different item.

There is no other information for an item slot than those four attributes. So, why do we need to know about control codes regarding how the game lets you buy items if that's all we want to do with them anyways? I mean, if I wanted to make it possible to change how the shop actually functions, then yeah, I'd probably need to find control codes for that sort of thing.

EDIT: In regards to control codes, however, can I pick your brain (or anybody else's)?

I'm trying to figure out a fairly common control code. Check this out:

Code: [Select]
ITEM GET
   Format : 02 FE 36 3C XX 00 00 YY YY 00 00 00 ZZ
      XX = ??? (Usually 80-8F)
      YY = Item ID
      ZZ = Text Group (24)
     
      02 FE 36 3C 80
   A0F69C : "Lucky Star"
   7F5C64 : "First Degree Card"
   7F5CA0 : "Second Degree Card"
   7F5CDC : "Third Degree Card"
   7F5D18 : "Fourth Degree Card"
   7F5D54 : "Diploma"
   9E5618 : "Koopa Legends"

The same code of [02 FE 36 3C 80] seems to appear for all "key items" you obtain. In my searching, however, there are other control codes that have 81-8F. Sometimes the 02 in front is different as well (SOMETIMES, there are multiple control codes in a row, like [FE 36 3C 80] [FE 36 3C 81] [FE 36 3C 82] . Often times, the last byte goes up sequentially like this. BUT, it does seem for getting key items, the control code 02 FE 36 3C 80 is always used. So...what does this control code actually mean, and what do the variations mean? If I could figure that out, I could add this information into the document.

I have a few ideas to as what the control codes mean. Perhaps ending in 80 means you are receiving the item, and 81-8F have to do with other aspects of items. Or maybe the control code doesn't have to do with receiving or using items at all?  :banghead:

EDIT2: More information! See Reply #13 : http://www.romhacking.net/forum/index.php/topic,17948.0.html

Notice the control code for enemy attacks as well. The last four bytes are [FE 36 3C 8X]. So...the plot thickens.

EDIT3: More thoughts, cause why not:

If it's a control code, that means its part of the MIPS instruction set right? Cause that's what the N64 uses? If so, I suspect byteswapping the ROM would definitely be a bad idea...cause that would be confusing if you were jumping to addresses. Here's the data for when you obtain the First Degree Card (The non-byteswapped version):

Code: [Select]
02 00 36 FE 80 3C 00 00 0A 00 00 00 24

I did some research on the instruction set, looking for opcodes. It turns out, the JUMP opcode has the following format:

Code: [Select]
[6 bits for the op code][26 bits for the address to jump to]

The opcode for J (Jump) is 000010, aka "2" in binary/hex.

Except I'm confused because it's 6 bits for the op code and 26 bits for the address. Not being in multiples of 4 is messing with my head :(

In the datasheet it says the following (instr_index is the 26 bit address):
Code: [Select]
The low 28 bits of the target address is the instr_index field shifted left 2bits. The remaining upper bits are the corresponding
bits of the address of the instruction in the delay slot (not the branch itself).
Jump to the effective target address. Execute the instruction that follows the jump, in the branch delay slot, before
executing the jump itself.

« Last Edit: November 09, 2014, 05:48:31 pm by CrashingThunder »

henke37

  • Hero Member
  • *****
  • Posts: 643
    • View Profile
Re: Paper Mario Hacking Documentation
« Reply #5 on: November 10, 2014, 09:00:36 am »
Control codes do not typically correspond to native code. The game provides its own interpreter.

A key aspect that you need to figure out is how the interpreter tells text and control codes apart. The one I have personal experience with used the Unicode private use area for them, but that's only one game. In your case I would not be surprised if all text was referenced by id number.