News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Pokémon Stadium won't run after hex editing  (Read 2716 times)

Avalonya

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Pokémon Stadium won't run after hex editing
« on: September 24, 2016, 11:55:28 pm »
Hi! Project64 refuses to start the game and gives me this message instead:

In a permanent loop that cannot be exited.
Emulation will now stop.

Verify ROM and its settings.


Anyone knows how to get around this? The ROM works on the Nemu64 emulator, but not others.

USC

  • Submission Reviewer
  • Sr. Member
  • *****
  • Posts: 251
  • Obviously Outdated
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #1 on: September 25, 2016, 12:15:51 am »
Hello! It'd help if we knew what changes you made, and where you made them in the ROM.

Avalonya

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #2 on: September 25, 2016, 07:56:22 am »
I try to edit stuff like move and pokemon data. From what I understad it makes the checksum of the ROM invalid.

I've tried using programs like: LemAsm, CHKSUM64 and ucon64 to fix it, but maybe they only work for SM64?

dACE

  • Sr. Member
  • ****
  • Posts: 353
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #3 on: September 25, 2016, 08:45:04 am »
Have you verified ROM and its settings?

/dACE

Avalonya

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #4 on: September 25, 2016, 10:47:54 am »
Have you verified ROM and its settings?

/dACE
How do I verify it?

The ROM works perfectly fine on NEMU64, but other emulators refuse to boot it because of a bad checksum I think.

Zoinkity

  • Hero Member
  • *****
  • Posts: 562
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #5 on: September 25, 2016, 02:40:45 pm »
N64 cart games need a checksum correction when anything between 0x1000 and 0x101000 has been edited.
For "normal" bootstraps Nemu64 skips permanent loops on checksum mismatches.

If you have python3, you can run this:
http://pastebin.com/hcRjjTWg
-like so (or at least similar):
python -m N64 -set filename.n64

That script will checksum anything N64, 64DD, or Aleck64.  If you only want the checksummery you could probably strip out everything except the Cart class.

Details about N64 anti-piracy in case you care:
Spoiler:
The security is multipart.  Cartridges have a CIC chip inside of them that provides the region, some bootup preferences, a seed value for the checksum algorithms, and checksum for the bootstrap.  Region mismatches are caught first and must match what the PIF provides.

After this, the PIF loads some code into memory that does a checksum on the bootstrap code found from 0x40 to 0x1000 on the cart, using the seed value provided by the CIC.  The result is compared the value burned into the CIC chip.  A mismatch results in an infinite loop and eventual PIF + CIC lockup.  Note any changes between 0x40 and 0x1000 will prevent the thing working on console without a bootloader, custom CIC, or a lucky collision.  Note most emulators don't bother with this step.  MAME and Cen64 will run the pifrom code at boot however.

Bootstrap code is then executed.  This has another checksum algorithm, relatively similar across all the titles, also utilizing the seed from the CIC.  These checksum the initially loaded code, which for most N64 carts is 1MB starting at 0x1000.  The size differs for other hardware (IPLs, Aleck64, etc.).  A mismatch also results in an infinite loop and eventual PIF + CIC lockup.  This is the checksum that script will generate when you throw things at it.

Near the start of executable code, in an initialization function, a flag will be set in pifram enabling PIF + CIC communication.  Not doing so will cause both to lock.  From then on they will constantly generate values and compare them to each other.  In the event the communication is broken for too long or a comparison fails, both the PIF and CIC will lock.  Soft-resets won't work.  You need to cycle power before trying again.

Avalonya

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #6 on: September 25, 2016, 08:27:25 pm »
I used rn64crc to fix the checksum and I can now boot the ROM.

Unfortunately without the old checksum the game freeze when I select more than 1 pokémon.
The same thing happens with Stadium 2. Works on other emulators, but don't know any that runs it as well as PJ64.

Someone figured out how to skip the CRC check for SM64:
https://sites.google.com/site/messiaen64/getting-rid-of-the-checksum-trap

Is that possible for Pokémon Stadium as well?

KingMike

  • Forum Moderator
  • Hero Member
  • *****
  • Posts: 6940
  • *sigh* A changed avatar. Big deal.
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #7 on: September 25, 2016, 10:34:09 pm »
I recall Nintendo announcing they put anti-cheat coding into Pokemon Stadium after stuff like Missingno. happened.

So you'd have to modify the anti-mod code. Somehow.
"My watch says 30 chickens" Google, 2018

Zoinkity

  • Hero Member
  • *****
  • Posts: 562
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #8 on: September 25, 2016, 10:48:17 pm »
If you don't mind it not running on console any longer, or on more accurate emulators like MAME and Cen64, sure.  Might as well just branch over the whole algo while you're at it.

Project64 (and its derivatives) and Mupen use a rom database file to apply per-game emulation hacks to titles.  With PJ64 (and likely anything based off it) open the .rdb, find the entry for the unmodified game, copy it, then paste it at the end with new checksum.  The checksum is within braces like so:
Code: [Select]
[A4A9E67A-7A6FD9EF-C:45]Change the first two words to match the 8 bytes at 0x10 in ROM. The "C" value is the region code; you shouldn't need to fiddle with it but it matches the byte at 0x3E.
Mupen works somewhat differently; think it uses md5s for the entire rom, and you'd really be better off looking up how its entries are set up.

That said, all three sets of games have graphics plugin issues.  They generate pokemon icons from the first frame or two of the animations, rendered and snapshotted from a buffer.  Some that simply doesn't work, others that crashes after the first 2-3 times it does it, others can't apply the image right.  Might need to use Angrylion.


"Anti-cheat" stuff enforced movesets and move counts.  A move would appear red if obviously hacked (like Pincer with Megahorn or Houhou with Sky Attack).

Avalonya

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Pokémon Stadium won't run after hex editing
« Reply #9 on: September 26, 2016, 08:56:45 am »
Project64 (and its derivatives) and Mupen use a rom database file to apply per-game emulation hacks to titles.  With PJ64 (and likely anything based off it) open the .rdb, find the entry for the unmodified game, copy it, then paste it at the end with new checksum.  The checksum is within braces like so:
Code: [Select]
[A4A9E67A-7A6FD9EF-C:45]Change the first two words to match the 8 bytes at 0x10 in ROM. The "C" value is the region code; you shouldn't need to fiddle with it but it matches the byte at 0x3E.
Worked perfectly! Thanks a lot!

mantidactyle

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
    • PokéPlayer
Re: Pokémon Stadium won't run after hex editing
« Reply #10 on: October 04, 2016, 11:19:44 am »
Wow, I'm happy I stumbled across this thread. I had implemented the checksum fix in a not yet released version of my editor and was wondering why people were reporting freezes on pj64.

I'll submit the editor here in a few days then.
« Last Edit: October 04, 2016, 11:56:34 am by mantidactyle »