News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: discovering which hex values do what  (Read 2080 times)

iconofsin

  • Newbie
  • *
  • Posts: 3
    • View Profile
discovering which hex values do what
« on: June 07, 2017, 11:54:29 am »
I have played about with tools such as SonED2 and understand the concept of changing hex values with tools such as SonED2 or a hex editor.

My question is how was it discovered which hex values control what?
what sort of tools are/were needed?
what sort of workflow/technique is needed?

I have noticed that most hacks alter graphics or add and remove objects.
I have never come across one which changes any sort of logic (for example changing a bosses movements)

Why is this?

nesrocks

  • Hero Member
  • *****
  • Posts: 609
    • View Profile
    • nesrocks.com
Re: discovering which hex values do what
« Reply #1 on: June 07, 2017, 05:55:22 pm »
There are countless hacks that change logic. You just didn't look hard enough.

The process to find stuff is called reverse engineering the code.

dACE

  • Sr. Member
  • ****
  • Posts: 353
    • View Profile
Re: discovering which hex values do what
« Reply #2 on: June 07, 2017, 06:46:48 pm »
You should really get a emulator with a debugging feature if you want to make predictable changes to the code. If there is no emu+debugger for the game in question - there is an alternative: code corruption.

This is the tedious process of changing random (but in a structured way) hex-values, using a hex-editor, play the edited game and hopefully determine what data you have corrupted. If the gfx is messed up - then you probably stumbled on gfx-data etc.

As you can see - code corruption is NOT the recommended method, since you will need both patience AND luck.

/dACE


FAST6191

  • Hero Member
  • *****
  • Posts: 2626
    • View Profile
Re: discovering which hex values do what
« Reply #3 on: June 07, 2017, 08:01:06 pm »
Very few people set out to make a listing of every area of the ROM when they find one they want to look at. There tends to be a goal in mind and then people set out to find the data responsible for that. If they are nice then other things they find out along the way will be noted for those which come after. Sometimes people will set out to find a few core concepts of a game rather than having an individual change/analysis in mind.
How to do this can be reasonably tricky at times -- ever considered a luck value in a RPG or something? Probably not a lot you can do to change it, probably of limited impact in the game (but still some, you hope anyway) and hard to test for. To that end you would probably just analyse the whole battle engine/calculation list to see where luck got dragged in and what effects it might have for that action. You might also try forcing it to max value, especially if it goes to 255 or something and more characters hover below 50 for most of the game.

If you have a particular yearning to find out what a given byte does in a game then you can try a combination of tracing and static analysis (things like checking pointers or read values in the binary) to see when or where a read to that area might happen. This is tricky for some things though as static analysis only takes you so far and tracing tends to only start with a specific goal you can force in the game to start from. Not to mention https://tcrf.net/The_Cutting_Room_Floor is full of stuff that never got used in final builds but is still present in them.

All that is also before we even contemplate the weird esoteric stuff but as no game uses that (give or take some random seeding) you can ignore that as an academic discussion.

STARWIN

  • Sr. Member
  • ****
  • Posts: 449
    • View Profile
Re: discovering which hex values do what
« Reply #4 on: June 08, 2017, 10:12:45 am »
My question is how was it discovered which hex values control what?
what sort of tools are/were needed?
what sort of workflow/technique is needed?

With something like stats in an RPG, you can search for a likely hex sequence in ROM or RAM to get the location. Because the game tells you what the stats are.
If that doesn't work, you can change the stat in-game / get two saves where the stat is different, and, in short, compare to find the bytes that changed accordingly.
If you find one stat, the others are usually next to them, as is other data related to the character in question.

If you know the location of something, you can use a debugger to find code that reads/writes it. Reading the code shows you a lot of related stuff, so it kind of gets exponentially easier to research the game as you keep doing it.

However. Reading the code (asm) can be damn slow.

That about sums it up.

iconofsin

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: discovering which hex values do what
« Reply #5 on: June 08, 2017, 02:42:00 pm »
With something like stats in an RPG, you can search for a likely hex sequence in ROM or RAM to get the location. Because the game tells you what the stats are.
If that doesn't work, you can change the stat in-game / get two saves where the stat is different, and, in short, compare to find the bytes that changed accordingly.
If you find one stat, the others are usually next to them, as is other data related to the character in question.

I dont understand how this is possible because in many games it must be virtually impossible to do something which changes a characters stat without changing so many other things about the save state (since a save state is a flash on the emulated consoles "ram" lots of other things will be in it, even something as simple as taking a single step would change other values.

SleepyFist

  • Hero Member
  • *****
  • Posts: 849
    • View Profile
Re: discovering which hex values do what
« Reply #6 on: June 08, 2017, 02:44:00 pm »
Cheat Engine, find a number in game, search it in Cheat Engine, let it change in game, rinse repeat until you have the value and RAM position, it gets a little complicated when they move around with every boot or other weirdness like that.
Sleepy's Album of the week|| Nick Johnston - Remarkably Human || https://www.youtube.com/watch?v=GZ7W3JvZBJQ

iconofsin

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: discovering which hex values do what
« Reply #7 on: June 08, 2017, 02:45:18 pm »
Is it possible to find assests by loading the rom file in a program which reads that kind of data and looking for things
(if your program does not support this it could be forced by using a hex editor to add the headder for a filetype which it does support to the top of the rom)

for example loading a rom in paintbrush would show you a lot of multi-coloured tv static but,
as long as you load the file as the file type which the game uses to store its images and paintbrush is compatible with that file type
you would see clear images from the game at certain points.

the same could be true of text assests

FAST6191

  • Hero Member
  • *****
  • Posts: 2626
    • View Profile
Re: discovering which hex values do what
« Reply #8 on: June 09, 2017, 03:42:59 am »
Probably not in the way you are thinking.

Data is just data in games and holds no universal indicators of what it is, and as devs can make essentially any format they like, and they do, there can not be a universal tool before we have strong AI and frankly there will probably not even be a tool that is useful for a lot of games which did not first come from someone pulling apart all the games it handles. However there have been tools which will read pointers to find where things are now rather than just assuming it is hardcoded to a given location, there have been tools with what would be known as fingerprint analysis/scanning in other areas of reverse engineering* -- while data is essentially random there are still patterns in it you can look for to narrow things down.
Most people sort of do this by hand -- relative search exploits a pattern that alphabet using text often has (and Japanese could have for that game if you do some work), graphics don't need to be the colours in the game for a human to tell them apart and tell that they are graphics, long runs of 00 or FF probably don't mean much so you can skip them to look at something else, once you get into hacking you might see a file type tends to have a certain extension (assuming you have a system with a filesystem which not common in many older systems) or start with a certain string, in the case of the GBA if you have sections with 08 mostly every so many bytes/in a fixed distance you likely have pointers, some people use tile editors to see if a game has patterns in its data as that can show some things, and this list could carry on for ages so I will leave it there.

*A guy going by the name of Atrius did a bunch of this for the Golden Sun series on the GBA.

pianohombre

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • My personal website of short stories and comics
Re: discovering which hex values do what
« Reply #9 on: June 09, 2017, 06:24:38 am »
I agree with other posters. You can find game genie codes. They have the codes you enter and the raw data you could force, which is the address in RAM that controls certain data (like weapons, number of lives, levels, etc.). These game genie people have been finding the codes before emulators were out I don't know how they did it. They must have been ex-programmers. Just enter that addresses in the emulator/debugger and set a breakpoint, then it will tell where you where in the actual ROM it pulls the data from. So if for instance you know that it stores and loads the value from $7E:0199 that is 3 and you start off with 3 lives, and you prefer to start of with 5 or 99 just change that value.
"Programming in itself is beauty,
whether or not the operating system actually functions." - Linus Torvalds

Psyklax

  • Hero Member
  • *****
  • Posts: 1075
    • View Profile
    • Psyklax Translations
Re: discovering which hex values do what
« Reply #10 on: June 09, 2017, 07:20:24 am »
There's some fundamental misunderstandings going on here. You need to understand how systems work in the first place, as this will help you understand why things work as they do. Let me try to break it down real quick.

A CPU is just a calculator. It's fast and can take various instructions, but basically it's just a calculator. Look at this number, add to it, multiply it, put it here, go here if it equals whatever. So those hex values in a ROM are just numbers to give this calculator. Some of them are interpreted as instructions, but often it's just numbers (that can be used for anything - graphics, levels, music, logic etc). This is why you can't look at some hex and say exactly what it means, because it means what the programmer wanted it to mean.

Case in point: I'm translating an NES game, and the background graphics are done in two ways: either listing every tile that's used in an area of the screen (for details like text), or saying where on the screen to put it, which tile to use, and how many (for repetitive things like borders and the logo). Why? Because the NES is hardcoded to do that? No, because this particular programmer wanted to do it this way. The end result of these two methods is the same: changing bytes in the PPU that dictate what is on screen at any moment. They just get there by different means, because the programmer wanted to save ROM space for the instructions. It's quicker to say "fill 20 spaces of the screen with tile 6B" rather than "here's the tiles: 6B6B6B6B6B6B...".

Of course, some things are generally the same: the way systems determine graphics, or palettes, for example. But in the end it's just programmers typing numbers into a calculator. :) But if you can learn a thing or two about assembly, and how your chosen system works, and then use good debugging emulators, you can figure things out pretty quickly.

pianohombre

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • My personal website of short stories and comics
Re: discovering which hex values do what
« Reply #11 on: June 09, 2017, 08:01:47 am »
A CPU is just a calculator. It's fast and can take various instructions, but basically it's just a calculator. Look at this number, add to it, multiply it, put it here, go here if it equals whatever. So those hex values in a ROM are just numbers to give this calculator. Some of them are interpreted as instructions

This is not entirely true. You need to understand how computer architecture works in order to understand what a CPU does. Also to properly understand cycles, processes, threads, etc. you should read a book or article on operating system concepts. I've taken a couple classes on this and computer architecture was pretty difficult they made us trace logic gates on a chip like how an instruction would be executed. We also had to do complicated calculations with instructions, processor speed, cache, and sectors on a hard drive. An example, would be say your cpu is 2ghz and needs to execute 1 billion instructions on the hard drive, which has 1gb of memory and the accesses the hard drive with a 100% hit rate. After 1 billion instructions and 500 million clock cycles which memory unit has the fastest access rate? By how much?

Info like that helps a company decide, which hardware to use for their servers, etc. Unfortunately, I went cross-eyed and brain-dead before being able to do well on the tests. The only reason I bring this up is because you mentioned multiplication and I know 65816 assembly has no opcodes for multiplication and division. All the compiler does is basically turn high-level language into low-level language like hexadecimal or assembly. At the binary level it would strictly be executing instructions in logic gates that includes addition and subtraction and bitwise operations. Many people confuse IPS and processor speed throwing out a bunch of high numbers to sound cool when it doesn't affect efficiency or run-time speed at all. People make the same mistake in driving, more horsepower does not always mean faster acceleration. That's why many times people will recommend to just buy more RAM rather than trying to update the computer with a new motherboard, CPU, or trying to overclock it.
"Programming in itself is beauty,
whether or not the operating system actually functions." - Linus Torvalds