News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Has someone made or could make this hack? SMB3 Frog Suit  (Read 4571 times)

Marscaleb

  • Jr. Member
  • **
  • Posts: 12
    • View Profile
Has someone made or could make this hack? SMB3 Frog Suit
« on: March 18, 2016, 02:26:08 am »
I was just playing some Super Mario Bros 3 with my nephew, and while in world 3 we were discussing the frog suit.

Then I had a thought that might make the game more challenging.
Imagine a hack where any power-up you collect actually gives you the frog suit, so basically you are stuck in the frog suit for the whole game.

...Has anyone made such a hack before?  I imagine it wouldn't be too hard to implement; it could possibly be done as a Game Genie code.  (But when looking for Game Genie codes the closest I could find was that Mario was permanently in a frog suit, which basically gave me infinite health, which removes the challenge.)  If not, any chance someone could make the hack?  Or find a Game Genie code?

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 361
    • View Profile
    • My Brill Game Site
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #1 on: March 18, 2016, 05:29:56 am »
I like the sound of this, at work just now but will see what I can turn up over lunch if no-one has got to it before me.

How old is your nephew out of interest? And more importantly are you playing this on the NES or SNES?

EDIT - Well I spent my lunch time having a look around but couldn't find anything that already does what you are looking for so I'll see if I can pull something together over the weekend. Distracts me from the Toejam and Earl work for a little bit which is nice. :)
« Last Edit: March 18, 2016, 09:05:29 am by RyanfaeScotland »

Marscaleb

  • Jr. Member
  • **
  • Posts: 12
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #2 on: March 18, 2016, 02:22:38 pm »
My nephew's 14 I think.
We were playing the NES version last night, but really, NES, SNES, GBA, I think you're splitting hairs between the technical differences.

As I think about it, in keeping with making it a challenge, the best result would probably be that getting hurt as the frog suit makes you small.
If you're going through the effort to make a new hack, it might be worth taking the slightly extra time to a make a version for all the power-ups.  (I mean, once the heavy lifting is done, this would just be a matter of adjusting a single variable, would it not?)  It might be fun to always have the hammer bros suit, or tanooki, or even the simple power-ups.

...Does the Kuribo's shoe count the same as a power-up?  I suspect not, since you have have other power-ups while in the shoe, and of course it would need to load specific graphics apart from Mario's normal sprites.  I suspect that one could technically make all power-ups turn into Kuribo's shoe, but the graphics would look off unless the level was loading spineys and bob-ombs.

J^P

  • Full Member
  • ***
  • Posts: 115
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #3 on: March 18, 2016, 04:33:20 pm »
Well you could just use the debug game-genie code and switch to frog-suit everytime you get powerup or something(although you'd have to do it manually every time).
Same with the shoe, but its graphics are messed up on most of the stages(but it works like it should).

Codebook that comes with gamegenie has codes so that you always have specif powerup, but you cannot lose it/them so theres no challenge in that :P.
Quote from: tcrf.net
There are some leftover debug routines in the game, but none can be accessed without cheat devices or hacking.
Game Genie code KKKZSPIU activates a level select and debug mode.


On the title screen:

    Press Up or Down to select a world to start on.
    Press A to increase the number of lives by 5 (a tile will change each time you press the button).
    A + B + Down on Controller 2 warps you to the Princess' chamber at the end of the game.
    A + B + Right warps you straight to the final curtain.

When you start a game, your item box will be filled with one of every item plus an extra Warp Whistle, and the remaining slots will be filled with P-Wings. During gameplay:

    Press Select on Controller 1 to cycle through all of Mario's forms.
    A / B + Select gives Mario a Kuribo's Shoe (it may look messed-up in some levels, but will otherwise work fine).

Additionally, you'll have infinite time – it will still tick, but Mario won't die once it runs out.
« Last Edit: March 18, 2016, 04:39:00 pm by J^P »

RaidouJFlo

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #4 on: March 18, 2016, 04:50:51 pm »
This seems like it would be a fun challenge to try.

I imagine this hack could be done in at least 2 ways:

Change mushrooms, tanooki, etc all to give the frogsuit powerup instead of their respective powerups,

or have all instances of question mark blocks unveiling a powerup to be replaced solely with the frogsuit powerup being unveiled instead.

I'm going to try it when I get home.

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 361
    • View Profile
    • My Brill Game Site
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #5 on: March 18, 2016, 07:27:43 pm »
My nephew's 14 I think.
We were playing the NES version last night, but really, NES, SNES, GBA, I think you're splitting hairs between the technical differences.

How is it splitting hairs? Do you expect a Game Genie code for the NES to also work on the SNES and the GBA? If I go spend 1 or 2 hours getting this to work for the SNES and then you turn round and say you are playing it on the NES do you not think I'll feel like I've slightly wasted my time?

As I think about it, in keeping with making it a challenge, the best result would probably be that getting hurt as the frog suit makes you small.
If you're going through the effort to make a new hack, it might be worth taking the slightly extra time to a make a version for all the power-ups.  (I mean, once the heavy lifting is done, this would just be a matter of adjusting a single variable, would it not?)  It might be fun to always have the hammer bros suit, or tanooki, or even the simple power-ups.

...Does the Kuribo's shoe count the same as a power-up?  I suspect not, since you have have other power-ups while in the shoe, and of course it would need to load specific graphics apart from Mario's normal sprites.  I suspect that one could technically make all power-ups turn into Kuribo's shoe, but the graphics would look off unless the level was loading spineys and bob-ombs.

I have no idea about the details of the powerups, I haven't actually played the game that much. I just know that there isn't a cheat out there to make all the powerups do the same thing and it sounds like it would be fun to do. I know from my research that some of the things your describe (certainly always having the hammer throwing ability) is already available.

And yes, that was my plan, to make 4 or 5 versions of the code, one for each powerup.

VicVergil

  • Hero Member
  • *****
  • Posts: 715
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #6 on: March 18, 2016, 08:26:58 pm »
Hi. Actually it's very easy, and should make for excellent practice in case you wanted to get into assembly hacking. The idea is really nice, if you don't mind I'll use it in a tutorial I'm planning to write later.

So in datacrystal's RAM Map for NES SMB3 (credits to whoever did that and saved me the hassle of doing a cheat search for the relevant address), we have this:

RAM adress $00ED   
Current form (to set, use 0578): 00-Small, 01-Super, 02-Fire, 03-Raccoon, 04-Frog, 05-Tanooki, 06-Hammer

RAM adress $0578
Change Mario form. Modes 1-7 can be changed at will (same as ED value+1). Flag-like values combine with ANY mode (so you can get e.g. small Mario in statue form). Modes: 01=small, 02=big, 03=fire, 04=raccoon, 05=frog, 06=tanooki, 07=hammer. Flags: 10=Enable statue, 40=Enable swimming (causes splash on land), 80=Enable Kuribos boot. No idea how to CLEAR the flags, probably not possible here.

Using the following:
Emulator: FCEUX
ROM (shouldn't matter much since Nintendo rearranging memory drastically for localized versions isn't very likely - even though it happens sometimes): Super Mario Bros. 3 (USA) (Rev A)

I start W1-1, stand below the mushroom block, make a savestate just in case (for quick testing) and then pause the emulator (setting a pause hotkey is handy here).
Then I open Debug>Debugger.
Under Breakpoints>Add, I put 0578 and check "write", so that the emulator snaps whenever that address gets overwritten.
Now try to get that mushroom.
Emulator snaps. (in case you wanted the game to resume, disable the breakpoint (double-click) and press Run)
And then look at the assembly instructions on the left.
First instruction was the one behind what happened, and it's:
00:A8A0:8D 78 05  STA $0578 = #$00

00:A8A0 = where this programming instruction is, just in case you wanted to hex-edit it and change the programming to your liking
8D 78 05 = how this instruction is written in hex. Three bytes in our case.
STA $0578 = the instruction in a more human-readable form

Just a quick reminder about 6502 assembly instructions:
To store some value XX to an address YYYY, we first store it a temporary memory called the accumulator (A) with an instruction called LDA (LDA #$XX , XX being the value).
Then we use the instruction STA (STA $YYYY) to put whatever value is in the accumulator (so XX in our case) in the address $YYYY.

We have our STA, we need to find the last thing (LDA, that is) that modified the contents of the register.
And sure enough, if we scroll just a little bit to the top, enough to see the instruction immediately above (before) our STA $0578, we'll find...
00:A89E:A9 02     LDA #$02

Bingo :)

So in hex this appears A9 02. As you may have guessed from the above 02 is the value. And in the RAM Map doc, 02 happens to be the value for Big Mario.
We could change that byte to something else, like 01 (in case we wanted to make a mushroom forcing small Mario state... oh by the way a poison mushroom shouldn't be hard to implement either) or 05 for Frog Form... oooor 82 for Kuribo's Shoe with Big Mario.  ;)

So that instruction (which is located, as the debugger helpfully points out, in address $A89E) which is written A9 02 must be changed to A9 05.

You can double-click on the highlighted line under Breakpoints. One "E" letter (standing for Enabled) should disappear, which would be helpful since we don't need the emulator to snap right now.
We have something to try after all :)

Normally you do this with a good old hex editor (take care to add $10 to any offset you want to go to though).
But since it's FCEUX and it's newbie-friendly you have a button with "Rom Patcher" on it.
Our instruction needing to be modified is located in A89E.
Type it under Offset, and click Edit This Offset.

What should appear is the hex data with a quick disassembly (the English-readable stuff) below.

A9 02 8D 78 05 AD 77 05
Disassembled: 00:A89E:A9 02     LDA #$02

And we can clearly see our A9 02.
Under Patch Data, write your new instruction.
You need Frog state (05) instead of Super Mushroom state (02), so you need to put
A9 05

Apply.
Note this change is applied to the copy of the ROM the emulator loaded to memory so that it can run. If you want it applied to your actual ROM file, use "Save ROM File".

Try your new hack, and enjoy :P

But that's not all! There's more for you to try on your own.
Like modding all other block types to exclusively give frog suits. And the items you can get in Toad Houses too must be taken care of in the exact same way.
And then with Crystaltile2 you'll need to edit all tiles for these powerups to have the frog powerup graphic.

Have fun :P

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 361
    • View Profile
    • My Brill Game Site
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #7 on: March 18, 2016, 08:35:59 pm »
Ahhh no beaten to it!

Now, I haven't read your solution yet so the question is do I continue on tomorrow knowing there is likely a solution here or do I just leave it at that now that the information has been found :D Tough choice!

On the SNES All Stars version I got as far as working out:
Spoiler:
Mario's current powerup is at 7E00BB and the following values set what Mario has:

00 - Small
01 - Big
02 - Fire
04 - Frog
And that's where I stopped.

Next step was to download an emulator that has trace capabilities (doesn't look like ZSNES has that) drop a break point on 7E00BB and find out what routine is writing to it / where the value is coming from and bingo there is your change.

Screw it, I know I can do this, I'm reading what you did GHANMI and seeing how it compares.

EDIT After Reading GHANMI's Solution:

or 05 for Frog Form... oooor 82 for Kuribo's Shoe with Big Mario.

I think you mean 04 for Frog Form. Knew you were trying to blag your way through this.  ;)

Good to see you've opted for the NES and our techniques are the same (albeit you were clever and didn't bother with the grunt work of finding the 'current powerup' offset yourself).

I'll continue my endeavor to get this going on the SNES All-Star version.
« Last Edit: March 18, 2016, 08:57:42 pm by RyanfaeScotland »

RaidouJFlo

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #8 on: March 18, 2016, 08:37:02 pm »
Got one of them, changing the LDA #$02 to LDA #$05 heh.

That's the first mushroom at 0x0028af



Dude whaaaat?!  I didn't even have to change the second mushroom upgrade on the ground to the frog suit.  I think that LDA at 0x0028af effects every mushroom.

0x002C5D - A9 04 (For Tanooki) changed to A9 05.  Now literally every tanooki transformation is a frog transformation as well.  This is great.
« Last Edit: March 18, 2016, 08:43:39 pm by RaidouJFlo »

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 361
    • View Profile
    • My Brill Game Site
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #9 on: March 18, 2016, 08:49:08 pm »
Dude whaaaat?!  I didn't even have to change the second mushroom upgrade on the ground to the frog suit.  I think that LDA at 0x0028af effects every mushroom.

Haha welcome to programming! Of course it affects every mushroom! You aren't editing the individual mushroom, you are editing the code that is executed when a mushroom is collected. :)

VicVergil

  • Hero Member
  • *****
  • Posts: 715
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #10 on: March 18, 2016, 10:20:35 pm »
I think you mean 04 for Frog Form. Knew you were trying to blag your way through this.  ;)

Nah, I tested it and it's just like I said.
Maybe SNES version handles the values differently?

Dude whaaaat?!  I didn't even have to change the second mushroom upgrade on the ground to the frog suit.  I think that LDA at 0x0028af effects every mushroom.

0x002C5D - A9 04 (For Tanooki) changed to A9 05.  Now literally every tanooki transformation is a frog transformation as well.  This is great.

Makes sense it's every mushroom.
You're editing the programming called whenever Mario is in contact with a red Mushroom.
To edit each Mushroom individually you'd have to edit the level data, which is time consuming to say the least, and I'm lazy so that won't do.

I forgot to mention it but there's also the routine called when Mario loses the frog powerup, which would need to be changed to make Mario small, not big.

Oh, by the way, you may take another approach.
Find what initializes Mario's state to small on level boot-up, or better, when SMB3 goes in-game. Change that to frog.

As for the power-ups, you can then change them to "do nothing": You replace the instructions with the NOP instruction (EA), each byte of the original instruction being replaced with EA. 

And... I think since NES and SNES assembly languages are so close (SNES includes the whole NES set, if I'm not mistaken), doing the All-Stars version (with Geiger's Snes9X Debugger version... dunno if there's a better debugger SNES emulator though) might be easy provided you know the relevant addresses for Mario's state (nothing a simple dumb cheat search can't solve).

The GBA version though is another matter.
It's written in another assembly language (ARM) you'd have to go through the effort to learn, though the results would be certainly rewarding enough (you'd learn GBA, DS and 3DS assembly in one go, just very minor differences between them).
In GBA ARM7 assembly, there's not only one accumulator, but many registers (r1, r2, ...), and you may recognize LDA and STA as ldr and str.

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 361
    • View Profile
    • My Brill Game Site
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #11 on: March 19, 2016, 05:58:27 am »
Nah, I tested it and it's just like I said.
Maybe SNES version handles the values differently?

Possibly but my comment was based on your first RAM address list, the current form one where Frog = 04, I  misread your second list about form state change being offset by 1.

So I take it back. :)
« Last Edit: March 19, 2016, 06:30:16 am by RyanfaeScotland »

Marscaleb

  • Jr. Member
  • **
  • Posts: 12
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #12 on: March 19, 2016, 01:57:14 pm »
How is it splitting hairs? Do you expect a Game Genie code for the NES to also work on the SNES and the GBA? If I go spend 1 or 2 hours getting this to work for the SNES and then you turn round and say you are playing it on the NES do you not think I'll feel like I've slightly wasted my time?


Oh, sorry!  I did not phrase that properly.
I meant, as one playing the game, the technical differences in gameplay are splitting hairs.  Of course a patch or a code would not work on different versions, but I just meant to say, if you preferred to patch one of the other versions, it wouldn't make a difference to me.  I would be fine playing it on the SNES version just as much as the NES version.

RaidouJFlo

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #13 on: March 19, 2016, 03:20:29 pm »
Nah, I tested it and it's just like I said.
Maybe SNES version handles the values differently?

Makes sense it's every mushroom.
You're editing the programming called whenever Mario is in contact with a red Mushroom.
To edit each Mushroom individually you'd have to edit the level data, which is time consuming to say the least, and I'm lazy so that won't do.

I forgot to mention it but there's also the routine called when Mario loses the frog powerup, which would need to be changed to make Mario small, not big.

Oh, by the way, you may take another approach.
Find what initializes Mario's state to small on level boot-up, or better, when SMB3 goes in-game. Change that to frog.

As for the power-ups, you can then change them to "do nothing": You replace the instructions with the NOP instruction (EA), each byte of the original instruction being replaced with EA. 

And... I think since NES and SNES assembly languages are so close (SNES includes the whole NES set, if I'm not mistaken), doing the All-Stars version (with Geiger's Snes9X Debugger version... dunno if there's a better debugger SNES emulator though) might be easy provided you know the relevant addresses for Mario's state (nothing a simple dumb cheat search can't solve).

The GBA version though is another matter.
It's written in another assembly language (ARM) you'd have to go through the effort to learn, though the results would be certainly rewarding enough (you'd learn GBA, DS and 3DS assembly in one go, just very minor differences between them).
In GBA ARM7 assembly, there's not only one accumulator, but many registers (r1, r2, ...), and you may recognize LDA and STA as ldr and str.

Looks like when you get hit, it decrements $0578?  I was trying to check it out but didn't look too far into it.

EDIT: Hmm, actually... I wanted to change decrementing $0578 into just literally loading #$05.  Decrementing used 3 bytes, and loading uses 2 bytes, so I thought I could just throw in a 00 on the third spot but it kept breaking.  I ended up using A9 05 and EA on the last byte and that worked lol.  Never knew about NOP, thanks!

I'm going to try to make mario die as a frogsuit and spawn as a frogsuit, so he will forever be a frogsuit.

Haha welcome to programming! Of course it affects every mushroom! You aren't editing the individual mushroom, you are editing the code that is executed when a mushroom is collected. :)

Right lol that makes sense.
« Last Edit: March 19, 2016, 03:27:38 pm by RaidouJFlo »

RyanfaeScotland

  • Sr. Member
  • ****
  • Posts: 361
    • View Profile
    • My Brill Game Site
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #14 on: March 20, 2016, 09:09:28 am »
Oh, sorry!  I did not phrase that properly.
I meant, as one playing the game, the technical differences in gameplay are splitting hairs...

Ah that makes more sense then, really glad I didn't overreact to your comment in the reply now!

I 100% agree btw which is why I am happy to play it on the SNES.  :)

...I ended up using A9 05 and EA on the last byte and that worked lol.  Never knew about NOP, thanks!

I'm going to try to make mario die as a frogsuit and spawn as a frogsuit, so he will forever be a frogsuit...

Yeah, NOP is really useful in all assembly languages. If you just leave in whatever was there you are going to get an unknown bit of code executed, you might get away with it and have nothing of consequence happen, it might fail spectacularly with a game breaking crash or (perhaps worse of all) it might introduce bugs that don't shown themselves in an obvious way but wreak havoc behind the scenes!

Deleting the instruction equally doesn't help as it then resizes the ROM, moves all the offsets, very likely breaking everything.

Replacing with NOP means the instruction still gets executed in a controlled manner (i.e you know exectly what is happening, nothing) and the overall size and offsets stay the same.

NOP is pretty awesome!

March 20, 2016, 07:59:40 pm - (Auto Merged - Double Posts are not allowed before 7 days.)
Ok, here is the SNES version:

Much like the NES version we are looking for an LDA instruction which is loading the value for the powerup into the accumulator to later be used.

For us the instruction is stored at 0x140E9F so open up your favourite hex editor, load in your Mario All Stars rom and go to that address. You should see the hex A9 02, this is the SNES's LDA immediate instruction which is loading 02 into the accumulator.

Change the 02 to an 05 and load the rom into your emulator (reload if it was already loaded) and race through to get the mushroom on 1-1 and bingo - frog suit!

I was actually looking for how to make every power up make you have the frog suit without the need to find each powerup's code (i.e. no matter what LDA value is used we ignore it an pretend it was 05 anyway) but I ended up with the same issue that you could no longer lose the frog suit as a result. Then I got fed up and gave up.

If anyone is interested in continuing it here is a little trace dump of the section concerned with the change of state:

Code: [Select]
$23/C261 AD 78 05    LDA $0578  [$21:0578]   A:FFE0 X:0000 Y:0001 P:eNVMXdizc Load mushroom to Acc
$23/C264 F0 5C       BEQ $5C    [$C2C2]      A:FF02 X:0000 Y:0001 P:enVMXdizc Brach by 5C if equal
$23/C266 C9 0F       CMP #$0F                A:FF02 X:0000 Y:0001 P:enVMXdizc Compare to 0F
$23/C268 30 1C       BMI $1C    [$C286]      A:FF02 X:0000 Y:0001 P:eNVMXdizc Branch by 1C if negitive
$23/C286 29 0F       AND #$0F                A:FF02 X:0000 Y:0001 P:eNVMXdizc
$23/C288 A8          TAY                     A:FF02 X:0000 Y:0001 P:enVMXdizc
$23/C289 A5 BB       LDA $BB    [$00:00BB]   A:FF02 X:0000 Y:0002 P:enVMXdizc Load power to mem
$23/C28B C9 02       CMP #$02                A:FF00 X:0000 Y:0002 P:enVMXdiZc Compare to Big
$23/C28D F0 04       BEQ $04    [$C293]      A:FF00 X:0000 Y:0002 P:eNVMXdizc
$23/C28F C9 03       CMP #$03                A:FF00 X:0000 Y:0002 P:eNVMXdizc Compare to Fire
$23/C291 D0 0F       BNE $0F    [$C2A2]      A:FF00 X:0000 Y:0002 P:eNVMXdizc
$23/C2A2 A9 00       LDA #$00                A:FF00 X:0000 Y:0002 P:eNVMXdizc Clear Acc
$23/C2A4 8F 86 C5 7F STA $7FC586[$7F:C586]   A:FF00 X:0000 Y:0002 P:enVMXdiZc Transfer Acc to mem
$23/C2A8 88          DEY                     A:FF00 X:0000 Y:0002 P:enVMXdiZc Dec Y
$23/C2A9 84 BB       STY $BB    [$00:00BB]   A:FF00 X:0000 Y:0001 P:enVMXdizc Transer Y to men
$23/C2AB 5A          PHY                     A:FF00 X:0000 Y:0001 P:enVMXdizc
$23/C2AC DA          PHX                     A:FF00 X:0000 Y:0001 P:enVMXdizc
$23/C2AD 20 62 CC    JSR $CC62  [$23:CC62]   A:FF00 X:0000 Y:0001 P:enVMXdizc
« Last Edit: March 20, 2016, 08:31:14 pm by RyanfaeScotland »

RaidouJFlo

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
Re: Has someone made or could make this hack? SMB3 Frog Suit
« Reply #15 on: March 24, 2016, 07:53:30 pm »
I've made it now so that Mario starts as a Frog after pushing "1 Player."

For now, Raccoon and Mushroom = Frog.  I'll be changing their graphics to represent something that isn't a power-up.

I have also made it so that when you get hit, you do not downgrade, you just die instantly and lose a life.

Hard mode!!!

I'm going to try to disable the pause menu now as well.