Jump to content
Crimson Red

Obscure Hacking Tips

Recommended Posts

So pretty much I'd like to dedicate a thread to those very obscure things you do in hacking that people might rarely encounter but you have. This is to help people with just that: more obscure parts of hacking.

This includes but is not limited to random event codes, how to fix random bugs, hacking random bytes or things... whatever it is, if it doesn't really go in a tutorial or other doc file, feel free to stick it in here.

That being said please don't make posts DISCUSSING them, well I can't enforce that but the idea is that this would be a resource and not a discussion thread. You can always make a topic or something to ask hacking questions. PM a mod if you have a question so they can tell you the best way to go about it

Here's my first entry in a very basic "Problem/Solution" style format:

Problem: When creating a chapter where an allied character can be "defeated" but isn't supposed to "die" (as in where all their data is erased etc.), you can use this trick to prevent them from "dying" and their data from being erased. I used this late-game in TU and was talking to Arch about it. You must know how to manipulate events for it to work.

Solution:

[3:06:17 AM] ballin1337: I made an event

[3:06:23 AM] ballin1337: that's attached to the death quote

[3:06:26 AM] ballin1337: as soon as he reaches 0 HP

[3:06:35 AM] ballin1337: but before he and his data are killed

[3:06:37 AM] ballin1337: he changes to an NPC

[3:06:39 AM] ballin1337: for some reason

[3:06:44 AM] ballin1337: this change prevents him from being killed

[3:06:56 AM] ballin1337: then I used an AFEV event right after

[3:06:59 AM] ballin1337: to change him back to an ally

[3:07:03 AM] ballin1337: so you see him as an NPC for like 1 second

[3:07:08 AM] ballin1337: but as a result he doesn't die

[3:07:14 AM] ballin1337: and comes back in the next chapter perfectly fine

[3:07:22 AM] ballin1337: it's the only solution I could come up with

Feel free to PM me for more details...

Share this post


Link to post
Share on other sites

alternately you can just do that thing that lyn mode does (i have it 80% figured out) and store the data away

and then use asm shenanigans to bring them back

Share this post


Link to post
Share on other sites

It's more that, is this a thread for obscure Fire Emblem hacking tips or obscure romhacking tips in general. The title thread and the first post are inconsistent in what's being discussed :/

Share this post


Link to post
Share on other sites

i see your point but

>fe community coming here to find tips on non-fe hacking

(although admittedly that doesn't bar me from dropping hacky tips about how you can use ea as an asm tool if you're savvy)

Share this post


Link to post
Share on other sites

It's more that, is this a thread for obscure Fire Emblem hacking tips or obscure romhacking tips in general. The title thread and the first post are inconsistent in what's being discussed :/

you answered my question

10 points from gryffindor

Share this post


Link to post
Share on other sites
That being said please don't make posts DISCUSSING them, well I can't enforce that but the idea is that this would be a resource and not a discussion thread.

my plan was thwarted

Yeah you can do it through ASM but how many people exactly know HOW to do it by ASM? Not me. XD

Also yes you can include any kind of hacking tips but the intention was that it'd pertain to Fire Emblem as this IS a Fire Emblem board. In other words, don't go including Golden Sun hacking tips here, limit it to either FE stuff or general stuff that also applies to FE, please. XP

Sorry for the lack of clarification~ I forgot Celice was on this board XD

Share this post


Link to post
Share on other sites

In that case, if you're not savvy enough to use a debugger/tracer to find the data you're looking for, and relative searches aren't cutting it, brute-force corruption will pretty much always get what you're looking for. It's not as eloquent, obviously, but it gets the job done, especially if you're intelligent about it. Increasing a mass range of data by a single instance can be useful for locating basic data, like stats for characters, level data, text, music, and all sorts of stuff, without corrupting the data to the point the game doesn't know what to do. Simply corrupt half the game, and if the game is borked, the data you're looking for may be in that half. Continue to corrupt the ROM in half-increments and you'll eventually narrow your way down to the actual data you're looking for. False-flags will be whittled out as you narrow your corruptions down. You'll also discover some other nifty data long the way of you're observant enough. You can cut the amount of labor too by noting which areas you know for sure aren't going to contain the data you're looking for--for example, in the original Super Mario Bros., at $8010 (the 10 is the header and is irrelevant) and farther, the game's graphics are stored, and there's no need to bother brute-forcing that area, cutting down the amount of data to investigate by about a third.

You'd also be surprised how much stuff you can uncover visually just by looking at the game's data through a graphics editor. Most pointer tables are blatantly obvious and should be easy to notice, if you're needing to find one, and you'll notice other miscellaneous data by the unique patterns they make across swathes of the ROM. It's a decent substitute when you don't possess the techy-stuff to follow how the game is getting their data.

Particularly on the SNES, if you're trying to rip some visual data, like graphics or palettes or tile maps, but they're compressed in the game, dump the VRAM while you're playing the game. ZSNES savestates are actually uncompressed images of the RAM, so if you open that with a graphics editor, you'll have the raw visual data without any compression (almost 100% of the time). I dunno if Tile Molester can pick up palettes, but YY-CHR can pick them up just fine, pairing the correct palette with the graphics. Of course, the tiles won't be assembled with their tilemaps, but you can manually apply them once you locate the maps, or just arrange the graphics yourself.

Obviously, the newer games are larger, and such tips aren't going to be as helpful due to the size-differences, but a good amount of games can still be exploited with a few "obscure" tips like these.

Share this post


Link to post
Share on other sites
You'd also be surprised how much stuff you can uncover visually just by looking at the game's data through a graphics editor. Most pointer tables are blatantly obvious and should be easy to notice, if you're needing to find one, and you'll notice other miscellaneous data by the unique patterns they make across swathes of the ROM.
Could you post some examples of these?

Share this post


Link to post
Share on other sites

ikVvM.png

In the first Fire Emblem, character stats begin at around 0x204D2. You can see the visual representation of this data through the 2BPP "NES" encoding, here; above this offset is actual code and is less... "visual" and more like static. Oh yeah, that reminds me, some SNES titles will also "compress" their graphics by simply using a smaller 2BPP encoding used on the GameBoy. Final Fantasy IV on the SNES, too, uses a mix between 3BPP and 4BPP graphic encoding. Just a few helpful things to note, I guess :newyears:

Edited by Celice

Share this post


Link to post
Share on other sites

Awesome. Obscure NES hacking.

Say hello to the dinosaurs for me too, will ya?

Share this post


Link to post
Share on other sites

I understand the tip perfectly well, thank you. In fact, I thought it was fairly common knowledge that looking for patterns like that was a good way of exploring for arrays of data.

The only thing obscure about what you posted is the fact that you busted out the NES ROM and the outdated tools. Couldn't resist a small jab at that :P:.

Edited by Arch

Share this post


Link to post
Share on other sites

Have you ever wanted to make generic units usable by the player (ala FE5) in the GBA games? Well, not only should you and I become friends, but there is actually a really easy way to do this.

First decide on a character number to utilize to be the generic unit and edit them in nightmare as you see fit.

Then, when loading up characters in your chapter, don't load the generics as players, as you will only get a single unit from that character number. However, if you load up the units as NPC's first and then convert the entire group with a change alliance command to player, you now have playable, generic, expendable units.

Share this post


Link to post
Share on other sites

You can mix and match TURN, CHAR, CHARASM, AREA, AFEV, LOCA, VILL, SHOP, CHES, DOOR and ASME codes as you wish to get very interesting results. For example, you can put AFEV codes to turn based events and TURN codes to misc events. Where you put the codes only determines when their conditions are checked, but the actual effect of the code is up to the code itself.

Share this post


Link to post
Share on other sites

Dang, this is some cool stuff! Thanks guys!

So, I have something new. NL, I actually made the biggest PM ever to you about it: since I'm at the end of one of my hacks and need to make a functional epilogue, I've been working on trying to... well, figure out how it works.

Here are some notes:

"THE_END" code uses hex command 0x82 (0x82 0x00 0x00 0x00) to load the ending, but this loads everything in its entirety and isn't easy to manipulate.

0xCC1B1C - Start of Ending Events (I believe Eliwood's Ending is the Default)

Judging off the hex codes it looks like the game uses GOTO commands to go to certain events and then goes back to an ASM routine to check various conditions before moving on. At least, that's my guess on what happens. There's a pointer at 0x12A94 that points to the offset mentioned above; below that are even more offsets, which, when I tried to load with events, took me to different parts of the ending, such as Hector's Ending rather than Eliwood's. The events and ASM likely work together to get the effect of the multiple endings. I don't suggest dealing with it too much though.

0xCC1B2C - 0xCC1534 - Loads the CG of Eliwood and Hector being... you know, friends, with Lyn in the background

0xCC1B50 - 0xCC1280 - Eliwood's Ending Part 1 (before the game goes to the Epilogue)

0xCC1B84 - 0xCC168C - Eliwood's Ending Part 2 (Eliwood talks to the Tactician about the ascension ceremony)

0xCC1BF0 - 0xCC1900 - Hector's Ending Part 2 (Hector's story ending at the Epilogue)

These offsets more or less contain GOTO codes that load more events--the events that load the events are in the first offset, and the actual events are the second offset. I suggest just loading them using your own events as there are other events BESIDES the GOTO code mixed in there, and well, you don't want them. Also, there are multiple instances of loading the same events, likely related to the different conditions and whatnot.

Anyhow, while that's all well and good info I had to work pretty hard to find out, there are more offsets that should be known when dealing with making your own ending. These ones are a bit more important and you'll likely want to use them straight-up, whereas the original events can probably be, well, remade.

For instance, I already coded my ending before I wanted to get to the epilogue and stuff. What I wanted to do was make it go the Epilogue and then load the Staff Credits (well, maybe; I might edit the original or, more likely than not, I'll make my own by inserting CGs and loading them through events) and the Turn Count and the actual Character Endings. If you're editing the ending, it's likely for a custom event hack, so you'll likely want to do something similar.

0xCC1B9C - Loads everything, straight-up.

Now, if Nintenlord could help me with this, it'd be great. I could just disassemble these events but I'm not feeling up to them, so NL, if you could make some RAW codes in a newer version of the EA using this doc, that'd be great. Then this "obscure hacking tip", which I'm researching as I type this post, won't be so obscure anymore, and no one will need to do the kind of research I am.

WORD 0x3E
BYTE 0x51 0xA3 0x0B 0x08
WORD 0x02

I think this can be done through an ASMC code, but I'm not sure. This loads the Staff Credits. Before using it, you should clear out any other graphics on the screen that might get in the way, such as text, portraits, or something else of that nature.

WORD 0x3E
BYTE 0xC5 0x9F 0x0B 0x08
WORD 0x02

This is for loading the turn-count. I don't actually know how the game decides the order of stuff amongst other things, though. I'll have to figure it out, or else get some help figuring it out, at some point. But hey, I got this far on my own, so I might as well try to do it myself first...

GOTO 0x08CC0F3C

This loads the character endings where it displays text on what happens to the character, or what chapter they died on if they died, their win/loss ratio, and other stuff.

The code at THAT offset is pretty much just another ASMC code pointing to 0xB85D5, as well as a... stall code (STAL) of 0 count? and the ENDA code--it's a very basic event, essentially, and I figured I'd tell just in case someone deletes the code at the other offset, though you could always copy/paste the code by disassembling a clean ROM as well.

GOTO 0x08CC0F54

These are the final events of the game... almost. It shows Eliwood and Hector meeting up as they are older, with Roy and Lilina meeting each other as well. Ah, this is so nostalgic... FE7 was such a good game. A part of me feels like crying...

Ahem, anyway, I doubt you'll need this if you're coding your own events; just put your own events after whatever other codes you need of the ones I mentioned above.

...And sadly, this is all I got. It's not everything: I don't know how to load the FIN screen or make the game reset normally/like it should. I also don't know how to make it go to the special "EPILOGUE" chapter... However, I've come up with my own workarounds for these problems. Simply put, I'm going to create my own epilogue chapter and make it infinitely loop so that you can't get out of it. Eventually, the Epilogue chapter will give you the option to move onto some bonus features, but I haven't yet implemented those, and won't for a while.

Anyway, those are all my notes on that. Nintenlord, it'd be awesome if you could turn these into proper codes, or at least Macros, and put them in the EA so people don't have to spend hours looking at events and ASM and tracing data and testing stuff trying to figure this all out. If you need names, you can give these names to the codes I put in the CODE tags, respectively:

StaffRoll

TurnRecords

CharEndings

Or something like that.

Wooh. I'm finally done. Man, that was a lot of work, but now that I'm done researching, I should have all the tools I need to make my own custom ending... except I don't know how to use ASM to check if certain characters have an A support, but that's okay.

Other stuff I'd like to throw in:

- The weapon-lock weapon-rank abuse. Essentially, one weapon lock can be used multiple times if a class or character shares a certain weapon lock but can't use a certain weapon type and thus can't actually use the same weapons. I think Arch was the first one to point this out--a little searching should net some details.

- There are many cool "experimental" codes in the EA. Check out the doc and you'll find them!

- Xeld made some cool utilities like a CG maker and a Natural Script Formatter that hardly anyone uses. Again, they exist, they're just not really mentioned or used very much.

- You can change the music in a battle by setting a custom event to a specified battle conversation and then making said event change the music immediately. You can use events pretty much freely in this, to be honest, but the # of things you can do in the actual battle animation are limited due to conflicting gameplay elements and whatnot. Still, if done right, it can be used to make some epic battles (I did it in some hacks of mine and it was super fun!).

- Triangle Attacks use up some event quotes with "perma IDs", so be careful when you use perma IDs as they may already be taken up by other gameplay elements such as the Triangle Attack. Speaking of the Triangle Attack, the Knights' Triangle Attack still exists, and there is even a spare Triangle Attack available for use (at least, in FE7 there was one!).

- An unknown pointer at or near the bottom of the class editor has to do with destroying villages. I don't remember the details but if you look at it you'll notice it's on classes that can destroy villages, to say the least. XP

I've had many, MANY more over the years, but I'm really bad at remembering things or keeping notes. If I remember anymore I'll try to remember to throw them in there.

Share this post


Link to post
Share on other sites

that's not very specific >____>' I mean sure there's lots of cool info but how much is practical stuff an average hacker might want to use XP oh well... I guess posting it doesn't hurt lol

Share this post


Link to post
Share on other sites

WORD 0x3E
BYTE 0x51 0xA3 0x0B 0x08
WORD 0x02

is the same as:

ASMC $0BA351
STAL 0

As for disassembling, use the option "To end code", which causes ENDA to end the disassembling.

Share this post


Link to post
Share on other sites

^I thought that but I was more focused on it working than the efficiency so I was just like "screw it" XD

And the other thing is good to know, thanks

Share this post


Link to post
Share on other sites

[spoiler=Storage stuff][12:11:28 PM] Blazer: you can say "no" to the question

[12:11:32 PM] Blazer: if you don't want the question

[12:11:36 PM] Blazer: just don't use the LevelMerlinus code.

[12:11:46 PM] Agro: ok, so

[12:11:55 PM] Blazer: just "recruit" Merlinus

[12:11:56 PM] Agro: if i were to just load Merlinus as a character

[12:11:57 PM] Blazer: 0x28

[12:11:59 PM] Blazer: then don't do anything

[12:12:04 PM] Agro: that's it?

[12:12:07 PM] Agro: oh

[12:12:09 PM] Blazer: it'll unlock the convoy the chapter after.

[12:12:12 PM] Blazer: -after-

[12:12:12 PM] Agro: sweeet

[12:12:15 PM] Blazer: so if you want it on chapter 5

[12:12:19 PM] Agro: so if i just load him in the prologue

[12:12:19 PM] Blazer: you gotta do it at the end of chapter 4.

[12:12:26 PM] Agro: it'll be available to me

[12:12:28 PM] Agro: for the rest of the game

[12:12:29 PM] Blazer: chapter 1

[12:12:32 PM] Blazer: yes

[12:12:34 PM] Agro: and merlinus won't have to appear at all

[12:12:38 PM] Agro: except in the storage screen

[12:12:38 PM] Blazer: uh

[12:12:39 PM] Blazer: well

[12:12:43 PM] Blazer: there is *one* little issue

[12:12:45 PM] Blazer: ahem

[12:12:48 PM] Blazer: see

[12:12:50 PM] Blazer: in the battle preps

[12:12:53 PM] Blazer: he likes to sneak himself in

[12:13:03 PM] Blazer: also you can't access the supply

[12:13:06 PM] Blazer: if he's not on the map

[12:13:11 PM] Blazer: so you could only do it via battle preps

[12:13:14 PM] Agro: but

[12:13:16 PM] Blazer: as for what I meant by sneaking him in

[12:13:18 PM] Agro: can you still send stuff?

[12:13:19 PM] Blazer: he has some dialog

[12:13:20 PM] Blazer: yes

tl;dr: You don't need to have Merlinus or any equivalent in a battle to have storage unlocked. If you want to have storage, you can load the Merlinus character slot in your events somewhere that's offscreen and you'll have access to storage in that you can send stuff to storage during battle and access it in the preparations screen. Of course, since Merlinus isn't on the map, you can't access storage during battle.

Also, Merlinus has a preparations screen conversation somewhere: if you go to the address 0x8F468, you'll see a 4A. That's the portrait that will load the conversation. Then, go to 8F49C and you'll see C6 0F. This is the text pointer for the dialogue (FC6), so if you want to change the text, go there and change it. Currently we haven't figured out a way to get rid of the dialogue entirely, but you can change the portait and text to your own character and have them say something relevant.

Share this post


Link to post
Share on other sites

Note: this is mostly a one-way conversation regarding the NO DATA, EPILOGUE, and TRIAL MAP "chapter entries", if they can even be called that

[5:19:30 PM] ballin1337: yo

[5:19:35 PM] ballin1337: wanna hear something interesting?

[5:19:41 PM] Arch: sure?

[5:19:43 PM] ballin1337: [5:18 PM] ballin1337:

<<< 0x4A is "NO DATA"

and 0x4B is "EPILOGUE"

like when I go to them

it's hardcoded for them to say that

o-o

[5:19:59 PM] ballin1337: like I MNCH'd to them

[5:20:01 PM] ballin1337: and the chapter name

[5:20:04 PM] ballin1337: is hardcoded to say those things

[5:20:05 PM] ballin1337: o_O

[5:20:46 PM] ballin1337: 0x4C is "Trial"

[5:20:47 PM] ballin1337: rofl

[5:21:10 PM] Arch: Trial Maps were intended or something

[5:21:23 PM] ballin1337: yeah

[5:21:28 PM] ballin1337: well

[5:21:29 PM] ballin1337: that means

[5:21:31 PM] ballin1337: I can't use the chapters

[5:21:35 PM] ballin1337: unless I find the text and change it

[5:21:37 PM] ballin1337: which for "NO DATA"

[5:21:39 PM] ballin1337: is nota good idea

[5:21:41 PM] ballin1337: <_>

[5:21:57 PM] ballin1337: the Epilogue and Trial I'm not using though

[5:21:58 PM] ballin1337: *shrug*

[5:22:06 PM] Arch: Mmm

[5:22:15 PM] ballin1337: I should probably post this in the Obscure Hacking Tips thread

[5:22:20 PM] ballin1337: since this is about as obscure as it gets

[5:22:22 PM] ballin1337: >____>'

[5:22:26 PM] Arch: That's some pretty ridiculous coding

[5:22:44 PM] ballin1337: nah

[5:22:47 PM] ballin1337: just what I don't understand is

[5:22:54 PM] ballin1337: the game only has 0x42 chapters normally.

[5:23:02 PM] ballin1337: Like, data-wise, after that entry, the event table starts

[5:23:10 PM] ballin1337: 0xC9A200-0xC9C9C8

[5:23:14 PM] ballin1337: so

[5:23:18 PM] ballin1337: how could these "chapters"

[5:23:19 PM] ballin1337: exist

[5:23:25 PM] ballin1337: if there's no practical data for them

[5:23:36 PM] ballin1337: I guess everything is just like, hardcoded for them

[5:23:37 PM] ballin1337: <_>

[5:23:49 PM] ballin1337: I mean I had to expand my table to even be able to "load" these chapters, y'know? >_<

[5:24:01 PM] Arch: huh

[5:24:17 PM] ballin1337: oh well... 0x4D seems to be fine (blank) so hopefully I shouldn't encounter anymore weird ass problems lol

Edited by soiweuqjasdklirewvxzcbnm

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...