Register - Login
Views: 99794601
 Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies 		05-03-22 05:16:29 AM
Jul - General Game/ROM Hacking - Assembly Trouble New poll - New thread - New reply
Next newer thread | Next older thread
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 188/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 01-18-13 12:07:41 AM Link | Quote
I’ll try to explain my problem as simply as possible. I am trying to figure out how a NDS game loads a file into memory and how the game figures out what file to load. The file loaded is a bunch of text(its actually the credits screen). I know where in the ROM the credits text exists( listed as 0x080EA000 no$gba) and I know where it exists after it gets loaded in memory(0x02267780). I know what instruction causes the text to get loaded.
...
02085CE4 E5951004 ldr r1,[r5,#0x4]
02085CE8 E59F0010 ldr r0,=#0x40001A4
02085CEC E5801000 str r1,[r0] < --- this stores the text into memory
02085CF0 E8BD8038 ldmfd r13!,{r3-r5,r15}
...
I know that the assembly for the instruction pointed to above is STORE. More specifically, it stores contents of r1 to location pointed to by contents of r0 where r1 = 0xA1416657 and r0 = 0x040001A4. The number stored at address 0x040001A4 is 0x21416657. This is where I am confused. I am probably just really stupid but I don’t understand how, through these numbers, the credits text even ends up at the memory address 0x02267780. The only number I can make out is r0 = 0x040001A4 which is part of the IO. What does 0xA1416657 and 0x21416657 even represent? The highest memory value in no$gba is like 0x10000000.

Can anyone give me advise on my problem?
Thanks.

____________________
"Consider this a privilege. You have been chosen."
Xenesis

Roy Koopa
Actually a Doctor
Level: 101


Posts: 1993/2732
EXP: 10486591
For next: 231084

Since: 07-28-07

Pronouns: She/Her
From: Orange Star's Retirement Villa

Since last post: 9 days
Last activity: 19 hours
Posted on 01-18-13 12:18:08 AM Link | Quote
Generally how file loading seems to work is a process as follows:

The game sends the filename it wants to load to the I/O system which retrieves it from the cartridge and decrypts it into RAM. Contents of the file are then manipulated/moved whatever.

Also you'll probably find that the str instruction there isn't doing the heavy lifting but a ldmfd/stmfd pair (load mulitple then store multiple). Especially when you're dealing with files loaded from the filesystem.
Rena
I had one (1) message in Discord deleted and proceeded to make a huge, huge mess about how it was a violation of free speech and how moderators are supposed to be spam janitors and nobody should have the right to tell me not to talk about school shootings
Level: 135


Posts: 4965/5390
EXP: 29075354
For next: 259651

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 342 days
Last activity: 342 days
Posted on 01-18-13 01:46:37 AM Link | Quote
Post #4965 · Thu 130117 214637
You'd want to read up on the DS memory map and SDK. Games run under a Nintendo-written OS (which is actually included on the cartridge) that handles things like file I/O. The ROMs actually have a simple embedded filesystem. I'm not sure if they actually refer to files by name in the code, or by an index number, but either way you need to find the one corresponding to the file you're interested in and then look for that identifier in the code.

If you're just interested in editing/replacing that file though, you probably don't need to edit the code at all. Just extract, edit, and re-insert the file table.

____________________
Programs
stuffgoeshere
Log outShut down
Post #4965...[blag][Twitter][Freenet][My Arts]
Xenesis

Roy Koopa
Actually a Doctor
Level: 101


Posts: 1994/2732
EXP: 10486591
For next: 231084

Since: 07-28-07

Pronouns: She/Her
From: Orange Star's Retirement Villa

Since last post: 9 days
Last activity: 19 hours
Posted on 01-18-13 01:49:19 AM Link | Quote
Originally posted by Rena
If you're just interested in editing/replacing that file though, you probably don't need to edit the code at all. Just extract, edit, and re-insert the file table.


This is definitely the easiest way to do things, unless they've done something dumb like smoosh it together with a bunch of other data in the overlays.
Ninji

Birdo
Why did my user title say I'm a toaster anyway
Level: 88


Posts: 1922/2014
EXP: 6638528
For next: 12136

Since: 07-26-07

Pronouns: he/him or they/them
From: Glasgow, Scotland

Since last post: 113 days
Last activity: 6 days
Posted on 01-18-13 02:52:11 AM Link | Quote
Originally posted by Rena
The ROMs actually have a simple embedded filesystem. I'm not sure if they actually refer to files by name in the code, or by an index number
It varies.

It's the norm to use filenames/paths, but some games look up files by ID despite having names (like NSMB). The SDK supports both.

____________________
crediar
User
Level: 11


Posts: 9/20
EXP: 5724
For next: 261

Since: 02-14-11


Since last post: 6.3 years
Last activity: 5.3 years
Posted on 01-22-13 12:39:14 AM Link | Quote
0x40001A4 is a HW register of the DS card interface as you can see here GBATek
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 190/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 01-22-13 01:19:33 AM Link | Quote
Oh if what I was trying to do could be as simple as replacing or moving a file then I wouldn’t have made this thread to begin with . Then again, I am an idiot so who knows.

I’ll be a bit more specific on why I want to figure out how the game figures out what file to load. The game I’m looking into is 999. It has some debug files that, to me, look like they contain interesting content. The files of interest are listed on TCRF:
debug.dat and debug_c.dat
debug.fsb

I can only open debug.fsb but what you see in the picture on that page is what you get which is sad. It would have been great if it would have loaded the first two files. Then again, I haven’t looked deeply into debug.fsb so maybe something is there. The staff credits and first two debug files are stored in the same file path. I was thinking if I could figure out how the game loads the staff credits then I might be able to find code within the ROM that will load those other debug files.

My success in determining what loads the staff file is debatable. I was able to figure out that the op code at address 0x02050E00 (which is ldr r6, =#0x20997B4 shown below) definitely plays a part in loading it to memory but I can’t seem to find something equivalent for the two other debug files. This sucks because I don’t know what to do from here. I’m not giving up because I know something is here but I don’t know what to do to get it to load in game.


I also looked at the DS memory map and DS I/O ports. Besides listing where they are, I don’t know what else I can really do with them.

____________________
"Consider this a privilege. You have been chosen."
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 206/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 02-06-13 08:54:49 AM Link | Quote
I'll state my goal more simply because I feel that people got lost with what I last posted.

I want to figure out when the game decides to load a file. The reason I want to know this is because there are debug files left in the game’s file system that I want to force the game to load. If I can figure out where and when in the game’s code the debug files could be loaded, I could try to patch the game to access that code so those debug files can be loaded in game. Does this make more sense? How could I properly go about doing this?

Thanks

____________________
"Consider this a privilege. You have been chosen."
Joe
Common spammer
🍬
Level: 111


Posts: 2790/3392
EXP: 14501060
For next: 367300

Since: 08-02-07

From: Pororoca

Since last post: 12 days
Last activity: 6 hours
Posted on 02-07-13 03:04:31 AM Link | Quote
...Have you tried editing the string that says "etc/staff.dat" to say "etc/debug.dat"?

____________________
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 207/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 02-09-13 01:14:21 AM Link | Quote
Originally posted by Joe
...Have you tried editing the string that says "etc/staff.dat" to say "etc/debug.dat"?
95% sure I tried that and the game went belly up and crashed. I also tried switching files around using Tinke but that has lead to the same result. It kind of sucks because I can see the game loading the staff.dat file but I am still scratching my head at how it KNOWS to load staff.dat. If I can figure that out then I can search for a similar mechanism to load debug.dat.

____________________
"Consider this a privilege. You have been chosen."
Joe
Common spammer
🍬
Level: 111


Posts: 2793/3392
EXP: 14501060
For next: 367300

Since: 08-02-07

From: Pororoca

Since last post: 12 days
Last activity: 6 hours
Posted on 02-09-13 03:47:11 AM Link | Quote
Originally posted by Cuber456
but I am still scratching my head at how it KNOWS to load staff.dat.
ldr r6,=#0x20997B4
I'd bet it's this line.

____________________
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 208/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 02-09-13 10:55:15 AM Link | Quote
Originally posted by Joe
Originally posted by Cuber456
but I am still scratching my head at how it KNOWS to load staff.dat.
ldr r6,=#0x20997B4
I'd bet it's this line.
That would seem to make logical sense but here is where a problem arises now. If the game is calling the credits screen from this line "etc/staff.dat" then I would expect there to be a line similar to "etc/debug.dat" to call the debug materials(perhaps a naive assumption?). I've tried searching but that line doesn't appear to exist anywhere in memory. The only things I have been able to find close enough to that are random debug strings as can be seen in the picture I posted above. The only good thing that has come out of this so far is that I was able to load the Test5.fsb file finally. Figures I access the file I wasn't even trying to load to begin with.

I am scratching my head at this point. I just don't know what will properly load those debug files. The only thing I can think of doing now is to perhaps figure out if there is a proper way of loading debug.fsb(That file that lists "end" a bunch of times in Kanji) since I think it has a good chance of having something to do with those other debug files. I also find it strange that debug.fsb doesn't appear to do anything useful despite its name.

This sucks

____________________
"Consider this a privilege. You have been chosen."
Joe
Common spammer
🍬
Level: 111


Posts: 2795/3392
EXP: 14501060
For next: 367300

Since: 08-02-07

From: Pororoca

Since last post: 12 days
Last activity: 6 hours
Posted on 02-09-13 02:55:03 PM Link | Quote
Originally posted by Cuber456
I've tried searching but that line doesn't appear to exist anywhere in memory.
In that case, the game probably has no direct function for loading that file. Considering the file extension (.dat), I wouldn't expect it to be the kind of file you can just switch in with something else. It might be referenced by one of the .fsb files, or perhaps one of the other localizations will contain references to it.
Originally posted by Cuber456
I was able to load the Test5.fsb file finally.
I'm curious, what did you do differently this time? (This doesn't really have anything to do with the debug files, I just like reading about hacking. )
Originally posted by Cuber456
I also find it strange that debug.fsb doesn't appear to do anything useful despite its name.
Have you opened any of these files using a hex editor? Sometimes the contents of the file can tell a lot, even if you can't get it to load.

____________________
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 209/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 02-10-13 12:36:13 AM Link | Quote
Originally posted by Joe
Originally posted by Cuber456
I've tried searching but that line doesn't appear to exist anywhere in memory.
In that case, the game probably has no direct function for loading that file. Considering the file extension (.dat), I wouldn't expect it to be the kind of file you can just switch in with something else. It might be referenced by one of the .fsb files, or perhaps one of the other localizations will contain references to it.
Originally posted by Cuber456
I was able to load the Test5.fsb file finally.
I'm curious, what did you do differently this time? (This doesn't really have anything to do with the debug files, I just like reading about hacking. )
Originally posted by Cuber456
I also find it strange that debug.fsb doesn't appear to do anything useful despite its name.
Have you opened any of these files using a hex editor? Sometimes the contents of the file can tell a lot, even if you can't get it to load.

I can only hope that there is some sort of reference within one of the .fsb files which would probably most likely be debug.fsb if I were to guess. It is possible the Japanese version of the game might have a reference to it as well. I have only checked the US version so far.

I got test5 to load by looking at this section of memory which is not too far away from "etc/staff.dat":
............rom.
etc/global.ini..
etc/game_text.in
i...etc/game_val
.ini....etc/kanj
i_n.dat.etc/kanj
i_i.dat.etc/kanj
i_b.dat.etc/kanj
i_s.dat.etc/fram
e.dat...E_SYS.
~Common.~START..
-...vector..text
pool....textpool
All I did was change the text "START" to "Test5" before the "licensed by Nintendo" start-up screen appeared. It was something I did by chance. I can also get that (so far useless) debug.fsb to load here if I put in the text "Debug". I can't seem to load any other .fsb files using this method.

I have briefly looked at the contents of each debug file using a hex editor but haven't done manipulations on them specifically. I might as well list them here.

debug.dat: Most of the text of this file is already on the wiki
SIR0ø...@.......
Debug Menu.Scene
Check.Escape Ch
eck.Mini Game.GR
APHIC.Sound Chec
k.Graphic.Chara
Check.BG Check.I
tem Check.Movie
Check.Stage Set
ting.Item Select
.Flag Setting.St
age Start.Stage
Setting In Game.
Item Select.Flag
Setting.Novel D
ebug Menu.Return
Game.Save&Load.
Debug Setting.Re
set.Global Flag
Setting.End Game
.Infomation.Esca
pe Debug Menu.Re
turn Game.Save&L
oad.Debug Settin
g.Reset.End Game
.Item Select.Fla
g Setting.Global
Flag Setting.In
fomation.Debg Se
tting.BGM.SE.Deb
ugView.MessageSk
ip.TouchTest.Inf
omation.PageLabe
l.BGM.SOUND0.SOU
ND1.SOUND2.SOUND
3.ªª....'...4...
>...F.......Z...
f...o...{.......
•...¡...®.......
Ð...Ü.......ú...
............$...
8...A.......^...
j...t...‚...ˆ...
‘.......ª...¾...
....Ö...Ú...Ý...
ç...ó...........
............$...
+...........4...
R...L...‡...`...
º...p...é...|...
L...œ...É...Ä...
ý...Ü.......ø...
..„,............
................
................
..............ªª


debug_c.dat: Besides the numbers(01: 02: 03: ..... etc) I don't see anything else
SIR0\...°.......
ƒLƒƒƒ‰‘I‘ð.–³Œø.
ƒ|.[ƒY.00:Šî–{.0
1:•ð‚ê.02:“{‚é.0
3:”ß‚µ‚¢.04:.΂¢
.05:.^Œ•.06:‹Á‚«
.07:–ù‰õ.08:.Æ‚ê
.09:‹¯‚¦.10:“®—h
.11:’ñˆÄ.12:Œœ”O
.13:Š¦‚¢.14:”Y‚Þ
.15:Žå’£.16:Ž©–.
.17:‹.‹C.18:•^•Ï
.19:ƒ‚.[ƒVƒ‡ƒ“•t
‚«1.20:ƒ‚.[ƒVƒ‡ƒ
“•t‚«2.21:ƒ‚.[ƒV
ƒ‡ƒ“•t‚«3.22:ƒ‚.
[ƒVƒ‡ƒ“•t‚«4.23:
ƒ‚.[ƒVƒ‡ƒ“•t‚«5.
ƒ‚.[ƒVƒ‡ƒ“.‚P‰ñ.
ƒRƒ}.–³Œø.–Úƒpƒ`
.‚P‰ñ.ƒRƒ}.–³Œø.
ŒûƒpƒN.‚P‰ñ.ƒRƒ}
.–³Œø.”wŒi‘I‘ð.–
³Œø.‰ï˜b•\Ž¦.–³Œ
ø.—LŒø.—§‚¿ˆÊ’u.
’†..¶.‰E.ªªª....
....'.../...7...
?...I...Q...Y...
a...i...q...y...
....‰...‘...™...
¡...©...±...¹...
Á...Ô...ç...ú...
........+...0...
5.......A...F...
K.......W...\...
a.......o.......
}...‚...........
“...–...........
œ... ...¤... ...
....:.......P...
(...f...8...t...
@...‡...L.......
\...ªªªªªªªªªªªª
..ƒ.............
................
................
.............ªªª


debug.fsb: Quite a small file but it does have some readable strings
SIR0 ...À.......
%4..(../..3..&%&
Eªªª&NOVEL.START
..I—¹.¥.$...+...
1.......START.ªª
H...........~Deb
ug.MapIn.~Debug.
MapStart.ªªª....
\.......i.......
....Debug.fsb.ªª
”...|.......8...
P...X...ªªªªªªªª
..0...,.........

So that is the size of it for now. Like I said, I don't know exactly what to do from here to get the debug files to properly load but I'm not giving up.

____________________
"Consider this a privilege. You have been chosen."
xdaniel
980
Level: 64


Posts: 413/982
EXP: 2153583
For next: 60514

Since: 12-04-08

Pronouns: he/they
From: Germany

Since last post: 25 days
Last activity: 42 min.
Posted on 02-10-13 01:05:57 AM Link | Quote


>>ESTABLISHING LINK...DONE.    >>FETCHING POST DATA...DONE.    >>EXECUTING POSTDISP.BIN...




____________________
cu xdaniel - Follower of the Church of Madoka


"What color is your BLOOD?!?"
Joe
Common spammer
🍬
Level: 111


Posts: 2796/3392
EXP: 14501060
For next: 367300

Since: 08-02-07

From: Pororoca

Since last post: 12 days
Last activity: 6 hours
Posted on 02-10-13 02:05:11 AM Link | Quote
Originally posted by Cuber456
debug.dat:
Looks like text followed by pointers.

Originally posted by Cuber456
debug_c.dat:
Same thing, but in Japanese. Here's part of the file decoded correctly:
00:基本
01:呆れ
02:怒る
03:悲しい

Originally posted by Cuber456
debug.fsb:
.I—¹
That's the part that says 終了, "end."


It looks like debug.dat and debug_c.dat are just string tables; they are completely useless without the code that would normally use them. On the other hand, debug.fsb looks much more interesting. It references other game functions, so you might be able to get it to do something other than loop and crash by editing some of the strings inside it.

____________________
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 210/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 02-10-13 03:23:52 AM Link | Quote
@xdaniel
I'm happy that you mentioned Shift-JIS. This is something I didn't know about before. I mean, I knew that Japanese characters had to be stored in some way in the ROM but I never really thought about it. I think that is because most of the characters other than ASCII look like nonsensical garbage. In other words, if it wasn't in ASCII then I ignored it. I should look around some of the other files to see if there is more text I mistook for garbage.

I understand if you are busy. Last time I checked, you were working on a program to model OoT and MM models properly. I hope everything is going smoothly for you!

@Joe
So I guess I won't be able to do anything with the DAT files then since they are mostly just string files. It makes sense that some other file would be needed to load these two files. I'm still surprised that debug.fsb doesn't load these files but being surprised won't get me anything. It is kind of funny that debug.fsb looks more interesting because it is so much smaller than the other 2 files. I'll take your advice and see if changing the strings in the debug.fsb leads to anything. That seems like the best thing to do at the moment.

____________________
"Consider this a privilege. You have been chosen."
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 215/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 02-24-13 07:16:06 AM Link | Quote
So I screwed around a little bit with debug.fsb. I wasn’t able to do too much with it but that is probably because I suck. What I was able to do is shown below.

I changed the kanji text to “TCRF” for the sake of just changing it. Basically if I replace “&NOVEL” with “&HERO” or I put a random string like “&Cuber”, you get what you see above instead of the kanji for “end” being displayed on the touch screen. Nothing too special. I haven’t screwed around too much with the other strings. From what I do know, “~Debug” is usually a function that loads debug.fsb. It is what I use to load the file anyway so perhaps “~Debug.MapIn.~Debug.MapStart” would load map files related to debug.fsb. Other files have similar strings to that. I have tried modifying the “~Debug” to other functions but the file is EXTREMELY picky. Doing so causes the game to crash. Also trying to extend the kanji string that this file loops past 4 bytes, and hence increasing the size of the file, also crashes the game. Not sure why both these things happen. There could still be something here but if there is I am certainly not going about the right ways of finding it. For now, I will leave this file alone since there are some other interesting things I have discovered.

Besides finding a vast list of functions in the game, a majority of which I don’t know their purpose, I stumbled across something of interest within the start.fsb file.

__r.&Q.:DEBUG_A_
STAFF.:DEBUG_B_S
TAFF.:DEBUG_C_ST
AFF.?BG.?Chara.?
System.CallScrip
t.DEBUG_MENU.DEB
UG_TEST.DataDest
roy.DebugInit.Er
aseWin.EscapeScr
een.FileScreen.F
ill.GAME.KeyLock
.LOOP.LogoScreen
.Menu.Out_All.Re
load.Scroll.Skip
Enable.SoundTest
.SoundTest_Loop.
StartScreen.Text
Filter.~A01b.~Ae
d2.~Bed4.~Ced1.~
Test5.....SC5..A
uto Play.SC0..SC
5..A.G...h.X.^.b
.t...[...SC0..SC
5..BLOCK 0123(AL
L).SC0..SC5..BLO
CK 01.SC0..SC5..
BLOCK 0.SC0..SC5
..BLOCK 1.SC0..S
C5..BLOCK 23.SC0
..SC5..BLOCK 2.S
C0..SC5..BLOCK 3
.SC0..SC5..B.G..
.h.X.^.b.t...[..
.SC0..SC5..C.G..
.h.X.^.b.t...[..
.SC0..SC5..Debug
Menu.SC0..SC5..
Destroy Save Dat
a.SC0..SC5..File

Yeah it is mainly a bunch of strings but it contains some interesting strings like DEBUG MENU(Twice actually). I am wondering if perhaps this string, if the game was able to read it, would bring up a debug menu. It sounds logical enough and other strings in this group do actually do stuff. For example, “~A01b” loads the intro to a new game and “LogoScreen” loads the intro logos when you first start up the game. Assuming the DEBUG MENU string does something, I either need to figure out where to place this string for the game to load it or search for some other mechanism for the game to load it.

____________________
"Consider this a privilege. You have been chosen."
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 526/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 05-24-14 08:37:39 PM Link | Quote
Might as well post more crap here again.

I've finally got some free time to screw with this stuff. Just for the fun of it, I decided to figure out and (kind of) reverse engineer how FSB files work. I wrote a program that can rip out operation strings within an FSB file and I can figure out what operations in the FSB file could possibly be executed. For example, here is just a small portion of instructions to operations that could possibly executed by a01b.fsb (literally the beginning of a new game):

(There is more before this)
⑳S0.?@?@?@?@?@?@This game is fiction.⑳n?・
⑳S0.?@?@?@?@?@?@All names, characters, and incidents portrayed in this production are fictitious.⑳n?・
?BG Fill
?System ClearBackLog
$NOVEL_SKIP_FIC
?System Wait
?System KeyWait
?BG Fill
?System EraseWin
?System PlayMovieBoth
:opening_ship_020
:white_010_00
:opening_ship_010
:white_010_00
?Sound PlaySE
:SE_A01B_SHIP_BOMB
?BG Picture
:A01b_0030_00
?BG Earthquake
?System Wait
?BG FadeOut
?BG Fill
?BG EarthquakeStop
?BG FadeIn
?System Wait
?BG Picture
:black_010_00
?BG Picture
:A01b_0040_00
?Sound PlaySE
:SE_A01B_BOMB
?System Menu
?System Wait
A loud noise startled Junpei awake, and his eyes snapped open.?・
As they adjusted to the light, he realized that he didnSt recognize his surroundings.⑳n?・
?System Wait
?System EraseWin
?Sound PlaySE
:SE_A01B_BED_WAKE
?View BrightIn
?BG Earthquake
?BG Picture
:steerage_000_00
?View BrightOut
?System Wait
?BG Earthquake
Ow!?・
?System EraseWin
With a DcrackD, JunpeiSs head connected with something metal.?・
He rolled over and threw out his hand to steady himself, but he found himself groping at empty air.?・
?System EraseWin
?BG Fill
?Sound PlaySE
:SE_A01B_BED_FALL
His balance lost, and his still-fuzzy mind struggling to understand what was going on, Junpei tumbled down to the cold, grey floor.?・
?System EraseWin
?Sound WaitSE
:SE_A01B_BED_FALL
?BG Picture
:steerage_010_00
?System Wait
?System Wait
OOOOOOWWWCHGODDAMNIT! ⑲Gah! What the hell!??・
?System EraseWin
(There is more after this)

The instructions in this list seem to coincide with what actually happens in the game which is pretty cool. While I can figure out a lot of possibly executed instructions, I think there is still at least one type of instruction that I haven't figured out how to decode yet.

Here is the more interesting part to all of this and something that I wish that I had realized sooner. I decided to execute my program on a few different FSB files. The most interesting file (at the moment) is start.fsb which is responsible for loading the title screen. What is listed below is a portion what operations the file can execute but does not necessarily execute:

$DEBUG_SEL
?System KeyLock
⑳C5│Game Start
⑳C5│Debug Menu⑳C0
⑳C5│File Menu⑳C0
⑳C5│Memories⑳C0
⑳C5│Auto Play⑳C0
⑳C5│Destroy Save Data⑳C0
⑳C5│Staff Roll⑳C0
?・
$___r
$___r
$___r
$___r
$MEMORY_CALL
?System EscapeScreen
$___r
?System CallScript
~Test5
$___r
⑳C5│BLOCK 0⑳C0
⑳C5│BLOCK 1⑳C0
⑳C5│BLOCK 2⑳C0
⑳C5│BLOCK 3⑳C0
⑳C5│BLOCK 01⑳C0
⑳C5│BLOCK 23⑳C0
⑳C5│BLOCK 0123(ALL)⑳C0
⑳C5│ランダム⑳C0
?・
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
?System DataDestroy
$___r
⑳C5│Aエンドスタッフ・?[ル⑳C0
⑳C5│Bエンドスタッフ・?[ル⑳C0
⑳C5│Cエンドスタッフ・?[ル⑳C0
?・
$___r
?System CallScript
~Aed2
:DEBUG_A_STAFF
$___r
?System CallScript
~Bed4
:DEBUG_B_STAFF
$___r
?System CallScript
~Ced1
:DEBUG_C_STAFF
?System Menu
?System LogoScreen
$GAME_FIRST
?System SkipEnable
?System TextFilter
?Chara Scroll
$GAME_FIRST
?System StartScreen
?System StartScreen
?System Menu
?System CallScript
~A01b
?System Reload
$GAME_FIRST
?System DebugInit
?BG Fill
?System SoundTest
?Chara Out_All
?System EraseWin
(More instructions after)

The first interesting thing in this list are the instructions:

⑳C5│Debug Menu⑳C0
⑳C5│File Menu⑳C0
⑳C5│Memories⑳C0
⑳C5│Auto Play⑳C0
⑳C5│Destroy Save Data⑳C0
⑳C5│Staff Roll⑳C0
⑳C5│BLOCK 0⑳C0
⑳C5│BLOCK 1⑳C0
⑳C5│BLOCK 2⑳C0
⑳C5│BLOCK 3⑳C0
⑳C5│BLOCK 01⑳C0
⑳C5│BLOCK 23⑳C0
⑳C5│BLOCK 0123(ALL)⑳C0
⑳C5│ランダム⑳C0
⑳C5│Aエンドスタッフ・?[ル⑳C0
⑳C5│Bエンドスタッフ・?[ル⑳C0
⑳C5│Cエンドスタッフ・?[ル⑳C0

These aren't actually even operations. They have a weird formatting but these are just strings and they never get executed to my knowledge (which makes sense). I've compared the formatting of these strings with other files like test2.fsb and test3.fsb. I certainly didn't need my program to figure this out (which i why I feel a little stupid) but, from what I can gather, these are strings that belong to a menu on the touch screen like the menus of test2 and test3. All the options on this menu sound interesting but the issue now is how to load this menu. I need to dig a little deeper on this. Perhaps I should see how test2.fsb and test3.fsb load their menus and maybe I can force start.fsb to load its menu in the same way. Of course, whether or not any of these options still have functionality left to them is a different matter.

The last interesting thing is there is an instruction for what appears to be a sound test near the end of the list. That instructions is, unsurprisingly, never executed either which makes sense. That is something else I will try to screw with.

I've already posted a lot here but looking at other FSB files... start.fsb isn't the only file with hidden menu strings........

____________________
Come on, you know you want to show support. Click the links below:
>>Reasons for Operation Bluebird<<
>>Operation Bluebird Facebook Page<<
Cuber456

Fuzzy
Don't mind me. Just passing through.
Level: 56


Posts: 532/776
EXP: 1319493
For next: 78683

Since: 02-19-12

From: Everywhere at once.

Since last post: 4.2 years
Last activity: 131 days
Posted on 05-31-14 02:36:41 AM Link | Quote
Bingo Baby. Its nice to finally see some results!


____________________
Come on, you know you want to show support. Click the links below:
>>Reasons for Operation Bluebird<<
>>Operation Bluebird Facebook Page<<
Next newer thread | Next older thread
Jul - General Game/ROM Hacking - Assembly Trouble New poll - New thread - New reply


Rusted Logic

Acmlmboard - commit 47be4dc [2021-08-23]
©2000-2022 Acmlm, Xkeeper, Kaito Sinclaire, et al.

32 database queries, 13 query cache hits.
Query execution time: 0.083179 seconds
Script execution time: 0.040340 seconds
Total render time: 0.123519 seconds