don't click here

Sonic 06 (Xbox 360) - Reverse Engineering

Discussion in 'Engineering & Reverse Engineering' started by codenamegamma, Jun 29, 2018.

  1. codenamegamma

    codenamegamma

    Tech Member
    73
    1
    8
    Hi,
    For the past few days I have been hacking around with Sonic 06 using my RGH console it seems like there's not too much information out there on the EXE or the how the game actually works side of things so here is what I got and what I learned so far.

    So first thing i did was dump the xex to my PC and using an old guide, i managed to get it converted and open in IDA for further research. the first thing i did was dump a list of floats and start going down the list poking them, Here is the full list of floats. https://docs.google.com/spreadsheets/d/1PSxQxFbtagKRPbNO2-8mgsvM9uX19KTgd0mTICE_Lmg/edit?usp=sharing the first thing did was start working down the list and managed to do 150 so far out of 1200+ here's the interesting stuff i found.

    Speed (In Game) DEF: 0.01666667
    0x82000B88

    Changes Game Rendering Mode? DEF: 0
    0x82000DD8

    Changed Rendering Scale? DEF: 0.5 - Don't go above that.
    0x82000DDC

    Image Strech X DEF: 2
    0x820013A0

    Graphics Changes - Falling Peds DEF: 0.0099999998
    0x82001418

    Messes up graphics - Image Scaling? DEF: -1
    0x82001530

    Fog? DEF: 2
    0x82001594

    Mini-Map Placement- DEF: 0.25
    0x82001930

    Skybox Distace? DEF: 20000
    0x82001B60

    Sound Effects Buffer Volume. DEF: 0.001
    0x82001F88

    Peds Shake? DEF: 0.01745329
    0x82001FE0

    Mini-Map Icon Size DEF: 200
    0x82002038

    Camera Distance DEF: -0.7853982
    0x82002230

    Camera - Causes it to spin out if set to 1.
    0x820022B8

    Funky Spinning Models if modified
    0x82002370


    TOD / Lighting?
    0x8200246C

    Load Sound FX sometimes?
    0x82004514

    Spin for Picked up Objects.
    0x82007D94

    Infinite Time? - Breaks Stage Timer.
    0x82008230

    I've been using Ascensions Advanced poker to change them, The first one that I tried effects the timescale the game is running at, this is also the case for the E3 (XBL) Demo of the game, where I also did the same process and dumped those floats as well. where there are 1093 of them, a few less than the full release.

    There are references to debug mode and I've been trying to get it enabled but my limited knowledge of PPC Assembly is preventing me from getting it enabled, but nothing I've seen in the code of the game so far makes me think that it's not possible to one day enable it. below is a link to a screenshot of ida with the code itself, so if you know please let me know.
    https://i.imgur.com/ZSrSjN6.png


    PS Sorry about the new thread on something so old, as far as i can tell information on this is sparse and extremely old so rather than bumping a 10 year old thread I wanted to opt for something new as with the rise of Xenia modding the core code of the game will probably be increasingly more important as time goes on and more people start running this game on emulators.
     
  2. biggestsonicfan

    biggestsonicfan

    Model2wannaB Tech Member
    1,608
    411
    63
    ALWAYS Sonic the Fighters
    Well, the game used unencrypted LUA scripts, wouldn't the values just.... be in those, or are these constants from the engine itself?
     
  3. codenamegamma

    codenamegamma

    Tech Member
    73
    1
    8
    I think stuff like Sonic's Speed for example, might be in those Lua scripts. but at least for something like GameSpeed since those are hard coded they're in the xex
     
  4. Information on this is indeed very sparse. I've seen a few videos lying around on YouTube of changed hard coded values. Is it possible to recompile the .xex?

    For the record I'm a junkie for this game. DM me if you'd like to discuss. Though I won't be much good with IDA.
     
  5. codenamegamma

    codenamegamma

    Tech Member
    73
    1
    8
    well right now if i could find someone whos good with xbox 360 hacking or ppc assembly that would be ideal. as to get debug mode working i think I'm going to have to figure out what that code does then change it in memory as the game is running, or hex edit the exe. as far as recompiling idk.... but at least ida can tell what it is so thats a start.
     
  6. Have you tried looking at the PS3 executable? What about the demo? As far as debug, the flag for it can be set, but it looks like something overwrites the lua variables, as some variables don't seem to do anything when changed at all. I'm assuming this is because of the hard coded values in the executable.
     
  7. codenamegamma

    codenamegamma

    Tech Member
    73
    1
    8
    the debug code seems diffrent in the demo. as far as debug theres a no-clip kinda mod in the lua that i know about but nothing that will give us a menu.
     

  8. It's probably overridden by the .xex then...like much of the other stuff. I'll disassemble it and have a look myself. I may not be excellent at IDA but I have to start somewhere :v
     
  9. HyperBE32

    HyperBE32

    Blast Processing Member
    23
    0
    1
    Cheshire, England
    Marathon
    The configurations for all of the characters' speeds are located in the player.arc file. You'll have to decode the LUB files first and you should be good to go to change the values.
     
  10. HyperBE32

    HyperBE32

    Blast Processing Member
    23
    0
    1
    Cheshire, England
    Marathon
    To keep this thread going somewhat, here's a finding of our own at Lost Legacy Team...

    ? Sonic's Action Gauge was attempting to read values from missing variables, so the variables provided weren't named correctly.
    File (xenon): player.arc\xenon\player\sonic_new.lub
    File (ps3): player.arc\ps3\player\sonic_new.lub

    Code (original):
    Code (Text):
    1. c_gauge_max = 100 * point
    2. c_gauge_green = 10 * point
    3. c_gauge_red = 10 * point
    4. c_gauge_blue = 10 * point
    5. c_gauge_white = 10 * point
    6. c_gauge_sky = 10 * point
    7. c_gauge_yellow = 10 * point
    8. c_gauge_purple = 10 * point
    9. c_gauge_super = 10 * point
    10. c_gauge_heal = 50 * (point / sec)
    11. c_gauge_heal_delay = 0.5 * sec
    Code (fixed):
    Code (Text):
    1. c_gauge_max = 100 * point
    2. c_green = 100 * point --Values increased from 10 to decrease the Action Gauge evenly so it can deplete correctly.
    3. c_red = 25 * point
    4. c_blue = 100 * point --Blue Gem seems to work as intended with this set to 100, as when the Action Gauge replenishes fully from zero, the Blue Gem expires.
    5. c_white = 25 * point
    6. c_sky = 100 * point
    7. c_yellow = 25 * point
    8. c_purple = 25 * point
    9. c_super = 100 * point
    10. c_gauge_heal = 10 * (point / sec)
    11. c_gauge_heal_delay = 0 * sec --Delay set to zero to actually replenish the Action Gauge.
    There are many other oddities with this game, but they're all at the back of my mind, so I'll probably reply with them after I jog my memory a bit.
     
  11. RDNexus

    RDNexus

    Member
    I'm not sure if this is the best thread to bring up this matter, but I'll try anyway.
    I've seen a video on Youtube about a guy trying the Demo and Retail Versions, and on the comments someone stated that the Demo seemed to be a later version of development of the game than the Retail Version.
    Is this actually for real? If so...dear goodness...
     
  12. ItsBrieDude

    ItsBrieDude

    my brain is the spinning seal gif Member
    I've played the demo on my 360 a few years back, and I can confirm that there were quite a few improvements in the demo compared to the final product. Whether that's indicative of the build used I don't really know.
     
  13. What's the final/demo build dates?

    Edit:

    The demo has a build date of Sat Sep 16 04:34:53 2006: https://textuploader.com/1a3hn
    The final has a build date of Sun Oct 22 14:01:13 2006: https://textuploader.com/1a3h2

     
  14. HyperBE32

    HyperBE32

    Blast Processing Member
    23
    0
    1
    Cheshire, England
    Marathon
    That's just speculation since the demo has more polished features than the retail game. Most notably, the demo has rotation physics, whilst the retail game doesn't, so player movement seems very choppy when walking across rigid geometry. There's also stuff with the Action Gauge in the demo, like the maturity meter which is just nonexistent in the retail version. The demo also has a poor use of anisotropic filtering, which I'm pretty sure they just removed in retail.
     
  15. Blue Spikeball

    Blue Spikeball

    Member
    2,348
    957
    93
    Have people attempted to "port" some of the improvements from the demo to the final game?
     
  16. All of these things, such as rotation physics, are hard coded in the executable. Until we have a complete breakdown of the .xex, that just isnt going to happen. There's a few channels on YouTube that I've seen that have some goodies on that, but they don't like to share.
     
  17. Blue Spikeball

    Blue Spikeball

    Member
    2,348
    957
    93
    Pity, wonder if that would make the game more bearable. Never tried the demo, but I've read plenty of reports from people who did that it plays better.
     
  18. HyperBE32

    HyperBE32

    Blast Processing Member
    23
    0
    1
    Cheshire, England
    Marathon
    Yeah, there are people experimenting with 'porting' beta and/or demo assets right now. =P
     
  19. Overlord

    Overlord

    Now playable in Smash Bros Ultimate Moderator
    19,218
    965
    93
    Long-term happiness
    As someone who has - it's like upgrading from cold sick to warm sick. You're still playing with vomit.