Hitaxas' S3K research topic

Hitaxas · Feb 15, 2009

I originally made this topic on Retrohack (PsychoSk8r's forums), but I decided to copy/paste what I had here. enjoy.

So you want to hack S3K, or port an object from said game?

You've looked all over this site AND asked for help, only to find that nobody can help you?

You wonder why you cannot and be helped?

Here is the answer: Sonic 3 and Knuckles is not as well documented as the other two games.

I want to fix that. Who's with me?

My S3K research is only possible because of Stealth's Sonic3k.asm file. So a big thanks to Stealth. (and Puto for his text format conversion. )

1. you will need a copy of Stealth's S&K ASM file, which you can grab here: DOWNLOAD

Then, if you can figure out how, lock-on S3 with the ASM.

Here are the instructions from the IDA version of the Stealth disassembly:

Lockon Test Sequence

Compare Byte-for-byte the header portion at 00200100 (00000100 in the locked-on ROM, if it exists) to the stirings "SEGA MEGA DRIVE " and "SEGA GENESIS ". If they do not match, check for just the word "SEGA" starting at the same address by using a LONG comparison to test all 4 bytes at once. If the test fails, assume no game is attatched, and skip ahead to Sonic and Knuckles startup by jumping to location 00000494. If those tests are successful, test 00200180 (00000180) byte for byte against each of the 3 possible Sonic 2 headers and the Sonic 3 header. If one header matches, break this loop and test whether it was a Sonic 2 header or the Sonic 3 header by the value left in the loop counter. If the loop counter is greater than 0 (the final test, the Sonic 3 header), a Sonic 2 header was found to match, so jump to 00300000 to start Sonic 2 and Knuckles. If it is 0, or there was no match, jump to 00000494 to start Sonic and Knuckles or Sonic 3 and Knuckles. If the initial "SEGA" string tests were unsuccessful, place a value of -1 in d1, which will be carried to RAM address FFFFFFAE to signify Sonic and Knuckles. Otherwise, the value will remain 0, which signifies Sonic 3 and Knuckles.
Click to expand...

In order to build a rom you will need include.exe, snasm86k.exe (OR ASM68k.exe) and you must also make a build.bat file using the following text:

@echo on

snasm68k.exe -dmax 32 -p -o op+ -o os+ -o ow+ -o oz+ -o oaq+ -o osq+ -o omq+ sonic3k.asm, S3K-snasm.bin%1>s3k-snasmerror.txt
Click to expand...

OR, if you use ASM68k.exe:

@echo off
rem include.exe sonic3k.asm

rem ASM68K.exe -emax 0 -p -o ae- , S3K-asm.bin
asm68k /o op+ /o os+ /o ow+ /o oz+ /o oaq+ /o osq+ /o omq+ /p /o ae- sonic3k.asm, S3K-asm.bin
Click to expand...

2. don't be afraid to share and ask questions in this topic.
The sole purpose of this topic is to research S3K and compare it's equates, RAM variables and routines to Sonic 2.

What good is this?
It will help provide people with answers to unknown questions, as well as help you, the hacker.

How will it help?
Not only will we be able to further understand S3K, but it will also aid in porting objects to the other Sonic games, Such as Sonic 1 and 2.

To start this all off, I will post my findings. All of my findings have been compared to their Sonic 2 (xenowhirl ASM) equivalents.

Sonic 2 on the left, S3K on the right:

Code (ASM):

S2 to s3k equates:

Sonic_acceleration: = 2 ; this seems to handle topspeed as well, i guess...

Sonic_deceleration: = 4 ?

render_flags: = 4 ?

routine:    = 5

width_pixels: = 6 ;and 7 ?

priority: = 8 ; $100 is 2 in s2 and $80 is 1

art_tile: = $A

mappings: = $C

x_pos:    = $10

y_pos:    = $14

x_vel:    = $18

y_vel:    = $1A

inertia:    = $1C

y_radius: = $1E AND 6?

x_radius: = $1F AND 7?

anim: = $20

next_anim:    = $21

mapping_frame:    = $22

anim_frame: = $23

anim_frame_duration: = $24

angle:    = $26

flip_angle: = $27

collision_flags:    = $28

collision_property: = $29

Status: = $2A

status_secondary: = $2B

air_left: = $2C

flip_turned:    = $2D

obj_control:    = $2E

;routine_secondary: = $2F

flips_remaining:    = $30

flip_speed: = $31

move_lock:    = $32

invulnerable_time:    = $34

invincibility_time: = $35

speedshoes_time: = $36

$38 = $38 ; custom in s2... I use it for shield art. S3K uses it to check for player modes: 1 for tails and 2 for Knuckles

Sonic_Look_delay_counter: = $39

next_tilt: = $3A

tilt: = $3B

stick_to_convex: = $3C

shield_dplc: = $3C ; custom in s2... not sure if it will work in all hacks =/

spindash_flag:    = $3D

spindash_counter: = $3E

layer_plus: = $3F

Jumping:    = $40

layer:    = $46

layer_plus: = $47

next_object: = $4A

RAM variables:

Ctrl_1_Held_Logical = $FFFFF602

Ctrl_1_Press_Logical = $FFFFF603

Ctrl_1_Held = $FFFFF604

Ctrl_1_Press = $FFFFF605

Sonic_Pos_Record_Index    = $FFFFEE26

Sonic_Pos_Record_Buf    = $FFFFE500

Sonic_Stat_Record_Buf = $FFFFE400

$FFFFB01A = $FFFFB022

$FFFFB001 = $FFFFB004

$FFFFB018 = $FFFFB008

$FFFFEE24 = $FFFFEE24

$FFFFCD9C = $FFFFCD9C

$FFFFF602 = $FFFFF602

PlaySound = Play_Sound_2

Primary_Collision = $FFFFF7B4

Secondary_Collision = $FFFFF7B8

Collision_addr    = $FFFFF796

Chain_Bonus_counter = $FFFFF7D0

Camera_Min_Y_pos    = $FFFFEE18

Camera_Min_X_pos = $FFFFEE14

Camera_Max_X_pos = $FFFFEE16

Debug_mode_flag = $FFFFFFDA

Ctrl_1_Press    = $FFFFF605

Debug_placement_mode    = $FFFFFE08

Control_Locked    = $FFFFF7CA

Camera_Max_Y_pos_now    = $FFFFEE1A

$FFFFEEBE = $FFFFEE0B

Update_HUD_lives    = $FFFFFE1C

Update_HUD_rings = $FFFFFE1D

Life_count    = $FFFFFE12

Time_Over_flag    = $FFFFFE1A

Update_HUD_timer    = $FFFFFE1E

Update_HUD_timer_2P = $FFFFFEC7

Ring_count    = $FFFFFE20

Extra_life_flags    = $FFFFFE1B

Level_Inactive_flag = $FFFFFE02

RandomNumber    = Random_Number

Emerald_count = $FFFFFFB1

$FFFFFFB0 = $FFFFFFB0 ; used as Got_Emerald in s2, but in S3K, it is used to check the super emeralds

MainCharacter = $FFFFB000

Object_RAM    = $FFFFB000

Sidekick    = $FFFFB04A

Water_flag    = $FFFFF730

Super_Sonic_flag = $FFFFFE19

Ring_spill_anim_counter = $FFFFFEB6

Extra_life_flags = $FFFFFE1B

Saved_layer = $FFFFFE3A

Saved_art_tile    = $FFFFFE38

Saved_x_pos = $FFFFFE2E

Saved_y_pos = $FFFFFE30

$FFFFF7C7 = $FFFFF7C8

$FFFFF768 = $FFFFF768

$FFFFF76A = $FFFFF76A

obj_control = $FFFFF7C6

Super_Sonic_frame_count = $FFFFF670

$FFFFCBC0 = $FFFFCBC0 ; used in S3K for hyper form after-images

MoveX = $FFFFB018

MoveY = $FFFFB01A

MainCharacter+x_pos = $FFFFB010

MainCharacter+y_pos = $FFFFB014

Sidekick+x_pos = $FFFFB05A

Sidekick+y_pos = $FFFFB05E

Routines:

PauseGame = Paused_Debug_Controls

Sonic_LevelBound = Player_Check_Screen_Boundaries

AnglePos    = Call_Player_AnglePos

CalcSine    = GetSine

CalcAngle = GetArcTan

Sonic_DoLevelCollision    = sub_11EEC

ObjectMove    = MoveSprite_TestGravity2 or MoveSprite2

SingleObjLoad = Create_New_Sprite3

AnimateSprite = Animate_Sprite

DisplaySprite = Draw_Sprite

sonic_jumpheight = sub_118BC

Sonic_ChgJumpDir = sub_1164E

Obj01_UpdateSpeedOnGround = loc_112FC

Sonic_Lookup = loc_112B0

Sonic_Duck = loc_11276

Obj01_MdJump = Sonic_Spin_Freespace

Obj01_MdRoll = Sonic_Spin_Path

Sonic_Roll = Player_Spin

Sonic_Jump = sub_117DA

Player_OnFloor = loc_1C95A or Tails_DoLevelCollision when Tails

Sonic_CheckGoSuper = loc_119D2

Sonic_ResetOnFloor    = Player_TouchFloor

Not 100% sure on some notes, 4 seems to be both Sonic_deceleration AND render_flags, but that may just be me overlooking shit.

Sik · Feb 15, 2009

Why are optimizations enabled? =S I just use /p (asm68k) or -p (snasm68k) and that normally does it - especially if I want an exact build of what is in the asm file. Having to remember all those parameters seems stupid and hard =/

By the way, to those using asm68k, it pretty much takes the same parameters as snasm68k but using / instead of - (some parameters change, but most are the same). I wonder if that helps =P

Hitaxas · Feb 15, 2009

Sik said:

Why are optimizations enabled? =S I just use /p (asm68k) or -p (snasm68k) and that normally does it - especially if I want an exact build of what is in the asm file. Having to remember all those parameters seems stupid and hard =/
Click to expand...

Without some optimizations, there seems to be a few graphical errors in Mushroom Hill Zone (S&K).

Sik · Feb 15, 2009

Wouldn't that mean that something is wrong with the disassembly then? Remember that optimizations are doing stuff like replacing add with addq where possible and such.

Hitaxas · Feb 15, 2009

Sik said:

Wouldn't that mean that something is wrong with the disassembly then? Remember that optimizations are doing stuff like replacing add with addq where possible and such.
Click to expand...

Could be. Since there are quite a few graphical mess ups in the game.

Spanner · Feb 15, 2009

The disassembly is quite picky. For example, if you replace the ASM'd art for Sonic with a binary file exported from SonMapEd, the game fucks up. Why is that happening? I add an even directive anyway and that fails.

Hitaxas · Feb 15, 2009

SOTI said:

The disassembly is quite picky. For example, if you replace the ASM'd art for Sonic with a binary file exported from SonMapEd, the game fucks up. Why is that happening? I add an even directive anyway and that fails.
Click to expand...

I haven't messed with adding files externally. If I were to replace the art, I'd save everything in ASM form and replace the lines in the asm file.

Yuzu · Feb 15, 2009

I guess the game is just sensitive about the files, or checks the checksum of the files, which would be pointless on the 68K at the same time.

LazloPsylus · Feb 15, 2009

I actually started doing some research pertaining to the spindash code in the disasm, actually. I had some notes, but they all seem to have disappeared. I'd be glad to join in and help, if it weren't for the fact that I'm already tied to another project and probably won't be freed up anytime soon. If I do find some spare time, however, I might be able to pitch in with some research.

I was actually hoping that someone would attempt to do this. S3K has some interesting secrets nestled inside of the code and some amazing programming and none of it can really be read or used because there is little to no documentation on any of the disasm at all. It's time we start trying to remedy the issue of no documentation.

By the way, as a note I just remembered, there is a serious issue pertaining to the combined ROM that does not allow much (if any) progress in AIZ and MHZ. I believe the issue is tied to either a music call involving Knuckles's Theme and it's transition back to the normal zone music (oddly, the probem does not appear at the end of LBZ, when Knuckles appears to slow down Sonic/Tails) or it could be an alignment issue. It only happens with the combined S3K ROM. That may be an issue that needs to be resolved in the disasm along with the research that is intended to be done.

Skyler · Feb 15, 2009

I may not exactly be a hacking expert, but couldn't you try disassembling S3 and SK seperately?

Hitaxas · Feb 15, 2009

Moonshadow Caz said:

I may not exactly be a hacking expert, but couldn't you try disassembling S3 and SK seperately?
Click to expand...

S3 alone, no... Since I have not seen a disassembly of plain S3.
S&K, yes... That is what Stealth's file is actually.

Although, my focus is on S3K.

Ritchie Ramone · Feb 16, 2009

I'm no hacker (although I do have some experience dicking around with pointless "experiments" on S2 disassemblies and I have some ASM knowledge), but I'm in full support of this. Hopefully this opens new doors in hacking this game. I know that with the proper knowledge, I myself could contribute to this (and I certainly do wish I were at a level where I could immediately join you guys and help further this research). Anyways, you guys have my full support.

Hitaxas' S3K research topic

Useful Searches