don't click here

Sonic CD 2011 Save Game Hex Editing Guide

Discussion in 'Engineering & Reverse Engineering' started by RetroKoH, Aug 13, 2012.

  1. RetroKoH

    RetroKoH

    Member
    1,662
    22
    18
    Project Sonic 8x16
    Ok, first, let me preface this by saying that this is not complete. I don't know if this has been done before with the iOS version of the remake, but I saw NOTHING reported/documented... so I'm introducing it for you guys to try out. To do this... you will need a couple things.

    iPod with Sonic CD app, and a USB. (Well, of course)
    A program that can go into your iPod. I used iFunBox, but if you know of another that will do the trick, go ahead.

    MAKE A BACKUP OF EVERYTHING BEFORE TOUCHING ANYTHING. IF YOU DON'T, YOU'RE AN IDIOT, AND NO ONE WILL FEEL SORRY FOR YOU.

    [​IMG]

    Now, I have opened up Sonic CD in iFunBox, and it looks something like the picture above. You have some folders, and the app itself... which you'll find as also really just another type of folder. That contains many things, such as pics of the icon, and starting screen backdrop. Also has mp4's of all of the videos in the game. I have not tried replacing any of them as of yet... but I'll get back to you after I do.

    But enough of that. I'm here to talk about how to hack into your saved data and mess with shit. Wanna start on Palmtree Panic with all 7 Time Stones? Wanna change your Sonic file save to a Tails' file save? Wanna start a zone in the past or future? Wanna mess with your Time Attack records? I'm here to help! Let's begin. Go into the Documents folder, and make note of the SGame.bin file. Make a copy of this, unless you don't care about losing your REAL game/records.

    Now keep in mind, when editing, you will need to do this outside of FunBox, as in... in a folder in your computer. Editing it internally will do nothing, as the game will overwrite it back to the way it was (or it simply doesn't save... I dunno which.) So I just edited a copy in my backup folder... I suggest you do the same. After making changes, go to the Main Menu in Sonic CD (You can do the editing and deletion while the game is running), and replace the existing SGame.bin with the new one. It MUST be named SGame.bin! After that, you can immediately go from the Main Menu into your Game/Time Attack menu and see the changes right away.

    Now, with that out of the way... let's fuck things up a bit.

    NOTE: I have not figured out ALL of the offsets, this is only about an hour's work... I will come back with more later, so please bear with me, or figure it out on your own.

    MAIN GAME DATA
    Look at offsets 00-19. These offsets are the data for Game Save 1. 20-39 are for #2. 40-59 are for #3, and 60-79 are for 4. They all contain the same information, so I will only go over the offsets for editing game #1. You can use your logic and math skills to figure out the offsets for #2-4 based on what I will tell you.
    Offset 00 - Character Selected (00-Sonic, 01-Tails)
    Offset 04 - LIVES (Hex)
    Offsets 08-0A - SCORE. (These 3 bytes are written in reverse. Ex. your SCORE is 10900. In hex, that's 2A94, therefore the bytes will read 94 2A 00 in the file.)
    Offset 0C - Current Level. Runs through each act in order of Level Select. (Present/Past/G.Future/B.Future)
    (01-04: PP1, 05-08: PP2, 09-0A: PP3)
    NOTE (SPECIAL STAGE)
    Special Stages work differently. I don't know how exactly these work yet. I have figured out that each number listed below dictates the Special Stage AND the following
    level. (Ex. 55-SS1 to PP2 66-SS2->TT1 Past) It seems that after the Special Stage, it subtracts $50 to get the next level... I dunno if that assumption is accurate or not though.

    Offset 10 - Time Stones collected. The 8 bits of the byte denote which Time Stones have been obtained. N/A|Red|Purple|Teal Blue|Yellow|Orange|Green This means that this byte can be anywhere from 00-7f. 7f, being ALL STONES.
    Offsets 18-1A - ??? In new games, they appear as 50 C3 00. I have no idea what this is yet, but it changes as you play.
    Offsets 1C-1D - Machines Destroyed. I haven't fully figured out how these work, but I'm working under the belief that they work in the same fashion as the Time Stone byte, in that each bit denotes which Machine has been destroyed. I'll figure out which bit denotes which one later.
    Offset 1E - Metal Sonic holograms destroyed. - This byte seems to simply count how many you've destroyed, rather than which ones you've destroyed. If you set this to the max (0C - 12 holograms in the game) then go destroy one in the main game, it'll increase to 0D.
    The reason for the difference is that for the achievement, both need to be counted, BUT holograms have no effect on Good Futures, while Machines DO have effect on Good Futures, in particular, whether or not you get a Good Future for Zone 3 or not. Therefore, machines are individually recorded, while holograms are simply counted together with 1 variable.

    Almost everything there uncovered... but now lets move on...

    MISC
    Next is your settings and misc stuff. Again, haven't uncovered EVERYTHING, but here's what I got thus far.

    Offset 80 - Not sure what it does. Starts out default as "00", but in my file it changed at one point to "01" so its used for something...
    Offsets 84 and 88 are Music and Sound volumes. In game, they range from 0-10. In the hex file, to increase this, increase the value by hex multiples of 10.
    (00-0, 0a-1, 14-2, 1e-3, 28-4, 32-5, 3c-6, 46-7, 50-8, 5a-9, 64-10 FULL) - Lazy asses... here you go.
    Offset 8C - This is your Spindash setting. 00-Genesis mode. 01 for Classic CD mode.
    Offset 90 - Not sure what it does. Starts out default as "00", but in my file it changed at one point to "01" so its used for something...
    Offset 98 - Soundtrack. 00 - JP Soundtrack. 01 - US Soundtrack.
    Offset 9C - Time Attack Zone unlock. This denotes how many of the main Zones are unlocked for play in Time Attack. Starts at "00" for none unlocked. 01 unlocks PP, 02 unlocks CC, and obviously this counts up to 07, where all zones are unlocked.
    I am working under the belief that all other unlockables don't have offsets. Instead, they are locked/unlocked based on the calculated totals of the following Time Attack variables.

    And speaking of which, onto the next part...

    TIME ATTACK.
    These start at Offset C0. Remember with this, you are editing the 1st, 2nd, and 3rd places for EACH ACT. and for special stages, each one has 3 times as well. So, to improve your total, you need to improve the 1st place of each one.

    Each record is read from 4 bytes, but you will only need the first 2 bytes. Editing the second pair of byte will skyrocket your time up to 99 minutes, and after 99 minutes, it will loop back again, eventually even reading letters! I managed to get 0:00.0Z. I will start to note every single offset for each time record, but I'm sure you could figure it out without me by now, just remember, each record uses 4 bytes!

    Start with C0. This is the 1st place time for Palmtree Panic Zone 1. C3 is the 2nd place time... and so on.

    Unfortunately that's all I've got for now. I will do my best to try to find out more. Also, anyone else who tries this and figures anything out... please feel free to contribute. Now if only we could get our hands on the engine code... Hmm. Taxman, where are you??? Could you come help us for a second? [​IMG]
     
  2. RetroKoH

    RetroKoH

    Member
    1,662
    22
    18
    Project Sonic 8x16
    Sorry for the double post... I am surprised that no one seems to be commenting on it...

    Regardless, I have updated the information with some new info and corrections.

    MAIN GAME - SCORE is 3, maybe 4??? bytes, not 2.
    Machine and Hologram offsets have been found.

    MISC - Found 3 more offsets. 2 are unknown,
    The third one determines which zones in Time Attack are locked/unlocked.

    TIME ATTACK - More info found regarding how the bytes in this part of the file work. You should know enough to edit time records on your own now.

    I'm heavily considering writing a program to work with your file, if anyone would be interested in it. If I do, I will want it to be able to read the file from the iPod on its own, saving the user the trouble of having to extract the file on their own. If there is any interest, lemme know and I'll get started on it.
     
  3. Josh

    Josh

    Oldbie
    2,123
    1,087
    93
    USA
    This is valuable and awesome info. I think it's just that most people here are pro enough at Sonic CD that hacking the save system doesn't seem all that much of a necessity. Still, I'm sure people will give your program a go if you wanna work on it. It would be nice to change parameters on the fly, though I've got the Android and PC versions.
     
  4. RetroKoH

    RetroKoH

    Member
    1,662
    22
    18
    Project Sonic 8x16
    Yea, I totally understand that... which is why I'm 50/50 on whether or not I want to put together a program or not.

    If nothing else though, at least the info is here... and it's really helped me to learn how exactly the save systems work with regards to .bin files. I'm going to look into the Sonic 3 SRAM next. I know that's already been done, but I would much rather try to figure it out on my own instead of cheat and look at the guide... and see if I can't learn anything from it. Hopefully others can do the same from my guide, in particular, new members.

    NOW... if I can find a way to actually hack into the Sonic CD game itself and modify anything, then I think this could be a hot topic... iOS hacks anyone?

    I am interested though, and this goes out to you Josh, or anyone else. Could any Android, Steam, PSN or 360 users please find any way to confirm whether or not the info in my guide is also accurate for their version of Sonic CD? I can't imagine why it'd be different, but it'd be good to know.

    EDIT: SCD for Android HERE
     
  5. I found it pretty interesting, and was wondering why they weren't posting either. I had nothing to say really because I didn't want to sound like a retard because I know nothing about this sort of stuff. It's cool that the new Sonic CD is getting worked at now, especially the iOS version, you don't see many iOS hacks, if any
     
  6. RetroKoH

    RetroKoH

    Member
    1,662
    22
    18
    Project Sonic 8x16
    Please don't expect much in that direction YET. I still have no idea how to access the game engine. SGame.bin is the only .bin file there. Anything else that would be code is just listed as a "File". not even a type or an association. I'm sure I can still open it with something, but doing anything with it will be a true challenge. My next thing to try though, which I will in due time... is to try to replace the videos in the game with different ones, just to see if it would work. They are in the game as .mp4's so I'm gonna give it a try. I'll have an update soon enough.
     
  7. Elratauru

    Elratauru

    Little Shiny Emurralds Member
    Well, I don't know about this, I mean it's cool and stuff, but you can always ask Taxman about it, not sure if he would give you that kind of "hackish" info though... I mean, its his engine after all.