I've been poking around with the idea of disassembling Rockman Megaworld to see what makes it tick with a view to making a hack of it which improves its faithfulness to the NES originals and/or splitting the games off as independent games of their own. I've not got much, but I do know it has a ker-razy checksum routine. Dig this: Code (ASM): loc_354: lea (ROM_Start).w,a0 lea (unk_200).w,a1 moveq #$F,d2 ; run checksum check sixteen times moveq #$FFFFFFFF,d1 loc_360: moveq #0,d0 loc_362: add.w (a0)+,d0 dbf d1,loc_362 cmp.w (a1)+,d0 bne.s BadChecksum dbf d2,loc_360 At $200 there's a list of checksums: Code (ASM): unk_200: dc.w $5648 dc.w $6B30 dc.w $5F4A dc.w $D70C dc.w $256E dc.w $F9FE dc.w $C0AF dc.w $B38A dc.w $01B7 dc.w $236D dc.w $10B2 dc.w $0E51 dc.w $A5EA dc.w $0EAF dc.w $6519 dc.w $9C66 dc.w $7A4D dc.w $4FF9 dc.w $00FF dc.w $0414 As far as I can tell this checksums everything from $0 to $FFFFF, but in sixteen chunks ($0 to $FFFF, $10000 to $1FFFF, $20000 to $2FFFF etc). BadChecksum writes to some VDP registers, then does the familiar red-screen-of-death. Does anyone have any work on this game, or know of anyone who's done any work on this game?
Actually, since each add operation is word-sized, it'll actually check it from $0 to $1FFFF, then from $20000 to $3FFFF, up till $1FFFFF
I found a rom that does just that; it says "Cracked by Jarre" in the beginning, but runs the European rom in NTSC.
It'd be nice if you could crack the games into four separate entries. On the rom currently out, it's impossible to get to The Wily Tower sub-game without using a savestate floating around the web because of a bug in how the game handles save data.
Fixed. There is a ROM you can use to get saving working correctly, it's one of the alternate dumps of the Japanese version.
I really like this idea. I would have loved this game if it hadn't been for the screwed up controlls. Also, if this game is fully disassembled it might be possible to remake the other 3 games.
Well, I tried to do a 'translation' (replacing the Japanese text with English), but I stopped due to annoying bugs and long weapon names... (I stopped at the Quick-Boomerang, funnily enough.) The text is just in SJIS, but I couldn't find a hex editor that supported it fully so I had to manually convert the weapon names... although English text showed up fine (lol ASCII).
I thought we already covered that on another forum, because I mentioned it. I originally found out that the [!](a1) version had SRAM working. It was just that everyone wasn't considering that dump to be as authentic as the good dump that had no extra markings on them. These things tend to be overlooked so easily. (a1) has pretty much always been the alternate version of a good/decent dumped ROM, but it tends to be misunderstood, because people tend to compare these kinds of dumps with bad dumps (b1), over-dumps (o1) and fixed dumps (f1). But give the (a1) version a try any ways. Use the code in that version and implement it into the (E) version, or try finding a alternate version of it that allows SRAM. Find the original cart and do proper ROM dumping if you have to, because there are a few that are still interested in a SRAM-enabled English ROM. With or without NTSC mode setting doesn't matter really, but that's the player's personal preference if they want it or not. Most emulators tend to have that feature already, but for Flash Cart users, it would be pretty neat to have this fix added. ^^;
Doing anything with this game is going to be difficult as hell. It's written in C, so the code is all over the place and makes heavy use of the stack. (Compare how the Sonic games have really quite structured ASM with numerous devices to make the work of writing an object easier.) I've been pressing C diligently in IDA Pro for quite a while now, and am up to $40000. A large portion of the game is going to be data (graphics, other stuff like that) which I'm not going to touch. (Selecting thousands of bytes in IDA is not fun.)
-Replace 0x036A with "Nq". -Replace country code to "U". -For some reason, replace 0x0188 with "958E". -Profit! This is all according to "Mega Man - The Wily Wars (E) [f1]". I'd like to know why it works, though... EDIT: By the way, didn't Kega Fusion get rid of the saving bug already?
First change: disables checksum error. Second change: changes region to US. Third change: fixes checksum - kinda pointless given the first change. :P
What the hell? They actually did that back then? Heh. Also, I'll need to look for that working version some time soon.
It wasn't as common back then, but it was used. Sonic Spinball was also written in C if I remember correctly.
Oh right. Forgot about that one. In reference to the original topic, I guess this means even with a full disasm, working with the game would be hard work?
