ASM Sonic CD (1993) Disassembly by Devon (and Other Things)

I am happy to say that disassembly work on the stage MMDs in particular will go by a **lot** quicker now, because I have written myself an auto-analysis script for IDA that can comb through an MMD file for functions, objects, Nemesis compressed data, etc. I made a tool that auto-generates a list of locations from some databases I have, and implements them into the script, as well.

 

This project is now considered archived. I just simply do not have the time nor the motivation to work on this anymore. Personal matters and other (personal) projects of mine are taking priority. This isn't to say that this is the end for good. Perhaps one day I may return to this. But for now, I must step away. Anyone is free to do their own work if they want to, though. The repository isn't going anywhere and can be forked. I apologize for not getting around to getting it properly cleaned up and organized like I really wanted it to be.

I'll release some additional stuff once I get around to it. Particularly my IDA script set and hacked together Gens overlay, modified from Lapper and Mercury's Sonic 1 overlay.

 

If I may, I would like to know how to extract the contents of each Sonic CD build's track 01 so I can take a peek at some of the undisassembled MMDs.

 

It's just in ISO 9660 format. If you already have it in .iso (2048 mode), then you can open it with something like 7zip. Otherwise, if it's something like a BIN/CUE, then you'll need a different tool to open up the contents.

 

That puts me at a loss, since Hidden Palace's prototype releases are mainly BIN/CUE files.

 

Just use a CD drive emulator like WinCD Emu.

 

Try CDMage, and open the associated CUE file. All the ISO is against a normal BIN is the ISO with some extra (garbage) sector data.

Edit: BIN has sector data (depending on how it was burnt), not ISO.

 

IDA Script (use with European version)
Gens Overlay (use with USA version)
Extracted Data (from European version)

Notes:

• The Gens overlay is for the USA version, because I wanted to record videos at the NTSC rate. The others use the European version, because the wiki detailed data locations for it, so I used it.
• To use the IDA script, open a stage MMD file in IDA, make sure that it's rooted at address 0x200000, and then run "_DisassembleMMD.idc". It will set up known functions, data, structures, and analyze object code.
• The IDA script and Gens overlay will only work for the FINAL VERSION, not with any prototypes.
  
• There MIGHT probably issues that I haven't caught, but generally, these have worked okay for me.
• They're very much hacked together. Sorry lol

 

Oh, thank you!

 

About how long should the script take to run? I've had it running for over an hour with no end in sight and RAM usage increasing steadily.

 

Which MMD file and which region?

 

Tried using it with R11A EUR/PAL as a test. It analyzed about a quarter of the binary before stopping and leaking memory with no further progress.

 

It works okay on my end. Did you set the origin address to 0x200000 when loading the MMD file?

 

I believe I did (setting it to create a ROM segment starting at 0x200000 when loading), but should the input file loading address be set to the same value?

 

Yes.

 

Then it seems I am loading them correctly. Tried another MMD (R12C), and almost the exact same result: it works up to the end of the lost rings object before hanging.

 

Can you post a screenshot and maybe send your copy of R11A?

EDIT: I did update the script to fix defining Sonic's object in Wacky Workbench. Forgot that I left that unfinished.

 

The screenshot is where the script analyzes to before it stops working. Every level MMD I've tried has the same outcome.
The only other thing I can think of is a difference in IDA or Python versions. What version of IDA are you using, and what version of Python?

 

Okay, I have been able to replicate the issue in 7.7. I've been using 6.8. I'll see what I can do.

 

You should consider updating, they added an "undo" feature in 7.3.