don't click here

Random Hack/Mini Project Thread

Discussion in 'Engineering & Reverse Engineering' started by Malevolence, Jul 4, 2009.

  1. OrionNavattan


    Tech Member
    Still polishing the documentation and drafting a release thread, but for the moment, enjoy a little preview of a potentially game-changing development tool. (Almost befitting that this comes just days after Devon's Sonic 1 Mode 1 experiments.)

  2. Bobblen


    A while back I made this little hack on smspower

    View topic - Sonic The Hedgehog SMS Remix (beta version) - Forums - SMS Power!

    It's main purpose was to basically advertise the fact that Maxim's massively enhanced version of WV's Sonic 1 SMS editor 'STH1EDWV' was an amazing tool and people should try it. As it happened, Slogra's astonishing Sonic Genesis for Master System did a much better job at that, and I quickly forgot about it. I also never released the mini hack here, so without further ado I present:

    Sonic 1 SMS Remix

    It's based on the idea that we've all played the game to death, so I tried to make something which encouraged a bit of exploring
    -all extra lives moved to new locations (including small layout changes to accommodate them)
    -all chaos emeralds moved to new locations (including small layout changes to accommodate them)
    -all maps allow backtracking, if you reach the end of a level, it should always be possible to get back to the start if you look around a bit.
    -and new for this version, that includes disabling the scrolling in Bridge 1 and screen locking/instant death in Jungle 2.

    It isn't polished, the difficulty is all over the place, it's very lightly tested and it's not winning any awards :-) but it is a functional* hack for Sonic 1 SMS, and I think that's pretty cool.

    Screenshots are a bit tricky as they'd reveal something hidden and nothing has changed except the hidden stuff. I'll think about it.

    *subject to testing...

    Attached Files:

  3. OrionNavattan


    Tech Member
    My attempt to improve SMPS-PCM's sample streaming routine using movep unfortunately did not work due to hardware limitations (movep simply copies the data too fast for hardware to handle), but it did produce a usable 68k routine for copying data to an 8-bit peripheral using movep (confirmed as this code worked in GPGX due to that emulator not emulating the waveram behavior correctly):

    Code (ASM):
    1. ; -------------------------------------------------------------------------
    2. ; Subroutine to copy data to an 8-bit peripheral using movep
    3. ; Can handle data of any size, and starting at any address
    5. ; input:
    6. ;   a0   = source
    7. ;   a1   = destination
    8. ;   d0.w = size of data
    10. ;   uses d1.l, d4.l, d5.w
    11. ; -------------------------------------------------------------------------
    13. CopyTo8Bit:
    14.        move.l   a0,d1            
    15.        btst   #0,d1               ; is start address of data odd?
    16.        beq.s   .even               ; branch if not
    18.        move.b   (a0)+,(a1)+           ; copy first byte manually if starting at odd address
    19.        addq.w   #1,a1               ; skip over non-write address
    20.        subq.w   #1,d0               ; minus 1 for 1 byte copied
    22.    .even:
    23.        move.w   d0,d5               ; if data is not divisible by 8, there will be a remainder of up to 7 bytes
    24.        lsr.w   #3,d0               ; d0 = loops to copy data with 8 bytes per iteration (excluding any remainder)
    25.        beq.s   .less_than_8       ; branch if there are less than 8 bytes total
    26.        subq.w   #1,d0               ; minus 1 for loop counter
    28.    .copy:
    29.        move.l   (a0)+,d4           ; get 4 bytes of data
    30.        movep.l   d4,0(a1)           ; write to destination
    31.        move.l   (a0)+,d4           ; get another 4 bytes
    32.        movep.l   d4,4*2(a1)           ; write to destination
    33.        lea 8*2(a1),a1               ; advance destination address
    34.        dbf   d0,.copy               ; repeat for all longwords of data
    36.    .less_than_8:
    37.        andi.w   #7,d5               ; d5 = remainder if data size was not divisible by 8
    38.        beq.s   .no_remainder       ; branch if there is no remainder
    39.        cmpi.b   #4,d5
    40.        bcs.s   .less_than_4       ; branch if remainder is less than 4 bytes
    42.        move.l   (a0)+,d4           ; get 4 bytes of data
    43.        movep.l   d4,0(a1)           ; copy to destination
    44.        addq.w   #8,a1               ; advance destination address
    45.        subq.w   #4,d5               ; minus 4 bytes from remainder
    46.        beq.s   .no_remainder       ; branch if remainder was exactly 4
    48.    .less_than_4:
    49.        subq.w   #1,d5               ; minus 1 for loop counter
    51.    .copy_remainder:
    52.        move.b   (a0)+,(a1)+           ; copy one byte of data
    53.        addq.w   #1,a1               ; skip over non-write addresses
    54.        dbf   d5,.copy_remainder       ; loop until remainder is gone
    56.    .no_remainder:
    57.        rts
    Last edited: Sep 18, 2023
  4. OrionNavattan


    Tech Member
    Unfortunately I have no means to test this code, but this was nevertheless an insightful look into the finer details of of the 68k family.

    It's well-documented that S3K is wholly incompatible with 68010-modded Mega Drives due to KosM's exception stack frame trickery (specifically, pushing a return address and status register to the stack and executing an rte, which has disastrous results on the 68010 since its stack frame has at minimum an additional 4 bytes below the return address). I'd always wondered if it would be possible to modify the game to allow it work on 68010-modded systems without breaking compatibility with ordinary Mega Drives, and a post I saw on an Amiga forum suggested a solution.

    Code (ASM):
    1. ; ---------------------------------------------------------------------------
    2. ; Called by game initialization.
    3. ; ---------------------------------------------------------------------------
    5. Check68010:
    6.        move.b   #'T',(f_68010).w   ; let error handler know we are testing for a 68010
    7.        moveq   #0,d0
    8.        movea.l   d0,a0
    9.        movec.l   a0,vbr   ; clear vector base register on 68010; trigger illegal instruction exception on 68000
    10.        nop           ; if on a 68000, error handler will clear f_68010 and return
    11.        cmpi.b   #'T',(f_68010).w   ; are we in fact on a 68010?
    12.        seq.b   (f_68010).w       ; if so, set all bits (required so error handler works correctly)
    13.        rts
    14. ; ===========================================================================
    16. IllegalInstruction:
    17.        cmpi.b   #'T',(f_68010).w   ; was this exception triggered by the 68010 test?
    18.        bne.s   .error       ; branch if not
    19.        clr.b   (f_68010).w   ; we are on a 68000, clear flag
    20.        rte       ; continue with initialization
    22.    .error:
    23.        ; fall through to error trap or handler code
    25. ; ---------------------------------------------------------------------------              
    26. ; To prevent this from crashing on 68010s, push an empty longword to the stack
    27. ; below the return address. This is the vector offset/format longword: the
    28. ; highest nybble signifies the format of the frame (that is, how many words it
    29. ; has excluding the status register), while the rest contains the 24-bit
    30. ; vector address formed by taking the address in the vector table entry and
    31. ; adding the contents of the vector base register.
    33. ; The frame used by interrupts on the 68010 is four words, signified by the
    34. ; format nybble = 0, and the vector offset is, as far I can tell, not used for
    35. ; anything on rte, so we should be able to get away with simply pushing an
    36. ; empty longword to the stack rather than backing up an additional longword
    37. ; with the PC and status register.
    38. ; ---------------------------------------------------------------------------
    40. Restore_Kos_Bookmark:
    41.        movem.w   (v_kosm_stored_dregs).w,d0-d6       ; restore data registers
    42.        movem.l   (v_kosm_stored_aregs).w,a0-a1/a5   ; restore address registers
    44.    .chk68010:
    45.        tst.w   (f_68010).w   ; are we running on a 68010 modded console?
    46.        beq.s   .not_68010   ; branch if not
    47.        clr.l   -(sp)   ; push dummy vector offset/format longword to stack so rte behaves correctly on 68010
    49.    .not_68010:  
    50.        move.l   (v_kosm_bookmark).w,-(sp)   ; restore return address
    51.        move.w   (v_kosm_stored_sr).w,-(sp)   ; restore sr
    52.        rte
  5. Chimes


    The One SSG-EG Maniac Member
    You can stick different CPUs on a Genesis? url(24).jpg
  6. OrionNavattan


    Tech Member
    The 68010 was the 68000’s immediate successor in the 68k family. It was nowhere near as popular as 68000, as its main improvements (e.g., virtual memory support) were targeted towards high-end professional and enterprises applications. It didn’t see much use outside of some mid 1980s UNIX workstations, several Atari arcade boards, and a third-party AppleShare server.

    That said, it’s pin-compatible with the 68000, so it is possible to install a 68010 in a Genesis or in any other hardware that uses a plain 68000 (same modification has also been done to Atari STs and Amigas, and there’s even an adapter available that allows using 68-pin PLCC chips in hardware that uses the 64-pin DIP configuration). The main reason is the small performance boost it provides: small dbcc loops of two instructions are loaded into and executed from the prefetch cache, skipping the task of fetching the opcodes each time, mulu/s and divu/s execute faster, and the clr and scc instructions are faster (they are now pure write instructions rather than read/modify/write). It’s not 100 percent software compatible, however, due to changes in the exception stack frame and the move to SR instruction being changed to a privileged instruction.

    (EDIT: fixed the pin counts.)
    (EDIT: added a little more information about the 68010's speed improvements.)
    Last edited: Jan 13, 2024
    • Like Like x 2
    • Informative Informative x 1
    • List
  7. Techokami


    For use only on NTSC Genesis systems Researcher
    Sonic Worlds Next
    To go into a little more detail, the MOVE to SR instruction was made privileged due to a potential circumvention of virtual memory protections. Motorola advertised the 68010 as being designed for virtual memory usage as a result. But aside from that, there was an overall improvement to processing speed, 10-14% faster at the same clock speed. This is why a lot of people swapped 68010s into their 68000 machines; who didn't want a faster Amiga? But because of the MOVE to SR change, software was prone to breakage; those same Amiga owners found that the calculator application would now cause Guru Meditations!

    I have a few 68010s on hand myself and I would love to try the mod out and see what kind of a difference it would make in games. Potentially it could eliminate some slowdown! But to do that I need a system that uses the 68000 in DIP packaging, and the only one I have is a system I'd rather not modify like that...
    • Like Like x 1
    • Agree Agree x 1
    • List
  8. OrionNavattan


    Tech Member
    Amusingly enough, the Macintosh's Calculator desk accessory apparently also crashed when upgraded with 68010s. And it wasn't just virtual memory protections: privileging MOVE from SR allowed the 68k architecture to meet the Popek and Goldberg virtualization requirements (noteworthy since it took another 21 years for x86 to do the same).
    Last edited: Jan 13, 2024
    • Like Like x 1
    • Informative Informative x 1
    • List
  9. Londinium


    People actually read these? Member
    Finally got my first hack out. It's a simple winter palette swap, but it's a start.

    Thank you Clownacy for giving me pointers throughout, you're a real hero!

  10. A very quick port of Green Hill Zone Act 1 to Sonic CD; objects do not work at all, as does the background, and some tiles and collisions are buggy, but it should work, even on hardware. And before you ask, the FMV audio was taken from a Countryballs video (because space).

    Uploading a link to the source code here, as I am currently unable to do much further work; some further changes were made, but it's pretty buggy and full of engine tests (read: introduction is the Rockman X3 PS1 opening).

    Attached Files:

      File size:
      718.1 KB
    Last edited: Jan 17, 2024
  11. giovanni.gen


    It's still Joe-vanni, not Geo-vanni. Member
    Sonic Hacking Contest
    A lovely YouTube user, under a video related to Sonic 2 - Score Rush, was wondering if there was a way to play Sonic 2 with just the moveset changes. Indeed, such a way was there.

    ...or so I thought, because turns out I didn't finish porting over some things from Sonic 2 - Score Rush to Vanilla Sonic 2.

    So I did exactly that!

    The attached ROM hack is a straight build of Sonic 2 with Knuckles, the very disassembly that was used in the creation of Sonic 2 - Score Rush. This build offers you the default moveset options from Sonic 2 - Score Rush. There's no way to change those in game, as I could not be bothered to implement an options screen specifically for this mini hack.

    For 2 player versus, only options that would normally affect all characters are made available, so Sonic and Tails do not get air moves.

    The moveset is as follows:
    • No air speed cap;
    • No rolling jump lock, meaning you keep control if you jump after rolling;
    • Slow ducking from Sonic & Knuckles is in place;
    • Sonic gets the Super Peel-Out, the Drop Dash, and the Insta-Shield in 1P mode;
    • Tails gets the Flight in 1P mode;
    • Tails gets flight cancel in 1P mode. Only a human can cancel Tails' flight, and it can not be cancelled while holding Sonic;
    • Bullet deflection from Sonic 3 is in place
    Additional features not normally accessible in Sonic 2 - Score Rush include:
    • Tails Assist, from the 2013 version of Sonic 1;
    • Virtual controller swap: if both players press A while the game is paused, they will swap controllers virtually. Useful for netplay users!
    • Modified Super Transformation method: to transform, you'll have to press a different jump button from the one you used to jump. Same as Sonic 3 Complete's method!
    • Player-dependent pausing: If player 1 pauses, only player 1 can unpause. Same goes for Player 2.
    Giovanni: Knuckles in Special Stages and Ending port, additional bugfixes.
    Heyjoeway: Code and assets from Sonic 2 Community's Cut
    DeltaWooloo: Scrapped programming work
    redhotsonic, MoDule, Esrael Neto, MainMemory, flamewing, Selbi, Puto, Clownacy: Guides


    Attached Files:

  12. Kilo


    That inbetween sprite from S&K's title screen Tech Member
    S1 - Metal Sonic's Challenge, Sonic 1 Rev01 ASMX Disasm
    I'm currently working on a video that required a sandbox environment for measuring Sonic's speed. So I made exactly that; Kilo's Speed Sandbox.
    blastem_20240312_124209.png blastem_20240312_124816.png
    blastem_20240312_124827.png blastem_20240312_124836.png
    - HUD that displays current X velocity in pixels per frame (PPF), and tracks the highest speed reached in the session.
    - 2 levels for testing the player's speed. A flat level with a speed shoe monitor and red and yellow springs. And a level with a massive drop with a slope to convert vertical speed into horizontal speed.
    - Speed shoes monitor acts as a toggle rather than a timer, turning into a slow down monitor upon breaking.
    - You can transform into Super Sonic at any moment with the Sonic 3 input of a double jump, with the ability to revert.
    - You can exit out to the title screen by pausing and pressing A without inputting the level select cheat.
    - You can fill the levels with water via the options menu.

    I'm simultaneously proud of this as my first Sonic 2 hack, and also extremely ashamed of how bad some of the solutions I came up with to get this to work, but it's only a prop for a video so clean and optimized code wasn't my focus.

    Attached Files:

  13. OrionNavattan


    Tech Member
    A small milestone from my effort to make a Mode 1 version of Sonic CD, even if it's a feature that won't be used in the long run.

    This test ROM checks the drive for a copy of Sonic CD or CD++, and if found, loads the disc's filesystem, then loads TTZ's PCM driver and plays its music. This was mainly intended to verify some code changes and optimizations to the game's file engine, but it's also a good demonstration of how Mode 1 can be used to load and execute additional program code from disc. That it allows a chance to show off my initialization code and the system I devised to allow for compressed sub CPU code is a bonus. :P

    The ROM is attached below. To run in Blastem, place the ROM in a directory with cue sheet and ISO + audio files for a copy of Sonic CD or CD++ of any region, launch the ROM in Blastem, and use the "Lock On" option in the in-game menu to select the cue sheet. To run in Genesis Plus GX, do the same as Blastem with cue sheet & ISO + audio files, rename the ROM file to match the name of the cue sheet, and run. To run on real hardware, place a copy of Sonic CD or CD++ of any region in the drive before launching the ROM. ROM will display messages if sub CPU initialization fails, a red screen if no disc is found or if disc is an audio CD with fewer than 35 tracks, and a blue screen if an audio CD with more than 35 tracks is found.

    Source code for the ROM can be downloaded here. A thank you to Devon for helping me find an oversight in the sub CPU program decompression, and to MaskOfDestiny for demystifying the BIOS' TOC read status byte.

    Attached Files:

    Last edited: Mar 19, 2024
  14. Devon


    A̸ ̴S̴ ̵C̵ ̷E̶ ̸N̸ ̴D̶ ̵E̶ ̸D̶ Tech Member
    your mom
    I made a stupid little shitpost hack for April Fools Day.

    hi guys

    did u know that sonic 1 is actually kinda slow? theres lag and it doesnt actually feel like ur actually going faster than da speed of sound. I FIXED THAT BITCH!

    what i did 2 make it actually fast is increased sonics speed to be INSTANT FAST, uncapped the frame rate (fuck u vsync!!!!), and removed USELESS shit like background scrolling, water coloring, palette cycling, and stage tile animations. i also simplified the camera system so sonic is always at the center of the screen (why would we wanna take focus away from him???) and now da game is fast and good AND SIMPLE. HAVE FUN OR I WILL FUCKING CRY MYSELF TO SLEEP LIKE A BADASS. :argh::argh::argh::argh::argh::argh::argh::argh::argh::argh:


    Last edited: Apr 5, 2024
  15. Kilo


    That inbetween sprite from S&K's title screen Tech Member
    S1 - Metal Sonic's Challenge, Sonic 1 Rev01 ASMX Disasm
    Tch, not optimized enuff. Cliffs and dropped rings still cause lag. And those level load times are a joke, you gotta ditch the PLC system and make all the art uncompressed and DMA it all at once, John Sega didn't gift us blast processing for you to not use it. I will be expecting an update before midnight or I will be calling the ROM hacking police.
  16. Devon


    A̸ ̴S̴ ̵C̵ ̷E̶ ̸N̸ ̴D̶ ̵E̶ ̸D̶ Tech Member
    your mom
    shut up u hurt my feelings :(:flunked:
    • Like Like x 2
    • Agree Agree x 1
    • Informative Informative x 1
    • List
  17. Dulappy


    koronesuki Member
    Honestly, I'd love to see a version of this without any of the physics changes, if possible. Like pure stock Sonic 1 with the frame rate uncapped (which would probably also mean no water color or background scrolling but WHO CARES ABOUT THAT!!! We don't need background scrolling when the game is running at 200FPS!!! (VERY optimized))
  18. Kurk


    Heroin Addict Member
    I "ported" the ancient 2005 Sonic 1 disasm to ASMX about a year ago. Was using it for some now-cancelled projects. It's functionally identical to the standard ASM68K version but ASMX is missing a few directives so I'd proceed with caution if you want to use this.

    EDIT 07/16/24: Re-uploaded onto Github, apologies for the dead link.
    Last edited: Jul 16, 2024 at 10:11 PM
  19. ProjectFM


    Orono, Maine
    Sonic Next Genesis
    The link doesn't seem to work
  20. BlueSpeedsterYT


    Now rendered in full 3D Member
    you can thank Discord for that, btw a quick tip is to avoid using Discord as a file hosting place @Kurk, use something else like Google Drive or a different file hosting site.