don't click here

SADX/SA1 Hacking/Modding

Discussion in 'Engineering & Reverse Engineering' started by MainMemory, Aug 15, 2009.

  1. Sappharad

    Sappharad

    Oldbie
    1,420
    72
    28
    Back when I initially wrote the decryptor, I tried to find the same data as well. I was expecting to see the usual SET format used for other object placement, since the DLC had the ability to place objects and SET entries are pretty easy to recognize on their own, but I didn't see anything like that in any of the files. I also confirmed at that time there is no SH4 assembly code in any of the downloads, so it seems that all logic in the downloads just comes from pre-defined features that the downloads can use. I still think there's got to be some equivalent of SET data in there, since the location of things probably wouldn't have all been defined ahead of time. The other odd thing is the lack of a reference to SSRACING.ADX in the file. In the SA2 downloads, once those were decompressed you could easily find the filename of the custom music track for Kart race downloads and even change it, but here there's no sign of it. Even if it were PRS compressed, text usually doesn't compress well in PRS and you'd still see part of RACING since the characters don't repeat. At some point this may make me want to look at the data again and see if I can figure out some of the unknown regions. Maybe in addition to encrypting the entire file, perhaps some sections were compressed as well. I don't think there's any additional encryption though, the data isn't random enough.

    I may have posted some of this information before, I just can't remember at this point if I did or not.
     
  2. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Yeah, I also think there should be something like that in there. For the Y2K DLC, the data probably isn't in the PRS-compressed binary though because most of it is occupied by the ring model. Anyway this needs to be looked into. 0x280 to 0x7C0 in the decrypted VMS file looks interesting.

    I'm going to guess it works the same way as the other music tracks - there's a unique track ID for each file, so the argument for the function that plays the music is just a number. The music IDs for Super Sonic Racing (87) and Palmtree Panic (84) are included even in SADX, so that's probably how it works in SA1 too.

    EDIT: Looks like someone has figured it out! Now we have the exact coordinates for ring placement.

    EDIT2: so ok, there's a 30-byte structure with the following:
    0x00 1 byte Level ID
    0x01 1 byte Act number
    0x02 1 byte X scale multiplied by 10 (typical values: 10, 15, 30 etc.)
    0x03 1 byte Y scale multiplied by 10
    0x04 1 byte Z scale multiplied by 10
    0x05 1 byte X rotation speed (multiple of 16/65535 in BAMS)
    0x06 1 byte Y rotation speed (multiple of 16/65535 in BAMS)
    0x07 1 byte Z rotation speed (multiple of 16/65535 in BAMS)
    0x08 1 byte Probably used to determine if the model has collision. Can be 0 (normal), 80 (no collision) or FF.
    0x09 1 byte DLC-specific object type. For Y2K it's 0 for the ring, 3 for the poster
    0x0A 1 byte Unknown. Seems to be either 0x10 or 0x01
    0x0B 1 byte Unknown
    0x0C 1 byte May be used as an ID in missions where you collect items
    0x0D 1 byte Probably unused
    0x0E 1 byte Message ID to display when you touch the object
    0x0F 1 byte Collision sphere radius?
    0x10 1 byte Unknown
    0x11 1 byte Sound/Music ID to play when touching/collecting the object.
    0x12 2 bytes X rotation (BAMS)
    0x14 2 bytes Y rotation (BAMS)
    0x16 2 bytes Z rotation (BAMS)
    0x18 2 bytes X coordinate
    0x1A 2 bytes Y coordinate
    0x1C 2 bytes Z coordinate
     
  3. azureinferno

    azureinferno

    Member
    14
    0
    0
    Is 1A on the first line for the Station Square adventure field? In that video you posted earlier, the action stage rings looked like they all shared the "support Sonic in 2K" message while the posters in Station Square had different messages about Sonic, Tails and Knuckles while the ring's message was explaining the various rings un action stages. Does the 01 in its 0E represent the latter message while the 02 in Emerald Coast 1's 0E and the 0Es from there downward represent the "support Sonic" message?
     
  4. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Yes to all of the above. Also it looks like the Halloween and DC Launch Party DLCs are using the same structure, so it was probably some kind of a universal object creation system.
     
  5. azureinferno

    azureinferno

    Member
    14
    0
    0
    If that object creation system exists and manages to get cracked, that sounds like it would be incredibly helpful for anybody trying to mod SA/SADX.

    That reminds me, is the byte structure for the DLC Twinkle Park track any similar, like which ones represent an object's coordinates on a map? You said that you manually added the entrance to the track in SADX to where it was located on the other side of the sewer river in SA1DC, right?
     
  6. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Yeah, the Samba GP download also uses this structure. I think I can rewrite my DLC mods to pull the object type/coordinates/rotation data etc. from an array and create objects from that. While this won't look any different to the players, it will make it easier to recreate the remaining DLCs.

    I don't think this adds anything significant to SADX modding other than making my life easier, but now that we've partially cracked object placement I can see the potential for making custom SA1 events, for example. Huge props to Daguar for the discovery!
     
  7. MainMemory

    MainMemory

    Kate the Wolf Tech Member
    4,785
    365
    63
    SonLVL
    Yeah, this doesn't add anything to SADX, since SADX doesn't have this system. The closest thing is the mission mode, which is already supported in SADXLVL2.
     
  8. Sappharad

    Sappharad

    Oldbie
    1,420
    72
    28
    Yikes. I can't believe I missed that.

    Starting at 0x280, which is the beginning of data after the icon, here's what I've figured out with that now: (All values Little Endian)
    0x00 - 32-bit value, location of SET table (assuming it has a 12 byte header)
    0x04 - 32-bit value, number of SET entries
    0x08 - 32-bit value, location of string table
    0x0C - 32-bit value, number of string table entries. 0x40 bytes each.
    0x10 - 32-bit value, location of textures
    0x14 - 32-bit value, unknown, always 1?.
    0x18 - 32-bit value, number of something (unknown)
    0x1C - 32-bit value, location of Payload? This is the PRS compressed section in most DLC
    0x20 - 32-bit value, type of payload? 0 for PRS, 1 for SMLT ?
    0x24 - 32-bit value, location of payload 2? Usually same as 0x1C, but in XMAS 98 this near the end of the SMLT.
    0x28 - 32-bit value, always 1?
    0x2C - 32-bit value? Unknown. This appears to be different in every download, and it might actually be 2 or 4 separate values.

    At this point, it might be a good idea to start a wiki page with this information.That basically covers the entire contents of the file now, minus the values we don't understand yet and the individual sections.

    I took a look at Samba GP again, and I believe the last object in the SET list is what tells it to play the Super Sonic Racing audio when you enter the course. That object has a parameter value set to 0x57, which is Super Sonic Racing according to the sound editing page on the Wiki. I tried to create a modded version that changes this single byte to Palmtree Panic as a test, but after saving out and re-encrypting the file the game no longer accepts it. (I also corrected the CRC) I might mess with it some more tomorrow, but at this point I think if I can make a modded file load we should have enough information now to make Dreamcast DLC for the rest of Twinkle Circuit courses.
     
  9. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Dreamcast Launch party DLC for SADX
    If you create config.ini in the mod folder, you can select the region of the Dreamcast Launch Party event.
    Add the following line to config.ini:
    Region=0
    Possible values for Region:
    0 - US
    1 - EU
    2 - JP
    The text will still be in English though.
     
  10. azureinferno

    azureinferno

    Member
    14
    0
    0
    Are you having any luck with getting it to play anything other than Super Sonic Racing, or work the other way round - altering the Y2K DLC to have the rings play Super Sonic Racing instead of Palmtree Panic?
     
  11. Sappharad

    Sappharad

    Oldbie
    1,420
    72
    28
    I don't think my post was unclear. That's what I said I was doing.


    Anyway, today I confirmed that what I stated in my previous post is correct. The final object in the SET list for Samba GP is the one that changes the music to Super Sonic Racing, track 0x57. I changed the value to track 0x54 and it played Palmtree Panic as expected. But the problem I mentioned in my previous post still exists... You can't actually make this 1-byte change to file, re-encrypt it, then expect it to work. As soon as you change a single byte of the download, the game won't load it. So the way I actually tested this was I found object entry in memory after it had been loaded and changed it there. It appears that every time the game loads a new area, it re-reads the entire VMU file to see if there are SET entries for the current Level ID and only grabs those. (I'm not sure if it reads it from the VMU or just the copy of the file already in memory, but probably the former because if I made changes and loaded a new area the original data would be back.)

    At this point, it's probably necessary to fire up a debugger and see what the game is doing to verify the file is valid. I have no plans to look at this anymore in the near future, but now that we're so close maybe at some point I will.
     
  12. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Here's the Famitsu contest DLC mod for SADX. Original Japanese text is not included, instead there's an English translation by me.

    If you're playing with Dreamcast mods, make sure you've also updated the Station Square mod as it includes an important landtable adjustment for this DLC. The mod can work without Dreamcast mods because it patches the SADX version of the level with necessary adjustments.

    The challenge will only work in Adventure Mode. Nothing will load in Mission mode. It will also reset if you leave Station Square.
    You can quit the challenge while it's active by pressing Y in on the pause screen.

    This mod adds Japanese SA1 camera angles for Station Square. I included them because with the regular camera files the red balloon obscured the view when you entered the main area.

    This one was more fun to recreate than the previous DLCs as this time I had to figure out how to create a custom timer HUD (that also scales well in HD) from scratch. I learned enough during the process so now I can recreate the more complex DLCs, such as the AT&T challenges.
     
  13. SpaceyBat

    SpaceyBat

    Member
    2,037
    309
    63
    United States
    Freedom Planet 2
    That DLC mod works like a charm! Although I think the custom timer needs work since it ticks up much slower than the ingame timers. If you're using your own counter that increments every frame, then milliseconds would be (frames * 5/3) % 100 and seconds would be (frames / 60) % 60.


    On an unrelated note, something I've been having an issue with ever since I got SADX five or six years ago is that when using the mod loader, the textures on Amy's Warrior Feather are solid black. When I play without the mod loader, she looks fine (which possibly rules out my EXE being borked), but no update to the mod loader has ever fixed this issue for me, and even if I run the game in the mod loader with no mods loaded, the textures are still black. With the Lantern Engine mod loaded, I can faintly see the textures underneath the black. I have tested the game on 3 or 4 different computers with the same result.
     
  14. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Here's the QUO card hunt mod.
    Yesterday I updated the rest of the DLC mods to load objects in a more efficient way. The Y2K one in particular should be a lot smoother now. The Famitsu one has also been updated with a more accurate timer. Oh, and the Samba GP one has just been updated and now it no longer takes you to the title screen after beating the extra course. Instead you end up in Station Square main area.
     
  15. Speeps

    Speeps

    Member
    126
    50
    28
    Awesome! Mind if I add the links to these in my vids? I've seen quite a few people interested in playing them.
     
  16. PkR

    PkR

    Member
    191
    25
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Sure, go ahead! I'll also post about it on ModDB and include them in DC Conversion once all of the DLCs are implemented.
     
  17. azureinferno

    azureinferno

    Member
    14
    0
    0
    Is there anything in the coding of the mod loader that changes the way textures are rendered, or if any other textures suffer from the blackening problem?
     
  18. SpaceyBat

    SpaceyBat

    Member
    2,037
    309
    63
    United States
    Freedom Planet 2
    The mod loader does swap out CHRMODELS.DLL with its own file if it detects the vanilla one. Uninstalling the loader and restoring the original DLL fixes the texture issue. Uninstalling the loader but leaving the modified DLL in results in a black Warrior Feather and no gloss effect on the characters.
     
  19. MainMemory

    MainMemory

    Kate the Wolf Tech Member
    4,785
    365
    63
    SonLVL
    The Mod Loader shouldn't have any effect on lighting or textures (aside from the recent additions of texture filtering and auto-mipmaps). All the Mod Loader does is act as a middleman between your original CHRMODELS.DLL (renamed to CHRMODELS_orig.dll) and the game's executable. There is no "modified DLL" that you can leave in.
     
  20. SpaceyBat

    SpaceyBat

    Member
    2,037
    309
    63
    United States
    Freedom Planet 2
    Hmm, perhaps my CHRMODELS.DLL is corrupted then, if the mod loader simply renames it to CHRMODELS_orig.dll. I'll try to hunt down a backup copy of the original.

    EDIT: Yup, that fixed it.