SADX/SA1 Hacking/Modding

Discussion in 'Engineering & Reverse Engineering' started by MainMemory, Aug 15, 2009.

  1. MainMemory

    MainMemory

    Have no fear...Amy Rose is here! Tech Member
    4,435
    75
    28
    SonLVL
    Nobody knows how to decompress the .rel files, and nobody wants to try because the PC version is just easier. Sonic Heroes has been on PC since the beginning. You may have more luck trying to mod Heroes GC than SADX or SA2B, but this is not the place to ask about it. FWIW Riders is also on PC and I think it might be possible to mod it.
     
  2. Rhythm Raccoon

    Rhythm Raccoon

    Misfit
    41
    0
    6
    Oh, ok. I think it came from seeing a petition asking for Heroes and Shadow on Steam, and I forgot there were releases before this (I'm really not a PC person, I prefer consoles). Thanks for the info though!
     
  3. Sappharad

    Sappharad

    Oldbie
    1,363
    31
    28
    Use the return to previous post icon in the quote below for context. This is related to the "checksum" inside the encrypted DLC data that was preventing us from creating valid downloads for SA1.
    PkR messaged me on Discord this morning to ask if I ever looked at this more. I had not. Given that Ghidra supports SH4 now, I decided to give it another go.

    In short, 0x2C in the Payload is the checksum and now we can calculate it. The values I got in testing match for the existing DLC that I tested it with. We should have everything we need to create custom/modified DLC that works on actual Dreamcast hardware. I have the modified one that I mentioned previously in this thread re-signed so the game will accept it, I just haven't had a chance to test that yet.

    In SA1 US Version 1.005 here is the relevant part of the function responsible for decrypting and loading DLC quests from the VMS:
    Code (Text):
    1. FUN_8c0357a0(int param_1)
    2. {
    3.   char cVar1;
    4.   uint *vmsDataLocal;
    5.   int *piVar3;
    6.   uint uVar7, uVar9, uVar12;
    7.   int iVar5, iVar8, iVar11;
    8.   char *pcVar10;
    9.   int *piVar13;
    10.  
    11.   (*(code *)PTR_FUN_8c035880)(0);
    12.   iVar5 = (*(code *)PTR_FUN_8c035884)();
    13.   vmsDataLocal = VMS_data;
    14.   cVar2 = *(char *)(iVar5 + 10);
    15.   DecryptVMS(VMS_data,param_1);
    16.   iVar5 = VMS_fileheader;
    17.   uVar9 = 0;
    18.   iVar8 = 0;
    19.   pcVar10 = VMSdata_checksumStart;
    20.   if (0 < param_1 + -0x40) {
    21.     do {
    22.       iVar8 = iVar8 + 1;
    23.       cVar1 = *pcVar10;
    24.       pcVar10 = pcVar10 + 1;
    25.       uVar9 = uVar9 + (int)cVar1;
    26.     } while (iVar8 < param_1 + -0x40);
    27.   }
    28.   if (~uVar9 == *VMS_Checksum) {
    29.     //File is valid, continue loading....
    30.  
    After DecryptVMS() is called, it does a very simple checksum and compares the result to the value at 0x2C in the payload.

    Here is a C# implementation of the CRC. It's literally adding up all of the bytes (as chars) and inverting the result.
    Code (Text):
    1.  
    2.        private uint SonicAdvCrc(ref byte[] buf, int start, int end)
    3.         {
    4.             uint result = 0;
    5.             for(int i = start; i < end; i++)
    6.             {
    7.                 int notByte = buf[i];
    8.                 if(notByte >= 128)
    9.                 {
    10.                     notByte -= 256;
    11.                 }
    12.                 result = (uint)(result + notByte);
    13.             }
    14.             return ~result;
    15.         }
    16.  
    The signed portion begins at 0x40 inside the decrypted payload, which is after where that "checksum" is stored so you don't need to worry about pretending it's 0. So you would just call this from 0x40 to the end of the file, but if you're in the actual VMS file it's 0x2C0 from the beginning.

    PkR has informed me that they plan to use this information in the future for some kind of tool. If there's interest I can release a stand-alone EXE that calculates the checksum & re-encrypts. Otherwise it sounds like that will be taken care of by more advanced tools later. Just wanted to bump this with the details so it's finally documented how it works.

    Screen Shot 2020-09-06 at 11.43.10 PM.png
     
    Last edited: Sep 7, 2020
    • Like Like x 10
    • Useful Useful x 1
    • List
  4. PkR

    PkR

    Member
    188
    18
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
  5. Rudie Radio Waves

    Rudie Radio Waves

    happy! :D Member
    245
    23
    18
    Italy
    Many a game.
    It's beyond awesome that you managed to make something like this. Great job! :thumbsup:
     
  6. muteKi

    muteKi

    Fuck it Member
    7,585
    6
    18
    Cool. I haven't had a chance to check but is this a different mod from the DLC one or will I get this if I update from the mod loader?
     
  7. Turbohog

    Turbohog

    Member
    672
    15
    18
    The first sentence on the webpage states it's for the dreamcast release.
     
  8. muteKi

    muteKi

    Fuck it Member
    7,585
    6
    18
    Well there I go making a fool of myself!
     
  9. Sappharad

    Sappharad

    Oldbie
    1,363
    31
    28
    There are multiple videos up now, but here's one I recorded from actual hardware:


    There's a bonus at the end where I show the website running on DC hardware and the download failing to work. Very few websites work now, due to Dreamcast only supporting 128-bit SSL for HTTPS websites.

    I wanted to have a video posted yesterday, but the Dreamconn that I ordered back in June (Dreamcast Wavebird basically) finally arrived yesterday. I tried to use the PC software for it to send the file to my VMU directly to the controller over bluetooth, but instead it corrupted my entire VMU multiple times. I ended up using DreamExplorer running on the DC itself to restore a backup directly to my VMU and installing the DLC from there. In the end it worked, and it was neat to try out some new DLC. Great job.
     
  10. PkR

    PkR

    Member
    188
    18
    18
    SADX Dreamcast Conversion, The Emeralds' Awakening
    Here's a Dreamcast-friendly link to the DLC file that has been tested on hardware: http://sonic1.dreampipe.net/dlc/TIKAL.VMI
    If you use DreamPi to connect your Dreamcast to the Internet, you should also be able to download it from the revived SA1 homepage (Thanks to Xiden from DreamPipe for putting it on the page).