don't click here

Sonic Chaos Hacking

Discussion in 'Engineering & Reverse Engineering' started by Ravenfreak, Feb 3, 2011.

Thread Status:
Not open for further replies.
  1. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    This game needs some documentation doesn't it? So since I'm taking a break from my Sonic 1 SMS disassembly (for now xP) I decided to look into Sonic Chaos, since there seems to be no documentation on this game. These are my notes (I'm still adding more info. to them as I speak. xP) And yes, I did disassemble Sonic Chaos, but I'm not releasing it to the public. (Yet. xP)

    <div class='codetop'>CODE</div><div class='codemain' style='height:200px;white-space:pre;overflow:auto'>Sonic Chaos Master System
    $104F- This is where Sonic's animations start. The first byte determines which frame to use.
    The second and third bytes load his mappings, whereas the fourth one seems to do nothing.
    So, Sonic's first walking animation looks like this in a hex editor:
    04 00 80 07
    $11D3- This is where Tails' animations start. See above on how the game loads the animations.
    $45D0- Allows the player to "stick" to slopes, but he can't jump.
    $5A18-$5A1E Intro Data (Collision and art specifically.)There's always a null
    byte before each byte of data.The first three bytes determine
    what mappings are to be drawn, and the next byte loads the collision. Changing this byte will result in the
    death of Sonic, and the intro sequence ends only if 1/2 buttons are pressed.
    </div>
    These older notes are inaccurate, please read the newer ones. :v:
     
  2. Espilonarge

    Espilonarge

    Member
    38
    0
    6
    Just to note, Tile Layer Pro can view some sprites, namely Sonic and Tails, but other things like enemies/bosses and objects (rings, monitors, etc) are all compressed. Sonic Team didn't make it easy on SMS hacking Sonic games, that's for sure.
     
  3. nineko

    nineko

    I am the Holy Cat Tech Member
    6,369
    524
    93
    italy
    Also Aspect_Edit.

    Nice to see that the 8-bit titles are getting more love.
     
  4. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    Time for a brief update. Though later on today, I'll be adding more so expect this post to be edited.
    Edit: Added the Demo header format. Told you I'd edit this post. xP Also added, HUD layout. Also I'll be releasing my disassembly sometime soon.

    Code (Text):
    1. $8D0-$AC0 Level Select Text
    2. $AF6-$C28 Sound Test Text both are in ASCII.
    3. $2499- Initiate Port 1 (Joypad Port)
    4. $24A9- Controls Sonic/Tails in Demos.
    5. $2BD6- Demo Time, Word. determines how long a demo should play. The lower the value, the shorter
    6. the demo.
    7. $2C72- This is where the demo headers start. This is the format and the first demo header:
    8. Level Bank Control Sequence Pointer
    9. $02,&nbsp;&nbsp;$1F, $00, $94
    10. $29C4- HUD Layout each icon has four lines of three bytes. Format is as follows (Note this is the Life Icon
    11. layout, and is the first one in the array):
    12. hpos vpos char
    13. $10, $28, $2E&nbsp;&nbsp;
    14. $10, $20, $34
    15. $10, $10, $48
    16. $10, $18, $4A
    17. So if you like having the life icon in the bottom left hand corner like the previous games, you would change
    18. the horizontal postion to $AF, as that's the position on screen the life icon is located at in the older games.
    19. It's as simple as that.
    Hopefully my notes help a bit for now. :v:
     
  5. MarkeyJester

    MarkeyJester

    Original, No substitute Resident Jester
    2,250
    510
    93
    Japan
    While I don't have much interest in SMS/GG games, I find it great that you're doing this general research with them and documenting the details. Knowledge is power as they say. Keep up the great work though if no-one else will =P
     
  6. Skeledroid

    Skeledroid

    Member
    227
    0
    0
    Hivebrain posted this a few years back:

     
  7. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    Well that would certainly help people using Aspect Edit, I didn't know about his notes. :v: Well in that case, later on today I'll post where the music starts and then work on my disassembly until it's ready for a release. (Which should be soon since I've been identifying and labeling things non stop. ^_^) Also shouldn't the notes be on the wiki?
     
  8. nineko

    nineko

    I am the Holy Cat Tech Member
    6,369
    524
    93
    italy
    In case you need a nudge in the right direction, I documented that on October 8th, 2009, though I didn't bother to look for all the songs, so I only know where the music data starts:
    Sonic Chaos (1.0 gg): 91B7
    Sonic Chaos (1.2 sms): 9169
    From there, all the songs follow. I think they are in the same order as the sound test. To locate them, just look for FD 49 (in the 1.2 sms version) or 4B 4A (in the 1.0 gg version). Them all should start with that.

    Trivia: the 1.0 game gear version is dated 1993/09/01 internally, while the 1.2 master system version is dated 1993/08/03 internally. I wonder why they gave them backwards version numbers.
     
  9. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    Whoops I meant not exactly where their data starts, but the offsets that determine which song to play in which act. ^^' Since you didn't document all their data, if you don't mind could I expand upon what you've found? Anyway, they start at offset $18BA and end at $18E0. Also didn't the GG prerelease have a weird version number too? I remember the thread you posted a few months back about SMS Power!'s release of that version and I believe it was Evilhamwizard that pointed it out.
     
  10. Glaber

    Glaber

    Has Beaten Sonic Genesis for GBA Oldbie
    seeing that the game gear version and the SMS version have different pointers, I'm wondering what all the Game Gear ones are. (Want's to hack the Game gear version, not the SMS version)
     
  11. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    Well, I just started to hack the Game Gear version too. :) So I'll change the name of this topic to a general Sonic Chaos hacking thread. :v: It shouldn't take too long to find the GG offsets, since I've disassembled that too I'll compare. But I will say this, I won't have any time to work on this tomorrow, until late (after 1:00 a.m. CST) but I usually hack late anyways and I'm already comparing offsets so you might see an edit (since I don't like double posting.) Edit: the level music for the GG version starts at $18ED to $1922, sorry I forgot to post that. :v: Edit 2: Might as well add the ASCII text location for the Level Select screen and Credits:
    Code (Text):
    1. The ASCII text in the Game Gear version is located here:
    2. Level Select: $980-$B00
    3. Sound Test:&nbsp;&nbsp;$B30 "Sound Test" text $850 "Sound Select" text
    4. Credits: $6A8B9-$6AABB
     
  12. nineko

    nineko

    I am the Holy Cat Tech Member
    6,369
    524
    93
    italy
    lol sure why should I mind? It's not like I "own" Sonic Chaos music hacking :v:
    Besides, as I said, I did a terribly incomplete job, documenting the start of the song data but not the start of the individual songs because I was lazy. Maybe I will do that later today though. I would be glad to help with this since I think the 8-bit games deserve more love.

    edit:

    For the sake of it, these are the locations of all the songs AND sound effects in the Master System version 1.2:<div class='codetop'>CODE</div><div class='codemain' style='height:200px;white-space:pre;overflow:auto'>81 9169
    82 963F
    83 9793
    84 9CE8
    85 9EB2
    86 9F7A
    87 A005
    88 A0A5
    89 A152
    8A A1E1
    8B A23D
    8C A948
    8D AF69
    8E B634
    8F B6C4
    90 B8EB
    91 BEF6
    92 C3DD
    93 C8B6
    94 CFDD
    95 D206
    96 D7DC
    97 D881
    98 D91C
    99 D991
    9A DBCA
    9B DE54
    9C DE6E
    9D DE88
    9E DEA2
    9F DEBC
    A0 DED6 <-- sound effects start here
    A1 DF05
    A2 DF1B
    A3 DF42
    A4 DF6D
    A5 DFAC
    A6 DFC4
    A7 DFF5
    A8 E00B
    A9 E04B
    AA E079
    AB E08C
    AC E0A5
    AD E0D4
    AE E0EC
    AF E10F
    B0 E132
    B1 E150
    B2 E16B
    B3 E193
    B4 E1B9
    B5 E1E1
    B6 E1FC
    B7 E22E
    B8 E24C
    B9 E267
    BA E29B
    BB E2DD
    BC E30D
    BD E330
    BE E358
    BF E376
    C0 E391
    C1 E3B4
    C2 E3CC
    C3 E40C
    C4 E434</div>And these are the locations of all the songs AND sound effects in the Game Gear version 1.0:<div class='codetop'>CODE</div><div class='codemain' style='height:200px;white-space:pre;overflow:auto'>81 91B7
    82 975F
    83 985D
    84 9DB2
    85 9F7C
    86 A044
    87 A0CF
    88 A16F
    89 A21C
    8A A2AB
    8B A307
    8C AA12
    8D B033
    8E B6FE
    8F B78E
    90 B9B5
    91 BFC0
    92 C4B4
    93 C98D
    94 D0F9
    95 D322
    96 D8F6
    97 D99B
    98 DA36
    99 DAAB
    9A DCE4
    9B DF6E
    9C E52D
    9D EBCC
    9E ECF4
    9F F16F
    A0 F2BF <-- sound effects start here
    A1 F2EE
    A2 F304
    A3 F32B
    A4 F356
    A5 F395
    A6 F3AD
    A7 F3DE
    A8 F3F4
    A9 F434
    AA F462
    AB F475
    AC F48E
    AD F4BD
    AE F4D5
    AF F4F8
    B0 F51B
    B1 F539
    B2 F554
    B3 F57C
    B4 F5A2
    B5 F5CA
    B6 F5E5
    B7 F617
    B8 F635
    B9 F650
    BA F684
    BB F6C6
    BC F6F6
    BD F719
    BE F741
    BF F75F
    C0 F77A
    C1 F79D
    C2 F7B5
    C3 F7F5
    C4 F81D</div>Song numbers are as per sound test order; after the last sound effect there is a streak of FFs (in both versions), probably padding. There seems to be some differences in the songs between the two versions.

    And a handy RAR file with all the songs extracted from both versions.
     
  13. ICEknight

    ICEknight

    Researcher Researcher
    At the risk of being slightly off-topic, is there any reason why the songs start at "81" precisely? I remember that happening in Sonic 1 MD as well.
     
  14. nineko

    nineko

    I am the Holy Cat Tech Member
    6,369
    524
    93
    italy
    I started this: SCHG:Sonic Chaos/sandbox

    I think we should wait for Ravenfreak before we start the proper SCHG page though. Also I didn't feel like labeling the sound effects :U
     
  15. Overlord

    Overlord

    Now playable in Smash Bros Ultimate Moderator
    19,484
    1,091
    93
    Long-term happiness
    It's slap-bang in the middle of the range from 01 to FF (assuming 00 is left blank and ununsed) - might be a factor in some way?
     
  16. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    So I started comparing tonight, and noticed something. Some things are located at the same offset. This is my very small list of things that are similar, but I'll add more later.
    Code (Text):
    1. $10000 Art - Sonic
    2. $399A0 Art - monitors
    3. $2FD00 Art - smoke puff from monitor/enemy
    4. Level layout for THZ1, THZ2 starts at the same locations in both games. ($48000 and $48BA9)
    Also thank you nineko for creating the wiki page, even if it's a WIP. :D I have to admit, I suck at editing the wiki, except for making minor edits. :v:
     
  17. Liliam

    Liliam

    Oldbie
    1,563
    117
    43
    Evidently it has to do with the msb needing to be set to 1 for some reason. I think it was saxman who figured out the reason for the continue code glitch in Sonic 2, and as it turned out the msb was set to 0 when referencing the Oil Ocean track (04 instead of 84), which caused the game to play nothing but the Oil Ocean music until it was reset.

    EDIT: To clarify, there are only 128 true music slots, 00-7F are duplicates of 80-FF, the most significant bit (value 128) is used as a flag, and needs to be set when referencing the slot for reasons I don't know.
     
  18. FraGag

    FraGag

    Tech Member
    Actually, it's when the game is trying to play the continue jingle that the msb is not set, which causes the previous track to keep playing until reset. The problem is that the 68000 told the Z80 to play sound $3F, but the Z80 ignores it because it's < $80. However, the value is never cleared, so it keeps seeing the $3F and skipping it. The 68000 waits until this value is cleared before sending another value to the Z80, so the Z80 never starts playing a new song.

    00-7F aren't really duplicates of 80-FF, because the sound driver explicitly checks that the values are >= $80. No idea why it's that way though; it's certainly possible to use the full 00-FF range.
     
  19. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    So some of Hivebrain's notes are inaccurate. $38000 is where the collision data starts. It determines to where to use solid tiles and adds 7 after each entry, though I'm not exactly sure why it does that. (Perhaps for compression/decompression?) This is the same in both versions btw. Here are the id #'s of each tile:
    Code (Text):
    1. $82- Solid
    2. $83- Not Solid
    3. $84- Behaves like springs (Spring Collision?)
    4. $85- Seems to do nothing, but shifts the level down a few pixels after the player dies
    5. $86, $87- Similar to $82
    Also the compressed art for the Motobug in THZ is located at the same offset in both versions $25AB0, but the HUD numbers and Km/H compressed art is located at $1F7C0 in the Game Gear version.
     
  20. Ravenfreak

    Ravenfreak

    Feeling festive this year Tech Member
    3,171
    248
    43
    O'Fallon Mo
    Hacking Sonic Drift
    I've found out where the Level headers start. Here are my notes:
    Code (Text):
    1. $5082-$52F9 Level Headers these store the mappings for each level, as well as layout data, and character
    2. start positions. Each two bytes store the pointers for each level's 32x32 mappings. They are bellow:
    3. $5082- THZ
    4. $5084- GH
    5. $5086- SEZ
    6. $5088- MGHZ
    7. $508A- APZ
    8. $508C- EEZ
    9. Level Layouts for each Zone/Act start at $50A8 and end at $50C4.
    10. In the GG version, the Level Headers start at $5139 and end at $53B0. The 32x32 mappings are bellow:
    11. $5139- THZ
    12. $513B- GH
    13. $513D- SEZ
    14. $513F- MGHZ
    15. $5141- APZ
    16. $5143- EEZ
    17. Level Layouts for each Zone/Act start at $515B.
     
Thread Status:
Not open for further replies.