Sonic Fighters Hacking

Discussion in 'Engineering & Reverse Engineering' started by Andrew75, Dec 2, 2012.

  1. biggestsonicfan


    Model2wannaB Oldbie
    Formerly Sonic the Fighters
    In a collaborative effort between myself and @RyogaMasaki, we have found some DIP switch settings which work in conjunction with some debug mode flags.

    The beginning of inputs for Model2 games begins in the area of memory located at 0x01c00000 and in ElSemi's emulator is defined as the IOBASE. ElSemi's emulator also allows reading of memory at this address, however, fails it write to it. The last byte of a DWORD at 0x1c0000c is where the flags for the DIP switch settings are stored in memory. By default, they are set to 1, and thus the byte value here is 0xFF.

    In a combination of having the 15th bit set and the 9th bit cleared at the debug mode address 0x508000 and having DIP switch 0 set on the board, this will enable a debug information display in the game as seen here:


    However, since ElSemi's emulator does not support DIP switches, a workaround had to be made that effectively removes the need for the DIP switch to be set in order to work.

    A side effect from this discovery is that if the debug mode value has bit 15 set and the 9th bit is not cleared, this removes all foreground 2D textures (such as the PRESS START BUTTON and health bar hud) from being drawn to the screen.

    The most up to date cheat script as of this post is located here for anyone to freely mess around with.

    I hope I didn't mess up any information here as I am trying to represent it as accurately as possible.