Sonic Generations 3DS Hacking

Linking the decomp at the top here so anyone interested in helping can do so: https://github.com/IsoKilo/sonic-gens3ds-decomp

This is just gonna be kind of an exploration thread, I don't really have any intentions of making mods for Gens 3DS, just researching it.
I'll just start by saying, this game is a pain in the ass to extract. It uses 4 or 5 different archive formats all throughout.
I start with HackingToolkit9DS to extract the .3ds ROM. From here, we use CriPakTools to extract ExtractedRomFS/TARGET.cpk which contains the bulk of the game's content. And from there we use AMBExtract for .amb archives, since it's developed by Dimps. Then we also have some cases of .ctpk and .arc archives, So we need ctpktool and Kuriimu 2. And of course, sound uses its own archive format, so we need VGM Toolbox. When did games get so complicated, guys?
Now we should have most of our files. For the most part, their files have the prefix of bc, so I'll list all of the bc file types

• bcfnt - A font file. The game actually doesn't use this, the only font file in the ROM is an unused debug font. Text in Gens 3DS is built by mapping sprites. This can also be opened with Kuriimu 2.
  
• bcenv - I can't actually seem to find much on this format. Most results are about British Columbia's air quality. But if I had to guess, it's definitions for the world environment, i.e fog distance or something like that. We'll have to look into it.
• bcres - An object resource file, it's a container for models, textures, and animations. This is opened with Ohana3DS Rebirth. Kind of a pain to extract these because Ohana can only export animations in Source Film Maker's format, but I'm sure that data can be exported with other tools.
• bcmdl - Similar to bcres, but it only contains a model. The only file that is this type is SkySphere.bcmdl which is unused and displays the world axis for testing.
  
• bclim - UI texture. Can be opened with Kuriimu 2
  
• bclyt - UI mapping. Oddly, this can't be opened with Kuriimu 2, but it can be opened with it's predecessor, Kuriimu and it's Kukkii tool.
• bclan - UI animation. Seems that nothing can open this right now.
  
• bcwav - Sound file. To convert it to regular .wav we need to use Every File Explorer.

As for other miscellaneous files we've got

• mg - A text format of sort, and looks relatively simple to crack even for a pea brain like me.
• ayk - I'm really not sure what this is, absolutely 0 results anywhere. And there's only 2 files in the whole game in this format. They pertain to demos, which is this game's term for cutscenes.
• bprm - I believe this to be spawn locations for the player, along with other definitions.
• adx - Standard Cri audio format. Can also be opened with VGMToolkit

Now let's talk about interesting finds
This is stuff I documented on TCRF while going under a different name 2 years ago. But there's a whole unused archive for the UI in LAYOUT_X/TEST_LYT.amb. Which has 2 files
1ST_02_U_00.ARC

The sprites are labelled sgage, which gives me the impression that this is an early boost gauge.
Then there's TEXTTEST.arc which contants this sprite called modoru which just says "return"

And an early pause screen

Final for reference:

TEXTTEST.arc also contains SVN information. In all-wcprops there's a path which may imply that Gens 3DS' source folder was called Diana?

Could also be pulled from another game entirely, I suppose.

Edit: In hindsight with the root being disvn, I think diana actually means Dimps Anniversary, as in Dimps version of Sonic Anniversary.

And then entries has Dimps' SVN IP, the time it was accessed, and the name of who accessed it:

I tried pinging this, but it timed out, and tried logging into it via SVN with no luck. Pretty sure it would've been a cyber crime if that got anywhere, though, sooo.
Moving on from 2022's discoveries, I had brought this up in the other knowledge thread last month. But Bio Lizard has some unused models which contains spawn points for its eggs, and spline points for its rails:


Lastly in terms of discoveries, Gens 3DS uses a chunk system like the classic games, and if you export the chunk models, and import them all into Blender with no positional offset, they create something of a chunk palette.

Granted, not all chunks are necessarily the same size like the classics. But the concept's still there. And this should provide some sort of starting point in figuring out the map format.

And as a side note, animations might be a problem for anyone wanting to rip them for mods or remakes. For some reason, player animations explode in Ohana 3DS:

I think this is due to some shenanigans with the model's root skeleton but I'm not sure.
I'll keep this thread updated on any interesting finds or advancements. My first goal's to probably crack the mg format or the level map format.

 

So fish made this game

 

So I don't have a Japanese copy of Sonic Generations 3DS nor can I find any playthroughs of it online so I'm unsure if this is used or unused. But I found this copyright warning that seemingly would have displayed before the Sega/Sonic Team logo.

According to Google Translate, it reads as such

At the very least this is unused in the US and European versions, because, well, it's in Japanese.
Or maybe it's an anti-piracy measure that triggers it? Not sure. It's neat to find either way.

Similarly, and in the same archive even (LAYOUT_X/TITLE_LYT.amb/LOGO_U_00.ARC), there's an ESRB splash that I can confirm is unused.

 

Awesome, thanks for finding that, while I'm at it, this graphic saying demo is still present in the title screen assets from E3:

It's called txt_demo_02. txt_demo_01 was deleted, but more than likely it was the black dropshadow from the E3 version since we can see is there:

Most text with dropshadows are 2 separate sprites for reference, though for the most part it's pretty unnecessary, so not sure what Dimps was thinking with that.

 

I have no doubt that some part of this is built off Sonic 4. As my initial post states, it uses the same AMB archive format used by Sonic 4, and the file system looks pretty close.

How much of it is actually Sonic 4 is hard to say without getting into the code... Which I wouldn't even know where to start on a disassembly.

And here, more E3 menu assets:


I'm kind of convinced at this rate with how much E3 content was left over that there's a flag to just enable demo mode. I'd like to find that!

Edit, while seeing if I could dig through the ROM to enable a demo flag (Looking at code.bin which was extracted from Hacking Toolkit 9DS) I found this tool which can supposedly convert a code.bin extract into a .elf. A Gens 3DS decomp might actually be feasible, guys.

 

The ELF tool worked out. I ran it through IDA, and now we can start work on decomping. First thing I got was the source code file list:

Spoiler: 244 File Names

Code (Text):

1. src/objTerrainObj.cpp
2. library/CTRFramework/amUtility.cpp
3. src/gmGmkBar.cpp
4. src/gmEneKiki.cpp
5. src/gmFarBgZ1.cpp
6. src/gmFarBgZ2.cpp
7. src/gmFarBgZ3.cpp
8. src/gmFarBgZ4.cpp
9. src/gmFarBgZ5.cpp
10. src/gmFarBgZ6.cpp
11. src/gmFarBgZ7.cpp
12. src/gmGmkFish.cpp
13. src/gmGmkFlap.cpp
14. src/gmGmkGoal.cpp
15. src/gmGmkGull.cpp
16. src/gmGmkJack.cpp
17. src/gmGmkLand.cpp
18. src/gmGmkOrcaMove.cpp
19. src/gmGmkRock.cpp
20. src/gmGmkSlot.cpp
21. src/Boss/gmBossStartup.cpp
22. src/Boss/FinalBoss/gmFBMain.cpp
23. src/gmEneHidun.cpp
24. src/gmEneSweep.cpp
25. src/gmGmkCorkScrew.cpp
26. src/gmGmkDepthCtrl.cpp
27. src/gmGmkPrism.cpp
28. src/gmGmkSPipe.cpp
29. src/gmEneBeeton.cpp
30. src/gmEneMeleon.cpp
31. src/gmEneMotora.cpp
32. src/gmEneTefutefu.cpp
33. src/gmEneTonber.cpp
34. src/gmFarBgZ3_2.cpp
35. src/gmGmkAirFan.cpp
36. src/gmGmkBridge.cpp
37. src/gmGmkBubble.cpp
38. src/gmGmkBumper.cpp
39. src/gmGmkNeedle.cpp
40. src/gmGmkPulley.cpp
41. src/gmGmkRocket.cpp
42. src/gmGmkRoller.cpp
43. src/gmGmkSpring.cpp
44. src/gmGmkSwitch.cpp
45. src/gmGmkUpReel.cpp
46. src/gsLayout.cpp
47. src/gsSaveData.cpp
48. src/gsSound.cpp
49. library/CTRFramework/amCriADX2.cpp
50. src/gmMap.cpp
51. src/dmScriptAyks.cpp
52. src/dmScriptMsg.cpp
53. src/gmEneEggpawn.cpp
54. src/gmEneFlapper.cpp
55. src/gmEneGuardon.cpp
56. src/gmEneKureagen.cpp
57. src/gmEneSpinner.cpp
58. src/GmGmkBalloon.cpp
59. src/gmGmkDTarget.cpp
60. src/gmGmkDolphin.cpp
61. src/gmGmkFlipper.cpp
62. src/gmGmkItemBox.cpp
63. src/gmGmkKeepOut.cpp
64. src/gmGmkSliding.cpp
65. src/gmGmkTerrain.cpp
66. src/gmGmkWallRun.cpp
67. src/gmGmkWaterArea.cpp
68. src/gmGmkWispBox.cpp
69. src/gmGmkWoodBox.cpp
70. src/ssMain.cpp
71. src/objTask.cpp
72. src/gmEneBatabata.cpp
73. src/gmEneEggpawnY.cpp
74. src/gmEneGanigani.cpp
75. src/gmEneMogumogu.cpp
76. src/gmEneRenotank.cpp
77. src/gmGmkBurnWall.cpp
78. src/gmGmkDashRing.cpp
79. src/gmGmkEggTotem.cpp
80. src/gmGmkElevator.cpp
81. src/gmGmkSign.cpp
82. src/gmGmkMushJump.cpp
83. src/gmGmkMushWall.cpp
84. src/gmGmkNeonLand.cpp
85. src/gmGmkOrcaJump.cpp
86. src/gmGmkTimeHole.cpp
87. src/gmGmkWaterGun.cpp
88. src/gmGmkWaterJet.cpp
89. src/gsNetMatch.cpp
90. src/gmEffect.cpp
91. src/gmEneBlueeagle.cpp
92. src/gmEneGunhunter.cpp
93. src/gmGmkBEDSearch.cpp
94. src/gmGmkBreakLand.cpp
95. src/gmGmkBreakPier.cpp
96. src/gmGmkClpsTotem.cpp
97. src/gmGmkDashPanel.cpp
98. src/gmGmkFireTotem.cpp
99. src/gmGmkJumpStand.cpp
100. src/gmGmkPointCage.cpp
101. src/gmGmkPropeller.cpp
102. src/gmGmkPushFloor.cpp
103. src/gmGmkWaterFlow.cpp
104. src/gmGmkWaterLand.cpp
105. src/gmMissionParam.cpp
106. src/gmPlyEffect.cpp
107. src/dmScriptCredit.cpp
108. src/gmEneMonobeetle.cpp
109. src/gmGmkLaserTotem.cpp
110. src/gmGmkMushWeight.cpp
111. src/gmGmkPoleMoveLR.cpp
112. src/gmGmkPoleMoveUD.cpp
113. src/gmGmkSpringPole.cpp
114. src/gmGmkWaterWheel.cpp
115. src/gmGmkZ1Special1.cpp
116. src/gmGmkZ2Special1.cpp
117. src/gmGmkZ3Special1.cpp
118. src/gmGmkZ4Special1.cpp
119. src/gmGmkAirShip.cpp
120. src/gmGmkBigEggDiver.cpp
121. src/gmGmkZ7Special1.cpp
122. src/gmGmkZ7Special2.cpp
123. src/gmRaceManager.cpp
124. src/gmGmkArrivePoint.cpp
125. src/gmGmkBombBalloon.cpp
126. src/gmGmkBreakPillar.cpp
127. src/gmGmkPsychoSmash.cpp
128. src/gmGmkMissionWall.cpp
129. src/gmGmkPointMarker.cpp
130. src/gmGmkSpecifyArea.cpp
131. src/gmGmkSpringLayer.cpp
132. src/gmGmkVineStretch.cpp
133. src/gmGmkVineTwisted.cpp
134. src/gmGmkWaterSlider.cpp
135. src/gmGmkWaterStream.cpp
136. src/gmResult.cpp
137. src/gmGmkBEDBlockWall.cpp
138. src/gmGmkBEDBreakWall.cpp
139. src/gmGmkBeltConveyor.cpp
140. src/gmGmkChargeSpring.cpp
141. src/gmGmkElevatorBody.cpp
142. src/gmGmkNumberSpring.cpp
143. src/gmDecoEffect.cpp
144. src/gmGmkDashRingLayer.cpp
145. src/gmGmkSpikeIronBall.cpp
146. library/CTRFramework/amCriFS.cpp
147. src/gmEneEggpawnWelcome.cpp
148. src/gmGmkWaterGenerator.cpp
149. src/gmGmkBurningCatapult.cpp
150. src/GmGmkZ7SpecialMeteor.cpp
151. src/scCollectModelMenu.cpp
152. ty.cpp
153. Job.cpp
154. src/gsMiiUtility.cpp
155. CallContext.cpp
156. DOCallContext.cpp
157. SystemComponent.cpp
158. src/Network/CNetwork.cpp
159. src/ssEmerald.cpp
160. src/gsGameData.cpp
161. src/dmObject.cpp
162. src/dmObjScnMgr.cpp
163. src/gsMiiRender.cpp
164. src/Network/Cec/CCecControl.cpp
165. src/scWhiteMapMenu.cpp
166. k.cpp
167. src/gmDeco.cpp
168. src/lytHelp.cpp
169. src/scCecLoglistMenu.cpp
170. src/scGlobalMatch.cpp
171. src/lytPauseManual.cpp
172. src/lytCollectLower.cpp
173. src/scProfCardListMenu.cpp
174. src/lytEndCredit.cpp
175. src/gmGmkSpecifyAreaManager.cpp
176. rd.cpp
177. ager.cpp
178. nager.cpp
179. src/gmBoss01Stage.cpp
180. gManager.cpp
181. src/Boss/EggEmperor/gmCannon.cpp
182. SystemError.cpp
183. SessionDDL.cpp
184. FetchContext.cpp
185. SessionClock.cpp
186. library/CTRFramework/amMalloc.cpp
187. ibrary/CTRFramework/amCmdList.cpp
188. m.cpp
189. t.cpp
190. src/ssGimmick.cpp
191. library/CTRFramework/amCamera.cpp
192. src/Boss/FinalBoss/gmFBCamera.cpp
193. er.cpp
194. src/tdsRes.cpp
195. DuplicatedObject.cpp
196. Result.cpp
197. ObjectThreadRoot.cpp
198. Selection.cpp
199. RMCContext.cpp
200. MethodIDGenerator.cpp
201. Buffer.cpp
202. src/lytCtr.cpp
203. src/gmCamera.cpp
204. Session.cpp
205. src/scWhiteMapResource.cpp
206. src/Boss/FinalBoss/gmFBEffect.cpp
207. src/gmFarBg.cpp
208. src/objObject.cpp
209. src/gmPly.cpp
210. Scheduler.cpp
211. lloc.cpp
212. src/objCollision.cpp
213. src/objRes.cpp
214. src/mnCommonLayout.cpp
215. library/CTRFramework/amLayout.cpp
216. src/gmGmkLensFlare.cpp
217. rapper.cpp
218. apper.cpp
219. src/dmScriptVM.cpp
220. src/gmSceneEnvironment.cpp
221. InstanceTable.cpp
222. PRUDPEndPoint.cpp
223. ObjDupProtocol.cpp
224. MigrationContext.cpp
225. SessionClockDDL.cpp
226. InstantiationContext.cpp
227. PromotionRefereeDDL.cpp
228. Chrono.cpp
229. Station.cpp
230. src/ssBg.cpp
231. src/ssMap.cpp
232. src/lytRes.cpp
233. src/Boss/FinalBoss/gmFBPly.cpp
234. src/ssGmkMng.cpp
235. src/ssPly.cpp
236. EventHandler.cpp
237. library/CTRFramework/amMain.cpp
238. library/CTRFramework/amTp.cpp
239. library/CTRFramework/amPad.cpp
240. library/CTRFramework/amTast.cpp
241. raw.cpp
242. tem.cpp
243. library/CTRFramework/amShadow.cpp
244. en.cpp

(Note this is just the C++ files, there's probably more)
Gens 3DS PC is so fucking happening bros.
Also threw my disassembly up on GitHub for anyone who wants to contribute in decompiling with me!

 

Huh? I mean of course it is. it would have the be in the game data to be played by the Big Arms Boss, so I'm not sure why you're asking this? Or are you talking about something else? I guess if you wanted to know it's file path it's SOUND/BGM_3DSanniv.acb/BGM_BB1.adx

Edit: I'm stupid, you meant the E3 version. As far as I can tell no. That's been removed from the game.

 

I don't really see much of a reason for the source paths to be added to TCRF, that's just the game's actual code and not something that was really cut. But alrighty.

 

Oh that's just built into the game, if you select a mission it'll tell you what bonus it unlocked:


By the way I just wanted to note that my C++ list is incomplete, seems that some files managed slip by IDA during my initial scan. Please refer to the decomp later today because I'll be adding all the files later today going through a bit more thoroughly.
Got another full path though:

Code (Text):

1. E:\DIANA\Trunk\Program\Game\library\CTRFramework\amDraw2DPrim.h

Also I'm now realizing that some of the 1-3 letter files might not actually be files but rather paths that got cut off from IDA being weird, for example:

 

I'm still kind of figuring out the process of reverse engineering as I go since I've really only done Mega Drive stuff for the longest time. All I got is the game's binary executable converted into an ELF and I've ran it through IDA. There's a lot if not all the source code file names, but idk about debug symbols. There's nothing that looks like variable names as far as I can tell. So I'm hoping those with more knowledge than me on ARM assembly can help out on this.