Sonic Mania: Hacking Discussion

Discussion in 'Engineering & Reverse Engineering' started by Chimera, Aug 29, 2017.

  1. Dark Sonic

    Dark Sonic

    Member
    12,857
    299
    63
    Working on my art!
    ERZGunner
    ERZKing
    ERZMystic
    ERZOutro
    ERZRider
    ERZSetup
    ERZShinobi
    ERZStart

    Some kinda HBH rush? What could ERZ stand for? Eggrobo zone?
     
  2. Aerosol

    Aerosol

    FML and FU2 Moderator
    10,616
    79
    28
    Not where I want to be.
    Sonic (?): Coming summer of 2055...?
    See this is what I meant in the Mania thread.

    There's no reason insta-shield and drop dash couldn't be mapped to the same input. As I said then, tap to flash, hold to dash.

    At worst, you'll insta-shield and never use it for anything useful when trying to drop dash, at best you raise the skill ceiling for players that can use the insta-shield properly.
     
  3. flarn2006

    flarn2006

    Member
    277
    3
    18
    SA2 Cheat Table
    Egg Reverie?

    Why not just release the entire RSDK for modders to play with, under a license that limits its use to only the stuff they're okay with. While most people just ignore license agreements, those are the people who would end up just using it for what they're supposed to (like making mods) anyway.
     
  4. sparkpinretro

    sparkpinretro

    Twice the tails, double the fun Member
    13
    0
    1
    Taxman probably wants to keep his engine for potential licensees, so giving away the SDK would defeat the purpose.
     
  5. Dark Sonic

    Dark Sonic

    Member
    12,857
    299
    63
    Working on my art!
    ^ Well now that it's an actual development tool and not just a fan hacking thing it's probably partially at SEGA's discretion. If they wanted to release tools they would, but seeing as how they put that shitty DRM in effect they don't seem that eager to do that.

    I think it's not that SEGA is ok with modding and more that they don't care. They won't stop you, but you're going to have to put work into it to figure out a way to do it. But hey we've figured it out for virtually every other PC Sonic game, why would this one be any different (and I'd like to imagine given the nature of this game it'll be simpler to figure out, we've already made good progress in a week).

    Ah, crap, how'd I forget that. Still weird that all the Heavies are there though

    Why are all the original zone names so fucking weird in this game?
     
  6. McAleeCh

    McAleeCh

    Oldbie
    1,004
    26
    28
    Much obliged - the remaining boss names stood out pretty easily. That's also confirmed the Juggle Saw name for the crab badnik, though the capitalisation suggests it's probably two words. The other names will take a little more hunting - for example, I have a hunch that "Tubinaut" is almost certainly the Orbinaut-like badnik from Studiopolis, but unlike the boss names where it was obvious what went with what I'd need to confirm this somehow before updating the wiki again.

    It also gives a proper name for the unused Rock/Paper/Scissors boss in Studiopolis - Egg Janken. Since it seems to have an object, I wonder if it's possible to spawn a functional version? Would be great to see how it functioned, not to mention the correct assembly for the sprite art...! = P

    Also of note - Knuckles' Mirage Saloon boss has its own name; DB Tower, almost certainly "Dangerous Ball Tower" in full, the same name given to the identical boss in Sonic Chaos. Given that it's also functionally different to the version Sonic & Tails fight, it should probably be split into its own entry in the boss list and added to the existing Dangerous Ball Tower page. Not finished Knuckles' game yet so can't backtrack to it, but once I have I'll screenshot and update it accordingly if nobody else already has.

    On that note, it's amazing how many Sonic 1/2/3&K enemies are listed among the object list. I'm guessing they all inhabited Blueprint Zone when it was still a thing. Wonder if it's possible to spawn functional versions of the ones which don't currently appear in-game?

    Their graphics are all stored in with Egg Reverie's sprite art and all labelled "Phantom King" - I'm guessing at one point they were part of the Egg Reverie boss rather than Titanic Monarch's.
     
  7. EyeKey

    EyeKey

    Member
    29
    0
    0
    As a reminder, here here is a full list of all the zones (if you aren't sure what some 3 letters stand for)
    Presentation:
    Logos/Scene1.bin (Logos)
    Title/Scene1.bin (Title Screen)
    Menu/Scene1.bin (Menu)
    Thanks/Scene1.bin (Thanks For Playing)
    LSelect/Scene1.bin (Level Select)
    Credits/Scene1.bin (Credits)
    Ending/SceneC.bin (Continue)

    Media Demo:
    GHZ/Scene1.bin (Green Hill Zone 1)
    SPZ1/Scene1d.bin (Studiopolis Zone 1)

    Mania Mode:
    GHZ/Scene1.bin (Green Hill Zone 1)
    GHZ/Scene2.bin (2)
    CPZ/Scene1.bin (Chemical Plant Zone 1)
    CPZ/Scene2.bin (2)
    SPZ1/Scene1.bin (Studiopolis Zone 1)
    SPZ2/Scene1.bin (2)
    FBZ/Scene1.bin (Flying Battery Zone 1)
    FBZ/Scene2.bin (2)
    PSZ1/Scene1.bin (Press Garden Zone 1)
    PSZ2/Scene2.bin (2)
    SSZ1/Scene1.bin (Stardust Speedway Zone 1)
    SSZ2/Scene1.bin (2)
    SSZ2/Scene2.bin (2M)
    HCZ/Scene1.bin (Hydrocity Zone 1)
    HCZ/Scene2.bin (2)
    MSZ/Scene1.bin (Mirage Saloon Zone 1)
    MSZ/Scene1k.bin (1K)
    MSZ/Scene2.bin (2)
    OOZ1/Scene1.bin (Oil Ocean Zone 1)
    OOZ2/Scene2.bin (2)
    LRZ1/Scene1.bin (Lava Reef Zone 1)
    LRZ2/Scene1.bin (2)
    LRZ3/Scene1.bin (3)
    MMZ/Scene1.bin (Metallic Madness Zone 1)
    MMZ/Scene2.bin (2)
    TMZ1/Scene1.bin (Titanic Monarch Zone 1)
    TMZ2/Scene1.bin (2)
    TMZ3/Scene1.bin (3)
    ERZ/Scene1.bin (Egg Reverie Zone)

    Special Stage:
    UFO1/Scene1.bin (Special Stage 1)
    UFO2/Scene1.bin (2)
    UFO3/Scene1.bin (3)
    UFO4/Scene1.bin (4)
    UFO5/Scene1.bin (5)
    UFO6/Scene1.bin (6)
    UFO7/Scene1.bin (7)

    Blue Spheres:
    SpecialBS/Scene1.bin (Blue Spheres 1)
    SpecialBS/Scene2.bin (2)
    SpecialBS/Scene3.bin (3)
    SpecialBS/Scene4.bin (4)
    SpecialBS/Scene5.bin (5)
    SpecialBS/Scene6.bin (6)
    SpecialBS/Scene7.bin (7)
    SpecialBS/Scene8.bin (8)
    SpecialBS/Scene9.bin (9)
    SpecialBS/Scene10.bin (10)
    SpecialBS/Scene11.bin (11)
    SpecialBS/Scene12.bin (12)
    SpecialBS/Scene13.bin (13)
    SpecialBS/Scene14.bin (14)
    SpecialBS/Scene15.bin (15)
    SpecialBS/Scene16.bin (16)
    SpecialBS/Scene17.bin (17)
    SpecialBS/Scene18.bin (18)
    SpecialBS/Scene19.bin (19)
    SpecialBS/Scene20.bin (20)
    SpecialBS/Scene21.bin (21)
    SpecialBS/Scene22.bin (22)
    SpecialBS/Scene23.bin (23)
    SpecialBS/Scene24.bin (24)
    SpecialBS/Scene25.bin (25)
    SpecialBS/Scene26.bin (26)
    SpecialBS/Scene27.bin (27)
    SpecialBS/Scene28.bin (28)
    SpecialBS/Scene29.bin (29)
    SpecialBS/Scene30.bin (30)
    SpecialBS/Scene31.bin (31)
    SpecialBS/Scene32.bin (32)
    SpecialBS/Scene34.bin (Random)
    SpecialBS/Scene36.bin (Random 2)

    Extras:
    Puyo/Scene1.bin (Puyo Puyo)
    DAGarden/Scene1.bin (D.A. Garden)

    Cutscenes:
    AIZ/Scene1.bin (Angel Island Zone)
    GHZCutscene/Scene1.bin (Green Hill Zone)
    GHZCutscene/Scene2.bin (Green Hill Zone 2)
    MSZCutscene/Scene1.bin (Mirage Saloon K Intro)
    TimeTravel/Scene1.bin (SSZ Time Warp)
    Ending/SceneT.bin (Try Again)

    Videos:
    Ending/SceneBS.bin (Bad End - Sonic)
    Ending/SceneBT.bin (Bad End - Tails)
    Ending/SceneBK.bin (Bad End - Knux)
    Ending/SceneG.bin (Good End)
    Ending/SceneTK.bin (True End?)

    And another thing that I haven't seen been discussed. There is an unused 3d model in the game files. We don't know the file names of them yet but I was able to find their encryption key and decrypt them without the filenames because the encryption is shitty.
    As RandomTBrush suggested in my git, those are 5 parts of 3d death egg.
    Here are the models:
    [​IMG]
    [​IMG]
    [​IMG]
    [​IMG] (and another one like that)
     
  8. Chimera

    Chimera

    I'm not a furry. Tech Member
    1,258
    1
    18
    Castlevania prettyness




    Weeellll, this makes things interesting indeed!


    [​IMG]


    Like you said, there's a lot of object files missing from the Static folder. However, I figured if the game's reading files available to it to change values, and the absence of a file means it defaults to hardcoded variables (many of which, to be fair, are empty), then maybe it'd be possible to have it load an object file by creating a blank one and naming it after the object name's hash.

    And it worked! What you're seeing is me duplicating the .bin for "Animals" and changing its name to "ActClear" which would be this filename:

    14AEC7EF1E30D0261A7EB50905A02C51.bin

    I really was just trying to get any object file that would likely not be compatible with the "ActClear" object to replace it and see if anything broke. Luckily it did; as you can see the "Act1" is missing, and when the HUD left frame the game softlocked because it didn't know what to do. This did not happen until I added the .bin file to the Static folder.

    This means it's very likely we can edit the properties of objects *without* having to modify the .EXE, at least for the most part! This could either be conveniently useful or pretty huge, depending on how well we end up understanding this format, and how useful / modular it is compared to modifying the EXE or using MainMemory's .dll hack method. Plus, for bonus points, this also makes these mods Switch compatible whenever console mods for that system become a thing :specialed: For real though this is pretty darn cool, as this could potentially work for any object in the game as defined in EyeKey's list!





    For reference, though--and this is probably just me not being good with hashes or understanding how they work--but when I tried converting the string to a hash via this online tool (which might not even be that great?), I found out the order of each byte actually has to be reversed. Someone more familiar with hashes or even computer science might be able to explain why this is, but yeah all I know is that's what had to happen to get the name "correct."


    So, by that I mean, this:
    41EA7CFEE1030D62A1E75B90500AC215

    had to become this:
    14AEC7EF1E30D0261A7EB50905A02C51


    every byte separated for legibility:

    41 EA 7C FE E1 03 0D 62 A1 E7 5B 90 50 0A C2 15
    14 AE C7 EF 1E 30 D0 26 1A 7E B5 09 05 A0 2C 51


    ...so yeah, that's exciting c:


    EggRock Zone :specialed:


    EDIT: Multiquote sucks.
     
  9. EyeKey

    EyeKey

    Member
    29
    0
    0
    Nice find. I think that those object files are something like serialized memory of that object. (of its attributes)

    And about the names, this is how they choose to generate their names. They decided to reverse each dword after encoding to hex. (no good reason to do it)
    Here is the python function from my code that I used to generate this list with:

    Code (Text):
    1.  
    2. def swap_hash_endian(data):
    3.     return struct.pack("<4L", *struct.unpack(">4L", data))
    4.  
    5. def get_static_object_path(name):
    6.     hash = swap_hash_endian(hashlib.md5(name).digest())
    7.  
    8.     filename = ""
    9.     filename += hash[0:4].encode("hex").upper()[::-1]
    10.     filename += hash[4:8].encode("hex").upper()[::-1]
    11.     filename += hash[8:12].encode("hex").upper()[::-1]
    12.     filename += hash[12:16].encode("hex").upper()[::-1]
    13.  
    14.     return "Data/Objects/Static/%s.bin" % filename
    15.  
     
  10. flarn2006

    flarn2006

    Member
    277
    3
    18
    SA2 Cheat Table
    That's why I said the thing about the license. If he releases the RSDK for use in creating mods, people still wouldn't be able to use it to make and distribute their own game without permission, because then Taxman could sue them.
     
  11. Chimera

    Chimera

    I'm not a furry. Tech Member
    1,258
    1
    18
    Castlevania prettyness
    Issue is licenses and contracts can be kinda dicey, especially when working with big name publishers. It's very likely that SEGA, being a company that wants their official products to have a form of "in house integrity" (there's a reason we haven't seen the Hedgehog Engine available for licence *ever*) would likely have put Tax under contract for his engine only be used for official Sonic games i.e. only used for/with SEGA, at least for a period of time. It'd be excellent if that WEREN'T the case, but if SEGA's already aware that people mod their games to hell and back, they'd probably be averse to an entire development suite to one of their anticipated games just... floating around. They can't do anything about mods, but I wouldn't put it past them to have some form of protection so Tax couldn't just release a version of his dev kit and tell us all to "go nuts."

    Also it's likely doing that, even if not under contract, could hurt his relationship with SEGA, and I think he'd rather make a game with 100% original levels before he does that :specialed:

    Yeah I was confused about the logic behind their naming conventions. Seemed... unnecessary?

    Like you said, these files are probably more of an attribute list of sorts. That could still take us pretty far though. What's interesting is that a lot of objects, when left to their defaults, either move incredibly fast (probably some attribute like "hold" set to 0), or stay completely still (the animals, when they're released, don't jump, move, anything). Some attributes still seem harcoded however, such as the DD Wrecker / GHZ1 boss swinging from side to side and the time it shifts its two spheres between blue and red. It even starts where its "pivot point" would be, then jumps to where the top sphere would be; however both spheres are bound to each other because the properties for the boss aren't defined correctly.

    Here the boss just snaps to the center.
    [​IMG]

    And here both halves of the boss snap to the top "swinging" point; notice how they're overlaying each other, moving, and rotating.
    [​IMG]

    What I'm wondering is how much of this we'll be able to exploit; would we possibly be able to add attributes, or access ones that these object files don't define/check on their own? Like, the Player object doesn't seem to affect the spindash, dropdash, vertical flight or anything about Knuckles' glide. Either those are defined in a different object file, or those attributes weren't touched in the obj but CAN be edited. Hopefully the latter's the case; it'd be really cool to be able to edit everything about the characters, stage elements, and bosses via the files provided.

    I'm just holding out for being able to clone stage slots so we can then make custom stages :v: :v: :v: :v: :v:
     
  12. Dark Sonic

    Dark Sonic

    Member
    12,857
    299
    63
    Working on my art!
    I don't think I'm skilled enough to do much with this game outside of editing palettes and editing levels/art, but if the proper tools existed I would love to take a crack at porting S3K over to Mania. So I would need someone to figure out how to add additional custom stages to existing ones :v:

    Most of S3K's objects and gimmicks seem to exist in this game in some way. If they could be moved and have their art changed I feel like most of Sonic 3 & Knuckles could be brought over without too much code modifying. Bosses, transitions, and enemies though well that's a different story.

    This whole post has been brought to you by me talking out of my ass btw :specialed:
     
  13. Tanks

    Tanks

    Member
    1,030
    0
    16
    Really wish you hadn't said that. Now SEGA's gonna come down on modding Mania with an iron fist. :(

    I mean not to jinx a good thing, but how long do we have until SEGA updates it and we lose access to all of this? At this point we're just one update away from losing easy file access/loading. I get that SEGA's been the chillest of the illest when it comes to us using their IP and we've got a communications guy who has, for all intents and purposes, been an advocate for our community. But even then, that's not going to stop their legal department from dropping that c&d if pushed.

    Take for instance if we start talking porting Sonic 1 and 2 over from their respective android releases, or attempting that S3&K remake. That's pushing a very dangerous envelope imo. Theoretically all that can be done, like we did with Unleashed, but I feel like this is a whole different beast from that game. Unless we don't get a verbal wink from the devs or the company itself, I think it's best we don't poke the bear... That said, we ought to make the best of what we've got now and push the creative envelope with new ideas instead of copying the old over wholesale.
     
  14. Chimera

    Chimera

    I'm not a furry. Tech Member
    1,258
    1
    18
    Castlevania prettyness
    you know you could just back up your .exe so it doesn't get affected by the update, right? :v:

    That'll make modding harder for the general public, sure, but mania modding won't die from an update as long as the original files exist *somewhere* online. There's also the fact that we can eventually repack the .rsdk files, or even use MainMemory's DLL hack which might not get fixed anytime soon even if SEGA wanted it fixed. Also while a high profile mod turning Mania into Sonic 3 might get some legal issues regarding music distribution popping up, there's also the fact that the distributed music tracks in any "official release" of said mod could just, like, *not use those tracks.* Music editing is simple enough that if someone wanted to release an add-on that gave the "correct" music that it'd be easy.

    tbh there's probably not much to worry about.

    theorycrafting how this game could get modded might be fun, but it might be beneficial to think about the feasibility of it / actually consider what's already available in the game that would work for a "s3&k port" in terms of level structure at least.

    Not counting the stages that were ported, being Hydrocity, Lava Reef, and Flying Battery, a good amount of S3&K "gimmicks" exist in the game.

    • Sky Sanctuary's rotating discs (Press Garden)
    • Angel Island's inner tree (Flying Battery tubes are basically that but with scripted movement...should be simple enough?)
    • Marble Garden's everything (Stardust Speedway obviously)
    • Carnival night bumpers and flippers (both Studiopolis and Mirage Saloon have these)
    • Mushroom Hill's plant stuff i.e. bouncy mushrooms, "bungee chords," curled up vine, this (cpz goo toned down probably, stardust speedway x2, and Studiopolis respectively)

    and a few other things. Some gimmicks are going to be harder to replicate depending on how limited we are in influencing objects / how long it takes until programming 100% custom behavior is possible (if that ever happens). For example Mushroom Hill's pully system can prove to be annoying if not impossible without some very specific work put into it, and while you could theoretically just put the Press Garden rotating platforms on a platform to simulate the CNZ Barrel, there'd be no way of getting it to move up/down.

    However, for a good amount of the experience before a god amount of custom content has to be put in... it all looks very doable!
     
  15. MainMemory

    MainMemory

    Have no fear...Amy Rose is here! Tech Member
    4,445
    79
    28
    SonLVL
    Well, the Mod Loader DLL itself will have to be modified any time there's an update, because all the addresses it edits will have shifted, but it shouldn't be too hard to find everything again, since I already know what everything generally looks like.
     
  16. EyeKey

    EyeKey

    Member
    29
    0
    0
    There is a function that is used to register objects. So if we want we can call it from a dll to add new objects. But the functions that are required to implement an object probably use a lot of internals things from the exe that we will need to understand and expose for the dll if we want to do such a thing. (Depending of how complex that object of course)

    And btw, we already have the ability to repack rsdk.
     
  17. Dark Sonic

    Dark Sonic

    Member
    12,857
    299
    63
    Working on my art!
    People ported every daytime stage of Unleashed over and Sega never batted an eye. Hell people are porting over every DLC stage and some have even ported over the night stages and Sega's never said anything. Actually, porting over the stages from Unleashed probably was even riskier, as it was a game from the same generations that was still being sold digitally and in stores, and the DLC required purchasing. By modding those stages into Generations it completely negated the need to buy the DLC (even if it was 3 - 5 years after the fact). Sonic 3 on the other hand, well they don't seem to want to touch that game at all and it's 23 years old now. The only way they're making money off that these days is via Steam.

    Somehow I think we'll be fine :v: Sega may not provide the tools to modding but once people figure it out they're not going to stop them. Besides, my ideal S3K remake would be more of a Mania-ifed version, so all the same updates and graphical touches that Mania had but wrapped up in a nicer package.
     
  18. JojHeywood

    JojHeywood

    Arbitrary. Member
    do you really think they hadn't considered this happening? and that they have some bloke lurking forums under the instruction that when even the mention of such a thing is happening they're to remove the game from digital shelves, call the police and tell our parents about the naughty things we were thinking of doing? :v:/>
     
  19. MainMemory

    MainMemory

    Have no fear...Amy Rose is here! Tech Member
    4,445
    79
    28
    SonLVL
    I realize this is ironic coming from the person who created an infrastructure specifically to make things like that possible, but I don't think we should jump into hardcore custom coding like that so quickly. Not because I think Sega's going to try to shut it down (although I'm not discounting the possibility), but because I'm certain the game will be updated in the future, at least to fix some of the bugs people have reported, and at that point we'd have to start the research process for the EXE over again, albeit with some foreknowledge of how things generally work, and then the mod loader and all the mods would need to be updated. Of course, we can't just wait indefinitely for them to stop updating the game, since there's no way to know how long that might be.
     
  20. Dark Sonic

    Dark Sonic

    Member
    12,857
    299
    63
    Working on my art!
    I said Sonic 3 guys, I'm off to SEGA jail where I'll be forced to play Sonic 06 all day forever. :v:

    But I have been thinking of some of the gimmicks that in exist in Sonic Mania that are comparable to those in Sonic 3. Here's what I have for the time being:

    AIZ- Ramps you spin off of (LRZ Mania)
    - Ziplines (GHZ)
    - Swings (MSZ - K)
    - Breakable ground (GHZ)
    - Disappearing platforms (Those blocks in PGZ 1)
    - Pushable rocks (MSZ)
    - Rotating tree trunk (FBZ tubes)
    MGZ
    - Swinging spike balls, Pulleys, those things you spin dash into to raise platforms (SSZ)
    - Oil or wine pools (I never knew what those were, either way OOZ)
    - Earthquakes (LRZ or MSZ via Bark)
    CNZ
    - Barrels (Some kinda inbetween via PGZ's platforms and the rising HCZ platforms?)
    - Balloons (MSZ)
    - Boost tubes (CPZ boosters)
    - Spiral tubes (CPZ)
    - Spinning wheels (MMZ)
    - Bumper paths (TMZ)
    - Bumpers (SOZ)
    ICZ
    - Ice (PSZ 2)
    LBZ
    - Rotating tubes, launchers, platform switches (PGZ)
    - Boosters (CPZ)
    - circular tube launcher (CPZ)
    MHZ
    - Bouncing Mushrooms (CPZ)
    - Random floating (FBZ)
    - Those polls you can spin around to go faster or higher (TMZ)
    SOZ
    - Sand gimmicks (OOZ)
    - Diagonal launchers (SSZ)
    - Something similar to the ghost gimmick (OOZ)
    SSZ
    - Rotating platforms (PGZ)
    - Pop up Springs (TMZ)
    - Bouncy clouds (CPZ goo?)
    DEZ
    - Those weighted platforms (TMZ)
    - Pop up Springs (TMZ)
    - Countdown to teleport path gimmick (could be replaced by the similar SOZ gimmick)
    - Anti-gravity machines (the fan badnik from TMZ)
    DZ
    - Egg Reverie with a twist
    Special Stages
    - Welp, we got all 14 of those :v:
    Bonus Stages
    - Hmmm... some of the gimmicks exist but who knows how they'd be implemented.
    Ok so not all of them, but a lot of them. But using other gimmicks from Mania could allow for some interesting workarounds and differences. Even if what could be done wasn't a complete 1 to 1 port it could still be interesting none the less, since Mania has plenty of fun things to play with (It covered a lot of the general gimmicks used from Sonic 1 - 3K). And now we have environmental gimmicks based off shields, and things like the MMZ shrinker and & Knuckles mode to play with.