Sonic Mania: Hacking Discussion

Discussion in 'Engineering & Reverse Engineering' started by Chimera, Aug 29, 2017.

  1. Dr. Mecha

    Dr. Mecha

    Member
    1,080
    0
    16
    Dallas, TX
    3d Models
    So that's their anti-cheat method.

    Won't help with the speed manipulation.

    Sent from my SM-G920P using Tapatalk
     
  2. DigitalDuck

    DigitalDuck

    Arriving four years late. Member
    4,792
    7
    18
    Lincs, UK
    TurBoa, S1RL
    It's not an anti-cheat method at all, it's a consequence of using an operating system. When you open an application, your OS finds a section of RAM the program can use for its memory. Cheat Engine works by looking at absolute RAM, so the locations will change depending on which section of RAM your OS has chosen for the application.

    It's slightly more complicated than that, but that's the basic idea.
     
  3. GerbilSoft

    GerbilSoft

    RickRotate'd. Administrator
    2,888
    20
    18
    USA
    rom-properties
    This entirely depends on whether or not the player state data is statically allocated or dynamically allocated. If it's statically allocated, it will always be at the same address.

    ...not counting for ASLR, which rebases the entire executable, so you'd have to adjust it for the module base address.

    If it's dynamically allocated, you'd have to find the pointer to the player state (which usually is statically allocated) and adjust for that.
     
  4. Chimera

    Chimera

    I'm not a furry. Tech Member
    1,253
    0
    16
    Castlevania prettyness
    Can confirm, the addresses he specified are static, at least the ring count is. They show up as green too, so that should tell you enough.
     
  5. codenamegamma

    codenamegamma

    Member
    71
    0
    0
    guys I got this already.
    http://www.youtube.com/watch?v=4hgMCKYAlp8



    got the static addresses for the special stages, plan to finish getting pointers for the bonus stages later today. and will release a full cheat engine table soon.
    like Soinc CD the addresses for everything in the main game are static, just for some reason in mania (maybe they were programmed by someone else) the special and bonus stages have dynamic addresses that aren't static so you do have to go looking for pointers. as long as you use cheat engine all static addresses will work next time the game is ran and on different hardware.

    here is the full cheat table for sonic cd for those interested. (not that you would be) but most of the items i have on that table i was able to refind in mania.
    https://www.dropbox.com/s/12ru4jzwb79ubfv/soniccd.CT?dl=0

    here are a few teaser addresses to get you started.

    Each is 1 byte.
    Shield Effect - SonicMania.exe+64D64C - 4 = Lightning Shield, 3= Fire Sheild, 2 = Bubble Shield - no art is in game, but gives the double jump movement.
    Infinite Double Jump Ability Use - SonicMania.exe+64D744 - Set and Lock to 1, use the above code or grab a Fire or Electric Shield and Spam that Jump Button.
    Jump Acceleration / Height - SonicMania.exe+64D6F2 - Jump High....like Shaq.
     
  6. Fenrir

    Fenrir

    Eh. Member
    The Vinyl comes with a digital download for the games OST. And I don't doubt it'll be made widely available with time.
     

  7. Yes! Thank you, looking forward to this!
     
  8. DigitalDuck

    DigitalDuck

    Arriving four years late. Member
    4,792
    7
    18
    Lincs, UK
    TurBoa, S1RL
    My mistake, they looked like they weren't relative to the executable.
     
  9. codenamegamma

    codenamegamma

    Member
    71
    0
    0

    I got scared! there was an update and I was worried that my all addresses would change. luckily it didn't.
     
  10. Yeah, it's some update dealing with offline play.
    Just curious, have you by chance managed to get debug mode working under saved games?
     
  11. Dark Sonic

    Dark Sonic

    I'll find the old avatar eventually Member
    12,235
    35
    28
    Working on my art!
    I'm curious about this working with all the secret options in general actually. If I could have some save files set to use & Knuckles or the insta-shield by default that'd be lovely.
     
  12. codenamegamma

    codenamegamma

    Member
    71
    0
    0
    yes

    SonicMania.exe+8D05C8

    1 byte, set it to one to enable. I think it also works in time trial mode. though don't be THAT GUY since there's already one of THAT GUY on the leaderboard.

    well...I've tried finding the value for what move set sonic has. my best guess is that sonic has all the moves available to him even what's used by Lighting Shield and Fire Shield, but they get activated and deactivated by other means. like in the last stage, the rings are just flying around, but are attracted to you. since i know that you can set the shield effect to lightning shield, it's possible they use other values that add just the effect to bring in rings.
     
  13. Nice! I don't have time or ability to test it right now, but a) does it work for already existing save games and b) does it work for all characters? :D
     
  14. codenamegamma

    codenamegamma

    Member
    71
    0
    0
    it just enables it. so yes it should work ANYTIME while in game. well normal game, not special stages. i just finished getting the value for speed in bluephere, so easy mode is possible.
     
  15. codenamegamma

    codenamegamma

    Member
    71
    0
    0
    sure enough the value for gamestate i found also enables the Dev Menu.

    SonicMania.exe+8D05D6

    1 byte

    0 - Resets Level

    1 - Normal Game

    8 - Dev Menu.
     
  16. Marcus101RR

    Marcus101RR

    Provisional Member
    30
    0
    6
    USA, Florida
    http://leafosgaming.wixsite.com/leafos
    As far as Cheat Engine goes, GREEN ADDRESS do not change unless the game is updated with new patch, which would offset those addresses. I have a cheat engine, looking forward to someone figuring out to enable the "Secrets" for Save files, rather than no-save option.

    http://fearlessrevolution.com/download/file.php?id=5913

    Now I am looking forward to seeing mods like "Sonic Classic Heroes" on this, I kinda wish Mania was an Open Mod API though, this game had so much potencial when it came to modding as it I felt Sonic Mania would have been a game that would let you run through All of Sonic 1, 2, 3 & K, CD levels remixed and not just selected ones.

    A bit disappointed, but its finally what most sonic fans have been wanting for the last decade aside from Sonic Generations.
     
  17. Hmm, odd. I just tested this with my in-progress Knuckles game save and it isn't working. 8D05C8 address (1 byte) with the value of 1. Anyone else get this to work? Or am I just doing this wrong?

    Have you figured out the underwater timer yet (in order to prevent drowning without using the water shield)? Or the address to force enable the level select on all modes/saved games? Or even a invincible/walk through enemies cheat? :P
     
  18. codenamegamma

    codenamegamma

    Member
    71
    0
    0
    you need to put EXACTLY This without quotes into the address


    "SonicMania.exe+8D05C8"

    Not just the address. the beginning tells Cheat Engine to use whatever the games Base Address is an offset from there to find the correct value.

    you can look and find Green (static) values in Cheat Engine and they will work from Machine to Machine, but without them being in that format, they won't work. so if you pull an address from the memory browser you have to search it again and add it from the search to get it to come up in that format.



    I Have also Found the Holy Grail.

    Egg Reverie Super Sonic in ALL Zones!



    http://youtu.be/jkGMJpbg_IA
    This also allows for move set swapping. So...You Get a Dropdash, and You Get a DropDash...EVERYBODY GET A DROPDASH!!!
     
  19. Dark Sonic

    Dark Sonic

    I'll find the old avatar eventually Member
    12,235
    35
    28
    Working on my art!
    Ooooohh. How is that done if you don't mind me asking. That is some good kinda abuse right there. Also moveset swapping? Does this mean we have a way to swap out the dropdash for the instashield/peelout?

    BTW to get youtube videos to show up here just remove the s from https. The "media" tag doesn't really do anything.
     
  20. Stink Terios

    Stink Terios

    Member
    70
    0
    6
    Tangentially related, is it possible to use the dev menu to reset medal progress?