This page is a mirror of Tepples' nesdev forum mirror (URL TBD).
Last updated on Oct-18-2019 Download

Controls Hacking -- Unlicenced Game

Controls Hacking -- Unlicenced Game
by on (#103711)
Would anyone know how to go about hacking the controls of an unlicenced NES game? Specifically; Master Chu and the Drunkard Hu.

In the game, you need to press up on the directional pad to jump. I want to switch it to B, which is a useless fan attack.

This game could be a classic if not for it's jump controls.

Thank you.
Re: Controls Hacking -- Unlicenced Game
by on (#103714)
Have you ever done any game hacking/assembly language coding before?

Basically, are you looking for someone to do this for you, or do you want to learn how to do it?
Re: Controls Hacking -- Unlicenced Game
by on (#103716)
I'd really like to learn assembly, but the coding extent I have is basic python and C.

I'm proficient with graphics hacking but I'd like to take it a step further.

Any guides you could point me to?
Re: Controls Hacking -- Unlicenced Game
by on (#103719)
Well uh... Here's a hack, anyway. http://www.mediafire.com/download.php?595844turtp14je
Edit2: I should specify this is for the Color Dreams version with the title in English. But it'd probably be easy to make one for the other version.

If I broke the game in some non obvious way, let me know. I literally didn't even move far enough to find out if the game scrolls. (But uh... no guarantees I'll be able to make a fix if it's gonna take more than a few minutes to.)

As for a guide, I dunno. There are all the nerdy nights guides which teach you how to program for NES, more or less. I don't run in hacking circles, so there may be a general guide for that somewhere. I just apply my knowledge of the instruction set.

I like this guide as a really basic introduction to the 6502, this for finding opcodes. The 6502 Macro Assembler is a great program to mess around with general 6502 programming in a forgiving environment. Getting started on the NES requires a lot of setup just to test out instructions.

Edit: Hacking requires knowledge of what each instruction (and register) does. Essentially what you're doing is reprogramming the game. If you know lda $4016, means the game is reading player 1's joypad, you can look at what it does with the result to find out where the buttons pressed are stored in RAM. What happens when assembly code becomes a rom, is that the assembler determines the bytes for the instructions you're using, and places them in the rom. If you wanted to (for some reason) make player two's controller control player 1, you could replace the
$AD (This is the instruction that refers to lda $XXXX. You can find that out using the opcode guide)
$16 ($4016 is an address that takes two bytes. The NES had the lower byte of an address first)
$40 (The high byte of $4016.)

to

$AD (no change)
$17
$40

Because $4017 is where to read for player two's buttons. But you can't just search for any old string of $AD $16 $40 in the rom and replace it, because in a rom you can't guess at what is actual code and what is data. To get around this, you use a debugger and break on reads to the address you're looking for. That will tell you where in the rom the actual code you want to change is. Fun fact: This game doesn't even use $AD to read from its controllers. And the hack I described (swapping player one and two's controllers), would have been a bit more difficult because of this. But a debugger set to look for a read of $4016 would still have found where to change things.

Now, this is a giant oversimplication of things... but once you pick up some assembly knowledge, the hacking knowledge comes easy. (But... actual hacking can be a terribly difficult process. Worse than just making new stuff if you're doing anything complicated, in my opinion)

My process for this was pretty lame. I opened the hex editor in FCEUX and looked for variables that remained steady when I held buttons down. RAM $1C became #$40 when I held B button down.

So I made breakpoint on reads of $1C, and ran it until I found one that had AND #$40 after the read. (AND is one way to check if a specific bit is set.) I searched for these bytes in the rom. Then I held up to see what the value in $1C was when I held up. It was #$08. So I changed $40 to $08 at that location in the rom.

Then I found a place in the rom where AND #$08 was after a load of $1C, and replaced that $08 with $40 in the rom. Done.

If you know what the instructions do, you can make very simple hacks. Say... by finding the variable in RAM that holds the number of lives. If you see lda #$03 before a store to that location, you can change it to something like say... #$09. But I'm not sure how much sense any of that makes and now this post has taken longer to make than the actual hack took.

Edit: Put in a lot more text explaining what goes on with hacks. Hopefully not too obtuse or too overly simplified. If you have more specific questions after reading some of those guides, fire away. I can't help much with actual hacking as it has all that other stuff as prerequisite knowledge, and I'd rather you explore a little on your own there.