+  RHDN Forum Archive
|-+  Romhacking
| |-+  General Romhacking
| | |-+  FFTA: Hacking assembly
Pages: [1]
Author Topic: FFTA: Hacking assembly  (Read 1 times)
ffta707
Guest
« on: January 09, 2010, 08:36:27 pm »
After messing around with final fantasy tactics advance for a long time, I got into the hacking buisness. I have been using  a hex editor, and TLP for years, and I finally found a good working table file. I got to the text seccessfully. I edited a few things, first, the soldiers class name to Knight. But in game it appeared, /\\g/\\j/\\a/\\ or somthing. Also, when I edit storyline, the display message just displays to fast with random charicters/ letters, then dissapears before I can even read it.

Second, Is there another, different program I need to edit the assembly of the game. Like, what monsters are in what map, or, the contents of abilities in a certain job. Like say I want Ninja to have power break. Or even somthing that edits allowing monsters to be in your party. If so, could you give me some pograms that might do such a thing, or mabe it has to be a hex editor, but I just dont see how it could.

Thanks in advance.
Spikeman
Guest
« Reply #1 on: January 11, 2010, 10:49:36 pm »
For your first problem there's probably some compression or other weird text storage format that's causing it to mess up (or you could have just screwed up something on accident, like a pointer). Try changing only one letter; eg. Soldier -> Koldier. If that doesn't work you'll have to figure out what it's doing by looking at the assembly. Which brings us to your next question.

It sounds like there is a big gap in your understanding of how games are put together. In a ROM every byte can be labeled as either code or data. When most people refer to "assembly hacking" they mean editing the code. The examples you gave all would probably involve editing data, unless the game does it in a strange way (such as "hardcoding" data).

Once you figure out the location and structure of the data you wish to edit you can easily edit it in a hex editor, though with some sorts of data (map/graphics data) it's easier to use a custom editor. There are several ways you can find the location of the data you wish to edit. ROM corruption is a method that doesn't involve knowledge of assembly, so it sometimes is easier for newbies. Debugging is the method that I personally use, you need to be familiar with the assembly code for the system you are working on (GBA uses ARM assembly). The process involves tracing the data from either it's display as graphics on the screen or from the RAM by following the assembly code of the game backwards. The techniques for this differ by system and debugger.

Now, for debugging on the GBA there are basically two utilities available. VBA-SDL-H is a modified version of VBA. The debugging interface is sort of awkward and command line based, in my opinion it is fairly hard to use. No$GBA is my preferred debugger; it's very nice but with one huge drawback: it's not free and the author has been MIA for a while so I'm not even sure if you can still buy it. You're on your own finding a way to get a hold of a copy.

Since No$GBA might very well be impossible for you to find I'd recommend figuring out how to do ROM corruption. My favorite utitily for this is ROM Corrupter by Dwedit. I could post a bit more in depth on how I do corruption, but I've already posted a ton of information and to be completely honest this seems a bit above your level. I recommend going through the database and reading some of the documents until you have a better understanding of how ROM hacking works in general.
creeperton
Guest
« Reply #2 on: January 12, 2010, 02:20:28 pm »
What do you call it when you go through a save state or rom or a file in the game and, for instance, replace every occurance of, let's say 0x1c with 0x1d, do it about fifteen times, while recording the address of each occurance, and then save the changes and test it to see if you found what you were looking for?

I ask because I'm wondering what this... technique is called (besides mind-numbingly tedious), and if there are any tools that exist that can automate it.

Every hex editor I ever used had a replace all occurances of XX from address YY up or address YY down, but I never found something that would let me replace all occurances of XX between address YY and address ZZ.

It would be nice to have something that can do this.
MathOnNapkins
Guest
« Reply #3 on: January 12, 2010, 02:26:13 pm »
I'd still lump that technique under corruption. It's more sophisticated than typical corruption, but the fact remains that you're not really sure what you're modifying until you see the result.
Spikeman
Guest
« Reply #4 on: January 12, 2010, 04:51:54 pm »
That would fall under corruption. The program I linked earlier can automate exactly what you're describing. (Although since it's corrupting the savestate it won't automatically load the ROM, but with VBA for example you can press Ctrl+F1 to load the last ROM so it's still pretty quick.)

Edit: How you could accomplish your example with Rom Corrupter:

Set the directory to your project folder. In this folder should be the emulator, ROM, and savestate. Set the emulator to the emulator you put in the folder. Set the ROM to the savestate file. (So if your ROM was FFTA.gba, and you used savestate 1 you would choose FFTA1.sgm.) Uncheck the Auto box in the "Create this" field and set it to an unused savestate (FFTA2.sgm). Set the range you want to corrupt in, (note: the "Change range" field is how much it will increment the range by if you choose the "Auto>>" option).

To change just 0x1C bytes to 0x1D you would select the "Bytes 0 after Byte AND mask" option and set the mask to 0x1C (I think $1C is what the program accepts, or maybe it's just binary). Then select Add _ to each byte and set it to 1.
« Last Edit: January 12, 2010, 05:04:43 pm by Spikeman »
Archaemic
Guest
« Reply #5 on: January 13, 2010, 02:12:11 am »
I posted information on how the compression format you're looking to use works nearly a year ago on Data Crystal.
http://www.datacrystal.org/wiki/Final_Fantasy_Tactics_Advance:Compression_Formats

Also, the strings aren't just characters all of the time.
http://www.datacrystal.org/wiki/Final_Fantasy_Tactics_Advance:Strings
creeperton
Guest
« Reply #6 on: January 13, 2010, 12:47:58 pm »
Can it replace something with something else between two addresses?  'Cause that's what I wanted to know, maybe I wasn't clear about that.

Like, in a *.psv save state for final fantasy tactics:

Replace all occurances of 0x73 with 0xFF between 0x0000 and 0x5000
GenoBlast
Guest
« Reply #7 on: January 13, 2010, 03:09:59 pm »
Yes.
creeperton
Guest
« Reply #8 on: January 14, 2010, 03:02:26 pm »
Awesome, thank you!
Pages: [1]  


Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC