some help for rom hacking

pasnous · Post by **pasnous** » Thu Aug 15, 2013 2:46 pm

Hello, first of all , I am a complete noob so I hope i will not bother you.

My little niece really like disney and she's enjoing playing disney games.
She can read french but not english. I wanted to show her quack shot.
There is an ips patch to translate the game into french.

But the rom is a world game with japanese and english.
Translation has been made over english.
And the genesis I gave here is an euro modified to japan jumper without
any switch.

So the game is displayed in japanese.

What i wanted to do is to bypass the game language selection based on region detection.

I have a low coding level but i assume that in the game there is a
"if japan then , else" somewhere.

I have read some documentation , I have no asm skills

Using exodus I have disasemble the rom and think
I think if found where the check is done

loc_00000300:
TST.w $00C00004 ;Predicted (Code-scan)
MOVE.b $00A10001, D0 ;Predicted (Code-scan)
MOVE.b D0, $FFFFFF0C.w ;Predicted (Code-scan)
ANDI.b #$0F, D0 ;Predicted (Code-scan)
BEQ.b loc_00000320 ;Predicted (Code-scan)
MOVE.l #$53454741, $00A14000 ;Predicted (Code-scan)

But then I have no idea how to go further.... How should I prodceed ?

Any help would be apprecatied.

Gigasoft · Post by **Gigasoft** » Thu Aug 15, 2013 5:45 pm

Look a bit further down, there should be a btst #7,$ffffff0c instruction followed by a sne. Change the sne to a st and it should work.

pasnous · Post by **pasnous** » Thu Aug 15, 2013 10:57 pm

thanks for your quick answer.
I tried to recompile the asm but I assume this is not the way to do.
Asm68k has produced a 8MB file wich is a lot bigger than the rom.
So i assume that the good way to proceed is to do some hex editing.

You were right further down i found :

loc_0000045C:
LEA $00C00004, A5
LEA $00C00000, A6
JSR loc_000020D2
BTST.b #7, $FFFFFF0C.w
SNE $FFFFFF1C.w
JSR loc_00001FBE
JSR loc_00002060
JSR loc_0007FE00
MOVE.w #0, $FFFFFF18.w

Opening the rom with an hex editor

0000 20D2 0838 0007 FF0C 56F8 FF1C

I have replace the SNE by a ST compiled the file just to and found that i should replace

0000 20D2 0838 0007 FF0C 56F8 FF1C

by

0000 20D2 0838 0007 FF0C 50F8 FF1C

Using an emulator I got a red screen, found a tools to fix the checksum.

The rom can be launched, but the game is still displayed in japanese

I did not find how to put a breakpoint or how to proceed to a step by step with gensKmod. I wanted to compare how the code goes when the emulator is set to JP region or US region.

Anyway this is far behind my skills so I think that I'm going to do it the harware way and will put that console to US ( already did EUR -> JP )
I already spend more time on trying to do it the soft way.

I found somebody with the same kind of issue :
http://www.romhacking.net/forum/index.p ... v.html#new

notaz · Post by **notaz** » Fri Aug 16, 2013 4:44 pm

If you look at the code, it copies the register to RAM for later use.

You can change from:

Code: Select all

MOVE.b $00A10001, D0

Code: Select all

306: 1039 00a1 0001

to just

Code: Select all

MOVE #$0xa0, D0
NOP
NOP

Code: Select all

306: 70a0 4e71 4e71

.. and then fix checksum.

pasnous · Post by **pasnous** » Wed Aug 21, 2013 12:04 am

Thanks a lot. It works.

So to fully understand the registter 00A10001 contains a different value for each region. The value is wathever for JAP and 0xa0 for US.
So instead pf copying the result of the register , it copies the response that would have return an US genesis ?