Trying to Hack Journey to Silius into a Boss Rush Game

Discuss technical or other issues relating to programming the Nintendo Entertainment System, Famicom, or compatible systems. See the NESdev wiki for more information.

Moderator: Moderators

User avatar
Jedi QuestMaster
Posts: 688
Joined: Thu Sep 07, 2006 1:08 pm
Location: United States
Contact:

Trying to Hack Journey to Silius into a Boss Rush Game

Post by Jedi QuestMaster »

Who doesn't like boss rushes? I decided to try hacking Journey to Silius into one but came flat:

Using FCEUX, I found that addresses $0170 and $0153 are used together to determine what stage/boss will load:

Code: Select all

$0170 | 00    | 00    | 01     | 01    | 02     | 02    | 03     | 03    | 04     | 04    | 05   | 05
$0153 | 00    | 10    | 00     | 10    | 00     | 10    | 00     | 10    | 00     | 10    | 00   | 10
       Stage1 | Boss1 | Stage2 | Boss2 | Stage3 | Boss3 | Stage4 | Boss4 | Stage5 | Boss5 | Null | Boss6
The problem is, when the game starts up, $0153 is at 00, and putting in a write breakpoint, any values I change will crash the title screen.

Also when completing a boss, I changed the breakpoint to take you to the next boss instead of the next stage. It loads the boss stage fine, but in a few seconds the game takes you to next boss after that. It continues doing so until the ending credits load.

I've pretty much given up at this point, unless someone can figure this out? :(
User avatar
Sumez
Posts: 919
Joined: Thu Sep 15, 2016 6:29 am
Location: Denmark (PAL)

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Sumez »

Just a wild guess, but could there be a flag in RAM that indicates that the game's attract mode is active?
You know, so it loads a stage and plays "normally" (with prerecorded inputs) but just terminates it after ten seconds?
User avatar
Jedi QuestMaster
Posts: 688
Joined: Thu Sep 07, 2006 1:08 pm
Location: United States
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Jedi QuestMaster »

This game doesn't have an attract mode. It has a static title screen with music that loops until the player presses START.
User avatar
Jedi QuestMaster
Posts: 688
Joined: Thu Sep 07, 2006 1:08 pm
Location: United States
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Jedi QuestMaster »

Done!

https://youtu.be/Z-882JZs3AQ

Thank you, Fiskbit.
User avatar
Banshaku
Posts: 2417
Joined: Tue Jun 24, 2008 8:38 pm
Location: Japan
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Banshaku »

Good to see that it did work!

I guess it's intentional that you have to do it in one go with no energy refresh? That makes it even harder :lol:
User avatar
Sumez
Posts: 919
Joined: Thu Sep 15, 2016 6:29 am
Location: Denmark (PAL)

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Sumez »

That's usually how bush rushes work, isn't it?
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by tepples »

"The Arena", the boss rush in Kirby Super Star, offers limited Maxim Tomato powerups, about one every three battles. The boss rush modes in some Super Smash Bros. games are similar.
gukingofheart
Posts: 44
Joined: Tue Dec 04, 2018 2:28 pm

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by gukingofheart »

Want to post the complete code by any chance?
If you want I can give you credit for this code on my channel as well.

Also, if it's impossible to load some healing item.. I'd say just have an extra code to start with extra health/lives if it's too hard.
User avatar
Banshaku
Posts: 2417
Joined: Tue Jun 24, 2008 8:38 pm
Location: Japan
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Banshaku »

@Sumez

That's possible. It just that I'm not that knowledgeable about boss rush mode, except for the name ^^;;;

Would still be fun to try it someday. I finished the game a long time ago but I'm not sure I would be able to beat the bosses only in one shot.
User avatar
Jedi QuestMaster
Posts: 688
Joined: Thu Sep 07, 2006 1:08 pm
Location: United States
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Jedi QuestMaster »

gukingofheart wrote:Want to post the complete code by any chance?
If you want I can give you credit for this code on my channel as well.

Also, if it's impossible to load some healing item.. I'd say just have an extra code to start with extra health/lives if it's too hard.
Here are my notes:
Fiskbit:
try changing $1D1FB (headered address) from AD5301F005 to A9108D5301
This is what takes you straight to the boss rooms.
00758E: 09->01
007592: 09->01 (can only select 00/01 continues)
Though I removed all extra lives and continues, you can still go into the options menu. But you can only add 1 continue.
-prevent health/weapon from regenerating
01C6BF: B0 -> 00 (prevent health from regenerating)
01C6D4: 04 -> 00 (prevent weapon from regenerating)

01C6D6: 3F -> 00 (go to next stage without checking weapon)

01C6E1: B0 -> F0? (do not set health to '10')
01C6D9: A9 3F 85 -> FF FF FF (do not set weapon on next stage)

-prevent 'refill sound'
-01C6B4 [18 -> 17]
Okay, this is weird and I don't quite understand it. But everything here prevents the gauges from refilling after each boss fight. Simply preventing the gauges from going up (the first two addresses) won't solve the issue of the game checking to make sure they reach a certain point and going to the next 'stage.' Also, the gauges refilling is just aesthetic: regardless, they'll be reset via two other addresses. So your weapon check value is now at '00' and the code that resets the health is set to a different address, and the codes that reset the weapon gauge have been cleared out. (I'm not a programmer, so if anything here looks unsafe, please let me know! :shock:)
-all weapons available:
01DCDA: 03 0B 0F -> 1F 1F 1F
JtS has a pretty interesting combination for your weapons that are never used: you can have just your handgun; your handgun and machinegun but no shotgun; handgun, shotgun, homing missile, but no machinegun; and pretty much any combination as long as you have a handgun. But I decided to have them all available.

^on a tangent, I'd like to know if it'd be feasible to allow each weapon to have it's own 'gauge' Mega Man-style?
User avatar
Banshaku
Posts: 2417
Joined: Tue Jun 24, 2008 8:38 pm
Location: Japan
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Banshaku »

I guess to have each weapon have its own energy would be an interesting idea for boss rush mode but it would be a more advanced rom hack though, since it requires a better understanding where the energy of the gun is used, update that code and allocate memory for each. Still, that would be interesting thing if done.
User avatar
Jedi QuestMaster
Posts: 688
Joined: Thu Sep 07, 2006 1:08 pm
Location: United States
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Jedi QuestMaster »

I think it would be an interesting stand alone hack, not necessarily for boss rush mode (in fact, I think it would make it too easy).
Fiskbit
Posts: 891
Joined: Sat Nov 18, 2017 9:15 pm

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Fiskbit »

The "A9 3F 85 -> FF FF FF" change caught my eye as being really sketchy because you're changing code to non-code, so I figured we could look at how you can maybe improve the changes here.

At 1C6B4, you try to prevent a sound by changing what value gets passed to a sound-related function. I don't know if there's a reason you chose #$17 or if it's just something you tried that worked, but instead of writing this value that we don't understand, I'd rather avoid writing a value altogether by removing the following call to code that I presume is writing to sound engine variables: 1C6B5 = EA EA EA. It might be that writing something here is necessary for some reason, but without a reason or more knowledge, skipping it entirely seems better.

At 1C6BF, you're changing INC $B0 to INC $00 probably to avoid modifying the value in $B0, but without knowledge of what $00 is at this point, you should be doing this by NOP'ing out the instruction (1C6BF = EA EA) or something equivalent. $00 is probably just a temporary that isn't currently in use, but without more knowledge of the game, you should be programming defensively. LDA #$B0 would probably be the most defensive change because it's equivalent here to a NOP and keeps the second byte the same so that jumping into the middle of the instruction would get the same behavior, but that's pretty atypical behavior.

The changes at 1C6D6 and 1C6D9 are a mess. By changing 1C6D6 to #$00, you're causing this comparison to always set carry (because A is always >= 0) so the following branch is never taken. This branch used to skip over the next two instructions, so those are now always executed, but you apparently don't want this, so you remove them. You do this by setting them to $FF, which is the invalid opcode ISC (see documentation here). This surely can't be what you intended and causes some really serious changes to control flow because it causes the 4 bytes of those two instructions to become 5 bytes, consuming the RTS instruction as an operand and flowing into the following routine. What used to be this:

Code: Select all

 07:C6BA:A5 B1     LDA $00B1 = #$3F
 07:C6BC:C9 3F     CMP #$3F
 07:C6BE:F0 0D     BEQ $C6CD
 07:C6C0:A5 B1     LDA $00B1 = #$3F
 07:C6C2:18        CLC
 07:C6C3:69 04     ADC #$04
 07:C6C5:C9 3F     CMP #$3F
 07:C6C7:90 02     BCC $C6CB
 07:C6C9:A9 3F     LDA #$3F
 07:C6CB:85 B1     STA $00B1 = #$3F
 07:C6CD:60        RTS -----------------------------------------
becomes this:

Code: Select all

C6BA  $A5 $B1        LDA $B1                  
C6BC  $C9 $3F        CMP #$3F                 
C6BE  $F0 $0D        BEQ $C6CD                
C6C0  $A5 $B1        LDA $B1                  
C6C2  $18            CLC                      
C6C3  $69 $04        ADC #$04                 
C6C5  $C9 $00        CMP #$00                 
C6C7  $90 $02        BCC $C6CB                
C6C9  $FF $FF $85    ISC* $85FF,X             
C6CC  $B1 $60        LDA ($60),Y  ; Used to RTS.
C6CE  $A9 $10        LDA #$10                 
C6D0  $85 $B0        STA $B0                  
C6D2  $A9 $FF        LDA #$FF                 
C6D4  $85 $DB        STA $DB                  
C6D6  $60            RTS                      
Assuming you don't want the behavior of the code you're now flowing into and your goal is to make sure this code isn't ever executing, were it me, I'd just replace this whole chunk (1C6CA-1C6DC) with RTS instructions, since it's the end of the function and only does behavior I don't want anymore. These are safe because anything reaching this chunk of code is going to return anyway, and RTS is a single-byte instruction, so you don't have to worry about anything jumping into the middle of it (relevant because you don't know if there are calls, jumps, or branches into this code).
User avatar
Jedi QuestMaster
Posts: 688
Joined: Thu Sep 07, 2006 1:08 pm
Location: United States
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by Jedi QuestMaster »

Fiskbit wrote:at this point, you should be doing this by NOP'ing out the instruction (1C6BF = EA EA) or something equivalent.
Whaaa... :? So EA does nothing? All this time I thought FF was that. :? I guess I should look at ASMCode.doc more often. :| THANKS! :D

I'll make the changes ASAP.
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Trying to Hack Journey to Silius into a Boss Rush Game

Post by tepples »

Jedi QuestMaster wrote:So EA does nothing?
Except monopolize the video game rights to real world football leagues.
Post Reply