List of games that use power-on state to seed RNG

Discuss technical or other issues relating to programming the Nintendo Entertainment System, Famicom, or compatible systems.

Moderator: Moderators

User avatar
rainwarrior
Posts: 8002
Joined: Sun Jan 22, 2012 12:03 pm
Location: Canada
Contact:

List of games that use power-on state to seed RNG

Post by rainwarrior » Wed Dec 16, 2020 6:03 pm

Game bugs: Reliance on RAM values wrote: Note that using power-on RAM content as a seed for random number generation is not a game bug.
We've deliberately excluded this case from the wiki, so I'm curious: which games do do this?

Offhand the only one I've heard of is:
  • Final Fantasy - power-on is used for a usually-consistent startup seed by speedrunners
I made two games leave most bits of the RNG uninitialized at reset so that gathered entropy propagates across each reset. (They don't bother to scan all of RAM at startup for entropy that way, though. I didn't really care too much about methods that don't work well on emulators or PowerPak.)
  • Lizard
  • NESert Golfing
Does anyone else know any?

User avatar
Dwedit
Posts: 4410
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: List of games that use power-on state to seed RNG

Post by Dwedit » Wed Dec 16, 2020 7:33 pm

There are games that *indirectly* use the power on-state for RNG. They keep running the RNG code in a loop until Vblank happens, and that causes a very volatile RNG. Any variation in power-on CPU/PPU alignment or such will mess with the RNG.

Dragon Warrior 4 is notorious for having unreliable RNG on real hardware, preventing even TASes from playing back correctly.

Most Konami games also use a CPU cycle counter based RNG. Notable, Blades of Steel seems to have a new demo every time you play it!
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!

User avatar
rainwarrior
Posts: 8002
Joined: Sun Jan 22, 2012 12:03 pm
Location: Canada
Contact:

Re: List of games that use power-on state to seed RNG

Post by rainwarrior » Wed Dec 16, 2020 10:13 pm

Those are good examples to list too. Maybe an alternate goal for this list would be "games that are tricky or impossible to hardware TAS".

Fiskbit
Posts: 250
Joined: Sat Nov 18, 2017 9:15 pm

Re: List of games that use power-on state to seed RNG

Post by Fiskbit » Thu Dec 17, 2020 1:14 am

I don't know the details, but I believe Ridley's behavior in Metroid depends on uninitialized RAM. This causes speedrunners to seek out specific consoles (usually toploaders) or use flash carts with firmware that leaves favorite values in RAM.

User avatar
Gilbert
Posts: 450
Joined: Sun Dec 12, 2010 10:27 pm
Location: Hong Kong
Contact:

Re: List of games that use power-on state to seed RNG

Post by Gilbert » Thu Dec 17, 2020 2:01 am

Fiskbit wrote:
Thu Dec 17, 2020 1:14 am
Metroid
This makes me think. What about the original FDS version?
I'm not familiar with what the FDS Bios does. Does it clear RAM upon boot and reset?
If it does, then these randomised RNG things won't work there.
However, if it doesn't, then it can be easily exploited like say boot some other game and play until certain memory locations hold some particular known values, reset and boot a game with its RNG relying on initial RAM values, and you know the rest.
This is similar to the hot swap trick for cartridge games but is much safer and easier to pull off, and you won't have the risk of tosting your cartridges and consoles.

User avatar
rainwarrior
Posts: 8002
Joined: Sun Jan 22, 2012 12:03 pm
Location: Canada
Contact:

Re: List of games that use power-on state to seed RNG

Post by rainwarrior » Thu Dec 17, 2020 2:06 am

The FDS BIOS does not clear RAM. It modifies some of it at boot for its own purposes, but there is no bulk clearing.

User avatar
Gilbert
Posts: 450
Joined: Sun Dec 12, 2010 10:27 pm
Location: Hong Kong
Contact:

Re: List of games that use power-on state to seed RNG

Post by Gilbert » Thu Dec 17, 2020 2:12 am

Then it is very easily exploited, as long as the target game's RNG (or other things like those games that may glitch out in case some memory locations hold some initial specific values) depends on initial RAM contents.

However, as pointed out in TCRF the two versions of Metroid used completely different RNG schemes. It is not clearly stated whether the FDS version's RNG would rely on initial RAM content but I think this is implied to be 'no'.

Pokun
Posts: 1751
Joined: Tue May 28, 2013 5:49 am
Location: Hokkaido, Japan

Re: List of games that use power-on state to seed RNG

Post by Pokun » Thu Dec 17, 2020 6:49 am

Yeah the incorrect behavior of Ridley and other enemies is supposedly because the NES version uses a faulty RNG routine that doesn't change enemy behavior properly, while the FDS version uses an RNG routine provided by the BIOS. I suppose it's BIOS call $E9B1. This RNG routine doesn't seem to rely on uninitialized RAM in the way Metroid uses it, and the BIOS even seems to initialize it to $D0, $D0.

User avatar
gauauu
Posts: 724
Joined: Sat Jan 09, 2016 9:21 pm
Location: Central Illinois, USA
Contact:

Re: List of games that use power-on state to seed RNG

Post by gauauu » Thu Dec 17, 2020 12:01 pm

rainwarrior wrote:
Wed Dec 16, 2020 6:03 pm
I made two games leave most bits of the RNG uninitialized at reset so that gathered entropy propagates across each reset.
Super Homebrew War gathers entropy from power-on state of OAM to randomize which character it features first in the opening credits sequence. I'm not sure if that's what you're looking for, though.
didn't really care too much about methods that don't work well on emulators or PowerPak
I also read a few memory locations that I've been told have some entropy on the PowerPak, so that it is somewhat randomized there also.

User avatar
rainwarrior
Posts: 8002
Joined: Sun Jan 22, 2012 12:03 pm
Location: Canada
Contact:

Re: List of games that use power-on state to seed RNG

Post by rainwarrior » Thu Dec 17, 2020 2:41 pm

gauauu wrote:
Thu Dec 17, 2020 12:01 pm
Super Homebrew War gathers entropy from power-on state of OAM to randomize which character it features first in the opening credits sequence. I'm not sure if that's what you're looking for, though.
It's exactly what I'm looking for.

lidnariq
Posts: 10251
Joined: Sun Apr 13, 2008 11:12 am
Location: Seattle

Re: List of games that use power-on state to seed RNG

Post by lidnariq » Thu Dec 17, 2020 2:46 pm

These are mentioned on the Tricky-to-emulate games page, but it's far from comprehensive:
Final Fantasy, River City Ransom, Apple Town Story, Impossible Mission II amongst others
Use the semi-random contents of RAM on powerup to seed their RNGs. Emulators often provide fully deterministic emulated powerup state, and these games will seem to be deterministic when they weren't intended to be
Older versions of the "Game Bugs" page–before we moved this group over–mentions
''Apple Town Story'' (FDS) — Uses RAM to determine what character name to default to when starting a new game; when RAM is pre-initialised to $00, the name キャシー (Cathy) will be used. — viewtopic.php?p=183064#p183064
and
'Impossible Mission 2'' — Reads uninitialised PRG-RAM for map generation. — viewtopic.php?t=18111
and
''Final Fantasy'' — Relies on portions of RAM to act as an RNG seed for battles/encounters.
and
''River City Ransom'' — Relies on portions of RAM to act as RNG seed for which gangs you encounter, particularly at start. — viewtopic.php?p=178166#p178166

JRoatch
Formerly 43110
Posts: 394
Joined: Wed Feb 05, 2014 7:01 am
Location: us-east
Contact:

Re: List of games that use power-on state to seed RNG

Post by JRoatch » Fri Dec 18, 2020 11:15 am

I should visit this forum more often.

Martin Korth's Magic Floor also seeds random levels from power-on RAM

User avatar
gravelstudios
Posts: 89
Joined: Mon Mar 13, 2017 5:21 pm
Contact:

Re: List of games that use power-on state to seed RNG

Post by gravelstudios » Sun Dec 20, 2020 1:55 pm

This thread has given me an idea. A game might be able to detect (somewhat inaccurately) whether it's running on an emulator or physical hardware by the RAM state. if the initial RAM state is all zeros, then the game could be pretty certain that it's running on an emulator. Of course, the opposite wouldn't necessarily hold true for physical hardware because many emulators give the option of starting with randomized RAM. Anyway, I'm just thinking out loud.

User avatar
Dwedit
Posts: 4410
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: List of games that use power-on state to seed RNG

Post by Dwedit » Sun Dec 20, 2020 2:07 pm

Not just possibly an emulator, could also be a flash cartridge system that reset the RAM to zeroes before booting the game.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!

User avatar
rainwarrior
Posts: 8002
Joined: Sun Jan 22, 2012 12:03 pm
Location: Canada
Contact:

Re: List of games that use power-on state to seed RNG

Post by rainwarrior » Sun Dec 20, 2020 2:13 pm

gravelstudios wrote:
Sun Dec 20, 2020 1:55 pm
This thread has given me an idea. A game might be able to detect (somewhat inaccurately) whether it's running on an emulator or physical hardware by the RAM state. if the initial RAM state is all zeros, then the game could be pretty certain that it's running on an emulator. Of course, the opposite wouldn't necessarily hold true for physical hardware because many emulators give the option of starting with randomized RAM. Anyway, I'm just thinking out loud.
We've discussed SRAM tendencies in the past here. I think some do seem to power-on all 0 or all 1, but I don't think you'd typically find those in a conventional NES (but possibly in clones). PowerPak and Everdrive also initialize large parts of RAM with their menus, though not to 0 or 1.

There are probably much better ways to try and detect an emulator, but honestly if your software is worth running whatever that test is will be defeated by a newer emulator (and/or a patch). Stuff like this tends to age pretty poorly, and I've seen several mildly embarrassing past attempts at things like that which turned out not to work correctly.

Post Reply