Reverse engineering to recover levels info

Are you new to 6502, NES, or even programming in general? Post any of your questions here. Remember - the only dumb question is the question that remains unasked.

Moderator: Moderators

Post Reply
User avatar
hextr2
Posts: 6
Joined: Fri Mar 13, 2020 8:54 am
Location: Canada

Reverse engineering to recover levels info

Post by hextr2 »

Hi guys,

I`m totally to NES reverse engineering and would like to know if it is possible, by reverse engineer, recover information of the enemies in a specific level and also the boss.

Let me explain better. Let`s say I want to do (in Python with Pygame) a remake of B-Wings. I want that my remake be as closest as possible to the real one. So I dont want to only use the original sprites but I want to have the original boss of each level and the enemies. Some enemies appear in a specific moment of the game. All this information is possible to be recovered by reverse engineering?
If not, which way you guys recommend?

Thanks.
lidnariq
Posts: 11432
Joined: Sun Apr 13, 2008 11:12 am

Re: Reverse engineering to recover levels info

Post by lidnariq »

hextr2 wrote: Fri Mar 13, 2020 9:04 am I`m totally to NES reverse engineering and would like to know if it is possible, by reverse engineer, recover information of the enemies in a specific level and also the boss.
It's always possible. But it's not always worthwhile.
I want to have the original boss of each level and the enemies. Some enemies appear in a specific moment of the game. All this information is possible to be recovered by reverse engineering?
Yes, but at some point that really becomes a mechanical rewrite of the original 6502 asm to python. You may as well write a 6502 emulator in python, and because you don't need to emulate the PPU performance should be acceptable.
User avatar
hextr2
Posts: 6
Joined: Fri Mar 13, 2020 8:54 am
Location: Canada

Re: Reverse engineering to recover levels info

Post by hextr2 »

Oh, I see.
But I think more to get the "sequence" of how the things appear, like: I have the enemies A, B and C. In the first level only the A appear, on the second level the A and B appear, and so on...
I think it would be more like to learn the game engine than anything else...
lidnariq
Posts: 11432
Joined: Sun Apr 13, 2008 11:12 am

Re: Reverse engineering to recover levels info

Post by lidnariq »

I'd recommend trying out Mesen's debugger, then.
User avatar
tokumaru
Posts: 12427
Joined: Sat Feb 12, 2005 9:43 pm
Location: Rio de Janeiro - Brazil

Re: Reverse engineering to recover levels info

Post by tokumaru »

hextr2 wrote: Fri Mar 13, 2020 11:27 am Oh, I see.
But I think more to get the "sequence" of how the things appear, like: I have the enemies A, B and C. In the first level only the A appear, on the second level the A and B appear, and so on...
You can certainly obtain that kind of information, but it won't be as nearly organized as in your example sentences.

There's absolutely no consensus on how to organize the various aspects of game levels,so each developer will tie the various elements differently. Level organization often relies heavily on pointers, with things referencing other things, and those referencing even more things, so be prepared to untangle that web.

The sequence of events in particular is definitely something unlikely explicitly laid out. Events usually depend on other events happening, so you have these different systems working together creating chain reactions that result in the specific animations you see on the screen. For example, a game may have the camera system tied to the object spawning system because objects are only activated when they're about to scroll into the screen.
User avatar
hextr2
Posts: 6
Joined: Fri Mar 13, 2020 8:54 am
Location: Canada

Re: Reverse engineering to recover levels info

Post by hextr2 »

tokumaru wrote: Fri Mar 13, 2020 4:14 pm
hextr2 wrote: Fri Mar 13, 2020 11:27 am Oh, I see.
But I think more to get the "sequence" of how the things appear, like: I have the enemies A, B and C. In the first level only the A appear, on the second level the A and B appear, and so on...
You can certainly obtain that kind of information, but it won't be as nearly organized as in your example sentences.

There's absolutely no consensus on how to organize the various aspects of game levels,so each developer will tie the various elements differently. Level organization often relies heavily on pointers, with things referencing other things, and those referencing even more things, so be prepared to untangle that web.

The sequence of events in particular is definitely something unlikely explicitly laid out. Events usually depend on other events happening, so you have these different systems working together creating chain reactions that result in the specific animations you see on the screen. For example, a game may have the camera system tied to the object spawning system because objects are only activated when they're about to scroll into the screen.
Ah, ok.
So, which tool(s) do you recommend? Is Mesen a good start?
User avatar
tokumaru
Posts: 12427
Joined: Sat Feb 12, 2005 9:43 pm
Location: Rio de Janeiro - Brazil

Re: Reverse engineering to recover levels info

Post by tokumaru »

Mesen is probably a great start... AFAIK it's the most complete debugging emulator.

I haven't done much reverse engineering, but if I was trying to understand the behaviour of enemies I'd first identify where in RAM they live. Try to isolate one enemy on the screen and minimize all other activity (don't move the player, don't scroll the screen, etc.) and visually inspect the RAM to see if any values are changing in sync with the enemy. Ignore the OAM mirror (usually $0200-$02FF) as those are just sprites and will tell you nothing about the enemy's logic.

Once you roughly identify where objects live in RAM, you can go to a part of the level without enemies/objects and set a breakpoint for writes to that area, so you can inspect how the game loads objects once you approach them. Inspect this logic and you should be able to identify where the enemy definition data is stored. It could be a table, or even mixed in with the level data.

Once you know that you can study the format the game uses for this data, which will probably allow you to extract enemy positions, types and maybe other attributes.

If you want to look into the behavior of a certain enemy, set read/write breakpoints for the RAM area where it's loaded and study how the program is modifying it. It will be of great help if you can figure out what each of the bytes of the enemy's RAM means (position, health, etc.).

Be sure to document all your findings.
User avatar
hextr2
Posts: 6
Joined: Fri Mar 13, 2020 8:54 am
Location: Canada

Re: Reverse engineering to recover levels info

Post by hextr2 »

tokumaru wrote: Fri Mar 13, 2020 6:53 pm Mesen is probably a great start... AFAIK it's the most complete debugging emulator.

I haven't done much reverse engineering, but if I was trying to understand the behaviour of enemies I'd first identify where in RAM they live. Try to isolate one enemy on the screen and minimize all other activity (don't move the player, don't scroll the screen, etc.) and visually inspect the RAM to see if any values are changing in sync with the enemy. Ignore the OAM mirror (usually $0200-$02FF) as those are just sprites and will tell you nothing about the enemy's logic.

Once you roughly identify where objects live in RAM, you can go to a part of the level without enemies/objects and set a breakpoint for writes to that area, so you can inspect how the game loads objects once you approach them. Inspect this logic and you should be able to identify where the enemy definition data is stored. It could be a table, or even mixed in with the level data.

Once you know that you can study the format the game uses for this data, which will probably allow you to extract enemy positions, types and maybe other attributes.

If you want to look into the behavior of a certain enemy, set read/write breakpoints for the RAM area where it's loaded and study how the program is modifying it. It will be of great help if you can figure out what each of the bytes of the enemy's RAM means (position, health, etc.).

Be sure to document all your findings.
Cool, thanks for the tips...
By the way, I'm brazilian too :)
Oziphantom
Posts: 1565
Joined: Tue Feb 07, 2017 2:03 am

Re: Reverse engineering to recover levels info

Post by Oziphantom »

you're new to the NES, but how new are you to 6502?

reverse engineering to the level you want,requires top tier knowledge of 6502. With thing such as Text you can mostly get away with reading a few of "the what are pointers" guides and get through it. As Text has a solid dependable outcome. How a game stores it level data, movement patterns, segments are 100% arbitrary with no solid "this has to come out here" conditions.
User avatar
hextr2
Posts: 6
Joined: Fri Mar 13, 2020 8:54 am
Location: Canada

Re: Reverse engineering to recover levels info

Post by hextr2 »

Oziphantom wrote: Mon Mar 16, 2020 11:05 pm you're new to the NES, but how new are you to 6502?

reverse engineering to the level you want,requires top tier knowledge of 6502. With thing such as Text you can mostly get away with reading a few of "the what are pointers" guides and get through it. As Text has a solid dependable outcome. How a game stores it level data, movement patterns, segments are 100% arbitrary with no solid "this has to come out here" conditions.
Hey, Oziphantom.
I'm also new to the 6502. Do you have any suggestions of other tools that I could used?
Thanks.
Oziphantom
Posts: 1565
Joined: Tue Feb 07, 2017 2:03 am

Re: Reverse engineering to recover levels info

Post by Oziphantom »

for my reverse I use https://csdb.dk/release/?id=149429 sadly my "booster" won't help you as its C64 centric. But stock Regenerator is pretty good.

do you know another Asm well or is this your first time doing "low level"?
User avatar
hextr2
Posts: 6
Joined: Fri Mar 13, 2020 8:54 am
Location: Canada

Re: Reverse engineering to recover levels info

Post by hextr2 »

Oziphantom wrote: Tue Mar 17, 2020 6:15 am for my reverse I use https://csdb.dk/release/?id=149429 sadly my "booster" won't help you as its C64 centric. But stock Regenerator is pretty good.

do you know another Asm well or is this your first time doing "low level"?
I have some, very basic, knowledge of 8086 asm but, yes I would say that is almost nothing...
Post Reply