hacking on the Tim Burton's The Nightmare Before Christmas GBA game.
I can see a lot of plaintext in the ROM, but some of it is obscured. I think it's some kind of basic compression.
Conversation
Notices
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 18:16:41 JST 
Foone🏳️⚧️
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 18:22:06 JST
Foone🏳️⚧️
no, it can't be compression, it takes more bytes. And removing it breaks the textbox.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 18:23:19 JST
Foone🏳️⚧️
whatever. I don't have to understand it to extract the font.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 18:52:13 JST
Foone🏳️⚧️
apparently I do, my injections are inconsistent?
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 20:30:19 JST
Foone🏳️⚧️
main slowdown at the current moment: I forgot how to type an Ă
(it's compose, u, shift+A)
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 20:44:50 JST
Foone🏳️⚧️
sometimes while editing a font, I get the strangest feeling, it's like I'm being watched
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 25-Dec-2024 21:09:21 JST
Foone🏳️⚧️
got the font. Maybe I need to get some backgrounds before I release it.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 14:59:43 JST
Foone🏳️⚧️
I think this map alone means this game is technically a Metroidvania
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 12:46:26 JST
Foone🏳️⚧️
I got a controller out and I'm playing it again.
Cheat #1: 62E, set to 10, for max health
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 13:01:06 JST
Foone🏳️⚧️
oh fuck me there's more than one map
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 13:17:35 JST
Foone🏳️⚧️
STOP HAVING MORE MAPS
-
Canageek (canageek@wandering.shop)'s status on Friday, 27-Dec-2024 13:23:49 JST 
Canageek
@foone Wait, you type these injections by hand? You do this so often, I'd figured you would have a "textInjections.txt" file filled with every character you might ever want to extract
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 13:23:49 JST
Foone🏳️⚧️
@Canageek I do the injections automatically, but often that gives me the letters in a different order than I expect, so I have to map them back to unicode. thus the typing of special characters
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 13:36:28 JST
Foone🏳️⚧️
ugh. this game doesn't seem to have any walkthroughs, I'd have to watch longplays.
and this game is longer than I thought. I might need to cheat flagrantly
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:24:45 JST
Foone🏳️⚧️
@silentium thanks!
-
Silentium (silentium@todon.eu)'s status on Friday, 27-Dec-2024 14:24:46 JST 
Silentium
@foone not sure how helpful this is to you, but I found https://web.archive.org/web/20201230132118/http://forum.tnbc.eu/pumpkinking/walkthrough via the GameFAQs boards
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:48:48 JST
Foone🏳️⚧️
So @silentium pointed me at an old walkthrough on the wayback machine, so I'm continuing.
I got the next weapon, and it's so crap that I've reached Ghidra O'Clock just to see if I can make this gun better -
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:51:00 JST
Foone🏳️⚧️
@silentium my theory: figure out where enemy health is in ram, set a watch on it, find out what code changes it, then use ghidra to understand that code, then patch the gun to do way more damage
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:52:15 JST
Foone🏳️⚧️
My final problem with this generator could be solved by just shutting up and beating the game manually, but unfortunately, my brain thinks reverse engineering GBA games is more fun than playing them
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:52:46 JST
Foone🏳️⚧️
so I'm gonna reverse engineer it more so I don't have to play it as much
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:55:22 JST
Foone🏳️⚧️
arg. the addresses in the BizHawk ram watch system are segmented, and the addresses in the debugger are not!
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:55:47 JST
Foone🏳️⚧️
it's like 16-bit DOS all over again!
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:56:14 JST
Foone🏳️⚧️
so I gotta figure out which domain I'm in and then look up the memory map to figure out what the linear address is
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:57:51 JST
Foone🏳️⚧️
unfortunately that's exactly what I'm doing.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 14:57:52 JST
Foone🏳️⚧️
fortunately this is trivial if you're using any segment other than the "combined WRAM" pseudo-segment, which does terrible merging of RAM segments to make cheats easier.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:00:31 JST
Foone🏳️⚧️
okay the enemy health is in IWRAM, at offset 5850h.
And according to GBATEK, the memory address for IWRAM is...nonexistent! there's no such thing as IWRAM!
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:04:47 JST
Foone🏳️⚧️
at least according to GBATEK.
SEE, the GBA has two main rams: on-chip and on-board.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:05:14 JST
Foone🏳️⚧️
but what you call these two are... inconsistent.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:07:56 JST
Foone🏳️⚧️
BizHawk uses IWRAM and EWRAM, as does corrupt.wiki.
GBATEK says "WRAM - On-chip Work RAM" and "WRAM - On-board Work RAM".
mGBA internally calls them "iwram" and "wram". -
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:08:57 JST
Foone🏳️⚧️
so whatever. iwram aka WRAM - On-chip Work RAM is at 0x03000000.
so 0x03005850 is the address I need to watch. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:09:43 JST
Foone🏳️⚧️
080B5AEA writes it. BINGO
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:19:40 JST
Foone🏳️⚧️
wee, dynamic code flow! they're passing jumps around in objects. that's no fun
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:25:37 JST
Foone🏳️⚧️
@gsuberland yikes! that doesn't sound... fast? optimal? it sounds like a bad idea just on general principles
-
Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Friday, 27-Dec-2024 15:25:38 JST 
Graham Sutherland / Polynomial
@foone you just reminded me of the time I tried to reverse engineer Steinberg Wavelab to extract realtime playback data from it, only to discover that they use a really weird event driven programming system where every event causes pretty much every object involved in that event to be reallocated at a new address, making it impossible to form a static pointer chain. if this was an intentional act of copy protection I am impressed.
-
vxo (vxo@digipres.club)'s status on Friday, 27-Dec-2024 15:32:31 JST 
vxo
@foone I mean wavelab itself is a bad idea, I cannot count how many times I used to have it eat people's projects in the radio studios
@gsuberland -
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:48:07 JST
Foone🏳️⚧️
IWRAM:62F is the current weapon. You can set it to values of weapons you don't have, and it'll let you fire them
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 15:52:28 JST
Foone🏳️⚧️
weapons:
1: frog gun
2: bat boomerang
3: pumpkin bomb
4: become fireguyother values seem to just do nothing when you press fire.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 16:08:45 JST
Foone🏳️⚧️
dang it. I tried to go to a locked area so I could test my new fancy warping-hacks, but it turns out that was were I was supposed to go in the first place.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 16:28:55 JST
Foone🏳️⚧️
I entered a boss fight, tried to cheat its health, then gave up and tried to beat it normally. failed.
then realized I accidentally succeeded at cheating its health, and I had made it invulnerable by mistake.whoops
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 17:09:56 JST
Foone🏳️⚧️
"Go to the right. The path will be blocked by Pumpkin Blocks. Since you can't proceed, go back to..."
NOT SO FAST, WALKTHROUGH. I can cheat to Pumpkin Bombs, so let's break some sequences!
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 17:32:07 JST
Foone🏳️⚧️
oh god this map scrolls.
-
Jernej Simončič � (jernej__s@infosec.exchange)'s status on Friday, 27-Dec-2024 18:29:27 JST 
Jernej Simončič �
@foone Isn't this easier done with Cheat Engine?
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 18:29:27 JST
Foone🏳️⚧️
@jernej__s cheat engine would tell me when my emulator changes the RAM, not when the game inside the emulator changes RAM
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 18:54:49 JST
Foone🏳️⚧️
@glyph I haven't either. I wouldn't really recommend it, personally. The combat is boring
-
Glyph (glyph@mastodon.social)'s status on Friday, 27-Dec-2024 18:54:50 JST 
Glyph
@foone you’re really making me want to play this and I have never even seen the movie
-
All 076萌SNS content and data are available under the