Hacking Documenting Skyward Swords save file.

[Antidote]

I've been documenting the save file for Skyward sword over the past few days, which has proven to be very slow going however i do have some progress.

I'm able to not only modify the save data, but i'm also able to get a "valid" file, the each game has a CRC32 checksum tacked on at the end. Each "file" is 0x53c0 bytes in size.

This is what i have currently

GameOff = 0x20 - Offset of first file
GameOff + 0x0000 - Playtime
GameOff + 0x0004 - unknown;
GameOff + 0x0008 - Date Time (When the file was saved, ticks from 1-1-2001 12AM)
GameOff + 0x0010 - Player Origin (stored as 6 floats)
GameOff + 0x0028 - Camera Origin (stored as 6 floats)
GameOff + 0x08D3 - Location ID (Displays location name on the load screen)
GameOff + 0x08D4 - Hero's Name (stored as a Big Endian Unicode String)
GameOff + 0x08F1 - Z-Target Intro;
GameOff + 0x08F8 - Crate intro
GameOff + 0x0936 - Unknown set to 0x04 after talking to horwell for the first time and accepting the "mission";
GameOff + 0x09D2 - Interface type (0x00 = standard, 0x40 = Pro, Light = 0x20, OR it by 0x08 if Fi has told link about it. [The 0x08 doesn't really do anything substantial])
GameOff + 0x09E7 - Stamina fruit (and probably other things)
GameOff + 0x0A3C - Amber Relic
GameOff + 0x0A44 - Sky Stag beatle
GameOff + 0x0A46 - Gerudo DragonFly
GameOff + 0x0A5E - Rupees
GameOff + 0x1A66 - Dash Intro and Mia Rescued flag (0x08 = dash, 0x50 = mia rescued or them together to complete both);
GameOff + 0x1A69 - Skyloft Flags1 (0x00, 0x10, 0x30 and 0x70 are current known values)
GameOff + 0x1A8B - Unknown set to 0x02 after talking to horwell for the first time 0x10 after talking to jakamar, OR them together to get the final flag.
GameOff + 0x30F5 - Skyloft Flags2 (0x00 haven't entered the main area yet, 0x80 the cutscene played imediately after you leave the academy has been played, 0x82 or 0x84 Instructor horwell has been talked to about Mia, 0x86 player accepted the rescue mission)
GameOff + 0x30FB - Whether the rupee in links room was taken or not.
GameOff + 0x5302 - Total Hearts
GameOff + 0x5304 - Unk (Total heart pieces?)
GameOff + 0x5306 - Current Health
GameOff + 0x531C - Current Map
GameOff + 0x533C - Current Location (Skyloft, Lanayru Mines, etc.)
GameOff + 0x535C - Seems to be a Copy of of 0x531C
GameOff + 0x53AE - Equipped Weapon
GameOff + 0x53B0 - Deals with Minus button equipment not sure what it does exactly
GameOff + 0x53B1 - Same as above.
GameOff + 0x53BC - Checksum

I would like to eventually create save editor however as you can see i don't know much about the format as of yet. I'll update this thread as i find out more

 

[FAST6191]

So rarely do I see vanilla crc32 as a game save checksum/hash. I lack a wii and I do not think my machine is up for emulation so there is not much I can do to help but you do have my encouragement.

Also although it would serve no purpose at all I am well up for engineering a collision for some reason.

 

[Lucif3r]

I do not think my machine is up for emulation so there is not much I can do to help but you do have my encouragement.

Actually it doesnt require that much. Im able to play Wii games through Dolphin on my laptop (barely) which is an old Turion x2 1.8Ghz, 2048MB DDR2 RAM and a GF8400M (urm, 512MB I think? Or was it 256...)
Of course, its possible your machine is weaker than my laptop, but I doubt it tbh.

 

[LWares87]

Codes would be better, than editing the save file.

 

[Cyan]

I guess making an editor is more for his own self learning experience on deciphering the save format and creating the program than to allow users to cheat (like you said, ocarina codes already exists).
It's a good experience to have a project and complete it, it helps understanding how things are working and already have some experience for future hacks.

 

[Antidote]

Yeah, it's mostly for the experience, however the thing is people WOULD use a save editor despite the existence of gecko codes.
Most of these people would have lost their saves and want to get as close to where they were before they lost their save, that was MY motivation to start looking into the save format.

 

[Lucif3r]

Most of these people would have lost their saves and want to get as close to where they were before they lost their save, that was MY motivation to start looking into the save format.

Thats very true. Would be very handy for the skyward sword gamebreaking bug.

 

[WiiPower]

If you only want to change the number rupees, beetles and relics once, i'd prefer a savegame editor over Ocarina codes. But the possibilites of a savegame editor are very limited.

One nice thing to find would be a the save location, which bird statue you start the game from the save.

 

[Antidote]

If you only want to change the number rupees, beetles and relics once, i'd prefer a savegame editor over Ocarina codes. But the possibilites of a savegame editor are very limited.

One nice thing to find would be a the save location, which bird statue you start the game from the save.

I've found that, and am currently researching it. However the "bird" statue isn't saved just the map ID and your location relative to the maps origin. I've actually had Link spawn in mid freaking air xD

Edit:
Updated first post with new information

 

[Cyan]

What might be the most difficult is to choose which event are done or not to advance in the story.
you could make a "before last boss" save but without completing the new games event such as finding the tablets to open the land paths.


I don't know how the events are verified, but there are certainly events to trigger one by one.
Maybe it's already well made and each increment of a single "story progress" variable is enough, as it may be used on the boss rush mode to remember which equipment you had at that time.

 

[Antidote]

What might be the most difficult is to choose which event are done or not to advance in the story.
you could make a "before last boss" save but without completing the new games event such as finding the tablets to open the land paths.


I don't know how the events are verified, but there are certainly events to trigger one by one.
Maybe it's already well made and each increment of a single "story progress" variable is enough, as it may be used on the boss rush mode to remember which equipment you had at that time.

My guess is it's just bit flags for each area, however i'm still documenting location ID's right now so i'll get to that soon (I hope)

EDIT:
Speaking of which:

LocationIDs
0x00 - Skyloft
0x01 - Sealed Grounds
0x02 - Faron Woods
0x03 - Deep Woods
0x04 - Lake Floria
0x05 - Eldin Volcano
0x06 - Volcano Summit
0x07 - Lanayru Mine
0x08 - Lanayru Desert
0x09 - Lanayru Gorge
0x0A - Lanaryu Sand Sea
0x0B - Skyview Temple
0x0C - Earth Temple
0x0D - Lanaryu Mining Facility
0x0E - Ancient Cistern
0x0F - Sandship
0x10 - Fire Sanctuary
0x11 - Sky Keep
0x12 - Farore's Silent Realm
0x13 - Nayru's Silent Realm
0x14 - Din's Silent Realm
0x15 - The Goddesses's Silent Realm
0x16 - The Sky
0x17 - Nothing (green)
0x18 - Nothing (red)
0x19 - Nothing (tan)
0x1A - Fun Fun Island
0x1B - Pumpkin Landing
0x1C - Beedles Island
0x1D - Bamboo Island
0x1E - Isle of Songs
0x1F - Bug Rock
0x20 - Nothing (blue)
0x21 - Skyview Spring
0x22 - Earth Spring
9x23 - Temple Of Time
0x24 - Knight Academy
0x25 - Bazaar
0x26 - Sparring Hall
0x27 - Nothing (blue)
0x28 - Lanayru Caves
0x29 - Inside the Great Tree
0x2A - Nothing (green)
0x2B - Skipper's Retreat
0x2C - Shipyard
0x2D - Pirate Stronghold
0x2E - Inside the Statue of the Goddess
0x2F - Waterfall
0x30 - Orielle & Parrow's House
0x31 - Rupin's House
0x32 - Bertie's House
0x33 - The Lumpy Pumpkin
0x34 - Sparrot's House
0x35 - Gondo's House
0x36 - Peatrice's House
0x37 - Batreaux's house
0x38 - Beedle's Airshop
0x39 - Inside the Thunderhead
0x3A - To Faron Woods
0x3B - To Eldin Volcano
0x3C - To Lanayru Desert
0x3D - Pipit's House
0x3E - Piper's House
0x3F - Kukiel's House
0x40 - Hylia's Realm
0x41 - Sealed Temple
0x42 - Temple Of Hylia
0x43 - Nothing (brown)
0x44 - Nothing (brown)
0x45 - Nothing (brown)
anything greater causes the game to crash

 

[Errorjack]

What might be the most difficult is to choose which event are done or not to advance in the story.
you could make a "before last boss" save but without completing the new games event such as finding the tablets to open the land paths.


I don't know how the events are verified, but there are certainly events to trigger one by one.
Maybe it's already well made and each increment of a single "story progress" variable is enough, as it may be used on the boss rush mode to remember which equipment you had at that time.

My guess is it's just bit flags for each area, however i'm still documenting location ID's right now so i'll get to that soon (I hope)

EDIT:
Speaking of which:

LocationIDs
0x00 - Skyloft
0x01 - Sealed Grounds
0x02 - Faron Woods
0x03 - Deep Woods
0x04 - Lake Floria
0x05 - Eldin Volcano
0x06 - Volcano Summit
0x07 - Lanayru Mine
0x08 - Lanayru Desert
0x09 - Lanayru Gorge
0x0A - Lanaryu Sand Sea
0x0B - Skyview Temple
0x0C - Earth Temple
0x0D - Lanaryu Mining Facility
0x0E - Ancient Cistern
0x0F - Sandship
0x10 - Fire Sanctuary
0x11 - Sky Keep
0x12 - Farore's Silent Realm
0x13 - Nayru's Silent Realm
0x14 - Din's Silent Realm
0x15 - The Goddesses's Silent Realm
0x16 - The Sky
0x17 - Nothing (green)
0x18 - Nothing (red)
0x19 - Nothing (tan)
0x1A - Fun Fun Island
0x1B - Pumpkin Landing
0x1C - Beedles Island
0x1D - Bamboo Island
0x1E - Isle of Songs
0x1F - Bug Rock
0x20 - Nothing (blue)
0x21 - Skyview Spring
0x22 - Earth Spring
9x23 - Temple Of Time
0x24 - Knight Academy
0x25 - Bazaar
0x26 - Sparring Hall
0x27 - Nothing (blue)
0x28 - Lanayru Caves
0x29 - Inside the Great Tree
0x2A - Nothing (green)
0x2B - Skipper's Retreat
0x2C - Shipyard
0x2D - Pirate Stronghold
0x2E - Inside the Statue of the Goddess
0x2F - Waterfall
0x30 - Orielle & Parrow's House
0x31 - Rupin's House
0x32 - Bertie's House
0x33 - The Lumpy Pumpkin
0x34 - Sparrot's House
0x35 - Gondo's House
0x36 - Peatrice's House
0x37 - Batreaux's house
0x38 - Beedle's Airshop
0x39 - Inside the Thunderhead
0x3A - To Faron Woods
0x3B - To Eldin Volcano
0x3C - To Lanayru Desert
0x3D - Pipit's House
0x3E - Piper's House
0x3F - Kukiel's House
0x40 - Hylia's Realm
0x41 - Sealed Temple
0x42 - Temple Of Hylia
0x43 - Nothing (brown)
0x44 - Nothing (brown)
0x45 - Nothing (brown)
anything greater causes the game to crash

There IS a debug room in the game, do you know the ID for that?

 

[Antidote]

There IS a debug room in the game, do you know the ID for that?

you obviously don't understand, it doesn't have a name, those are ALL the valid names any other value makes the game CRASH. therefore the game doesn't name the debug room

 

[Lucif3r]

There IS a debug room in the game, do you know the ID for that?

you obviously don't understand, it doesn't have a name, those are ALL the valid names any other value makes the game CRASH. therefore the game doesn't name the debug room

Thats a bit weird. Because I can confirm theres a debug/test room. Ive looked at the model of it myself.
They mustve removed the savegame hex-code for it (but left the model in? :s) before release. Of course its possible they spawned there in some other way, but using a hexcode in a save game sounds like the easiest way.

 

[Antidote]

There IS a debug room in the game, do you know the ID for that?

you obviously don't understand, it doesn't have a name, those are ALL the valid names any other value makes the game CRASH. therefore the game doesn't name the debug room

Thats a bit weird. Because I can confirm theres a debug/test room. Ive looked at the model of it myself.
They mustve removed the savegame hex-code for it (but left the model in? :s) before release. Of course its possible they spawned there in some other way, but using a hexcode in a save game sounds like the easiest way.

No those location ID's are NOT for map loading, just for telling the game your current game location (Which can differ even on the same map), The game uses a much simpler method of storing the map location: It's directory soooo Look for F000 in the save and you know you're on Sky Loft.


^ Like that

Change the top and bottom one to "Demo" (for consistency), zeroing out where appropriate, and adjust the checksum to account for the change (You may also need to adjust the spawn position for link) and this is what you get:

 

[Lucif3r]

Aha! Well that explains it hehe

 

[Antidote]

I've been working on the starts of a Save editor in Qt, and it's coming along nicely.

After some trouble figuring out how to load BigEndian Unicode with an API that doesn't support it by default I'm now getting ready to code the nitty gritty.

Please not that NONE of my research on the flags will be used until i know more about them. they are highly experimental, however I do plan on having a Hex Editor built in to it so people can go in and mess with the values (within reason) and see immediate results without having to do the checksum dance i've been having to do lately.

Lucif3r: Yeah, It kinda confused me at first too, however i can see the genius in it now. because now they don't have to have a separate flag for EVERY room in the game. just the directory for a certain area which is already defined. no need to reinvent the wheel twice in one game.

 

[Lucif3r]

Lucif3r: Yeah, It kinda confused me at first too, however i can see the genius in it now. because now they don't have to have a separate flag for EVERY room in the game. just the directory for a certain area which is already defined. no need to reinvent the wheel twice in one game.

Except they have about 6 copys of each model spread across all files and twice the amount of textures needed
The file layout is completely messed up. In pretty much every level they got a copy of the boss door, which is EXACTLY the same as in the other 10 million files... Why cant they just make a reference in each file pointing to ONE file which contains the actual model, (like they do with animations) instead of duplicating the model and increasing the size of the game >_> (not to mention its a bitch to edit for us lol)

 

[Antidote]

that's not reinventing the wheel, thats iterating it more times than you need ;D

 

[Antidote]

I just commited the source to a VERY alpha save editor for those interested. It doesn't do much of merit just yet but it shows that I'm not just talking out my rear about this.

http://skyward-sword-save-editor.googlecode.com