Learning rom hacking on Metal Saga

Discussion in 'NDS - ROM Hacking and Translations' started by Morm91, Sep 4, 2014.

  1. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Hello guys,

    I'm currently trying a lots of things on Metal Saga which seems easy to hack, even for a beginner.

    I've found a .bin file which contains every item name (H_ITEM_NAME.BIN) and i'm tring to code a tool for that. I have found the pointer table (at the beginning of the file), the first byte of the file is "4C", and every group of 2 bytes after seems to be a pointer (until ?).

    The probleme is i cant figure where the table ends. I assume the first "4C" may help to find that but i've got no luck for the moment.

    Here is the file : mshexa.jpg
     


  2. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,199
    8,957
    Nov 21, 2005
    You don't have to learn to hack games using a Japanese game. It is quite acceptable to learn to hack on a game written in a language you are comfortable in. Kudos on making your own tools right off the bat though, many take a while before they bother.

    Still looking at it I would say the 4c it starts with is likely not a small magic stamp, size marker or something like but but part of the pointers. Indeed if you flip the bytes you get 044c and at 044c is something that does not look like a pointer (though I am not sure it is shiftJIS like the rest).

    Usually though you have three options

    1) The first (or some other) value says that size of the pointer field/map/table/section, this can be all sorts of mathematical relations upon the actual length (relative, not counting the header,,,,) but it is there.
    2) The pointer section is ended with a value (0000 is a popular one), if not the pointers then the text they deal in quite often does. In this case it seems text sections might end with 00*.
    3) A basic ipso facto type thing. If the first pointer in this case points to 044c then basic logic says that the data at 044c is not a pointer, everything before it though. Naturally you can make programs/formats that differ here but it is basic and it works so the sensible programmer, or at least one in need of a basic format with pointers, is not going to do much different.


    *be careful just doing a search for 00 as 00 is quite valid with a lot of the other 8 bits in a shiftJIS character.
     
    Phoenix Goddess likes this.
  3. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Thanks ! And my main goal is to translate japanese games, so it's seemed logical to me to learn rom hacking with a japanese rom.

    Anyway, I feel a little stupid but i finally figured it out. Like you assumed, the pointer table begin at the very beginning of the file, and the first pointer (044c) point indeed to something, so everything that is before this adress are pointers (100% sure now).

    Thank a lot for your help (i'll probably post new questions here in the future).

    my first success :
    mssc1.jpg
     
    GHANMI likes this.
  4. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Hi guys, here i am again.

    Lately, i've been trying to inject text in the file "arm9.bin". In order to do so, i've added some text at the end of the file, and i've tried to update a pointer with the adress of my new text (at the end, so), but it didn't work. That's odd, because i've succesfully update this pointer to other adress near the end of the file and it did work.
    My guess is that the adress of the end of the file is written somewhere, and the pointers can't point to something that is beyond this... What do you think ?
     
  5. Normmatt

    Normmatt Former AKAIO Programmer

    Member
    2,142
    544
    Dec 14, 2004
    New Zealand

    You can't just expand the arm9 binary.... you'd need to adjust the section addresses as that area is usually cleared on boot and used as ram.
     
    Phoenix Goddess likes this.
  6. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,199
    8,957
    Nov 21, 2005
    What Normmatt said. You can edit the relevant header entries to extend the RAM size, for some games it might even work. For most though you might find that it needed the space and will not work properly now, or may even get overwritten by something else.

    Editing text in the binaries is horrible, as a ROM hacker working on the DS you hope you never have to do this (or in the overlays which have much the same problems). When it happens though I usually find there are three options, with a few more out there ones as well.

    1) You do the full memory check, read, extension and more stuff. Really not fun but will work if you do it right.

    2) Find some free space in the ARM binary. My favourite places to look at the wifi error strings in the binary, a game this early would not have wifi though. If there are wifi error strings then they might have it in several languages, generally be quite long and easily replaced by something more useful for you. If you have to break a bonus mode or something to have it fit then maybe consider that.

    3) You edit the translated text to fit in the space you have, or help it fit in there by some means. Time to bust out the thesaurus if you are editing text (rather than using residence I might use home, or in your case rather than using appartement go with chez). You can cheat a bit here and maybe do things like dual tile encoding and multi character encoding. You can also go further and find that if a game uses say 16 bit shiftJIS then convert the decoder to use an 8 bit encoding instead. If you have repeated sections then maybe consider pointing to the same thing where you can.

    The further option could be use the GBA expansion pack. It is present in DS mode and if effectively 32 megabytes of fairly high performance RAM if you want it to be, depending upon the flash cart you are using this might be more like 16 megabytes and might be read only if you have to use the NOR. Given you have all of about 4 megs on the DS none of those are especially horrible scenarios to my mind.

    You could also try compression and decompressing it to free space in memory. http://gbatemp.net/threads/unofficial-desmume-build-unused-memory-finder-tool.349332/ has something that might help with that (and 1) for that matter).

    Thankfully I usually find it is only menus, maybe character names, some place names or something quite small that appears as text in the binary. Not always, and you have crazy things like Rockman EXE OSS that has everything in overlays (making over 1000 of things), but usually it is just small names and small pieces of text you can afford to mess around a bit.
     
    cearp and Phoenix Goddess like this.
  7. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Thanks for the answers !

    As you say, the texts that i've found in arm9.bin are mostly menus and place names, every item names and dialogues are in specific files that i've manage to edit properly.
    So i think i will go with a mix of your solution 2 and 3. The game does use 16bit shiftJS, and i've succesfully used 8bit encoding instead, so for most of the texts menu, editing the translated text to fit in the space i have will work. For the others, i'll find some free space in the arm binary.
     
  8. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    I've found in the arm binary a huge block of '00' bytes, but i don't know if this is some free space or something that the game uses somehow :unsure:
     
  9. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,199
    8,957
    Nov 21, 2005
    How big is huge? If it is up in the tens of kilobytes range then it is a good bet for something that is free to use. If it is only a couple of dozen/hundred bytes then I would be more careful, however basic checking is easy enough (use it and see if something gets corrupted) so it might be worth a go. The reason you probably want to more careful with shorter things is 00 is quite valid, and by virtue of being the first number the alpha/transparent value, for images and if someone does one binary include (the text you are editing now for instance) they are usually OK with doing two.

    It could be scratch space, decompression space, seed space or something else where it would be reserved for use in the game but with the DS using C and C++ you have proper memory management and such techniques tend to go out of fashion when you have such options. Why it would be there I am not sure, being an earlier game though they might still have been getting the compiler/linker properly sorted.
     
  10. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    There is about 640 bytes, and they are just between 2 blocks which contains text (in shiftJIS), so i'm pretty confident about using it :)
     
  11. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Hello !

    Today, i tried to do a little work on another game : Metal Max 3.
    But I've already met a problem: the only files in the file system of the rom are named "pack_data.pak". Thoses seem to be collections of files with probably some compression. In crystalTile2, i can't find any japanese text in the entire rom, but when i open one of these data_pack.pak in Notepad++, here's what i get :
    screen1MM3.jpg

    That's strange, because when i look at it in the Hex editor of notepad++, it has not the same content and length as when i open it in CT2.
    How is it possible ? Does notepad++ decompress automatically the files or am i missing something ?
     
  12. Auryn

    Auryn GBAtemp Advanced Fan

    Member
    536
    346
    Jul 21, 2011
    Swaziland
    Try click there :)


    [​IMG]


    :hrth:
     
    GHANMI and Phoenix Goddess like this.
  13. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Ok i tought only shiftJS could display japanese characters, i'm feeling a little stupid...
    Thanks anyway ;)
     
  14. GHANMI

    GHANMI GBAtemp Advanced Fan

    Member
    966
    491
    Jun 10, 2012
    My only gripe with Crystaltile is that I could never get it to use TBL files properly (everything goes "unknown byte" dots), or how to change that font to a monospaced font since the colored highlight square is often way off the actual kana/kanji/ascii letter.

    And btw since you can see the Japanese text perfectly fine here (and the lines make sense, there's punctuation and perfectly readable Japanese sentences) then it means that at least the text portion is not compressed.
     
  15. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Yep, i've succesfully changed some text with roman characters, that's not my probleme right now.
    No, the big issue here, is that i have to find a way to unpack the "pack_data.pak".
     
  16. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,199
    8,957
    Nov 21, 2005
    Sounds like you have one of those "all subfiles in one big archive" games, it has been seen a few times (phoenix wright, touch detective and the first Tony Hawk title being some other examples). Recall that pointer stuff you opened the thread with? It is usually like that but done for more files, and probably also having some file names as well as maybe some flags to indicate compression. If I have time later today I will have a look at it but it should not be too troubling, bonus is as you are already making your own tools you have the harder part sorted -- pulling apart the files is easy (you can do it with a batch file and something like filecutter) but putting it back together and sorting the pointers is the big trick.
     
  17. hackotedelaplaqu

    hackotedelaplaqu GBAtemp Advanced Fan

    Member
    543
    161
    Jan 10, 2009
    France
    I guess you already know it but did you press CTRL+T after loading table in CT2 ?

    If that doesn't work, open tbl file in hex editor and delete first unused byte.
     
    GHANMI likes this.
  18. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    I've found the filenames, they are just at the beginning of the pak file, but no luck on finding the pointers for the moment... But I think the first byte indicate the number of files in the pack.
    And the graphics seems to be stored in .tex files, which i don't know anything about.
     
  19. Normmatt

    Normmatt Former AKAIO Programmer

    Member
    2,142
    544
    Dec 14, 2004
    New Zealand

    This is a log of what the game does to read a file from that pack file

    FS_ConvertPathToFileID(0x027E356C,"/pack_data.pak");
    FS_OpenFileFast(0x027E3910,0x02115C20);
    FS_SeekFile(0x027E3910,0x00000182,FS_SEEK_SET);
    FS_ReadFile(0x027E3910,0x027E3998,0x00000008);
    FS_SeekFile(0x027E3910,0x00061C25,FS_SEEK_SET);
    FS_ReadFile(0x027E3910,0x027E3960,0x00000010);
    FS_SeekFile(0x027E3910,0x00061C25,FS_SEEK_SET);
    FS_ReadFile(0x027E3910,0x022AB780,0x000000B4);
    FS_CloseFile(0x027E3910);

    seems simple enough. Not sure how it originally seeks to 0x182 but the definately looks like {u32 size, u32 address} to me.
     
  20. Morm91
    OP

    Morm91 Member

    Newcomer
    12
    1
    Aug 26, 2014
    France
    Paris
    Thanks Normmatt !

    But do you know which "pack_data.pak" is red in this log ? Because i don't find any at 0x027E356C...
    And how do you get this log ? With the debug version of NO$GBA ?

    I definitely still have a lot to learn :)