Hacking Nintendont

KungBore

Well-Known Member
Newcomer
Joined
Oct 9, 2020
Messages
59
Trophies
0
Age
29
XP
184
Country
Brazil
So, I went ahead and tested Metroid Prime's brightness settings on Nintendont and it worked fine, even with deflicker OFF. Are there other games that disable effects if I set Deflicker to OFF? I mean, is it safe to just leave it OFF for every GameCube game, without worrying about missing effects? I know that USB Loader GX uses a SAFE setting to avoid problems in Wii games and I understand that a couple of GC games might reset the filter even when forcing it to OFF, but in the case of Nintendont's implementation, it's just ON or OFF, so I'm a little concerned it might cause issues.
 
Last edited by KungBore,

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
is it safe to just leave it OFF for every GameCube game, without worrying about missing effects?

Yeah you won't lose any effects as Nintendont doesn't disable the GXSetCopyFilter function (if it did, it would have worked for Soul Calibur and Starfox).

It's possible that touching the brightness slider in a game might actually re-instate the vfilter, if the game doesn't calculate the new brightness setting based on the patched vfilter string.
 
  • Like
Reactions: KungBore

KungBore

Well-Known Member
Newcomer
Joined
Oct 9, 2020
Messages
59
Trophies
0
Age
29
XP
184
Country
Brazil
I think I've found another game that doesn't accept turning the filter off: Star Wars Rogue Squadron III: Rebel Strike. To me, it looks very soft, specially comparing to Rogue Squadron II.
 

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
I think I've found another game that doesn't accept turning the filter off: Star Wars Rogue Squadron III: Rebel Strike. To me, it looks very soft, specially comparing to Rogue Squadron II.

I also observe Nintendont cannot remove the filter from Rogue Squadron III.

I cannot find any known vfilter strings/signatures in start.dol which the game actually uses.

I cannot find either of the 2 known versions of GXSetCopyFilter in start.dol as referenced here.

Therefore I think the game was compiled with the "SN Systems ProDG" version of GXSetCopyFilter, since that is the only remaining version we don't know about according to Swiss (ignoring the debug version which is probably not found in a retail game).

We should be able to use Swiss to find its offset, however I lack the tools to do this.

@Extrems, are you able to run this title with Swiss in debug mode to make it print the offset where it found GXSetCopyFilter? Once we know the offset, we can find its binary and manually patch it.
 

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
@Extrems

Swiss patcher.c
Code:
FuncPattern GXSetCopyFilterSigs[5] = {
{ 567, 183, 44, 32, 36, 38, ... },  // Debug version (probably not in retail games)
{ 138,  15,  7,  0,  4,  5, ... },  // gx.a version (known)
{ 163,  19, 23,  0,  3, 14, ... },  // SN Systems ProDG version (unknown -- used by Rogue Squadron III?)
{ 130,  25,  7,  0,  4,  0, ... }   // Dolphin.a version (known)
};

// First array element is length in instructions, not bytes.

GXSetCopyFilter gx.a
Code:
94 21 FF B0 54 60 06 3F BE E1 00 2C 41 82 01 28 88 04 00 01 88 64 00 07 54 1E 20 36 89 04 00 00 88 04 00 13 54 79 20 36 89 44 00 06 51 1E 07 3E 89 64 00 02 88 E4 00 0D 51 59 07 3E 55 7B 40 2E 89 24 00 08 88 64 00 0E 55 3A 40 2E 8B 84 00 03 53 DB 06 3E 89 24 00 10 54 F7 20 36 89 84 00 0C 88 E4 00 15 54 78 40 2E 51 97 07 3E 8B A4 00 12 54 00 20 36 53 A0 07 3E 89 04 00 14 57 9C 60 26 8B E4 00 09 53 7C 05 3E 8B A4 00 04 52 F8 06 3E 89 44 00 0F 55 17 40 2E 89 84 00 0A 53 3A 06 3E 88 64 00 16 55 59 60 26 8B C4 00 05 50 17 06 3E 88 04 00 17 57 FB 60 26 89 64 00 0B 89 04 00 11 57 A4 80 1E 54 E7 60 26 55 8A 80 1E 53 5B 05 3E 54 6C 80 1E 52 E7 05 3E 53 84 04 3E 57 C3 A0 16 53 19 05 3E 55 29 80 1E 53 6A 04 3E 50 83 03 3E 50 EC 04 3E 54 67 02 3E 55 63 A0 16 51 43 03 3E 54 64 02 3E 55 03 A0 16 53 29 04 3E 51 23 03 3E 54 00 A0 16 51 80 03 3E 54 63 02 3E 54 00 02 3E 64 E8 01 00 64 87 02 00 64 69 03 00 64 0A 04 00 48 00 00 24 3D 00 01 66 3C E0 02 66 3C 80 03 66 3C 60 04 66 39 08 66 66 38 E7 66 66 39 24 66 66 39 43 66 66 38 80 00 61 3C 60 CC 01 98 83 80 00 54 A0 06 3F 91 03 80 00 98 83 80 00 90 E3 80 00 98 83 80 00 91 23 80 00 98 83 80 00 91 43 80 00 41 82 00 68 88 06 00 00 88 66 00 01 64 05 53 00 88 06 00 04 88 86 00 02 54 A7 06 A6 54 65 30 32 88 66 00 05 7C E7 2B 78 64 08 54 00 88 A6 00 03 88 06 00 06 54 E6 05 1A 54 84 60 26 7C C6 23 78 55 04 06 A6 54 63 30 32 7C 83 1B 78 54 C6 03 8E 54 A4 90 1A 54 63 05 1A 54 00 60 26 7C C6 23 78 7C 67 03 78 48 00 00 14 3C 80 53 59 3C 60 54 00 38 C4 50 00 38 E3 00 15 38 A0 00 61 80 6D 8F 88 3C 80 CC 01 98 A4 80 00 38 00 00 00 90 C4 80 00 98 A4 80 00 90 E4 80 00 B0 03 00 02 BA E1 00 2C 38 21 00 50 4E 80 00 20
GXSetCopyFilter Dolphin.a
Code:
94 21 FF B8 54 60 06 3F BF 01 00 28 41 82 00 F8 88 04 00 06 38 E0 00 00 89 04 00 00 38 60 00 00 50 07 07 3E 89 24 00 0C 51 03 07 3E 39 00 00 00 88 04 00 12 51 28 07 3E 39 20 00 00 89 44 00 01 50 09 07 3E 88 04 00 13 89 64 00 0D 51 43 26 36 8B 64 00 02 50 09 26 36 8B 24 00 07 89 44 00 14 51 68 26 36 89 84 00 0E 53 63 45 2E 8B 84 00 03 51 88 45 2E 8B A4 00 04 53 83 64 26 88 04 00 05 53 A3 83 1E 8B 04 00 08 53 27 26 36 8B 24 00 0F 50 03 A2 16 8B C4 00 09 38 00 00 01 8B E4 00 0A 51 49 45 2E 8B 44 00 15 50 03 C0 0E 89 84 00 0B 53 07 45 2E 89 64 00 10 53 C7 64 26 89 44 00 11 8B 64 00 16 53 E7 83 1E 53 28 64 26 88 84 00 17 51 68 83 1E 53 49 64 26 53 69 83 1E 38 00 00 02 51 87 A2 16 50 07 C0 0E 38 00 00 03 51 48 A2 16 50 08 C0 0E 38 00 00 04 50 89 A2 16 50 09 C0 0E 48 00 00 24 3C 60 01 66 3C E0 02 66 3D 00 03 66 3C 80 04 66 38 63 66 66 38 E7 66 66 39 08 66 66 39 24 66 66 39 40 00 61 3C 80 CC 01 99 44 80 00 54 A0 06 3F 38 00 00 53 90 64 80 00 38 60 00 00 50 03 C0 0E 99 44 80 00 38 00 00 54 38 A0 00 00 90 E4 80 00 50 05 C0 0E 39 63 00 00 99 44 80 00 38 05 00 00 91 04 80 00 99 44 80 00 91 24 80 00 41 82 00 40 88 86 00 00 88 66 00 04 50 8B 06 BE 88 86 00 01 50 60 06 BE 88 E6 00 02 50 8B 35 32 88 86 00 05 88 A6 00 03 50 EB 63 A6 88 66 00 06 50 80 35 32 50 AB 92 1A 50 60 63 A6 48 00 00 2C 38 80 00 00 38 60 00 15 50 8B 06 BE 50 8B 35 32 50 60 06 BE 50 6B 63 A6 38 60 00 16 50 80 35 32 50 80 63 A6 50 6B 92 1A 38 C0 00 61 80 62 8C 08 3C A0 CC 01 98 C5 80 00 38 80 00 00 91 65 80 00 98 C5 80 00 90 05 80 00 B0 83 00 02 BB 01 00 28 38 21 00 48 4E 80 00 20
 
Last edited by NoobletCheese,

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
Ok I don't think it's SN ProDG as I ran an ahk script to find all functions of length 163x4 = 652 bytes, and there are none in Rogue Squadron III's start.dol. Using epilogue/delimeter "4E800020".
 
Last edited by NoobletCheese,

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
So I searched for all functions of the lengths defined in Swiss's sigs, and the only ones I found in RS3 are two of length 138 which corresponds to the gx.a version. Inside those 2 I tried patching every instance of "4182" to "4800" one at a time, which produced either a crash or black screen in Dolphin.

So I don't think even Swiss would be able to patch RS3 :(
 
Last edited by NoobletCheese,

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
Here are 2 Gecko codes working for Rogue Squadron III NTSC, but I've only tested them in Dolphin emulator.

Won't get around to testing them on console until tomorrow, maybe @KungBore could test?

Code:
# code 1 - patch GXSetCopyFilter @ 0x801b3ccc
281b3ccc 00009124
061b3ccc 00000008
91248000 48000040
e0000000 80008000
Code:
# code 2 - patch GXSetCopyFilter @ 0x80518ccc
28518ccc 00009124
06518ccc 00000008
91248000 48000040
e0000000 80008000

Not sure if you need both of them, in Dolphin either one suffices.

Edit from 6 days later: don't use these codes on Wii hardware as it will patch random bytes due to different memory mapping on Wii hardware! It will cause the game to do weird things and randomly crash.
 
Last edited by NoobletCheese,

Extrems

Well-Known Member
Member
Joined
Jan 17, 2013
Messages
328
Trophies
0
Location
Quebec, Canada
Website
www.extremscorner.org
XP
1,812
Country
Canada
Here are 2 Gecko codes working for Rogue Squadron III, but I've only tested them in Dolphin emulator.

Won't get around to testing them on console until tomorrow, maybe @KungBore could test?

Code:
# code 1 -- patch GXSetCopyFilter @ 0x801b3ccc
061b3ccc 00000008
91248000 48000040
e0000000 80008000

Code:
# code 2 -- patch GXSetCopyFilter @ 0x80518ccc
06518ccc 00000008
91248000 48000040
e0000000 80008000

Note sure if you need both of them, in Dolphin either one suffices.
These addresses seem wrong. They should be in virtual memory (0x7F000000).
 

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
These addresses seem wrong. They should be in virtual memory (0x7F000000).

Hmm, Dolphin debugger is saying they are at those addresses. Here is the entire function dumped from Dolphin...

Code:
94 21 FF B8 54 60 06 3F BF 01 00 28 41 82 00 F8 88 04 00 06 38 E0 00 00 89 04 00 00 38 60 00 00 50 07 07 3E 89 24 00 0C 51 03 07 3E 39 00 00 00 88 04 00 12 51 28 07 3E 39 20 00 00 89 44 00 01 50 09 07 3E 88 04 00 13 89 64 00 0D 51 43 26 36 8B 64 00 02 50 09 26 36 8B 24 00 07 89 44 00 14 51 68 26 36 89 84 00 0E 53 63 45 2E 8B 84 00 03 51 88 45 2E 8B A4 00 04 53 83 64 26 88 04 00 05 53 A3 83 1E 8B 04 00 08 53 27 26 36 8B 24 00 0F 50 03 A2 16 8B C4 00 09 38 00 00 01 8B E4 00 0A 51 49 45 2E 8B 44 00 15 50 03 C0 0E 89 84 00 0B 53 07 45 2E 89 64 00 10 53 C7 64 26 89 44 00 11 8B 64 00 16 53 E7 83 1E 53 28 64 26 88 84 00 17 51 68 83 1E 53 49 64 26 53 69 83 1E 38 00 00 02 51 87 A2 16 50 07 C0 0E 38 00 00 03 51 48 A2 16 50 08 C0 0E 38 00 00 04 50 89 A2 16 50 09 C0 0E 48 00 00 24 3C 60 01 66 3C E0 02 66 3D 00 03 66 3C 80 04 66 38 63 66 66 38 E7 66 66 39 08 66 66 39 24 66 66 39 40 00 61 3C 80 CC 01 99 44 80 00 54 A0 06 3F 38 00 00 53 90 64 80 00 38 60 00 00 50 03 C0 0E 99 44 80 00 38 00 00 54 38 A0 00 00 90 E4 80 00 50 05 C0 0E 39 63 00 00 99 44 80 00 38 05 00 00 91 04 80 00 99 44 80 00 91 24 80 00 41 82 00 40 88 86 00 00 88 66 00 04 50 8B 06 BE 88 86 00 01 50 60 06 BE 88 E6 00 02 50 8B 35 32 88 86 00 05 88 A6 00 03 50 EB 63 A6 88 66 00 06 50 80 35 32 50 AB 92 1A 50 60 63 A6 48 00 00 2C 38 80 00 00 38 60 00 15 50 8B 06 BE 50 8B 35 32 50 60 06 BE 50 6B 63 A6 38 60 00 16 50 80 35 32 50 80 63 A6 50 6B 92 1A 38 C0 00 61 80 6D B3 98 3C A0 CC 01 98 C5 80 00 38 80 00 00 91 65 80 00 98 C5 80 00 90 05 80 00 B0 83 00 02 BB 01 00 28 38 21 00 48 4E 80 00 20
 

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
You're likely just finding the physical backing for the virtual memory pages. These addresses will be random.

I see... well, it seems gecko codes can only write to the range 0x80XXXXXX.

It's definitely working in Dolphin to disable the filter, but then the game crashes some time after the intro sequence... not sure if it would work on an actual console.
 

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
Ok the crashing in Dolphin is resolved on my system by unticking "enable dual core" just for this game (the crash error message said to try this).
 

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
Rogue Squadron III NTSC appears to be using the half-strength vfilter 04041010100404 (same as Donkey Kong) at address 0x802Ca07f.

For some reason searching the string 04041010100404 in Dolphin debugger doesn't find it. But dumping RAM from Dolphin to mem1.raw file and then searching in a hex editor finds it and its offset relative to 0x80000000. Pasting that offset address back into Dolphin debugger reveals 0404101010404 is in fact at that address, which seems to indicate Dolphin's search function is somehow broken.

Patching GXSetCopyFilter with the cheat codes via ULGX Ocarina seems to be working, however the game sometimes crashes. Also the game has really long load times (black screen for up to 20 seconds) regardless of whether cheats are enabled. I don't think this game plays nice with Nintendont due to its compression discovered by Extrems. I tried disabling the read speed limit in Nintendont and it still crashed.

I think a better solution will be patching only the 04041010100404 string at 0x802Ca07f.
 
Last edited by NoobletCheese,

NoobletCheese

Well-Known Member
Member
Joined
Aug 12, 2018
Messages
357
Trophies
0
Age
22
XP
603
Country
United States
I think a better solution will be patching only the 04041010100404 string at 0x802Ca07f.

Can't get this to work, Dolphin just crashes.

If I enclose it inside an "if" statement like this...

Code:
282CA07F 00000404    // if 2 bytes at 0x802ca07f  = 0404
062CA07F 00000007    // write the following 7 bytes to 0x802ca07f
00001516 15000000    // 00 00 15 16 15 00 00
e0000000 80008000    // end of code

...then it doesn't crash, but Dolphin memory debugger shows 0x802Ca07f hasn't been patched and is still 04041010100404.

Which means Gecko didn't find it in memory at the time Gecko code was executing -- perhaps something to do with the way this game decompresses and reloads itself at runtime after Gecko code executes?

However the same is not true of the GXSetCopyFilter patch -- Gecko patches the bytes and Dolphin debugger shows the patched bytes in memory.
 
Last edited by NoobletCheese,
General chit-chat
Help Users
    AncientBoi @ AncientBoi: ditto