ROM Hack Spirit Tracks (U) - solving hash to edit saves

HelpTheWretched

Well-Known Member
OP
Member
Joined
Feb 4, 2010
Messages
250
Trophies
0
XP
951
Country
Canada
I'm trying to edit save files for The Legend of Zelda: Spirit Tracks (U) to change the number of Battle points because I don't feel like building up 100,000 points 20 at a time.

This image shows the only bytes in the .sav that change as a result of playing the Battle mode:
STHex.png

0x20D8 = Total battles played
0x20DA = Wins
0x20DC = Points
And down there at 0x20FE appears to be a 16-bit checksum of some kind.

I've tried various CRC calculators on various sections of the .sav file, but I haven't been able to figure out how to calculate that number. Perhaps there are some people here more familiar with that kind of thing? I'd be thankful for the help.

Attached are 3 different .sav files to look at.
 

Attachments

  • Spirit Tracks Battle.7z
    17.9 KB · Views: 46

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
33,868
Trophies
2
Website
trastindustries.com
XP
22,604
Country
United Kingdom
I assume there is no cheat to do something similar or that it is hard for some reason -- point total manipulation is fairly basic as these things go.

Equally if you only want a single shot edit of a save it can be easier to find the thing doing the hash and change the compare at the end to always go down the "it matches" path (this is usually a single instruction to always jump/branch to the location of that).
 

HelpTheWretched

Well-Known Member
OP
Member
Joined
Feb 4, 2010
Messages
250
Trophies
0
XP
951
Country
Canada
Yeah, the Battle mode is multiplayer and can't be emulated. I could try loading the Battle mode's pre-connection menu and finding the points value, but any changes would not be saved because it only saves after each match. It's possible that changing the value and then saving in single-player would do it.

Equally if you only want a single shot edit of a save it can be easier to find the thing doing the hash and change the compare at the end to always go down the "it matches" path (this is usually a single instruction to always jump/branch to the location of that).
I'm gonna be honest and say I don't follow you at all. :rofl: Are you talking about using a debugger and watching the game's code do its thing?
 

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
33,868
Trophies
2
Website
trastindustries.com
XP
22,604
Country
United Kingdom
Yeah use a debugger.
The saves use a certain area of memory so watch that (save loading might be at boot, after pressing start on the title screen or a save load screen, sometimes even when they do a save load screen)
http://problemkaputt.de/gbatek.htm#dscartridgebackup

Anyway you can watch it take the save into memory, do whatever maths it is doing (will probably be a long series of basic steps as processors only do basic things) on the memory selection it does it on (sometimes the save hash will be the only part that is not hashed, other times it will be a smaller selection) and then replicate that in whatever language on the PC.
If however it is just for a single thing you want to edit (or maybe if you want to fiddle with the save format to do some things) then it can be easier to just disable the check coming the other way. The game might do some fun maths throwing numbers around over the course of a few hundred instructions to do a nice custom checksum you would never guess by observation*. In the end though it will take the result of that, compare it to the checksum the game provides and say yay or nay. You tell it to let everything through and it will load your edited save, get it to save again and it will likely also fix the hash for you when it does so you can then restore it to an original/unmodded game (though you could probably port that patch to a cheat if you really wanted). Such a thing is usually a single instruction change somewhere to change a break if not equal to a jump every time; in most cases you will have something like a compare between the two values, then a break if not equal and another jump it is equal/matches, many ways to sort this issue but if you want to patch the break of not equal to be a do nothing instruction it will always then take the good jump.


I thought some emulators had a measure of multiplayer support but yeah it is going to be tedious. Editing outside and then forcing another save might well work -- most saves are just copy user data to save, do hash, write save rather storing random bits of data here and there.


*most DS games will not do some kind of crazy high security custom MD5 or another as much as a basic CRC used elsewhere in other games, a simple bytesum or something equally banal -- cheaters gonna cheat as it were so you are mainly concerned with simple corruption and thus don't need the fancy stuff that the poor 66MHz ARM9 with a couple of megs of RAM is going to have to power its way through over several seconds vs something that does the same job in a blink of an eye with a fraction of the memory needed. Pokemon might well be an exception though.
 
  • Like
Reactions: HelpTheWretched
General chit-chat
Help Users
  • No one is chatting at the moment.
    kenenthk tempBOT: @ kenenthk tempbot cheats