What's new
By:

ROM Hackers?

T

tangodownNZ

Student
Joined
Apr 1, 2023
Messages
43
Reaction score
10
Location
New Zealand
Does anybody know how to rom hack. I need some help to get started please.
I have been looking at debugging so I can step through the program line by line. But I can not find any step by step instructions for dummies on you tube.
Any help would be very much appreciated.
Continue reading for more context

Hi there, I am trying to learn how to hack an old arcade game called Daytona USA.
I want to turn off catch up (handicap mode). It allows the cars behind you to catch up to make the game more competitive. It is possible to turn it off using a cheat, so it must be possible to turn it off in the script somehow.

When “no handicap mode” is used it introduces tyre wear. But you need to pit every lap because the car becomes uncontrollable. So really I just need to turn off tyre wear if this makes things easier.
I use the model 2 emulator to play this game.
It looks like I need to run debug mode so I can watch the program running line by line. But I cannot find any good tutorials for dummies with step by step instructions.
I don’t want to learn about writing an entire program, I just want to know how to hack and change this particular game. And I will learn debug ect at the same time.

Any help would be greatly appreciated. Thank you

No handicap mode: The game keeps races close by increasing the top speed of any car that is not in first place, which gives all players a chance to catch up. To disable this option (On "Twin Type" games only), press all four view change buttons at the course selection screen. A small white point will appear in the upper left corner of the screen. In multi-player races, No Handicap Mode will only be activated if more than half of the players enter this code. If the machine is configured for Grand Prix mode or Endurance mode as described above, entering the No Handicap Mode will have added effect of wearing away your tires during game. The amount of tire wear depends on your mileage and speed.
 
Last edited:
tangodownNZ said:
I need some help to get started please.
Click to expand...
pros use reversing tools like like ghidra but I have never learned those. for a simple hack it's probably more than you're expecting. Sort of a loose guideline here with a lot of hand waving...

step 1 - download Pugsy's Cheats and hope for a cheat or memory location that's helpful
(step 1 mostly fails, daytona.xml is useless here with only one cheat for infinite time, being at memory location 5010D0, so...)
step 2 - download mame, run the game in debug mode, read https://docs.mamedev.org/debugger/index.html
step 3 - attempt to locate a helpful memory location via mame cheat debugger https://docs.mamedev.org/debugger/cheats.html
step 4 - set watchpoints on that memory location to find the appropriate program code that alters it
step 5 - step through the watchpoints that trigger to see if they are the ones you're interested in
step 6 - disassemble (mame debugger dasm) the code and throw it in a text editor
step 7 - annotate the disassembly with your own understanding of what is happening, line by line,
step 8 - identify exactly where in the program code the thing happens that you want to change
step 9 - figure out how to adjust the program code so that something else desirable happens (step 9a, learn this cpu's instruction set / opcodes)

step 10 - look up in mame source (github) to find the appropriate program files for your desired rom
step 11 - determine how they are assembled into memory (interleaved, concatenated)
step 12 - figure some way to properly edit the proper roms such that your step 9 solution is implemented (I use a python script that assembles the program code from the individual rom files, makes the patch(es) I specify, and then splits the program code back down into the individual rom files)

step 13 - boot your new code in mame. you now probably fail some kind of security process (at the very least a checksum routine) so you'll now have to figure out how to patch that part of the program code too

I will say that everything is more challenging on a more modern cpu, and 13 is also harder the 'newer' the game is as protection routines got more complicated. You could instead try your hand at something really simple to start. Look up a game from the early 80's, that runs on maybe the Z80 processor (very simple opcodes... so simple it fits on one page!) and has cheats in the pugsy database. Try to implement that cheat so it's in the program code. Something like "infinite lives for pac man" or something. The pugsy cheat will probably just add "3" to the lives memory location every cycle, but you can then figure out where the code would decrement that life instead, and omit that instruction. Then build and run that hack.
 
Last edited:
ekorz said:
pros use reversing tools like like ghidra but I have never learned those. for a simple hack it's probably more than you're expecting. Sort of a loose guideline here with a lot of hand waving...

step 1 - download Pugsy's Cheats and hope for a cheat or memory location that's helpful
(step 1 mostly fails, daytona.xml is useless here with only one cheat for infinite time, being at memory location 5010D0, so...)
step 2 - download mame, run the game in debug mode, read https://docs.mamedev.org/debugger/index.html
step 3 - attempt to locate a helpful memory location via mame cheat debugger https://docs.mamedev.org/debugger/cheats.html
step 4 - set watchpoints on that memory location to find the appropriate program code that alters it
step 5 - step through the watchpoints that trigger to see if they are the ones you're interested in
step 6 - disassemble (mame debugger dasm) the code and throw it in a text editor
step 7 - annotate the disassembly with your own understanding of what is happening, line by line,
step 8 - identify exactly where in the program code the thing happens that you want to change
step 9 - figure out how to adjust the program code so that something else desirable happens (step 9a, learn this cpu's instruction set / opcodes)

step 10 - look up in mame source (github) to find the appropriate program files for your desired rom
step 11 - determine how they are assembled into memory (interleaved, concatenated)
step 12 - figure some way to properly edit the proper roms such that your step 9 solution is implemented (I use a python script that assembles the program code from the individual rom files, makes the patch(es) I specify, and then splits the program code back down into the individual rom files)

step 13 - boot your new code in mame. you now probably fail some kind of security process (at the very least a checksum routine) so you'll now have to figure out how to patch that part of the program code too

I will say that everything is more challenging on a more modern cpu, and 13 is also harder the 'newer' the game is as protection routines got more complicated. You could instead try your hand at something really simple to start. Look up a game from the early 80's, that runs on maybe the Z80 processor (very simple opcodes... so simple it fits on one page!) and has cheats in the pugsy database. Try to implement that cheat so it's in the program code. Something like "infinite lives for pac man" or something. The pugsy cheat will probably just add "3" to the lives memory location every cycle, but you can then figure out where the code would decrement that life instead, and omit that instruction. Then build and run that hack.
Click to expand...
That is excellent. Thank you very much! Can I just pay you to do it for me 🤣

Edit: I had a look at that ghidra, there are some walk throughs for that. I think I will look more into this. Thanks again Ekorz
 
Last edited:
tangodownNZ said:
Can I just pay you to do it for me 🤣
Click to expand...
Assuming this is a joke but I'll just say you'll quickly reach a point where it's too much for a first-time hack, which is why I suggested starting with something smaller. Model 2 uses an IBM RISC CPU iirc, and I only really know z80 and M68k. I'm not about to learn a new CPU right now so I wouldn't want to try doing this hack.

There are folks who do model2 stuff and would be better suited for it if you want to set a bounty up or something. You'll find a lot of posts about security, romhacks, etc. here https://www.arcade-projects.com/forums/sega-model-1-2-3-and-hikaru.79/
 
ekorz said:
Assuming this is a joke but I'll just say you'll quickly reach a point where it's too much for a first-time hack, which is why I suggested starting with something smaller. Model 2 uses an IBM RISC CPU iirc, and I only really know z80 and M68k. I'm not about to learn a new CPU right now so I wouldn't want to try doing this hack.

There are folks who do model2 stuff and would be better suited for it if you want to set a bounty up or something. You'll find a lot of posts about security, romhacks, etc. here https://www.arcade-projects.com/forums/sega-model-1-2-3-and-hikaru.79/
Click to expand...
I said it jokingly, but I am actually serious. I totally get that its a big ask. Its all good. If I can’t do it I will put up the bounty. The information you have provided is gold. Thank you
 
Last edited:
You must log in or register to reply here.
Back
Top