Forums

Story first: When I recently built (into an old coffee table) an arcade stick w. buttons for my old SMS, one of my childhood dreams finally came true. It also got my little boy (4 years old) interested in playing the old console (see attached picture). Yeah - passing on the 8-bit culture to the next generation; my humble contribution to the SMS-power mission statement :) We actually play it a lot together (favorites are Bubble Bobble, Rampage), and also Shadow Dancer, Shinobi and Alex Kidd. Those one-player games we play cooperatively, meaning that he controls our hero at those parts of the levels that he can handle, and I lend my hand at the bosses, etc.

I would really love to surprise him with a patched version of Alex Kidd in Miracle World, where you have unlimited lives (or maybe 100 or so). As you might imagine, for a boy his age, there is enough excitement and difficulty without having to pay attention to lives lost.

I read this post on the forum about hacking the Shinobi ROM ()http://www.smspower.org/forums/viewtopic.php?t=6690&highlight=scroll, and that encouraged me to embark on such a hacking/patching project.

I need help to get started on the right track: Should I make a save state in MEKA somewhere (right before loosing a life maybe?), or should I do something else (maybe search RAM for a value corresponding to number of lives)?

Skærmbillede 2013-05-09 kl. 21.37.04.png (363.59 KB)

My boy and the SMS-arcade setup

The recent version of MEKA include a cheat finder, with which it should be trivial to find the RAM location where the number of lives is stored. Basically the cheat finder allows you to narrow down the possible location where the value you are interested in can be stored.

You can probably find the address from a Pro Action Replay code, but for the sake of learning I suggest having a go at the Cheat Finder, it is really easy. (it just took me 20 seconds to do it)

Once you found that address, you can setup a breakpoint and lose a a live to find the code that decrement the number of lives and disable it by patching 00 (NOP) instruction over it.

You can also find where the number is intialiazed to 3 using a breakpoint after startup and replace that value with a bigger number to make it look nicer (but the number wouldn't decrement anyway).

Can't help with your issue, just wanted to say great job with the table!

Thank you Bock. I will give the newest MEKA and the cheatfinder a go tonight. I will work along the lines you suggest.

Vulpix: Oh, thank you for your kind comment! My wife keeps saying that if she had known that I was making a central piece of furniture for the living room, she would have demanded more attention to the aesthetics dimension :). She might be right - but at least it works, and it feels good to pound knives/bullets at Mandara in a superfast, arcade-feeling/clicking style.

I have found (at consoledatabase.com) an action replay code for infinite lives in Alex Kidd: 00c02503

In Meka documentation about patches I read that one can type in action replay codes in the debugger: To get infinte lives for Alex I would then need to load Alex Kidd, start the debugger and enter
MEM [c025] = 03, right? Well, it doesn't give me infinte lives. I have also tried to put 03 in manually in the memory editor, but nothing happens.

I have also tried to dump the RAM before and after I loose a life, but I'm not sure where to go to view and compare these dumps?

I'm not sure how to enable the cheat finder - or if I'm using the right version (73) of Meka for this?

Hi hang-on,

c025 actually is the address where Alex Kidd stores the amount of lives you have left. So you could either always change it to 3 after you die or more efficiently just set it to 99. It seems like Alex Kidd is using bcd representation to store your lives. So 99 is the highest you can go.

Knowing the address you can also use MEKA to find the code that changes the amount of lives by setting a breakpoint breaking on writes to the address (B w c025) and follow Bock's suggestion to overwrite that code with 00, to prevent the game from decreasing your amount of lives.

Have fun,
Calindro

Hello Calindro. Oh, thank you! I will try this out right away!!

Edit: Success!! I'm a ROM-hacker thanks to you guys :) I used Frhed to edit and save the patched ROM after I figured things out debugging the game in Meka. At position 6C2F there is now a handy 00 instead of a 77. In a minute it is copy to Everdrive, and power up console for an unlimited father/son moment in Miracle World :)

Does the smspower community have a place to upload/exchange patched ROM's? Or is this an unwanted practice (I have read Maxim's rant in Lesson 1, and don't want to go against established community norms?)

I don't think there is a need to exchange patched ROM, at least we don't typically do it here (unless it is a patch that benefits a large amount of people). If people wants something it is usually easy enough to provide them with help or an answer.
What will be your next change? You could change the title screen to use customized text or logo for your son? :)

OK - thank you for your reply, Bock.

Regarding my next challenge: When we played the patched Alex Kidd this afternoon, we died maybe 50 times and eventually got lost in the castle after freeing the twin brother (our first time there, ever). We had a great time! During playing, my boy threw these gems: "When I grow up, dad, I won't come and work in your office anyway. I want to be a game designer" ... He has never said anything like that before. Then I seized the moment and asked what kind of game he would design, then. He explained it to me: You are a knight. You have a lot of different equipment (he gave examples like swords, knives etc.). You walk on a level that is not too long. In fact it is very short. The enemies attack you with just their bare hands. You have unlimited lives. You beat a lot of these enemies. Then you win. Every time.

I would like to think that he defined my/our next challenge with those words. In reality, I have a lot of basic assembler-stuff to learn first. But it adds to the motivation to keep trying :)

Actually my own dad explained to me recently why he bought me an SMS and not a C64 at the time: He and mom did not want me to get lost in programming stuff back in the 90's. So now that I have found all these ressources on programming the SMS, I have some catching up to do :)

That is so awesome !

Quote

You are a knight. You have a lot of different equipment (he gave examples like swords, knives etc.). You walk on a level that is not too long. In fact it is very short. The enemies attack you with just their bare hands. You have unlimited lives. You beat a lot of these enemies. Then you win. Every time.

It's like Dark Souls but backwards!

'Light Souls' maybe? :P

Thank you guys :)

Hacking for infinite items.

Use MEKA cheat finder to locate the location that stores the power ring (I'm not allowed by the forum to spell it out by its real name, which is allmost the same as 'braceelet'. The workflow is:
1) start game
2) compare to constant 0, then reduce.
3) take ring
4) compare to constant 1, then reduce
5) consume ring
6) compare to constant 0, then reduce.

We have the location isolated: C04D

Let's see if the bytes around this one is for the other equipment...? I put in some 01's and hit pause again. Yes, this is where the equipment is stored. I approach more systematically.(using the terms from a US booklet).

C04E: The Gold crown
C04D: Power ring (shooting ability)
C04C: A personal letter to the kingdom of Nibana
c04B: The sun stone medallion
C04A: Teleport powder (invisibility)
C049: Cane of flight (power to fly)
C048: Telepathy ball (lets you know what others are thinking)

I want to have infinite amounts of these, most importantly:

Power ring, teleport powder, cane of flight

In MEKA, I set up to break on writes to power ring (C04D).

I obtain the ring, then pause the game to go to inventory and select it. MEKA then catches something at position 25A9 - an LD instruction loading the value of register A into the location C04D. Register A have just been xor'ed to 00 prior to this.

I try to prevent this by writing 00's over this load instruction...

Well, this works. Now the game won't consume your power ring when you use it. But it won't spawn one for you either. When you have the power ring, this is nice. When you do not have it... well, this hack does nothing for you. The ring is initialized to zero in the beginning using LDIR block operation that seems to initialize a ton of RAM, so there is no easy way to hack a starting value of 01 into location C04D.

New strategy: Using MEKA's debugger to break on reads of C04D...

This was a success! When hitting pause and the game prepares to display the pause screen with the map and items, there seems to be a routine that reads the values around the RAM locations for items, and, for each, test to see if it is 00. At the heart of this test is a JR Z, +24h instruction. It seems to be like this: If there is 00 for a given item, jump to next item, else set up the current item to be displayed in the inventory, then jump to next item. If I could just overwrite this JR Z instruction, it would never test for- and thus allways assume that every item should be set up for display in the inventory.

Thus I change:

24F8: 28 24 JR Z, +24h

to

24F8: 00 NOP
24F9: 00 NOP

Success!!! It works. Every item.. allways. I can use the items as much as I want, and still a whole set of everything is waiting for me when I hit the pause button. I finish by writing these values (the 00 00) into the ROM using Frhed.

Edit: Misleading typo related to hex address - thank you Calindro!

You could save some time by looking up Action Replay codes on this site instead of searching for the memory locations. It was a good guess to patch the pause screen startup, I wouldn't have expected it to be that simple, but it's always better to try than to assume.

Did you know you can patch the ROM in Meka's memory editor, just click the ROM button and go to the address. The debugging disassembly updates live, which is really nice, you can see the opcodes disappear as you type. I find this useful for trying out hacks before making them more permanent as patches or whatever.

Yes - I know about the Action Replay codes in the cheat section at this site :) Great and comprehensive collection! The codes have saved me in my attempts to hack the power-up pause button routine into Altered Beast (other post). When I put a lot of effort into documenting how I use Meka's cheat finder to narrow down possible locations in RAM, it is because I feel it is a way to contribute to documenting the cheat finder feature in use.

I also use Meka's memory editor for editing ROM and trying out the hacks before eventually permanently patching the ROM using Frhed. I agree, it is a really nice feature with the debugging disassembly live updating. In general, I still can't believe all these ressources for my beloved old system.

Side note - with the recent hacks of games where the pause button plays a significant role (Altered Beast, Alex Kidd, Ghouls n Ghosts), it seemed like a reasonable add-on for my coffee table setup to add a pause button to the control panel :)

Photo 25-05-13 17.48.19 (Small).jpg (95.63 KB)

Adding a pause button for the coffee table arcade control panel

MrD wrote

Quote

You are a knight. You have a lot of different equipment (he gave examples like swords, knives etc.). You walk on a level that is not too long. In fact it is very short. The enemies attack you with just their bare hands. You have unlimited lives. You beat a lot of these enemies. Then you win. Every time.

It's like Dark Souls but backwards!

'Light Souls' maybe? :P

- Actually, as we played through the unlimited items + unlimited lives patched Alex Kidd in Miracle World today, I thought that a clever graphics hack of this patched game could come pretty close to the concept for 'Light Souls' (Thank you for the great title, MrD): Changing Alex into a knight. His glove into a sword (and maybe other things depending on the level, but I might be stretching it here). The shooting into something cool like a lightning (being fired from the sword). The various equipment into other medieval things (still they function the same as the do in the original). The peticopter into the knight riding a dragon. The motorcycle into... well, into the knight riding a downscaled cockatrice from Golden Axe or something like that. The enemies into some not so scary, bare-handed thugs. The level tiles into something closer to the first levels of Ghouls n' Ghosts... The map and the text/story into something fitting the theme.

Author	Message
hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	How to hack/patch the Alex Kidd in Miracle World ROM into permanent trainer mode? (unlimited lives) Posted: Thu May 09, 2013 8:05 pm
	Story first: When I recently built (into an old coffee table) an arcade stick w. buttons for my old SMS, one of my childhood dreams finally came true. It also got my little boy (4 years old) interested in playing the old console (see attached picture). Yeah - passing on the 8-bit culture to the next generation; my humble contribution to the SMS-power mission statement :) We actually play it a lot together (favorites are Bubble Bobble, Rampage), and also Shadow Dancer, Shinobi and Alex Kidd. Those one-player games we play cooperatively, meaning that he controls our hero at those parts of the levels that he can handle, and I lend my hand at the bosses, etc. I would really love to surprise him with a patched version of Alex Kidd in Miracle World, where you have unlimited lives (or maybe 100 or so). As you might imagine, for a boy his age, there is enough excitement and difficulty without having to pay attention to lives lost. I read this post on the forum about hacking the Shinobi ROM ()http://www.smspower.org/forums/viewtopic.php?t=6690&highlight=scroll, and that encouraged me to embark on such a hacking/patching project. I need help to get started on the right track: Should I make a save state in MEKA somewhere (right before loosing a life maybe?), or should I do something else (maybe search RAM for a value corresponding to number of lives)? Skærmbillede 2013-05-09 kl. 21.37.04.png (363.59 KB) My boy and the SMS-arcade setup

Bock Site Admin Joined: 08 Jul 2001 Posts: 8651 Location: Paris, France	Posted: Thu May 09, 2013 8:16 pm
	The recent version of MEKA include a cheat finder, with which it should be trivial to find the RAM location where the number of lives is stored. Basically the cheat finder allows you to narrow down the possible location where the value you are interested in can be stored. You can probably find the address from a Pro Action Replay code, but for the sake of learning I suggest having a go at the Cheat Finder, it is really easy. (it just took me 20 seconds to do it) Once you found that address, you can setup a breakpoint and lose a a live to find the code that decrement the number of lives and disable it by patching 00 (NOP) instruction over it. You can also find where the number is intialiazed to 3 using a breakpoint after startup and replace that value with a bigger number to make it look nicer (but the number wouldn't decrement anyway).

albino_vulpix Joined: 05 Jun 2007 Posts: 258 Location: Melbourne, Australia	Posted: Fri May 10, 2013 8:07 am
	Can't help with your issue, just wanted to say great job with the table!

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Posted: Fri May 10, 2013 7:03 pm Last edited by hang-on on Fri May 10, 2013 8:23 pm; edited 1 time in total
	Thank you Bock. I will give the newest MEKA and the cheatfinder a go tonight. I will work along the lines you suggest. Vulpix: Oh, thank you for your kind comment! My wife keeps saying that if she had known that I was making a central piece of furniture for the living room, she would have demanded more attention to the aesthetics dimension :). She might be right - but at least it works, and it feels good to pound knives/bullets at Mandara in a superfast, arcade-feeling/clicking style.

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Posted: Fri May 10, 2013 8:22 pm
	I have found (at consoledatabase.com) an action replay code for infinite lives in Alex Kidd: 00c02503 In Meka documentation about patches I read that one can type in action replay codes in the debugger: To get infinte lives for Alex I would then need to load Alex Kidd, start the debugger and enter MEM [c025] = 03, right? Well, it doesn't give me infinte lives. I have also tried to put 03 in manually in the memory editor, but nothing happens. I have also tried to dump the RAM before and after I loose a life, but I'm not sure where to go to view and compare these dumps? I'm not sure how to enable the cheat finder - or if I'm using the right version (73) of Meka for this?

Calindro Joined: 14 Apr 2013 Posts: 624	Posted: Fri May 10, 2013 8:49 pm
Calindro Joined: 14 Apr 2013 Posts: 624	Hi hang-on, c025 actually is the address where Alex Kidd stores the amount of lives you have left. So you could either always change it to 3 after you die or more efficiently just set it to 99. It seems like Alex Kidd is using bcd representation to store your lives. So 99 is the highest you can go. Knowing the address you can also use MEKA to find the code that changes the amount of lives by setting a breakpoint breaking on writes to the address (B w c025) and follow Bock's suggestion to overwrite that code with 00, to prevent the game from decreasing your amount of lives. Have fun, Calindro

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Posted: Sat May 11, 2013 1:56 pm
	Hello Calindro. Oh, thank you! I will try this out right away!! Edit: Success!! I'm a ROM-hacker thanks to you guys :) I used Frhed to edit and save the patched ROM after I figured things out debugging the game in Meka. At position 6C2F there is now a handy 00 instead of a 77. In a minute it is copy to Everdrive, and power up console for an unlimited father/son moment in Miracle World :) Does the smspower community have a place to upload/exchange patched ROM's? Or is this an unwanted practice (I have read Maxim's rant in Lesson 1, and don't want to go against established community norms?)

Bock Site Admin Joined: 08 Jul 2001 Posts: 8651 Location: Paris, France	Posted: Sat May 11, 2013 3:13 pm
	I don't think there is a need to exchange patched ROM, at least we don't typically do it here (unless it is a patch that benefits a large amount of people). If people wants something it is usually easy enough to provide them with help or an answer. What will be your next change? You could change the title screen to use customized text or logo for your son? :)

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Posted: Sat May 11, 2013 7:59 pm
	OK - thank you for your reply, Bock. Regarding my next challenge: When we played the patched Alex Kidd this afternoon, we died maybe 50 times and eventually got lost in the castle after freeing the twin brother (our first time there, ever). We had a great time! During playing, my boy threw these gems: "When I grow up, dad, I won't come and work in your office anyway. I want to be a game designer" ... He has never said anything like that before. Then I seized the moment and asked what kind of game he would design, then. He explained it to me: You are a knight. You have a lot of different equipment (he gave examples like swords, knives etc.). You walk on a level that is not too long. In fact it is very short. The enemies attack you with just their bare hands. You have unlimited lives. You beat a lot of these enemies. Then you win. Every time. I would like to think that he defined my/our next challenge with those words. In reality, I have a lot of basic assembler-stuff to learn first. But it adds to the motivation to keep trying :) Actually my own dad explained to me recently why he bought me an SMS and not a C64 at the time: He and mom did not want me to get lost in programming stuff back in the 90's. So now that I have found all these ressources on programming the SMS, I have some catching up to do :)

TmEE Joined: 31 Oct 2007 Posts: 853 Location: Estonia, Rapla city	Posted: Sat May 11, 2013 8:19 pm
	That is so awesome !

MrD Joined: 25 May 2012 Posts: 32	Posted: Sun May 12, 2013 11:50 am
MrD Joined: 25 May 2012 Posts: 32	Quote You are a knight. You have a lot of different equipment (he gave examples like swords, knives etc.). You walk on a level that is not too long. In fact it is very short. The enemies attack you with just their bare hands. You have unlimited lives. You beat a lot of these enemies. Then you win. Every time. It's like Dark Souls but backwards! 'Light Souls' maybe? :P

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Posted: Sun May 12, 2013 4:14 pm
	Thank you guys :)

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Hacking for infinite items Posted: Fri May 24, 2013 9:55 pm
	Hacking for infinite items. Use MEKA cheat finder to locate the location that stores the power ring (I'm not allowed by the forum to spell it out by its real name, which is allmost the same as 'braceelet'. The workflow is: 1) start game 2) compare to constant 0, then reduce. 3) take ring 4) compare to constant 1, then reduce 5) consume ring 6) compare to constant 0, then reduce. We have the location isolated: C04D Let's see if the bytes around this one is for the other equipment...? I put in some 01's and hit pause again. Yes, this is where the equipment is stored. I approach more systematically.(using the terms from a US booklet). C04E: The Gold crown C04D: Power ring (shooting ability) C04C: A personal letter to the kingdom of Nibana c04B: The sun stone medallion C04A: Teleport powder (invisibility) C049: Cane of flight (power to fly) C048: Telepathy ball (lets you know what others are thinking) I want to have infinite amounts of these, most importantly: Power ring, teleport powder, cane of flight In MEKA, I set up to break on writes to power ring (C04D). I obtain the ring, then pause the game to go to inventory and select it. MEKA then catches something at position 25A9 - an LD instruction loading the value of register A into the location C04D. Register A have just been xor'ed to 00 prior to this. I try to prevent this by writing 00's over this load instruction... Well, this works. Now the game won't consume your power ring when you use it. But it won't spawn one for you either. When you have the power ring, this is nice. When you do not have it... well, this hack does nothing for you. The ring is initialized to zero in the beginning using LDIR block operation that seems to initialize a ton of RAM, so there is no easy way to hack a starting value of 01 into location C04D. New strategy: Using MEKA's debugger to break on reads of C04D... This was a success! When hitting pause and the game prepares to display the pause screen with the map and items, there seems to be a routine that reads the values around the RAM locations for items, and, for each, test to see if it is 00. At the heart of this test is a JR Z, +24h instruction. It seems to be like this: If there is 00 for a given item, jump to next item, else set up the current item to be displayed in the inventory, then jump to next item. If I could just overwrite this JR Z instruction, it would never test for- and thus allways assume that every item should be set up for display in the inventory. Thus I change: 24F8: 28 24 JR Z, +24h to 24F8: 00 NOP 24F9: 00 NOP Success!!! It works. Every item.. allways. I can use the items as much as I want, and still a whole set of everything is waiting for me when I hit the pause button. I finish by writing these values (the 00 00) into the ROM using Frhed. Edit: Misleading typo related to hex address - thank you Calindro!

Maxim Site Admin Joined: 19 Oct 1999 Posts: 14744 Location: London	Posted: Sat May 25, 2013 7:44 pm
	You could save some time by looking up Action Replay codes on this site instead of searching for the memory locations. It was a good guess to patch the pause screen startup, I wouldn't have expected it to be that simple, but it's always better to try than to assume. Did you know you can patch the ROM in Meka's memory editor, just click the ROM button and go to the address. The debugging disassembly updates live, which is really nice, you can see the opcodes disappear as you type. I find this useful for trying out hacks before making them more permanent as patches or whatever.

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Posted: Sat May 25, 2013 8:59 pm
	Yes - I know about the Action Replay codes in the cheat section at this site :) Great and comprehensive collection! The codes have saved me in my attempts to hack the power-up pause button routine into Altered Beast (other post). When I put a lot of effort into documenting how I use Meka's cheat finder to narrow down possible locations in RAM, it is because I feel it is a way to contribute to documenting the cheat finder feature in use. I also use Meka's memory editor for editing ROM and trying out the hacks before eventually permanently patching the ROM using Frhed. I agree, it is a really nice feature with the debugging disassembly live updating. In general, I still can't believe all these ressources for my beloved old system. Side note - with the recent hacks of games where the pause button plays a significant role (Altered Beast, Alex Kidd, Ghouls n Ghosts), it seemed like a reasonable add-on for my coffee table setup to add a pause button to the control panel :) Photo 25-05-13 17.48.19 (Small).jpg (95.63 KB) Adding a pause button for the coffee table arcade control panel

hang-on Joined: 23 Mar 2013 Posts: 611 Location: Copenhagen, Denmark	Light souls Posted: Sat May 25, 2013 9:26 pm
	MrD wrote Quote You are a knight. You have a lot of different equipment (he gave examples like swords, knives etc.). You walk on a level that is not too long. In fact it is very short. The enemies attack you with just their bare hands. You have unlimited lives. You beat a lot of these enemies. Then you win. Every time. It's like Dark Souls but backwards! 'Light Souls' maybe? :P - Actually, as we played through the unlimited items + unlimited lives patched Alex Kidd in Miracle World today, I thought that a clever graphics hack of this patched game could come pretty close to the concept for 'Light Souls' (Thank you for the great title, MrD): Changing Alex into a knight. His glove into a sword (and maybe other things depending on the level, but I might be stretching it here). The shooting into something cool like a lightning (being fired from the sword). The various equipment into other medieval things (still they function the same as the do in the original). The peticopter into the knight riding a dragon. The motorcycle into... well, into the knight riding a downscaled cockatrice from Golden Axe or something like that. The enemies into some not so scary, bare-handed thugs. The level tiles into something closer to the first levels of Ghouls n' Ghosts... The map and the text/story into something fitting the theme.

Forums

View topic - How to hack/patch the Alex Kidd in Miracle World ROM into permanent trainer mode? (unlimited lives)