Jump to content

Photo

How To Find the Colors w/ Hack-O-Matic


7 replies to this topic

#1 Shawn OFFLINE  

Shawn

    As Above

  • 18,871 posts
  • So Below

Posted Mon Oct 10, 2005 11:40 PM

Hi,

I have started on a hack recently as I was wondering how I find the right area of the code to edit to change the colors of sprites. As in Mario Bros to change his hat from red to blue,ect. Or change pacman from yellow to red or whatever. Is it the same for all games or different? I would rather keep the actual game I 'm working on quiet right now if possible untill I have something worth showing off as this is my first attept at a hack and I want to present an original hack.

Also, it would be great to know also how to find the sound to edit in Hack o Matic also. I hope this are not to N00besant of questions.Sorry in advance for not using proper terms or whatever but I know jack about what to call things when it comes to programming.

Shawn Sr.

#2 SeaGtGruff OFFLINE  

SeaGtGruff

    Quadrunner

  • 5,566 posts
  • Location:South Carolina, USA

Posted Tue Oct 11, 2005 10:48 PM

Hi,

I have started on a hack recently as I was wondering how I find the right area of the code to edit to change the colors of sprites. As in Mario Bros to change his hat from red to blue,ect. Or change pacman from yellow to red or whatever. Is it the same for all games or different? I would rather keep the actual game I 'm working on quiet right now if possible untill I have something worth showing off as this is my first attept at a hack and I want to present an original hack.

Also, it would be great to know also how to find the sound to edit in Hack o Matic also. I hope this are not to N00besant of questions.Sorry in advance for not using proper terms or whatever but I know jack about what to call things when it comes to programming.

Shawn Sr.

View Post

Sorry, I don't have Hack-O-Matic and can't find anywhere to download it, but I did find Hack-O-Matic ][. Judging from the screenshot from Hack-O-Matic that was posted back when it was first announced, you probably want to download and use Hack-O-Matic ][ instead, since it displays binary and hexadecimal values next to the "pixel" images.

Actually, what you need is a hex viewer/editor, or better yet a disassembler, since the colors may be stored in data tables, and you'll need to find the places where the color is being stored in the desired color register, then work backwards from there to find where the actual color value is coming from, because that's where you'll need to change the color value that's being used.

You start by finding the places where the program is changing the color registers. There are four color registers, and they have the following addresses:

OOOOO##O 00000110 06 (COLUP0, "COlor and LUminance of Player 0")
OOOOO### 00000111 07 (COLUP1, "COlor and LUminance of Player 1")
OOOO#OOO 00001000 08 (COLUPF, "COlor and LUminance of PlayField")
OOOO#OO# 00001001 09 (COLUBK, "COlor and LUminance of BacKground")

Since you can't just look for those numbers-- after all, they might be data rather than memory addresses-- you want to look for where something is being stored into those addresses, which would have to be done with a STA, STX, or STY using zero-page addressing. The hexadecimal values for those commands are:

#OOOO#O# 10000101 85 (STA zero-page)
#OOOO##O 10000110 86 (STX zero-page)
#OOOO#OO 10000100 84 (STY zero-page)

For example, you'd look for the following combinations in Hack-O-Matic ][:

#OOOO#O# 10000101 85 (STA zero-page)
OOOOO##O 00000110 06 (COLUP0, "COlor and LUminance of Player 0")

#OOOO#O# 10000101 85 (STA zero-page)
OOOOO### 00000111 07 (COLUP1, "COlor and LUminance of Player 1")

#OOOO#O# 10000101 85 (STA zero-page)
OOOO#OOO 00001000 08 (COLUPF, "COlor and LUminance of PlayField")

#OOOO#O# 10000101 85 (STA zero-page)
OOOO#OO# 00001001 09 (COLUBK, "COlor and LUminance of BacKground")

#OOOO##O 10000101 86 (STX zero-page)
OOOOO##O 00000110 06 (COLUP0, "COlor and LUminance of Player 0")

#OOOO##O 10000101 86 (STX zero-page)
OOOOO### 00000111 07 (COLUP1, "COlor and LUminance of Player 1")

#OOOO##O 10000101 86 (STX zero-page)
OOOO#OOO 00001000 08 (COLUPF, "COlor and LUminance of PlayField")

#OOOO##O 10000101 86 (STX zero-page)
OOOO#OO# 00001001 09 (COLUBK, "COlor and LUminance of BacKground")

#OOOO#OO 10000101 84 (STY zero-page)
OOOOO##O 00000110 06 (COLUP0, "COlor and LUminance of Player 0")

#OOOO#OO 10000101 84 (STY zero-page)
OOOOO### 00000111 07 (COLUP1, "COlor and LUminance of Player 1")

#OOOO#OO 10000101 84 (STY zero-page)
OOOO#OOO 00001000 08 (COLUPF, "COlor and LUminance of PlayField")

#OOOO#OO 10000101 84 (STY zero-page)
OOOO#OO# 00001001 09 (COLUBK, "COlor and LUminance of BacKground")

As far as the actual colors, they will be found in a LDA, LDX, or LDY command, but they could be using immediate mode, zero-page mode, absolute addressing, or an indexed mode:

#O#O#OO# 10101001 A9 (LDA immediate)
#O#OO#O# 10100101 A5 (LDA zero-page)
#O##O#O# 10110101 B5 (LDA zero-page,X)
#O#O##O# 10101101 AD (LDA absolute)
#O####O# 10111101 BD (LDA absolute,X)
#O###OO# 10111001 B9 (LDA absolute,Y)
#O#OOOO# 10100001 A1 (LDA (zero-page,X))
#O##OOO# 10110001 B1 (LDA (zero-page),Y)

#O#OOO#O 10100010 A2 (LDX immediate)
#O#OO##O 10100110 A6 (LDX zero-page)
#O##O##O 10110110 B6 (LDX zero-page,Y)
#O#O###O 10101110 AE (LDX absolute)
#O#####O 10111110 BE (LDX absolute,Y)

#O#OOOOO 10100000 A0 (LDY immediate)
#O#OO#OO 10100100 A4 (LDY zero-page)
#O##O#OO 10110100 B4 (LDY zero-page,X)
#O#O##OO 10101100 AC (LDY absolute)
#O####OO 10111100 BC (LDY absolute,X)

The LDA, LDX, or LDY will have to come shortly before the STA, STX, or STY that writes the color value to the register, so the easiest thing to do is look for one of the combinations given above, and look backward to find where the color value is being loaded to A, X, or Y. If the color is stored using STA, you want to find the LDA that comes before that. If the color is stored using STX, you want to find the LDX that comes before that. If the color is stored using STY, you want to find the LDY that comes before that.

For example, I just loaded "Adventure.bin" into the "hexview.exe" program and searched for "85 06" (STA COLUP0), and found an occurence at address $01C0. Looking backward from there, I see "BD 4A FF" (LDA $FF4A,X), then "20 D3 F2" (JSR $F2D3), then the "85 06" (STA COLUP0), so that means I have to go look at the subroutine at $F2D3 to see what's going on there. In hexview, that would be address $02D3, because the file starts at $0000 but the cartridge actually starts at $F000. It's too messy to try to read the subroutine in a simple hex viewer; it would be a lot easier (and safer, less chance of making a booboo converting the hex into the equivalent assembly instructions) to use a disassembler.

In rare cases, you might get lucky and find something like this:

#O#O#OO# 10101001 A9 (LDA immediate)
OOO####O 00011110 1E (color 1, luminance E, which is yellow)
#OOOO#O# 10000101 85 (STA zero-page)
OOOOO##O 00000110 06 (COLUP0, "COlor and LUminance of Player 0")

Then you could change the yellow color to something else, like red:

#O#O#OO# 10101001 A9 (LDA immediate)
O#OOO#OO 01000100 44 (color 4, luminance 4, which is red)
#OOOO#O# 10000101 85 (STA zero-page)
OOOOO##O 00000110 06 (COLUP0, "COlor and LUminance of Player 0")

But it's likely that the color data will be in some kind of data table, and it will be more difficult to figure that out, especially if you aren't disassembling the game.

Clearly, programs like Hack-O-Matic or Hack-O-Matic ][ can be useful for changing the player graphics (if you can find them in the game), but they aren't nearly as well suited for finding where to change colors. And I won't even try to get into sounds, but the technique would be similar-- find where one of the sound registers is being written to, and backtrack from there to try to find the data for the sound itself, and then try to figure out how to change the sound to something else.

Good luck with your efforts, and look into getting a hex editor or disassembler! You should also find a reference for the 6502 opcodes, and a document describing the 2600's memory locations and how they're used.

Michael Rideout

#3 Shawn OFFLINE  

Shawn

    As Above

  • Topic Starter
  • 18,871 posts
  • So Below

Posted Wed Oct 12, 2005 3:46 AM

Thanks very much Michael, I found your reply to be very useful and some of it actually makes sense to me and I'm a N00b at this. Your refrences to going back and forth in the code to find what register is loading the colors where is the most usful bit I got from that. I will be sure to take the most I can from your post and thanks agian. I will be sure to keep you posted with my results.

#4 Random Terrain OFFLINE  

Random Terrain

    Visual batari Basic User

  • 28,966 posts
  • Controlled Randomness
    Replay Value
    Nonlinear
  • Location:North Carolina (USA)

Posted Wed Oct 12, 2005 6:27 AM

Have you tried Bit Hacker? It's seems to be the best hacking tool at this time:

http://www.atariage....showtopic=64943

It doesn't help you hack colors any better than any other program, but the scroll wheel will work with it and that can save you some time (if you use a scroll wheel).

#5 Shawn OFFLINE  

Shawn

    As Above

  • Topic Starter
  • 18,871 posts
  • So Below

Posted Wed Oct 12, 2005 2:03 PM

Yes, I have tried Bit Hacker and I like it. Only draw back I find from hom2 is I like the option to use the EMU right away to test my work. Better lay out with bit hacker but better options with HOM2, whats a guy to do?? lol... Try my best I guess and get on to real hacking with a disassembler and assember ASAP as soon as I get my feet wet I think..lol.. Till then I'm working hard with the bit hackers & HOMics.

#6 Feralstorm OFFLINE  

Feralstorm

    Dragonstomper

  • 629 posts
  • Do not taunt Happy Fun BallŪ

Posted Wed Oct 12, 2005 11:24 PM

Be sure to check if commented disassembly/source code for the game you're hacking exists. Even when you're bit-hacking and not getting into the guts of assembly language, the source code is like a roadmap for finding graphics, colors, and more.

#7 Shawn OFFLINE  

Shawn

    As Above

  • Topic Starter
  • 18,871 posts
  • So Below

Posted Thu Oct 13, 2005 6:16 AM

Be sure to check if commented disassembly/source code for the game you're hacking exists. Even when you're bit-hacking and not getting into the guts of assembly language, the source code is like a roadmap for finding graphics, colors, and more.

View Post



Please elaberate.

#8 Nukey Shay OFFLINE  

Nukey Shay

    Sheik Yerbouti

  • 21,897 posts
  • Location:The land of Gorch

Posted Sat Oct 22, 2005 12:40 PM

Be sure to check if commented disassembly/source code for the game you're hacking exists. Even when you're bit-hacking and not getting into the guts of assembly language, the source code is like a roadmap for finding graphics, colors, and more.

View Post



Please elaberate.

View Post


Disassemblies are text files that have been converted from the binary roms using a program like Distella. Comments are additional lines/text added to those text files. Many popular games have already been commented...and in some cases, thoroughly reverse-engineered...which is as close as you can get to source code (THE original file that created the program burned to the carts back in days of old). The comments are written in plain english, so anybody can easily find spots where color values are stored. Go to sites like the Minidig archive to find some games that have already been disassembled/commented by the pros.
/too lazy to dig up an addy ;)

The alternative is to use Distella to roll yer own...and then search the resulting disassembly for any mention of the color registers (those that begin with "COL")...and backtrack through the program to locate where the values are coming from.

Example:
Let's assume that you search a rough disassembly created by Distella and find a line like this:

STA COLUBK

What is happening here is the value currently in the Accumulator is being STored to the background color register for that scanline. How do you find the value? Scroll upwards and you might find something like this:

LDA #$00
STA COLUBK

That line above the STA is LoaDing a value of $00 into the Accumulator ($00 is the value of the color black).

More often, you'll see lines like:
LDA $A9
STA COLUBK

Note the difference between examples. Since there is no "#" in front of that $A9...it's not a value...but a RAM location it's grabbing the value from. In that case, you'd have to backtrack where values are stored to address $A9 BEFORE those above lines are reached when the program is running :P

If you are lucky, the program you are decypering will stick to immediate values (those with the # symbol)...but don't bet on it.

Another example is:
LDA LFF80,Y
STA COLUBK

In that one, the color value is coming from a TABLE of values that exists at rom address $FF80 (near the end of the binary program). The address read will depend on the value currently sitting in the Y register. If Y holds a zero, the value will come from $FF80. If Y holds a value of 1, the color value will be coming from address $FF81...etc.

All this searching and backtracking will require at least a basic understanding of assembly language...as stated before, all of it can be avoided IF a reverse-engineered disassembly already exists for the game you want to hack ;)


Hope that makes sense :) A bithacker program like HOM is just not suited to the task. But if you want to try lucky stabs using one, seach for stretches of data that do not use the rightmost pixel (because these have no effect on any color...so many programs just use even values).

Edited by Nukey Shay, Sat Oct 22, 2005 12:42 PM.





0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users