Accessing assembly in a memory pak
Users browsing this thread: 1 Guest(s)

Hi all,

I am currently trying to hack Blitz 2000. In this game, you can create completely new offensive or defensive plays and save them on the memory pak. I was wondering if anyone knows if you can create a play, save it to a memory pak, and then see the code that was saved? Basically I want to see the assembly that is saved to the memory pak. I use nemu to search for addresses, but this getting into new territory for me. Thanks!

(14-05-2016, 12:34 AM)blitzmaster5000 Wrote: I was wondering if anyone knows if you can create a play, save it to a memory pak, and then see the code that was saved? Basically I want to see the assembly that is saved to the memory pak. I use nemu to search for addresses, but this getting into new territory for me.

Most emulators store the controller pack data into a file that you can then access using a hex editor. For Nemu, make sure that you have "has mempack" checked in the "Configure Input Plugin..." options. The mempack data will be saved in a ".mpk" file in the directory set in the Options->Settings->Folders or the directory Nemu is in if none set. Other emulators will have similar input settings.

As far as how the data will be stored, all I really know is the controller pack is 256kbit (32kByte) with storage for up to 123 pages. It's up to the game on how to use the pages. And just for clarification, it more than likely is just data that is stored in the memory pack, not assembly code.

Thanks for the details. Is there any way of finding out how that data is then read into the game? Does the memory pak get stored at certain addresses when loaded in?

(14-05-2016, 01:26 AM)blitzmaster5000 Wrote: Thanks for the details. Is there any way of finding out how that data is then read into the game? Does the memory pak get stored at certain addresses when loaded in?

Each game will be different, so you'll have to investigate in the ROM's assembly code to find out how it is used. If I had to take a guess, the game would copy it from the controller pak to RAM to use during game play. I've never worked with the controller pak, but you'll probably want to hunt down the osPfsReadWriteFile() function and see who calls it. I don't really know what that function looks like, but it is something, or it calls something, that accesses PIF RAM at 0x1FC007C0. Depending on what you want to do, it might just be easier to look at the raw data itself to see how it changes based on changes you make to the save data.

Yes, I agree with your last statement. I'm going to make changes to the plays that will be saved and see if I can find out how exactly the changes affect the raw data. I have been able to find what I believe to be the actual data for the plays, although I'm not certain. Down around 0x3340 I can see the name of the play I gave it. If I change this in the hex editor, it will change the name in the game, so it's definitely the right place for the name. After the name there is a chunk of random values which could be the play data. Below this is another play I made - this makes me think that all of these address are what are related to the play, so at this point it is probably more a matter of deciphering what those values are than anything.

Accessing assembly in a memory pak
Users browsing this thread: 1 Guest(s)