[NOTE: This document is currently in a HIGHLY BETA state, it is very incomplete. Please do not edit it to take my name out and pass it off as your own. You may freely copy this as much as you want, however - as long as I am credited with it's creation.] Sonic 2 Beta ROM Hacking Guide v0.01 - Local H ++++++++++++++++++++++++++++++++++++++++++++++ Created on: October 12, 1999 at 4:20AM (late, nah... :) Updated on: Not yet! It's still v0.01! This guide was created out of inspiration from the Sonic 2 Hacking Guide available on the net. I figured there might be some things about the beta that we in the Sonic hacking community don't know about. I have set out to fix that, although this is a long task. If anybody reading this has intimate knowledge of both 68000 assembly in general, and Genesis/MegaDrive hardware specifically, then get in touch with me, as I have always felt that if one were to disassemble the code contained in the ROM, then we could learn much more about it. My email is localh@intermediatn.net. Also email me if you have any information about the Sonic 2 Beta ROM that you would like to add to the guide. For example, what if there is a byte one could change to enable title cards in the beta ROM? I'm not saying with any authority there is, but that would be extremely cool. Also cool (probably only through ROM disassembly) would be to find a debug code, or find out what the UP, 4xDOWN, UP code really does. That will all come in due time, however. Also included in this guide will be a 'Speculations' section where I will put things I have noticed that may or may not be of any relevance. Section I: Quick Binary/Hex/Decimal Tutorial ============================================ Before you do any ROM hacking, you should be able to understand all three number systems and how they relate, because some settings in any computer programs are controlled by individual bits inside each byte. First off, some general definitions: Bit - binary digit, either 0 or 1 Byte - 8 bits or 2 hex digits Nybble - 4 bits, or 1 hex digit Word - 16 bits, 2 bytes, or 4 hex digits These are important because they are standard terms used by computer programmers and will help you know how much data to modify. One bit is the smallest unit in the binary system. It can either be OFF (0) or ON (1). These bits are the foundation for every program you run on any computer you may own. These bits are combined much like we combine numbers to create amounts greater than 9. For example: Binary Decimal -------- --------- 00000000 0 00000001 1 00000010 2 00000011 3 . . . . . . 11111110 254 11111111 255 Each time you add a bit to the left, the value of that bit is 2 times the one to its right, similar to how you add a digit in the decimal system and it is 10 times the one to its right. 128 64 32 16 8 4 2 1 Bits are represented by a number from 0 to 7, counting from right to left; 7 6 5 4 3 2 1 0 128 64 32 16 8 4 2 1 For each position that is a 1, you add the value for that position. For example: 11010010 128 64 32 16 8 4 2 1 1 1 0 1 0 0 1 0 128+64+ 0+16+0+0+2+0 = 210 Easy, huh? Now we move on to hex. Hexadecimal is just a simpler way of representing numbers when working with computers (after all, who wants to sort through all those 0's and 1's?). Hex corresponds to decimal as follows; Hex Decimal --- ------- 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 A 10 B 11 C 12 D 13 E 14 F 15 'Wait a minute...', you say. 'That list only goes up to 15!' Correct. Hex is a base 16 numbering system, meaning there are sixteen different digits. You add digits to the left as you do with binary and decimal, only each new place is 16 times the one to its right. Example: 4096 256 16 1 You multiply the digit's value by it's place and add them all together. The reason that hex is a simpler way to represent numbers is because one hex digit equals one nybble (4 bits - remember?). Example: Hex Binary Decimal --- ------ ------- 0 0000 0 1 0001 1 2 0010 2 3 0011 3 4 0100 4 5 0101 5 6 0110 6 7 0111 7 8 1000 8 9 1001 9 A 1010 10 B 1011 11 C 1100 12 D 1101 13 E 1110 14 F 1111 15 See? Converting between hex and binary is simple. To convert from hex to binary, take each hex digit and replace it with the binary value it equals. Do the reverse to convert binary to hex. You might be asking, 'Why do I need to know this?' As I mentioned before, programmers many times use single bits (not bytes, but bits) as flags (example - instead of using 1 byte - 8 bits to flag whether debug is on or not, the programmer will most likely use only 1 bit and therefore they can use the other 7 bits for 7 other settings - nice, huh?). Therefore, you may see entries in this guide similar to (this actually applies to Sonic 2 Final savestates, *not* the beta or any ROM): Offset 012472, bit 0: Disable/enable Debug Meaning that by changing bit 0 in byte 012472 in a Sonic 2 Final savestate to 1, Debug will be enabled (where B will toggle it during gameplay). Also, you may see something like this (this applies to the Sonic 2 Final ROM, not the beta): Offset 019FA2, word: Max speed Meaning that by changing bytes 019FA2 and 019FA3 in the Sonic 2 Final ROM, you will change Sonic's max speed, up to a max value of 65535. One more thing that needs to be mentoned - The 68000 processor (and therefore any word values stored in the Sonic 2 Beta ROM) is big-endian - meaning that to store a value 04FF into the max speed area of the Sonic 2 Final ROM, it should be stored like this: 019FA2: 04 FF In other words, it has to be stored as you would read it. Not all CPUs are like this, for example the x86 family of chips is little-endian (meaning the above would be FF 04). This may confuse you now, but if you study it and practice it, you will eventually figure it out (you can use the Windows Calculator applet to double-check your figures, or the equivalent in your choice of OS). From the experience that I have so far in hacking Sonic ROMs in general, most values wil be either bytes or words (with the occasional double-word, which is just 2 words, 4 bytes, or 32 bits) and can hold a value up to 4294967295 (whew!). Although those will be found very rarely (I have yet to find one in the Sonic 2 Beta ROM), it comes in handy. Another term that will come in handy is longword, which is a word and a byte, or 3 bytes, or 24 bits. A longword can hold a value up to 16777215. Section II: Neat Tricks ======================= This section will contain things that I see to have no real function, yet actually do something. Title Screen Codes ------------------ Press UP, 4xDOWN, UP. You will hear a ring sound. It is not currently known what this code does. Section III: ROM Hacking ======================== Here will be everything I have found so far, under different sections. Note that the Sonic 2 Beta ROM is partly similar to Sonic 1 (at least in the level select, I'm unsure about anything else) and Sonic 2, so if you don't find the info you are looking for here, then you can try the Sonic 1 and 2 Hacking Guides (part of the Sonic Stuff Research Group located at http://ssrg.emulationzone.org) and use the info there. Level Select ------------ Offset given is the location of the first character. Note that the character map is different from Sonic 2 Final. Also notice that you can actually edit the level select text directly (unlike the final where it is mapped). This, I believe, is due to it's similarity to Sonic 1 (which you could also easily edit). Hex Character --- --------- 00 0 01 1 02 2 03 3 04 4 05 5 06 6 07 7 08 8 09 9 11 A 12 B 13 C 14 D 15 E 16 F 17 G 18 H 19 I 1A J 1B K 1C L 1D M 1E N 1F O 20 P 21 Q 22 R 23 S 24 T 25 U 26 V 27 W 28 X 0F Y 10 Z FF Space 0A $ 0B - 0C = 0D -> (right arrow) OE -> (right arrow) Offset 03D7C - Green Hill Zone Offset 03DB2 - Wood Zone Offset 03DE8 - Metropolis Zone Offset 03E39 - Hill Top Zone Offset 03E6F - Hidden Palace Zone Offset 03EA5 - Oil Ocean Zone Offset 03EDB - Dust Hill Zone Offset 03F11 - Casino Night Zone Offset 03F47 - Chemical Plant Zone Offset 03F7D - Genocide City Zone Offset 03FB3 - Neo Green Hill Zone Offset 03FE9 - Death Egg Zone Offset 0401F - Special Stage Offset 0403A - Sound Select Level Editing ------------- Currently I don't know where the levels are actually stored in the ROM, but I have deciphered what all the monitors are. A600 - Blank A601 - Sonic 1up A602 - Tails 1up A603 - Robotnik (does nothing when broken) A604 - Super Ring A605 - Power Sneakers A606 - Shield A607 - Invincibility A608 - Question Mark (turn Sonic yellow like Super Sonic!) A609 - Spring A60A+- Glitchy monitors, game crashes when broken Try it yourself! Using a hex editor with search and replace, change all occurrences of A607 to A608, then enter GHZ1 and go to where the invincibility monitor would normally be. You will see a question mark. Break it, and Sonic turns yellow, like he would if he was Super Sonic. Section IV: Speculations ======================== Sonic 1 Patterns in Sonic 2 Beta? --------------------------------- Using Genecyst, bring up the Patterns window, scroll down to AE00, and enter any stage. You will see the patterns for the Sonic 1 title cards/'got through' text. They are quickyl replaced with the animals' patterns, but look at the patterns again when you pass the endpost - the letters come back! Does this mean that if there are any title cards in Sonic 2 Beta at all, they are like Sonic 1's and not Sonic 2's? I have yet to see any patterns in Sonic 2 Beta for the Sonic 2 font (TrueType equivalent is 'Gaslight'). Something interesting... ------------------------ Pass the endpost, go to the extreme right hand of the screen, and start to spindash (but don't let go of down). When the CPU takes control of Sonic (in order to move him offscreen), he will start rolling, then enter his skidding animation. The weird thing here is that his feet will be several pixels underground! Nothing of any real significance, but interesting nonetheless...