Difference between revisions of "ROM hacking resources"

From Emulation General Wiki
Jump to navigation Jump to search
(Emulators)
(Cleaning up and re-organizing, could likely use a look-over and some more work)
Line 1: Line 1:
This page lists tools and info on ROM Hacking. See [[Mods, Hacks and Fan-Translations]] for more general info.
+
This page lists concepts, tools and general information on ROM hacking. See [[Mods, Hacks and Fan-Translations]] for more information.
  
==General Tips==
+
==Overview==
===What Are Bytes===
+
===Numeral systems===
Our normal counting system uses the decimal base, that is base 10. We'll count this way 0, 1, 2, 3, 4, 5, 6, 7, 8, 9... and then 10 = 1 * 10 + 0 * 1 = 1 * 10^1 + 0 * 10^0. So if we have something like 234 it actually means 2*100 + 3*10 + 4*1 = 2 * 10^2 + 3 * 10^1 + 4 * 10^0.
+
====Decimal====
 +
Our normal counting system uses the [[wikipedia:Decimal|decimal base]], or base 10, and goes in the following sequence: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, and so on. The number ten can be mathematically represented in decimal as <code>(1 * 10) + (0 * 1)</code> or <code>(1 * 10^1) + (0 * 10^0)</code>. So if we have a number like 234, it can be represented as <code>(2 * 100) + (3 * 10) + (4 * 1)</code> or <code>(2 * 10^2) + (3 * 10^1) + (4 * 10^0)</code>.
  
On the other hand, the hexadecimal base is base 16. So we'll count this way: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9... and then A (a single "digit" the hexadecimal base uses for the value ten), and then B (eleven), C (twelve), D (thirteen), E (fourteen), F (fifteen)... and then 10 (sixteen, that is 1*16 + 0 = 1*16^1 + 0*16^0) and 11 (seventeen, 1*16+1*1) and 12 (eighteen, 1*16+2)... etc. Actually we should write this 0x10 or h10 (sixteen) so that it's not confused with the decimal 10 (ten). If this sounds too complicated, you can load your Calculator in Programmer mode and do all the converting between our decimal and the game's hexadecimal.
+
====Hexadecimal====
 +
On the other hand, the [[wikipedia:Hexadecimal|hexadecimal base]] is base 16 and goes in the following sequence: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A (a single "digit" meaning ten in decimal), B (eleven), C (twelve), D (thirteen), E (fourteen), F (fifteen), then finally 10 (sixteen, <code>(1 * 16) + 0</code> or <code>(1 * 16^1) + (0 * 16^0)</code>), 11 (seventeen, <code>(1 * 16) + (1 * 1)</code>), 12 (eighteen, <code>(1 * 16) + 2</code>), and so on. Typically, hexadecimal numbers are written with the prefixes <code>0x</code> or <code>h</code> so that they are not confused with decimal equivalents (e.g., <code>0x10</code>, decimal <code>16</code>). If this sounds too complicated, you can load Calculator in programmer mode to do conversions between decimal and hexadecimal.
  
The binary base is base 2. We count this way: 0, 1... and then 10 (which is 1*2 + 0... two) and 11 (1*2+1... three) and 100 (1*2*2 + 0*2 + 0*1 ... four), and 101 (1*2*2 + 0*2 + 1*1... five)... and so on. As you can see, it gets long and impractical very quickly.
+
====Binary====
 +
The [[wikipedia:Binary number|binary base]] is base 2 and goes in the following sequence: 0, 1, then 10 (<code>(1 * 2) + 0</code>, two in decimal), 11 (<code>(1 * 2) + 1</code>, three), then 100 (<code>(1 * 2 * 2) + (0 * 2) + (0 * 1)</code>, four), 101 (<code>(1 * 2 * 2) + (0 * 2) + (1 * 1)</code>, five), and so on. As you can see, it gets long and impractical very quickly.
  
Everything in game ROMs, be it programming, graphics, sound, text, assets and anything else, is written in bits (zero or one), with each group of eight bits called a byte. Out of convenience, bytes are written using the hexadecimal base (any values using this we'll note with the prefix 0x), rather than an inconvenient succession of eight bits (using the binary system).
+
====Comparisons====
 +
{| class="wikitable mw-collapsible mw-collapsed"
 +
!Decimal
 +
!Hex
 +
!Binary
 +
|-
 +
| align="right" |5
 +
| align="right" |5
 +
| align="right" |101
 +
|-
 +
| align="right" |6
 +
| align="right" |6
 +
| align="right" |110
 +
|-
 +
| align="right" |7
 +
| align="right" |7
 +
| align="right" |111
 +
|-
 +
| align="right" |8
 +
| align="right" |8
 +
| align="right" |1000
 +
|-
 +
| align="right" |9
 +
| align="right" |9
 +
| align="right" |1001
 +
|-
 +
| align="right" |10
 +
| align="right" |A
 +
| align="right" |1010
 +
|-
 +
| align="right" |11
 +
| align="right" |B
 +
| align="right" |1011
 +
|-
 +
| align="right" |12
 +
| align="right" |C
 +
| align="right" |1100
 +
|-
 +
| align="right" |13
 +
| align="right" |D
 +
| align="right" |1101
 +
|-
 +
| align="right" |14
 +
| align="right" |E
 +
| align="right" |1110
 +
|-
 +
| align="right" |15
 +
| align="right" |F
 +
| align="right" |1111
 +
|-
 +
| align="right" |16
 +
| align="right" |10
 +
| align="right" |1 0000
 +
|-
 +
| align="right" |17
 +
| align="right" |11
 +
| align="right" |1 0001
 +
|-
 +
| align="right" |36
 +
| align="right" |24
 +
| align="right" |10 0100
 +
|-
 +
| align="right" |94
 +
| align="right" |5E
 +
| align="right" |101 1110
 +
|-
 +
| align="right" |256
 +
| align="right" |100
 +
| align="right" |1 0000 0000
 +
|-
 +
| align="right" |1000
 +
| align="right" |3E8
 +
| align="right" |11 1110 1000
 +
|-
 +
| align="right" |4096
 +
| align="right" |1000
 +
| align="right" |1 0000 0000 0000
 +
|-
 +
| align="right" |64206
 +
| align="right" |FACE
 +
| align="right" |1111 1010 1100 1110
 +
|}
  
The value for each byte ranges from 0x00 (in bits: 0000 0000, in decimal: 0) to 0xFF (in bits: 1111 1111, in decimal 255).
+
===Bits and bytes===
 +
Everything in game ROMs — be it programming, graphics, sound, text, assets, and anything else — is written in bits (zero or one), with each group of eight bits called a byte. Out of convenience, bytes are written using the hexadecimal base (any values using this will be noted with the prefix <code>0x</code>), rather than an inconvenient succession of eight bits using the binary system.
  
===Text Editing with Hex Editors===
+
The value for each byte ranges from <code>0x00</code> (bits: <code>0000 0000</code>, decimal: <code>0</code>) to <code>0xFF</code> (bits: <code>1111 1111</code>, decimal: <code>255</code>).
Hexadecimal editors, also called hex editors or binary data editors, can open ANY file, and display its contents as bytes written using the hexadecimal base. You can also edit said bytes.
 
  
Hex editors come with three elements usually: The part with the binary data, an address (also called offset) on the far-left which tells us the location of this byte in the file (and is useful), and...
+
===Editing text with hex editors===
 +
Hexadecimal editors, also called hex editors or binary data editors, can open any file and display its contents as bytes written using the hexadecimal base. You can also edit said bytes.
  
The third area in the window is where "text data" is supposed to appear. It tries to interpret the hex data as text, by matching each byte value to a specific character in the ASCII set. So if there's the 0x41 byte for example, the matching character on the right side would be upper-case latin A.
+
Hex editors usually come with three elements: the part with the binary data, an address (also called offset) on the far-left which tells us the location of this byte in the file (and is useful), and...
  
Practice: Go and check the US version of Link's Awakening (either the GB or GBC version, doesn't matter), open it with any hex editor available online (the ROM of course, not the ZIP archive), and try modifying Marin's dialog at the very beginning. You'll have to search for a while, but you'll eventually find it.
+
The third area in the window is where "text data" is supposed to appear. It tries to interpret the hex data as text by matching each byte value to a specific character in the ASCII set. So if there's the <code>0x41</code> byte for example, the matching character on the right side would be upper-case Latin <code>A</code>.
  
However... Most of the times, the text data area is gibberish nonsensical symbols. Why? Often, it's because:
+
For practice, go and check the US version of Link's Awakening (either the GB or GBC version). Open the ROM with any hex editor available online, and try modifying Marin's dialog at the very beginning. You'll have to search for a while, but you'll eventually find it.
  
* The specific portion of the file / ROM you're viewing isn't actually text data but something else. So you'll have to use the search feature or browse further down the file.
+
However, the text data area is usually gibberish, nonsensical symbols. This is often because:
* The text is encrypted (if the developers wanted on purpose to make it unreadable by hex editors: this is the case for 3DS ROMs when they're encrypted, or games with anti-modding measures like Gods Eater 2 PSP (JP) and Youkai Watch save files). Fortunately, this is impractical and mostly uncommon.
 
* The text is compressed. Compression is a data transformation operation intended to save space. There are numerous schemes, and some games have their own unique flavors. Either by studying the file structure blindly, or reverse-engineering the game's programming during runtime as it makes use of this compressed file, you'll need to figure out the actual compression pattern, and decompress the text so that you can actually edit it (then recompress it and feed it back to the game).
 
  
But sometimes it can be none of the above reasons. But rather the fact it uses a custom character encoding that's not the ASCII standard.  
+
* The specific portion of the file/ROM you're viewing isn't actually text data but something else. So you'll have to use the search feature or browse further down the file.
 +
* The text is encrypted. Sometimes, the developers do this on purpose to make the ROM unreadable by hex editors, as is the case for encrypted 3DS ROMs or games with anti-modding measures like God Eater 2 (PSP, JP) and Youkai Watch save files. Fortunately, this is impractical and mostly uncommon.
 +
* The text is compressed. Compression is a data transformation operation intended to save space. There are numerous schemes, and some games have their own unique flavors. You'll need to figure out the actual compression pattern either by studying the file structure blindly or by reverse-engineering the game's programming during runtime as it uses the compressed file. Once accomplished, you can decompress the text so that it can be edited then recompress it and feed it back to the game.
  
Why is this the case? Because many of these games were made in Japanese, using JP characters, and as such the devs had no reason to respect the ASCII standard (where 0x21 means !, 0x31 means 1, 0x41 means A, 0x61 means a, etc...) but were more concerned about how to make the best out of the limited memory available. So you could have A at 0x00, x01, 0x0A, 0x10, 0x21, 0x41, 0x81 or anything really, depending on the game and what the devs felt like.  
+
But sometimes, none of the above may apply. Instead, a custom character encoding is used that doesn't conform to the ASCII standard. Why is this the case? Because many of these games were made in Japanese using Japanese characters, the developers had no reason to respect the ASCII standard but were more concerned about how to make the best out of the limited memory available. So you could have the letter A at <code>0x00</code>, <code>x01</code>, <code>0x0A</code>, <code>0x10</code>, <code>0x21</code>, <code>0x41</code>, <code>0x81</code>, or elsewhere depending on the game and what the developers felt like.  
  
However this poses a problem. None of the mainstream hex editors really give a damn about this enough to account for cases other than the ASCII standard, so... You'll have to find a specialized hex editor geared more towards ROM hacking. The feature you'll need here is the ability to load custom character sets, stored in what's called table files (extension .TBL, though they're actually just renamed regular .txt files).
+
This poses a problem. None of the mainstream hex editors really give a damn about this enough to account for cases other than the ASCII standard, so you'll have to find a specialized hex editor geared more towards ROM hacking. The feature you'll need here is the ability to load custom character sets, stored in what's called table files (extension .tbl, though they're actually just renamed regular .txt files).
  
A table file for a game using the ASCII standard would look like:
+
A table file for a game using the ASCII standard would look like this:
  
 
<pre>
 
<pre>
Line 48: Line 133:
 
4A=J
 
4A=J
 
4B=K
 
4B=K
 +
...and so on
 
</pre>
 
</pre>
  
And so on. For many games, you'll need to figure out their table files, using table file building tools also commonly referred to as "Relative Search" tools. Choice ones are RSEARCH and monkeymoore. You know for example Zelda 1 has "IT'S DANGEROUS TO GO ALONE" so you load the ROM in monkeymoore and search for the word "DANGEROUS". It will give you many options (assuming the text is uncompressed, and the programmers at least had the decency to respect alphabetic order -otherwise you'll need to use the "custom set" option, which you'll need in case your game is in Japanese). One of these options should guess the rest of the words of that sentence, with some unknown characters in between (like the spaces). Check that option and create your table with it.
+
For many games, you'll need to figure out their table files using table file building tools, also commonly referred to as "relative search" tools. Choice ones are [http://www.romhacking.net/utilities/998/ RSEARCH] and [http://www.romhacking.net/utilities/513/ Monkey-Moore]. For example, The Legend of Zelda has "IT'S DANGEROUS TO GO ALONE", so you load the ROM in Monkey-Moore and search for the word "DANGEROUS". It will give you many options (assuming the text is uncompressed, and the programmers at least had the decency to respect alphabetic order -otherwise you'll need to use the "custom set" option, which you'll need in case your game is in Japanese). One of these options should guess the rest of the words of that sentence, with some unknown characters in between (like the spaces). Check that option and create your table with it.
 
 
Under WindHex, a hex editor with TBL support (there's also Crystaltile2 -which also had a few standard encodings for Japanese (Shift-JIS and UTF-8)- and Tinke), open the ROM, the load the table file you just created with the relative search tool, and then the text will be visible and editable if you scroll to that area of the ROM. You can see the byte equivalents for the missing characters (spaces, punctuation) and add them to the TBL file with Notepad (or WindHex's Table Editor).
 
 
 
Make sure also to identify control codes, that is bytes used to tell the game to do special stuff (like text color, speed, writing the hero's name, line breaks, telling the game where the text ends...) and add them to the TBL file too. Sometimes the game will use a dictionnary to make the game's text shorter in order to save space, so some byte values will replace letter combinations or entire words. Add those to the TBL file too.
 
 
 
Don't be afraid to experiment, even if this corrupts your ROM, so that you confirm any of your observations! Of course, you'll need to make sure to keep a safe backup copy of the unaltered ROM as well as the ROM revisions with your main hacking progress.
 
  
===Text Dumping and Insertion Tools===
+
Using [http://www.romhacking.net/utilities/291/ WindHex], a hex editor with TBL support, open the ROM. Next, load the table file you just created with the relative search tool, and then the text will be visible and editable if you scroll to that area of the ROM. You can see the byte equivalents for the missing characters (spaces, punctuation) and then add them to the TBL file with Notepad (or WindHex's table editor). Similar programs include [http://www.romhacking.net/utilities/818/ Crystal Tile 2], (supports Shift-JIS and UTF-8 encodings) and [http://www.romhacking.net/utilities/817/ Tinke].
Editing or translating a whole game with a hex editor is tiresome, and you can't even exceed the original length (since the extra text would just overwrite the next not-text data and corrupt the game).
 
  
The solution is to find the game's pointers. You know you can note down the address on the left side of the hex editor to know where you are in the ROM. The game does just like that, it has pointers telling it where the text is.
+
Make sure to identify the control codes as well. These are bytes used to define special text properties (text color, text display speed, displaying the hero's name, line breaks, end-of-text, etc.) and add them to the TBL file too. Sometimes, the game will use a dictionary to make the game's text shorter in order to save space, so some byte values will replace letter combinations or entire words. Add those to the TBL file too.
  
But... Pointers don't look the same way the address in your hex editor does. Each system has its quirks and rule for calculating the pointers, so look it up.
+
Don't be afraid to experiment, even if this corrupts your ROM, so that you confirm any of your observations! Of course, you'll need to keep a safe backup copy of the unaltered ROM along with the ROM revisions with your main hacking progress.
  
Practice: GBA pointers for a specific address are 4-byte. Replace the leftmost byte with 08, and invert the order of the bytes so that (byte1)(byte2)(byte3)(byte4) becomes (byte4)(byte3)(byte2)(byte1). Why invert? Because GBA is a Little Endian system. Open a GBA Pokémon game, find Professor Oak's dialog in the hex editor, find its starting address (you click on the first letter and then see its address for that byte in the sidebar of your hex editor) and calculate the pointer as detailed above. Use WindHex's feature for searching hex data to find that pointer. It should appear in the hex data and look just like what you calculated. You may modify it to an address in the very end of the ROM, in an empty area where you'll try writing new text. If you can pull out this, this means you could repoint that text pointer!
+
====Text dumping and insertion tools====
 +
Editing or translating a whole game with a hex editor is tiresome. You can't even exceed the original length because the extra text would just overwrite the next not-text data and corrupt the game. The solution is to find the game's pointers. You can note down the address on the left side of the hex editor to know where you are in the ROM. The game does just like that, using pointers to tell it where the text is. But pointers don't look the same way the address in your hex editor does. Each system has its quirks and rule for calculating the pointers, so look it up.
  
With Cartographer, a command-line tool, you can indicate a ROM, a TBL file, and then tell the program to start extracting text. You could tell it to extract in bulk text and garbage data alike from and until given addresses (RAW mode). But if you found a pointer, or even better, a succession of pointers (also called pointer tables), like in the Pokémon example above, you can extract text data in a more organized manner to a text file.
+
For example, GBA pointers for a specific address are 4-byte. Replace the leftmost byte with <code>08</code>, and invert the order of the bytes so that <code>(byte 1)(byte 2)(byte 3)(byte 4)</code> becomes <code>(byte 4)(byte 3)(byte 2)(byte 1)</code>. Why invert? Because the GBA is a [[wikipedia:Endianness#Little-endian|little endian system]]. Open a GBA Pokémon game, find Professor Oak's dialog in the hex editor, find its starting address (you click on the first letter and then see its address for that byte in the sidebar of your hex editor) and calculate the pointer as detailed above. Use WindHex's feature for searching hex data to find that pointer. It should appear in the hex data and look just like what you calculated. You may modify it to an address in the very end of the ROM in an empty area where you'll try writing new text. If you can pull this off, this means you can repoint that text pointer!
  
With Atlas, another command-line tool, assuming you went with the second (and more proper) method, you may re-insert that text file (after you modified it) in the ROM, and the tool will take care of updating the pointers. You can for example tell it to start inserting text in an empty yet comfortable (and more importantly, within reach - this depends on the pointer) location in the end of ROM. The possibilities are endless.
+
With the command-line tool [http://www.romhacking.net/utilities/647/ Cartographer], you can indicate a ROM and TBL file, and then tell the program to start extracting text. You could tell it to extract bulk text and garbage data alike from and until given addresses (RAW mode). But if you found a pointer — or even better, a succession of pointers (called pointer tables), like in the Pokémon example above — you can extract text data in a more organized manner to a text file.
  
Command-line tools may sound scary, with their black MS-DOS dialog boxes flashing quickly and disappearing. They're actually easy to use. Just put all the needed files in the same folder, make a new txt file where you write the command detailed in the tool's readme, and save that file as one with the .bat extension. If you double-click on it, it will execute that tool the way you wanted it with little effort.  
+
With another command-line tool called [http://www.romhacking.net/utilities/224/ Atlas], you may re-insert that text file (after modifying it) in the ROM, and the tool will take care of updating the pointers. You can, for example, tell it to start inserting text in an empty yet accessible location at the end of the ROM. The possibilities are endless.
  
===Graphical Editing with Tile Editors===
+
Command-line tools may sound scary, with their black MS-DOS dialog boxes flashing quickly and disappearing. They're actually easy to use. Just put all the needed files in the same folder, make a new .txt file where you write the command detailed in the tool's readme, and save that file as one with the .bat extension. If you double-click on it, it will execute that tool the way you wanted it with little effort.  
Hex editors interpret binary data as raw bytes or text. Tile editors do something similar, but instead interpret binary data as graphics. Of course, this means if you're using the wrong mode or looking at an area that's not supposed to be graphical data or the graphics are compressed, you'll just see garbage.
 
  
Among the best tile editors out there are TileMolester and Crystaltile2. For newer 3D-based systems however, they may not help by much and then specialized graphical converters will be needed.
+
===Editing graphics with tile editors===
 +
Hex editors interpret binary data as raw bytes or text. Tile editors do something similar, but instead they interpret binary data as graphics. Of course, this means if you're using the wrong mode or looking at an area that's not supposed to be graphical data or the graphics are compressed, you'll just see garbage.
  
In older systems, in order to save space, graphics were usually stored in parts:
+
Among the best tile editors out there are TileMolester and Crystal Tile 2. For newer 3D-based systems, however, specialized graphical converters may be required.
  
First there's the tile data: The actual drawings, and what you may edit with tile editors. They're small pieces that when assembled make a big picture.  
+
In older systems, in order to save space, graphics were usually stored in parts. First, there's the tile data, or the actual drawings that you may edit with tile editors. They're divided into small pieces that, when assembled, make a big picture. The instructions to build the big picture are tile maps (in the case of backgrounds) or sprite attribute tables for sprites. 
  
The instructions to build the big picture are tile maps (in the case of  backgrounds) or sprite attribute tables (for sprites).
+
The tile data uses indexed colors. Using Mario's shirt as an example, it isn't colored "red" but rather colored with "color 1". NES Mario games, like most NES games, happen to use the NES 2BPP mode (that is, two bits per pixel). A bit is either zero or one. With two bits, we can write <code>00</code>, <code>01</code>, <code>10</code> and <code>11</code>.  This technically gives us four possible colors in total. However, there are actually three colors since "color 0" is transparency, used around Mario's sprite so that the backgrounds behind him are visible and unobstructed.
  
The tile data uses indexed colors actually, so in Mario's example his shirt isn't colored "red", but rather colored with "color 1". NES Mario games, like most NES games, happen to use the NES 2BPP mode, that is the 2 bits per pixel mode. A bit is 0 or 1. With two bits we can write 00, 01, 10 and 11... so 4 possible colors in total. Or actually 3, since "color 0" is transparency, used around Mario's sprite so that the backgrounds behind him are visible unobstructed.
+
How can we tell what actual color Mario's shirt is instead of just "color 1"? We do this through [[wikipedia:Palette_(computing)|palettes]]. Palettes are hex data consisting of three bytes, and each byte is the ID for a specific color: "red", "blue", "yellow", "purple", "light blue", and so on. (There are just under 60 valid choices in the NES, but later systems have a much larger selection of colors.) We know Mario's clothes change color after eating various items, but the tile data drawings are stored just once in the ROM. There are separate palettes telling the game to colorize the same drawing differently for different situations.
  
How can we tell what color Mario's shirt is, since it's just "color 1"? Palettes. Palettes are hex data consisting of 3 bytes, and each byte is the ID for a specific color: "red", "blue", "yellow", "purple", "light blue", and a few others (just under 60 valid choices in the NES, but way more in later systems)...
+
==Emulators for ROM hacking==
 
 
We know Mario's clothes change color after eating various items. But the tile data drawings are stored just once in the ROM. There's separate palettes telling the game to colorize the same drawing differently each time.
 
 
 
==Emulators for ROM Hacking==
 
 
Not all emulators are made equal. Often, you'll need to study the game as it runs, for the following reasons:
 
Not all emulators are made equal. Often, you'll need to study the game as it runs, for the following reasons:
  
* '''Cheats:''' You modified some text and graphics in the final stage, and can't be bothered to replay the whole game legitimately. In case the emulator doesn't support this natively, you might want to consider using Cheat Engine.
+
* '''Cheats:''' You modified some text and graphics in the final stage but can't be bothered to replay the whole game legitimately. In case the emulator doesn't support this natively, you might want to consider using [http://www.cheatengine.org/ Cheat Engine].
* '''Save States, Rewinding, Fast-Forward, Frame Advance, Pause:''' You modified something appearing in a very narrow timeframe, or you just want to take clean screenshoots of the game.
+
* '''Save States, rewinding, fast forward, frame advance, pause:''' You modified something appearing in a very narrow timeframe, or you just want to take clean screenshoots of the game.
* '''Debuggers w/ Breakpoints:''' A breakpoint throws a fit and pauses the game if a specific address is tampered with (of course, to know WHICH address it is, you need to find it first with a Cheat Search / RAM Search).  
+
* '''Debuggers''' with the following features:
* '''Debuggers w/ Disassembler:''' Translates the last few lines of programming executed from hex code to known opcodes telling which instruction is which (LDA/LDR/LD (load to accumulator/register), STA/STR/ST (store to accumulator/register), NOP (do nothing)...). After a breakpoint, it gives you the programming line (in assembly) directly responsible for altering the address the breakpoint was guarding against reading/writing/executing attempts. This is incredibly invaluable to understand the game's programming.
+
** '''Breakpoints:''' A breakpoint throws a fit and pauses the game if a specific address is tampered with. Of course, to know which address it is, you need to find it first with a cheat/RAM search.
* '''Debuggers w/ Assembler:''' Allows the user to write their new lines of programming, which are then converted to the corresponding hex data. It's rare emulators include this, assemblers are often separate tools affecting the ROMs or to be inserted manually by users in ROMs.
+
** '''Disassembler:''' Translates the last few lines of programming executed from hex code to known opcodes telling which instruction is which (LDA/LDR/LD (load to accumulator/register), STA/STR/ST (store to accumulator/register), NOP (do nothing), and so on). After a breakpoint, it gives you the programming line (in assembly) directly responsible for altering the address the breakpoint was guarding against reading/writing/executing attempts. This is incredibly invaluable to understand the game's programming.
* '''Debuggers w/ Tracers:''' The emulator logs ALL programming lines executed, from since you started logging, to a text file. It can get huge pretty quickly, so it's best used with breakpoints and frame advance features to better locate what you're looking for.
+
** '''Assembler:''' Allows the user to write their new lines of programming, which are then converted to the corresponding hex data. It's rare that emulators include this. Assemblers are often separate tools affecting the ROMs or to be inserted manually by users in ROMs.
* '''Memory Viewers w/ Hex editors:''' Views the RAM (and possibly other memory areas like SRAM, VRAM, ROM...) as the game is being executed. Either the window is read-only, or can be edited.
+
** '''Tracers:''' The emulator logs all programming lines executed, from since you started logging, to a text file. It can get huge pretty quickly, so it's best used with breakpoints and frame advance features to better locate what you're looking for.
* '''Memory Viewers w/ Tile Editors:''' Views the VRAM (and possibly other memory areas) and interprets its content as visual data. Emulators 3D systems can also have model viewers and texture viewers.
+
* '''Memory viewers''' with the following features:
* '''Background / OAM Viewers/Dumpers:''' View the graphics as they are arranged in-game. Can be useful occasionally. Often used for dumping graphics by sprite rippers.
+
** '''Hex editors:''' Views the RAM (and possibly other memory areas like SRAM, VRAM, ROM, and so on) as the game is being executed. Either the window is read-only, or it can be edited.
 
+
** '''Tile editors:''' Views the VRAM (and possibly other memory areas) and interprets its content as visual data. Emulators of 3D systems can also have model viewers and texture viewers.
 +
* '''Background/OAM viewers/dumpers:''' View the graphics as they are arranged in-game, often used for dumping graphics by sprite rippers. This can be useful occasionally.
  
 
===Emulators===
 
===Emulators===
Line 112: Line 189:
 
! scope="col"|Version
 
! scope="col"|Version
 
! scope="col"|[[Accuracy]]
 
! scope="col"|[[Accuracy]]
! scope="col"|Save States
+
! scope="col"|Save states
! scope="col"|Cheat Support
+
! scope="col"|Cheat support
! scope="col"|Frame Options
+
! scope="col"|Frame options
 
! scope="col"|Breakpoint
 
! scope="col"|Breakpoint
 
! scope="col"|Conditional BP
 
! scope="col"|Conditional BP
Line 120: Line 197:
 
! scope="col"|Assembler
 
! scope="col"|Assembler
 
! scope="col"|Tracer
 
! scope="col"|Tracer
! scope="col"|Memory View
+
! scope="col"|Memory view
! scope="col"|Tile View
+
! scope="col"|Tile view
! scope="col"|BG/OAM View
+
! scope="col"|BG/OAM view
 
! scope="col"|Useful?
 
! scope="col"|Useful?
 
|-
 
|-
Line 129: Line 206:
 
| style="text-align: center;"|Gieger's r1.51
 
| style="text-align: center;"|Gieger's r1.51
 
| style="text-align: center;"|High
 
| style="text-align: center;"|High
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
 
| style="text-align: center;"|Address
 
| style="text-align: center;"|Address
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
 
| style="text-align: center;"|Yes
 
| style="text-align: center;"|Yes
 
|-
 
|-
Line 146: Line 223:
 
| style="text-align: center;"|Main
 
| style="text-align: center;"|Main
 
| style="text-align: center;"|Cycle
 
| style="text-align: center;"|Cycle
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
 
| style="text-align: center;"|Range
 
| style="text-align: center;"|Range
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
 
| style="text-align: center;"|Read-only
 
| style="text-align: center;"|Read-only
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
 
| style="text-align: center;"|Unstable
 
| style="text-align: center;"|Unstable
 
|-
 
|-
Line 163: Line 240:
 
| style="text-align: center;"|1.6
 
| style="text-align: center;"|1.6
 
| style="text-align: center;"|Mid
 
| style="text-align: center;"|Mid
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
 
| style="text-align: center;"|Address
 
| style="text-align: center;"|Address
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|N
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
| style="text-align: center;"|Y
+
| style="text-align: center;"|
 
| style="text-align: center;"|Detailed
 
| style="text-align: center;"|Detailed
 
|}
 
|}
  
==General Resources==
+
==General resources==
 
+
*[http://romhacking.net ROMHacking.net] This is like a hub where the various hacking communities meet. It hosts a large variety of major ROM hacks and translations. Also hosts numerous FAQs and tools to help aspiring hackers get started.
*[http://romhacking.net ROMHacking.net] - This is like a hub where the various hacking communities meet.  It hosts a large variety of major ROM hacks and translations.  Also hosts numerous FAQs and tools to help aspiring hackers get started.
+
*[http://datacrystal.romhacking.net/ Data Crystal] A wiki hosted by ROMHacking.net. While it is a bit outdated at this point, it's still a good resource for information about different editors and links to a handful of prominent hacks.
*[http://datacrystal.romhacking.net/ Data Crystal] - A wiki hosted by ROMHacking.net.  While it is a bit outdated at this point, it is still a good resource for information about different editors and links to a handful of prominent hacks.
+
*[http://fusoya.eludevisibility.org/ FuSoYa's Niche] Site of the creator of the popular Super Mario World editor, Lunar Magic. Also hosts a set of tools for ROM expansion, patching, compression, etc.
*[http://fusoya.eludevisibility.org/ FuSoYa's Niche] - Site of the creator of the popular Super Mario World editor, Lunar Magic.  Also hosts a set of tools for ROM expansion, patching, compression, etc.
+
*[http://www.zophar.net Zophar's Domain] A site that hosts lots of smaller patches, such as spoofs, as well as a significant amount of major ones. It hosts a lot of content that can't be found on ROMHacking.net
*[http://www.zophar.net Zophar's Domain] - A site that hosts lots of smaller patches, such as spoofs, as well as a significant amount of major ones.  Hosts a lot of content that can't be found on ROMHacking.net
 
  
 
==Programs==
 
==Programs==
 
===General purpose 2D graphics/tile editor===
 
===General purpose 2D graphics/tile editor===
 +
* [http://www.romhacking.net/utilities/109/ Tile Molester] – Works with Java, practically can edit any game.
 +
 +
===Hex editors===
 +
* [http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm XVI32]
 +
* [http://www.romhacking.net/utilities/219/ Translhextion]
 +
 +
==Game-specific==
 +
===EarthBound===
 +
* [http://www.starmen.net Starmen.net] – Home of the hacking utility [http://starmen.net/pkhack/ PK Hack], an editor for modifying the EarthBound/Mother 2 ROM.  Has an active hacking community in the PK Hack section of its forums, where links to completed hacks can also be found.
 +
 +
===Final Fantasy VI===
 +
* [http://www.ff6hacking.com/forums/portal.php FF6 Hacking] – Home to a large community of Final Fantasy VI hackers, complete with active forums, links to patches, and FAQs and guides for those looking to get into hacking the game.
 +
 +
===Final Fantasy Tactics===
 +
* [http://ffhacktics.com/ Final Fantasy Hacktics] – Community for FFT hacking with a variety of completed hacks, patches, and resources.
 +
 +
===Fire Emblem===
 +
* [http://www.feshrine.net/hacks.html Fire Emblem Shrine] – An active and prominent Fire Emblem hacking community.  Hosts a variety of completed hacks and FAQs to get you started.
 +
* [http://serenesforest.net/forums/index.php?showforum=8 Serenes Forest] – Another active and prominent Fire Emblem hacking community, though perhaps a bit more active than Fire Emblem Shrine.
  
[http://www.romhacking.net/utilities/109/ Tile Molester]. Works with Java, practically can edit any game.
+
===The Legend of Zelda: A Link to the Past===
 +
* [http://forum.metroidconstruction.com/index.php/board,27.0.html?PHPSESSID=c83e531bb78ed7c6a3a4de5b45756595 Zelda Construction] – Despite its huge popularity, the hacking community for ALttP is relatively small. This is mainly due to the lack of a truly good editor, though one is in the works.  This community is a spin-off of Metroid Construction devoted to hacking of ALttP and other games in the series.
  
===<br />Hex Editor===
+
===Pokémon===
 +
* [http://www.pokecommunity.com/forumdisplay.php?f=37 The PokéCommunity] – Very active (and helpful) Pokémon hacking community.
  
[http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm XVI32] or [http://www.romhacking.net/utilities/219/ Translhextion]. You can edit the bytes of the ROMs, i.e. everything. Some values are obvious and some text is already ASCII.
+
===Sonic the Hedgehog===
 +
* [http://info.sonicretro.org/Sonic_hacks Sonic Retro] – The largest resource for hacks and modifications of the Sonic series (primarily focused on the Genesis games).
  
==Game Specific==
 
 
===Super Mario World===
 
===Super Mario World===
 
[[File:MainLunarMagic-1-.png|thumb]]
 
[[File:MainLunarMagic-1-.png|thumb]]
*[http://www.smwcentral.net Super Mario World Central] - The largest site dedicated to SMW hacking.  Hosts hundreds of hacks and is a resource for SMW hacking utilities and knowledge.  Also has a very active community and forums.
+
* [http://www.smwcentral.net Super Mario World Central] The largest site dedicated to SMW hacking. Hosts hundreds of hacks and is a resource for SMW hacking utilities and knowledge. Also has a very active community and forums.
*[http://www7.atpages.jp/smw/view.cgi X-Mario] - Prominent Japanese site that hosts a variety of hacks.  Worth noting is that Japanese hacks are usually more reliant on creating challenging gameplay and are less flashy or graphically modified than their Western cousins.
+
* [http://www7.atpages.jp/smw/view.cgi X-Mario] Prominent Japanese site that hosts a variety of hacks. Worth noting is that Japanese hacks are usually more reliant on creating challenging gameplay and are less flashy or graphically modified than their Western cousins.
*[http://talkhaus.raocow.com/ Raocow's Talkhaus] - The community for the most prominent let's player in SMW hacking.  Whether or not you enjoy his commentary, this site remains a great resource for discovering hacks, as the community here is generally focused on hacks that the SMW Central community doesn't cover.
+
* [http://talkhaus.raocow.com/ Raocow's Talkhaus] The community for the most prominent let's player in SMW hacking. Whether or not you enjoy his commentary, this site remains a great resource for discovering hacks, as the community here is generally focused on hacks that the SMW Central community doesn't cover.
*[http://www18.atwiki.jp/sm4wiki_mix/ VIP Wiki] - Japanese wiki dedicated to the development of 2channel's series of popular hacks, the VIP & Wall Mix series.  Hosts the 5 current installments and news about the sixth, currently a work in progress.
+
* [http://www18.atwiki.jp/sm4wiki_mix/ VIP Wiki] Japanese wiki dedicated to the development of 2channel's series of popular hacks, the VIP & Wall Mix series. Hosts the 5 current installments and news about the sixth, currently a work in progress.
 +
 
 +
===Super Mario World 2: Yoshi's Island===
 +
* [http://www.smwcentral.net Super Mario World Central] – In addition to Super Mario World, smwcentral is a budding hub for Yoshi's Island hacking.  While it only hosts a few complete hacks, the community is very active, and new content is being produced at a consistent pace.
 +
* [http://yihacking.wikia.com/wiki/Yoshi%27s_Island YI Hacking Wiki] – A knowledge base for Yoshi's Island hacking.
  
 
===Super Metroid===
 
===Super Metroid===
 
[[File:Fetch-1-.png|thumb]]
 
[[File:Fetch-1-.png|thumb]]
*[http://metroidconstruction.com Metroid Construction] - The most prominent and active Super Metroid hacking community currently.  Hosts a large variety of hacks, resources, FAQs, and an active community and forum.  Originated in m2k2 before becoming its own dedicated site.
+
* [http://metroidconstruction.com Metroid Construction] The most prominent and active Super Metroid hacking community currently. Hosts a large variety of hacks, resources, FAQs, and an active community and forum. Originated in m2k2 before becoming its own dedicated site.
*[http://wiki.metroidconstruction.com/doku.php Metroid Construction Wiki] - As its name implies, a wiki created by the Metroid Construction community.
+
* [http://wiki.metroidconstruction.com/doku.php Metroid Construction Wiki] As its name implies, a wiki created by the Metroid Construction community.
*[http://www.metroid2002.com/ Metroid 2002] - The former most prominent and active Super Metroid hacking community previously.  While it has since been foregone in favor of Metroid Construction, it can still be a valuable resource for knowledge about the more advanced mechanics and inner workings of Super Metroid (as well as other games in the series).
+
* [http://www.metroid2002.com/ Metroid 2002] The former most prominent and active Super Metroid hacking community previously. While it has since been foregone in favor of Metroid Construction, it can still be a valuable resource for knowledge about the more advanced mechanics and inner workings of Super Metroid (as well as other games in the series).
===The Legend of Zelda: A Link to the Past===
 
*[http://forum.metroidconstruction.com/index.php/board,27.0.html?PHPSESSID=c83e531bb78ed7c6a3a4de5b45756595 Zelda Construction] - Despite its huge popularity, the hacking community for ALttP is relatively small.  This is mainly due to the lack of a truly good editor, though one is in the works.  This community is a spin-off of Metroid Construction devoted to hacking of ALttP and other games in the series.
 
 
 
===EarthBound===
 
*[http://www.starmen.net Starmen.net] - Home of the hacking utility [http://starmen.net/pkhack/ PK Hack], an editor for modifying the EarthBound/Mother 2 ROM.  Has an active hacking community in the PK Hack section of its forums, where links to completed hacks can also be found.
 
===Yoshi's Island===
 
*[http://www.smwcentral.net Super Mario World Central] - In addition to Super Mario World, smwcentral is a budding hub for Yoshi's Island hacking.  While it only hosts a few complete hacks, the community is very active, and new content is being produced at a consistent pace.
 
*[http://yihacking.wikia.com/wiki/Yoshi%27s_Island YI Hacking Wiki] - A knowledge base for Yoshi's Island hacking.
 
===Final Fantasy VI===
 
*[http://www.ff6hacking.com/forums/portal.php FF6 Hacking] - Home to a large community of Final Fantasy VI hackers, complete with active forums, links to patches, and FAQs and guides for those looking to get into hacking the game.
 
 
 
===Final Fantasy Tactics===
 
*[http://ffhacktics.com/ Final Fantasy Hacktics] - Community for FFT hacking with a variety of completed hacks, patches, and resources.
 
===Fire Emblem===
 
*[http://www.feshrine.net/hacks.html Fire Emblem Shrine] - An active and prominent Fire Emblem hacking community.  Hosts a variety of completed hacks and FAQs to get you started.
 
*[http://serenesforest.net/forums/index.php?showforum=8 Serenes Forest] - Another active and prominent Fire Emblem hacking community, though perhaps a bit more active than Fire Emblem Shrine.
 
===Pokémon===
 
*[http://www.pokecommunity.com/forumdisplay.php?f=37 The PokéCommunity] - Very active (and helpful) Pokémon hacking community.
 
===Sonic the Hedgehog===
 
*[http://info.sonicretro.org/Sonic_hacks Sonic Retro] - The largest resource for hacks and modifications of the Sonic series (primarily focused on the Genesis games).
 
  
 
==Downloads==
 
==Downloads==
[https://mega.co.nz/#F!R8RCnZZY!Zxyqoynu9GVWIwFHCISK2Q!og53jJJL ROM Hacks]
+
* [https://mega.co.nz/#F!R8RCnZZY!Zxyqoynu9GVWIwFHCISK2Q!og53jJJL ROM Hacks]
  
 
[[Category:FAQs]]
 
[[Category:FAQs]]

Revision as of 09:33, 22 September 2016

This page lists concepts, tools and general information on ROM hacking. See Mods, Hacks and Fan-Translations for more information.

Overview

Numeral systems

Decimal

Our normal counting system uses the decimal base, or base 10, and goes in the following sequence: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, and so on. The number ten can be mathematically represented in decimal as (1 * 10) + (0 * 1) or (1 * 10^1) + (0 * 10^0). So if we have a number like 234, it can be represented as (2 * 100) + (3 * 10) + (4 * 1) or (2 * 10^2) + (3 * 10^1) + (4 * 10^0).

Hexadecimal

On the other hand, the hexadecimal base is base 16 and goes in the following sequence: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A (a single "digit" meaning ten in decimal), B (eleven), C (twelve), D (thirteen), E (fourteen), F (fifteen), then finally 10 (sixteen, (1 * 16) + 0 or (1 * 16^1) + (0 * 16^0)), 11 (seventeen, (1 * 16) + (1 * 1)), 12 (eighteen, (1 * 16) + 2), and so on. Typically, hexadecimal numbers are written with the prefixes 0x or h so that they are not confused with decimal equivalents (e.g., 0x10, decimal 16). If this sounds too complicated, you can load Calculator in programmer mode to do conversions between decimal and hexadecimal.

Binary

The binary base is base 2 and goes in the following sequence: 0, 1, then 10 ((1 * 2) + 0, two in decimal), 11 ((1 * 2) + 1, three), then 100 ((1 * 2 * 2) + (0 * 2) + (0 * 1), four), 101 ((1 * 2 * 2) + (0 * 2) + (1 * 1), five), and so on. As you can see, it gets long and impractical very quickly.

Comparisons

Decimal Hex Binary
5 5 101
6 6 110
7 7 111
8 8 1000
9 9 1001
10 A 1010
11 B 1011
12 C 1100
13 D 1101
14 E 1110
15 F 1111
16 10 1 0000
17 11 1 0001
36 24 10 0100
94 5E 101 1110
256 100 1 0000 0000
1000 3E8 11 1110 1000
4096 1000 1 0000 0000 0000
64206 FACE 1111 1010 1100 1110

Bits and bytes

Everything in game ROMs — be it programming, graphics, sound, text, assets, and anything else — is written in bits (zero or one), with each group of eight bits called a byte. Out of convenience, bytes are written using the hexadecimal base (any values using this will be noted with the prefix 0x), rather than an inconvenient succession of eight bits using the binary system.

The value for each byte ranges from 0x00 (bits: 0000 0000, decimal: 0) to 0xFF (bits: 1111 1111, decimal: 255).

Editing text with hex editors

Hexadecimal editors, also called hex editors or binary data editors, can open any file and display its contents as bytes written using the hexadecimal base. You can also edit said bytes.

Hex editors usually come with three elements: the part with the binary data, an address (also called offset) on the far-left which tells us the location of this byte in the file (and is useful), and...

The third area in the window is where "text data" is supposed to appear. It tries to interpret the hex data as text by matching each byte value to a specific character in the ASCII set. So if there's the 0x41 byte for example, the matching character on the right side would be upper-case Latin A.

For practice, go and check the US version of Link's Awakening (either the GB or GBC version). Open the ROM with any hex editor available online, and try modifying Marin's dialog at the very beginning. You'll have to search for a while, but you'll eventually find it.

However, the text data area is usually gibberish, nonsensical symbols. This is often because:

  • The specific portion of the file/ROM you're viewing isn't actually text data but something else. So you'll have to use the search feature or browse further down the file.
  • The text is encrypted. Sometimes, the developers do this on purpose to make the ROM unreadable by hex editors, as is the case for encrypted 3DS ROMs or games with anti-modding measures like God Eater 2 (PSP, JP) and Youkai Watch save files. Fortunately, this is impractical and mostly uncommon.
  • The text is compressed. Compression is a data transformation operation intended to save space. There are numerous schemes, and some games have their own unique flavors. You'll need to figure out the actual compression pattern either by studying the file structure blindly or by reverse-engineering the game's programming during runtime as it uses the compressed file. Once accomplished, you can decompress the text so that it can be edited then recompress it and feed it back to the game.

But sometimes, none of the above may apply. Instead, a custom character encoding is used that doesn't conform to the ASCII standard. Why is this the case? Because many of these games were made in Japanese using Japanese characters, the developers had no reason to respect the ASCII standard but were more concerned about how to make the best out of the limited memory available. So you could have the letter A at 0x00, x01, 0x0A, 0x10, 0x21, 0x41, 0x81, or elsewhere depending on the game and what the developers felt like.

This poses a problem. None of the mainstream hex editors really give a damn about this enough to account for cases other than the ASCII standard, so you'll have to find a specialized hex editor geared more towards ROM hacking. The feature you'll need here is the ability to load custom character sets, stored in what's called table files (extension .tbl, though they're actually just renamed regular .txt files).

A table file for a game using the ASCII standard would look like this:

41=A
42=B
43=C
44=D
45=E
46=F
47=G
48=H
49=I
4A=J
4B=K
...and so on

For many games, you'll need to figure out their table files using table file building tools, also commonly referred to as "relative search" tools. Choice ones are RSEARCH and Monkey-Moore. For example, The Legend of Zelda has "IT'S DANGEROUS TO GO ALONE", so you load the ROM in Monkey-Moore and search for the word "DANGEROUS". It will give you many options (assuming the text is uncompressed, and the programmers at least had the decency to respect alphabetic order -otherwise you'll need to use the "custom set" option, which you'll need in case your game is in Japanese). One of these options should guess the rest of the words of that sentence, with some unknown characters in between (like the spaces). Check that option and create your table with it.

Using WindHex, a hex editor with TBL support, open the ROM. Next, load the table file you just created with the relative search tool, and then the text will be visible and editable if you scroll to that area of the ROM. You can see the byte equivalents for the missing characters (spaces, punctuation) and then add them to the TBL file with Notepad (or WindHex's table editor). Similar programs include Crystal Tile 2, (supports Shift-JIS and UTF-8 encodings) and Tinke.

Make sure to identify the control codes as well. These are bytes used to define special text properties (text color, text display speed, displaying the hero's name, line breaks, end-of-text, etc.) and add them to the TBL file too. Sometimes, the game will use a dictionary to make the game's text shorter in order to save space, so some byte values will replace letter combinations or entire words. Add those to the TBL file too.

Don't be afraid to experiment, even if this corrupts your ROM, so that you confirm any of your observations! Of course, you'll need to keep a safe backup copy of the unaltered ROM along with the ROM revisions with your main hacking progress.

Text dumping and insertion tools

Editing or translating a whole game with a hex editor is tiresome. You can't even exceed the original length because the extra text would just overwrite the next not-text data and corrupt the game. The solution is to find the game's pointers. You can note down the address on the left side of the hex editor to know where you are in the ROM. The game does just like that, using pointers to tell it where the text is. But pointers don't look the same way the address in your hex editor does. Each system has its quirks and rule for calculating the pointers, so look it up.

For example, GBA pointers for a specific address are 4-byte. Replace the leftmost byte with 08, and invert the order of the bytes so that (byte 1)(byte 2)(byte 3)(byte 4) becomes (byte 4)(byte 3)(byte 2)(byte 1). Why invert? Because the GBA is a little endian system. Open a GBA Pokémon game, find Professor Oak's dialog in the hex editor, find its starting address (you click on the first letter and then see its address for that byte in the sidebar of your hex editor) and calculate the pointer as detailed above. Use WindHex's feature for searching hex data to find that pointer. It should appear in the hex data and look just like what you calculated. You may modify it to an address in the very end of the ROM in an empty area where you'll try writing new text. If you can pull this off, this means you can repoint that text pointer!

With the command-line tool Cartographer, you can indicate a ROM and TBL file, and then tell the program to start extracting text. You could tell it to extract bulk text and garbage data alike from and until given addresses (RAW mode). But if you found a pointer — or even better, a succession of pointers (called pointer tables), like in the Pokémon example above — you can extract text data in a more organized manner to a text file.

With another command-line tool called Atlas, you may re-insert that text file (after modifying it) in the ROM, and the tool will take care of updating the pointers. You can, for example, tell it to start inserting text in an empty yet accessible location at the end of the ROM. The possibilities are endless.

Command-line tools may sound scary, with their black MS-DOS dialog boxes flashing quickly and disappearing. They're actually easy to use. Just put all the needed files in the same folder, make a new .txt file where you write the command detailed in the tool's readme, and save that file as one with the .bat extension. If you double-click on it, it will execute that tool the way you wanted it with little effort.

Editing graphics with tile editors

Hex editors interpret binary data as raw bytes or text. Tile editors do something similar, but instead they interpret binary data as graphics. Of course, this means if you're using the wrong mode or looking at an area that's not supposed to be graphical data or the graphics are compressed, you'll just see garbage.

Among the best tile editors out there are TileMolester and Crystal Tile 2. For newer 3D-based systems, however, specialized graphical converters may be required.

In older systems, in order to save space, graphics were usually stored in parts. First, there's the tile data, or the actual drawings that you may edit with tile editors. They're divided into small pieces that, when assembled, make a big picture. The instructions to build the big picture are tile maps (in the case of backgrounds) or sprite attribute tables for sprites.

The tile data uses indexed colors. Using Mario's shirt as an example, it isn't colored "red" but rather colored with "color 1". NES Mario games, like most NES games, happen to use the NES 2BPP mode (that is, two bits per pixel). A bit is either zero or one. With two bits, we can write 00, 01, 10 and 11. This technically gives us four possible colors in total. However, there are actually three colors since "color 0" is transparency, used around Mario's sprite so that the backgrounds behind him are visible and unobstructed.

How can we tell what actual color Mario's shirt is instead of just "color 1"? We do this through palettes. Palettes are hex data consisting of three bytes, and each byte is the ID for a specific color: "red", "blue", "yellow", "purple", "light blue", and so on. (There are just under 60 valid choices in the NES, but later systems have a much larger selection of colors.) We know Mario's clothes change color after eating various items, but the tile data drawings are stored just once in the ROM. There are separate palettes telling the game to colorize the same drawing differently for different situations.

Emulators for ROM hacking

Not all emulators are made equal. Often, you'll need to study the game as it runs, for the following reasons:

  • Cheats: You modified some text and graphics in the final stage but can't be bothered to replay the whole game legitimately. In case the emulator doesn't support this natively, you might want to consider using Cheat Engine.
  • Save States, rewinding, fast forward, frame advance, pause: You modified something appearing in a very narrow timeframe, or you just want to take clean screenshoots of the game.
  • Debuggers with the following features:
    • Breakpoints: A breakpoint throws a fit and pauses the game if a specific address is tampered with. Of course, to know which address it is, you need to find it first with a cheat/RAM search.
    • Disassembler: Translates the last few lines of programming executed from hex code to known opcodes telling which instruction is which (LDA/LDR/LD (load to accumulator/register), STA/STR/ST (store to accumulator/register), NOP (do nothing), and so on). After a breakpoint, it gives you the programming line (in assembly) directly responsible for altering the address the breakpoint was guarding against reading/writing/executing attempts. This is incredibly invaluable to understand the game's programming.
    • Assembler: Allows the user to write their new lines of programming, which are then converted to the corresponding hex data. It's rare that emulators include this. Assemblers are often separate tools affecting the ROMs or to be inserted manually by users in ROMs.
    • Tracers: The emulator logs all programming lines executed, from since you started logging, to a text file. It can get huge pretty quickly, so it's best used with breakpoints and frame advance features to better locate what you're looking for.
  • Memory viewers with the following features:
    • Hex editors: Views the RAM (and possibly other memory areas like SRAM, VRAM, ROM, and so on) as the game is being executed. Either the window is read-only, or it can be edited.
    • Tile editors: Views the VRAM (and possibly other memory areas) and interprets its content as visual data. Emulators of 3D systems can also have model viewers and texture viewers.
  • Background/OAM viewers/dumpers: View the graphics as they are arranged in-game, often used for dumping graphics by sprite rippers. This can be useful occasionally.

Emulators

SNES
Name OS Version Accuracy Save states Cheat support Frame options Breakpoint Conditional BP Disassembler Assembler Tracer Memory view Tile view BG/OAM view Useful?
Snes9X Windows, Linux Gieger's r1.51 High Address Yes
Bizhawk Windows, Linux Main Cycle Range Read-only Unstable
NO$SNS Windows 1.6 Mid Address Detailed

General resources

  • ROMHacking.net – This is like a hub where the various hacking communities meet. It hosts a large variety of major ROM hacks and translations. Also hosts numerous FAQs and tools to help aspiring hackers get started.
  • Data Crystal – A wiki hosted by ROMHacking.net. While it is a bit outdated at this point, it's still a good resource for information about different editors and links to a handful of prominent hacks.
  • FuSoYa's Niche – Site of the creator of the popular Super Mario World editor, Lunar Magic. Also hosts a set of tools for ROM expansion, patching, compression, etc.
  • Zophar's Domain – A site that hosts lots of smaller patches, such as spoofs, as well as a significant amount of major ones. It hosts a lot of content that can't be found on ROMHacking.net

Programs

General purpose 2D graphics/tile editor

  • Tile Molester – Works with Java, practically can edit any game.

Hex editors

Game-specific

EarthBound

  • Starmen.net – Home of the hacking utility PK Hack, an editor for modifying the EarthBound/Mother 2 ROM. Has an active hacking community in the PK Hack section of its forums, where links to completed hacks can also be found.

Final Fantasy VI

  • FF6 Hacking – Home to a large community of Final Fantasy VI hackers, complete with active forums, links to patches, and FAQs and guides for those looking to get into hacking the game.

Final Fantasy Tactics

  • Final Fantasy Hacktics – Community for FFT hacking with a variety of completed hacks, patches, and resources.

Fire Emblem

  • Fire Emblem Shrine – An active and prominent Fire Emblem hacking community. Hosts a variety of completed hacks and FAQs to get you started.
  • Serenes Forest – Another active and prominent Fire Emblem hacking community, though perhaps a bit more active than Fire Emblem Shrine.

The Legend of Zelda: A Link to the Past

  • Zelda Construction – Despite its huge popularity, the hacking community for ALttP is relatively small. This is mainly due to the lack of a truly good editor, though one is in the works. This community is a spin-off of Metroid Construction devoted to hacking of ALttP and other games in the series.

Pokémon

Sonic the Hedgehog

  • Sonic Retro – The largest resource for hacks and modifications of the Sonic series (primarily focused on the Genesis games).

Super Mario World

MainLunarMagic-1-.png
  • Super Mario World Central – The largest site dedicated to SMW hacking. Hosts hundreds of hacks and is a resource for SMW hacking utilities and knowledge. Also has a very active community and forums.
  • X-Mario – Prominent Japanese site that hosts a variety of hacks. Worth noting is that Japanese hacks are usually more reliant on creating challenging gameplay and are less flashy or graphically modified than their Western cousins.
  • Raocow's Talkhaus – The community for the most prominent let's player in SMW hacking. Whether or not you enjoy his commentary, this site remains a great resource for discovering hacks, as the community here is generally focused on hacks that the SMW Central community doesn't cover.
  • VIP Wiki – Japanese wiki dedicated to the development of 2channel's series of popular hacks, the VIP & Wall Mix series. Hosts the 5 current installments and news about the sixth, currently a work in progress.

Super Mario World 2: Yoshi's Island

  • Super Mario World Central – In addition to Super Mario World, smwcentral is a budding hub for Yoshi's Island hacking. While it only hosts a few complete hacks, the community is very active, and new content is being produced at a consistent pace.
  • YI Hacking Wiki – A knowledge base for Yoshi's Island hacking.

Super Metroid

Fetch-1-.png
  • Metroid Construction – The most prominent and active Super Metroid hacking community currently. Hosts a large variety of hacks, resources, FAQs, and an active community and forum. Originated in m2k2 before becoming its own dedicated site.
  • Metroid Construction Wiki – As its name implies, a wiki created by the Metroid Construction community.
  • Metroid 2002 – The former most prominent and active Super Metroid hacking community previously. While it has since been foregone in favor of Metroid Construction, it can still be a valuable resource for knowledge about the more advanced mechanics and inner workings of Super Metroid (as well as other games in the series).

Downloads