Hacking the ST rom

Strange, i tried storing the tables near the place you stored them, twice (not exactly on the same place on each time) and on both times it crashed, one was crashing for soft knockdowns, and the other was crashing when being hit by airbone attacks, so i had no option other than undoing that… Placing the table on 07F008~17 worked for me though.

That was my results
7A = crash
7C = crash
7E = reading 80 ahead

Anyway hitbox tools, make an edit take a snap data it has been taken note. These are hopefully easy enough to read so you can add data too to it.
Lua Hotkey 1 freezes the cell of animation doesn’t work to well with air attacks.

ST

Vsav

A2

A3

Hey Jed, I tried to make this work earlier, but had no luck

I launched 3S in FBArr, started your lua script, and to make things simple checked on ESN’s site the adress for Oro’s LP colour (as I had chosen it) to edit it in your script (ramstart line) and… that’s it. I have only black color swatches.
I’m afraid I have no idea how this works.
Could you give me pointers on what I should do something very basic, so I could try and extrapolate ?

Don’t rush to answer in depth, I won’t have time to mess with it again before a while, but I definitely will at some point.
Also, I downloaded Born2SPD’s pdf guide on ST hacking, so this should also give me some insight, but I won’t have time to dig in it before a while.

And by the way, impressive work there !

Well it’s meant to be used with the memory viewer that’s in mame where you can actually edit the colors.

First you gotta make sure the size is right. If it isn’t then it’s going to skip colors.

http://i.imgur.com/uEh8bL4.png

There is a function you need to edit here to tell which color setup to use since I didn’t put in a detector.

http://i.imgur.com/uV4KLZ9.png

Hi there, sorry if this is a little off topic.

I am a new to rom hacking, and for the life of me I cannot seem to get the X.C.O.P.Y tool to decrypt the roms correctly (so that I may apply the change I have found). I have tried the one linked in this thread earlier and what I think is a newer release of the tool.

So, Jedpossum how are you decrypting and encrypting the roms, specifically SFA3 (as I saw some neat hacks posted earlier).

Thanks

I advise start out using the phoneixed versions (which are fully decrypted) and can run on mame. With that you can test edits while it’s running.

Gonna do a better check on being hurt then release.

You gonna do max super meter, too?
-ud

I don’t need to do the full 99 meters. when I do it I probably have it at 5 levels like the max in CFJ.

After I do an encrypted set, I have another idea I’m going to do.

http://i.imgur.com/DCyV1y0.png

There is only 7 character spaces so it’s going to be Romaji.

Vsav Training mode patches
Adding a meter refill kept crashing the game.

Euro Encrypted set

Razoola Phoenix set(Euro)

Avalanche set doesn’t work at all.

Actual Notes

Vsav Training Mode Roms

;Lives selection
;FF80A4


Timer
Location : 9822
Byte Code: 532D 010A 6A14

Death write
Location : 18A7C
Byte Code: 337C 0090 0050 337C 0090 0052	 

Death write Command Grabs
Location : 2980A
Byte Code: 337C 0090 0050 337C 0090 0052

Lives A61C bsr to A684
Location : A6A0
Byte Code: 132D 03B0



-------------------------------------------------------------------------------
The Refill JSR
Location : 281A6 
Byte code: 4EB9 000F FD20
Player Addresses A4 A6


;Code at ffd20(7Fd20)
4A2C 03F0
6710

4A2E 0005
6604
532C 03F0
4EF9 0001 559E

;Refill
197C 0040 03F0; Timer
303C 0090
3D40 0050
3D40 0052
4Ef9 0001 559E


------------------------------
;Return to Character Select
------------------------------

;Deselect
Location : 2090E 
Byte code: 1D7C 0000 0004

JSR
Location : 223EC
Byte code: 4EB9 000F FD60

4A2D 0060			tst.b ($60,A5);Checks Start input
660C 				bne; PC+0C | branch if start isn't pressed
1B7C 0080 6000 		move.b #$30, ($6000,A5); Refill Timer
4EF9 0002 9F12		jmp $29f12.l

4A2D 6000			tst.b ($6000,A5); start timer check
6610				bne; 

7000
3B40 0004		move.w D0, ($4,A5)
3B40 0008		move.w D0, ($8,A5)
3B40 000C		move.w D0, ($c,A5)
4E75			rts


;Timer countdown
532D 6000 
4EF9 0002 9F12		jmp $29f12.l



-----------------------------------
----------Other Byte Code----------
-----------------------------------


;X pos
302C 0010
322D 02A0
9041
3940 03C0

;Y pos
302C 0014
322D 02A4
9041
3940 03C2

Kudos to both Jed and UD.
my dream is to see a modified ST with cps1 sfx. Now THAT will make my life neat.

New Version of the Vsav training mode

Razoola’s phoenix set

Euro set(aka vsav.zip)

Notes Dump
Some of the branches in the notes might be place holders.

Vsav Training Mode Roms

;Lives selection text
;FF80A4

Text 1062A
54 4F 52 45 4D 4F 20 20


Timer
Location : 9822
v1 Byte Code: 532D 010A
v2 Byte code: 4EF9 000F FE70

4A2D 00A4
6712
4A2D 010A 
6704
532D 0109
6A06
4EF9 0000 9828
4EF9 0000 983C


-------------------------------------------------------------------------------
Death write
Location : 18A7C
v1 Byte Code: 337C 0090 0050 337C 0090 0052	 
v2 Byte Code: 

4EB9 000F FE20
4EB9 000F FE40

Jump 1
4A2D 00A4
6608
337C 0090 0050
4E75
337C FFFF 0050
4E75

4A2D 00A4
6608
337C 0090 0052
4E75
337C FFFF 0052
4E75

-------------------------------------------------------------------------------
Death write Command Grabs
Location : 2980A
v1 Byte Code: 337C 0090 0050 337C 0090 0052
v2 Byte Code: 4EB9 Location

^^^^^^^^^^^^
4EB9 000F FE20
4EB9 000F FE40

-------------------------------------------------------------------------------
Lives A61C bsr to A684
Location : A6A0
v1 Byte Code: 132D 03B0

v2
4EF9 000FFDE0

Jump
4A2D 00A4
6706
532E 03B0
6B04
4EF9 0000 A6A6
4EF9 0000 A6B4



-------------------------------------------------------------------------------
The Refill JSR
Location : 281A6 
Byte code: 4EB9 000F FD20
Player Addresses A4 A6


;Code at ffd20(7Fd20)


4A2D 00A4
6610

4A2C 03F0
6710
 
4A2E 0005
6604
532C 03F0
4EF9 0001 559E

;Refill
197C 0040 03F0; Timer
303C 0090
3D40 0050
3D40 0052
4EF9 0001 559E


-------------------------------------------------------------------------------
Return to Character Select
;Deselect
Location : 2090E 
v1 Byte code: 1D7C 0000 0004
v2 Byte code: 4EB9 000F FDB0

4A2D 00A4
6608
1D7C 0000 0004
4E75
1D7C 0004 0004
4E75

-------------------------------------------------------------------------------
JSR
Location : 223EC
Byte code: 4EB9 000F FD60

4A2D 00A4
660C
4A2D 0060			tst.b ($60,A5);Checks Start input
660C 				bne; PC+0C |
1B7C 0080 6000 		move.b #$30, ($6000,A5); Refill Timer
4EF9 0002 9F12		jmp $29f12.l

4A2D 6000			tst.b ($6000,A5); start timer check
6610				bne; 

7000
3B40 0004		move.w #$c, ($4,A5)
3B40 0008		move.w #$2, ($8,A5)
3B40 000C		move.w #$10, ($a,A5)
4E75			rts


;Timer countdown
532D 6000 
4EF9 0002 9F12		jmp $29f12.l

Decided to dive in and bought an EEPROM programmer, UV eraser and some EPROMs. Don’t really know what I’m doing but going to have a bash and figure it out. One thing though - I couldn’t find the modified ROMs for the ST training mode in this thread? I saw something for the Avalanche ROM set? But the board I’m wanting to run training mode on is an original/non phoenixed JP board. Would anyone be kind enough to upload the ROMs for me if they exist, or Jed if you would be able to upload the two modified ROMs so I can burn and go?

Thanks a bunch guys.

These ROMs plus the UD CPS2 are the biggest things to happen to ST in a long time. Not only do we have arcade ST at tournaments all over the UK now, but we have training mode just around the corner too

Oh also, I was going through some old photos of when I changed the battery in my board and notice there is an unpopulated socket in there. At first I started to think, “What if you could put all the training mode data onto that and only have to insert one ROM” but as soon as I thought that, I realised that you’d still need to edit ROMs 3 and 4 anyway to reference code in the new ROM. Then I got thinking about using the unpopulated slot for training mode anyway? Would it be possible to edit the game ROMs to read information from the currently unpopulated slot which would contain the code required for both training mode and regular ST? Maybe if you hold the coin button down for 5 seconds at the title screen or something to swap between them or have an option in the service menu. With the increased storage you could maybe even put “training mode” text on the title screen somewhere?

I know nothing about coding, but maybe you could get the game to read the life data etc. from ROM 10 instead of 3 and 4, and with that increased storage do some other cool stuff.

Just wondering if there is a more permanent solution rather than having to swap ROMs each time. Fortunately for me I do have 2 boards for when I run tournaments so I can have one as a training mode board until I need it for a setup, but I don’t like the idea of constantly removing/plugging in ROMs into 20 year old sockets

There is, look at the Vsav training mode above it’s just a lot more jumps I have to do to make it work in ST. For every change I did that is a jump to new code that is with a check in the settings there was only 4 or 5 new jumps I had to implement along with the code I made. Now double that and add the mess that is ST you can see why I didn’t do it with ST.

Any way a simple Neo Geo Hack a friend requested.
Vid

Download

Ah ok I see now. I knew ST was a mess but I didn’t realise how much more difficult it would be.

Do you happen to have the training mode ROMs for the original/non phoenixed IIX JP board? I can’t seem to find them in the thread. I saw an exe from like 7 months ago, but was wondering a) if there was an updated version and b) if I modifiy some ROMs from a zip set if that would work? I assumed all the ROMs out there were decrypted and putting some decrpyted ROMs in a board with encrpyted ROMs would fuck something up or wouldn’t work

I use ips patches since it’s the most common way of patching rom hacks.
Pof, posted up what the actual hex edits that are needed to be done for an encrypted set.

Thanks for the info dude, you’ve been very helpful

Also whoops. I ordered the wrong EPROMs thanks to ebay’s fuzzy search. Typed in 27c4096 in the search and selected UK only as I wanted them ASAP but it turns out it also bought up results for 27c512, and of course at 3 am or whatever, I just blindly ordered without checking hah.

So would some AT27c512r be useful for anything? Are they used in CPS2 boards at all or other consoles? At least I have some dummy chips to play with to make sure I get the voltages right and stuff without creating dud 4096’s

cps1.c says Forgotten Worlds/Lost Worlds uses one as it’s sound program rom. I’m sure there is more uses for it else where.