ROM cheats...?

If you are having problems finding or using cheats for an Emulator (particularly MAME/MESS) or have found a trick that you wish to share this is the place to do it. But please read the Cheat FAQ first.
Post Reply
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

Maybe some higher graduated officer may help me here :razz: I'd like to make some ROM cheats to work but I'm having no success. For example, in gng I'm trying to find the correct address that will make bosses a little tougher (instead of 10 shoots, 15 or more) to kill.

But I activate the cheats and they don't work?! And more, some of the addresses in 4000-FFFF even change! How come?

[edited]

I'm almost nutz with this!

After making a debug build, now I'm trying to understand how it works with gng. It starts the self-test, I can see what opcodes are being processed, fine, just fine!! Strange thing is it executes opcodes in RAM but what the hell I don't understand that much about complex ASM programing. Someone who understands M6809 please help me...


<font size=-1>[ This Message was edited by: Bugfinder on 2001-12-08 01:55 ]</font>
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Well I am not into making games harder....besides it's easier to find cheats in this case that's definitely true the RAM location for the hit counter isn't always in the same place so it's not as easy to find the poking 0A position - it's an easier matter to do a WP when you have the counter location :wink: Anyway here's the ROM cheat for gng to make the bosses easier.

gng:0:EFCF:00:100:Always kill Boss with One Shot

An option would be to use this location as a starting point and poke a jump to a routine (written in spare memory) to add 6 to the location and carrying on with the check... BTW, All the clones use different ROM locations than the above cheat, which I've also found and added to the cheat file.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

Pugsy, you have a private message...
User avatar
jym
Posts: 91
Joined: Mon Nov 19, 2001 1:00 am
Location: Taiwan

Post by jym »

First I Must Saw My English Is Poor; So I
Just Use Simple Word. I'm An Chinese Live In
Taiwan.
I Like Rom Cheat This Work. But Now I Begin
To Crack Protection Of CheckSum. I Have Some
Progress But Not Much. Example: bosco,nrallyx,rallyx,vastar,warpwarp,galaga,
portman,mindfld,losttomb,dogfight....etc.
above games protection i have been cracked.
so i can modified rom program easy.
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Here you go Bugfinder I think this is what you wanted....all I ask in return is that you test all the cheats in this message - they should hopefully all work.

Changing the poking value upwards will increase the number of hits accordingly. I could have changed the 'Always kill Boss/Devil with 1 Shot' cheat to these locations but for now they at least should work though it will override the 'harder' cheats.

Code: Select all

gng:0:EFCF:00:100:Always kill Boss/Devil with 1 Shot
gng:0:B737:09:100:Devils always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
gng:0:C554:1E:100:Bosses always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
gnga:0:EEFC:00:100:Always kill Boss/Devil with 1 Shot
gnga:0:B5AA:09:100:Devils always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
gnga:0:C404:1E:100:Bosses always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
gngt:0:EFEF:00:100:Always kill Boss/Devil with 1 Shot
gngt:0:B747:09:100:Devils always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
gngt:0:C564:1E:100:Bosses always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
makaimuc:0:EF14:00:100:Always kill Boss/Devil with 1 Shot
makaimuc:0:B5AB:09:100:Devils always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
makaimuc:0:C3FD:1E:100:Bosses always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
makaimug:0:EF2B:00:100:Always kill Boss/Devil with 1 Shot
makaimug:0:B5B1:09:100:Devils always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
makaimug:0:C407:1E:100:Bosses always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
makaimur:0:EF1F:00:100:Always kill Boss/Devil with 1 Shot
makaimur:0:B5A5:09:100:Devils always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
makaimur:0:C3FB:1E:100:Bosses always 3 times harder:They need 3 times the number of hits to kill them - not a cheat as such...the opposite in fact!
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

Cheats tested!

Thanks very much, Martin! After looking at your cheats I finally got the idea. Here are some more I found. First, the "boss" cheats work only for the giant, not for the boss devil or boss "Satan". So after some work I got to find and check cheats for all sets. I must add that 3 x stronger is too much hard, I think twice is enough to give some hard time to experienced players! The "Gargula" is that character with a heart tattoo in his arm from 2nd stage.

Altough included here, I'm still to find the "Boss Satan" cheats (0000 address), ran out of patience for now.

gng:0:EFCF:00:100:Always kill Boss/Devil with 1 Shot
gng:0:B737:09:100:Devil = 6 shots (harder!)
gng:0:CF5F:14:100:Gargula = 20 shots (harder!)
gng:0:C554:14:100:Boss Giant = 20 shots (harder!)
gng:0:BEF2:14:100:Boss Devil = 20 shots (harder!)
gng:0:0000:14:100:Boss Satan = 20 shots (harder!)

gnga:0:EEFC:00:100:Always kill Boss/Devil with 1 Shot
gnga:0:B5AA:06:100:Devil = 6 shots (harder!)
gnga:0:CE48:14:100:Gargula = 20 shots (harder!)
gnga:0:C404:14:100:Boss Giant = 20 shots (harder!)
gnga:0:BDCB:14:100:Boss Devil = 20 shots (harder!)
gnga:0:0000:14:100:Boss Satan = 20 shots (harder!)

gngt:0:EFEF:00:100:Always kill Boss/Devil with 1 Shot
gngt:0:B747:06:100:Devil = 6 shots (harder!)
gngt:0:CF6F:14:100:Gargula = 20 shots (harder!)
gngt:0:C564:14:100:Boss Giant = 20 shots (harder!)
gngt:0:BF02:14:100:Boss Devil = 20 shots (harder!)
gngt:0:0000:14:100:Boss Satan = 20 shots (harder!)

makaimuc:0:EF14:00:100:Always kill Boss/Devil with 1 Shot
makaimuc:0:B5AB:06:100:Devil = 6 shots (harder!)
makaimuc:0:CE4C:14:100:Gargula = 20 shots (harder!)
makaimuc:0:C3FD:14:100:Boss Giant = 20 shots (harder!)
makaimuc:0:BDCB:14:100:Boss Devil = 20 shots (harder!)
makaimuc:0:0000:14:100:Boss Satan = 20 shots (harder!)

makaimug:0:EF2B:00:100:Always kill Boss/Devil with 1 Shot
makaimug:0:B5B1:06:100:Devil = 6 shots (harder!)
makaimug:0:CE5B:14:100:Gargula = 20 shots (harder!)
makaimug:0:C407:14:100:Boss Giant = 20 shots (harder!)
makaimug:0:BDD2:14:100:Boss Devil = 20 shots (harder!)
makaimug:0:0000:14:100:Boss Satan = 20 shots (harder!)

makaimur:0:EF1F:00:100:Always kill Boss/Devil with 1 Shot
makaimur:0:B5A5:06:100:Devil = 6 shots (harder!)
makaimur:0:CE4F:14:100:Gargula = 20 shots (harder!)
makaimur:0:C3FB:14:100:Boss Giant = 20 shots (harder!)
makaimur:0:BDC6:14:100:Boss Devil = 20 shots (harder!)
makaimur:0:0000:14:100:Boss Satan = 20 shots (harder!)

Bugfinder
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

On 2001-12-13 03:19, jym wrote:
First I Must Saw My English Is Poor; So I
Just Use Simple Word. I'm An Chinese Live In
Taiwan.
I Like Rom Cheat This Work. But Now I Begin
To Crack Protection Of CheckSum. I Have Some
Progress But Not Much. Example: bosco,nrallyx,rallyx,vastar,warpwarp,galaga,
portman,mindfld,losttomb,dogfight....etc.
above games protection i have been cracked.
so i can modified rom program easy.
Hey jym you know something? I like ROM cheats too. I'd like to know if you program Z80 too so you could try to fix a bug in New Rally-X in challenging stage, when your car run out of fuel (all red cars start after you) then you get the L flag (all red cars stop running) then you can play all day in that stage.

Another thing would be to fix that bug in Galaga to make aliens stop shooting...

Bugfinder
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

Finished!

Here they are, the anti-cheats for last boss:

gng:0:DB1C:14:100:Boss Satan = 20 shots (harder!)
gnga:0:DA1B:14:100:Boss Satan = 20 shots (harder!)
gngt:0:DB2C:14:100:Boss Satan = 20 shots (harder!)
makaimuc:0:DA51:14:100:Boss Satan = 20 shots (harder!)
makaimug:0:DA64:14:100:Boss Satan = 20 shots (harder!)
makaimur:0:DA58:14:100:Boss Satan = 20 shots (harder!)

And there's a bit of info for St?phane, the dipswitch reviewer: invincibility dipswitch for makaimuc and makaimug don't work, only for makaimur.

Bugfinder
stephh
Posts: 601
Joined: Fri Aug 17, 2001 1:00 am
Location: Paris, France

Post by stephh »

And there's a bit of info for St?phane, the dipswitch reviewer: invincibility dipswitch for makaimuc and makaimug don't work, only for makaimur.
Thanks for the info ! I'll add a report on MAME Testers board if you haven't done so ...

Steph from The Ultimate Patchers

Visit Image The Ultimate Patchers' site Image
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

Even some more

These are for the stalagmytes (is this the correct spelling?) in 3rd stage:

gng:0:E01B:08:100:Stalagmyte = 8 shots (harder!)
gnga:0:DF1A:08:100:Stalagmyte = 8 shots (harder!)
gngt:0:E02B:08:100:Stalagmyte = 8 shots (harder!)
makaimuc:0:DF50:08:100:Stalagmyte = 8 shots (harder!)
makaimug:0:DF63:08:100:Stalagmyte = 8 shots (harder!)
makaimur:0:DF57:08:100:Stalagmyte = 8 shots (harder!)

And this one is to have that cast spelling bird that turns you into a frog, appearing with only 1 shot - hey this one deserves to be in the cheat file :smile: You do special mention in ROM cheats don't you? :smile:)

gng:0:E355:01:100:Always cast spell with 1 Shot
gnga:0:E254:01:100:Always cast spell with 1 Shot
gngt:0:E365:01:100:Always cast spell with 1 Shot
makaimuc:0:E28A:01:100:Always cast spell with 1 Shot
makaimug:0:E29D:01:100:Always cast spell with 1 Shot
makaimur:0:E291:01:100:Always cast spell with 1 Shot

Also someone told me the correct english name for "Gargula" (that's Portuguese) is "Gargoyle". Please fix that if so.

Bugfinder
Bugfinder
Posts: 168
Joined: Tue Sep 25, 2001 1:00 am
Location: Rio de Janeiro, Brasil

Post by Bugfinder »

Cheat Master, this one's for ya

Do you know the game Dungeons and Dragons: Shadow over Mystara (ddsom)? There's a glitch in this game, would you help me to find a ROM cheat to fix it? The problem relies on characters that have 6 letters in their names like the thief (MORIAH, chosen with an attack button), the warrior (JARRED, chosen with start button) and the dwarf (HENDEL, chosen with start button).

To activate the glitch, choose the character (using either attack or start button, accordingly) and when you are about to enter your name, put it over "name" and press an attack button. Default name will appear; in one of these addresses is the letter counter: FFCB06, FFCB56, FFCBA6, FFCBF6. After writing the character's name it should reset to 1 but instead it continues on 6. If you get the cursor to letter A (in case of using thief or dwarf) or letter B (in case of using the warrior) and pressing repeatdly this letter, code 51 or 52 overwrites important part of RAM that store information about the character's power - and the counter continues to increase. Now, the maximum number of letters allowed for a name chosen by the player is 6. Here's the part of code that should block more than 6 letters:

0C9888: 12D8 1B6D A14A cmpi.b #$6, ($18,A0)
0C988E: 281E 9558 bne c9368
0C9892: 0FC8 856E move.w ($8,A0), D0
0C9896: BF5F 007E move.w ($c,A0), D1
0C989A: 09BC 0C2A 7702 move.b #$1, ($19,A0)
0C98A0: 6259 FB2D 300E move.w #$4, ($c,A0)
0C98A6: 03DB 23F4 tst.b ($13,A0)
0C98AA: F661 0919 bne c98b8
0C98AE: 05FB AA6D 451C move.w #$a, ($8,A0)
0C98B4: 1521 2FD7 bra ca3f8
0C98B8: B507 7B61 07A7 move.w #$6, ($8,A0)
0C98BE: 6828 770D bra ca3f8
0C98C2: 8FF2 BDC1 tst.b ($13,A0)
0C98C6: 8868 D2B2 bne c98e2

Strange thing is I can't change "6" to any other number like "5" for example - I don't understand this code?! "12D8 1B6D A14A" <= where is 18, A0, 06 in there?!

I'd like to make the game reset the letter counter to 1 as expected even if the name has 6 letters... Any help is appreciated.

Bugfinder
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Hey, NOT one of my favourite games so I didn't replicate the fault as I didn't care to :wink: Your problem I think is down to the fact that it's a CPS2 games and CPS2 games use an encrypted program ROM which is decrypted by use of the XOR table...you are trying to poke to this memory range... I don't have look up tables for the 68000 so converting an cmpi instruction isn't straightforward as the number 6 is encoded on the first 2 bytes with the opcode - 'i' you see is a space saver.

To fix this 'bug' you'd be better off changing the XOR tables so that it XORs it to the correct value..

So,

c9888 should = 49888 in dd2ex.04d

I don't know if a direct ROM poke to a memory location in the encrypted ROM will work anyway...the value changes but the assembly don't.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Post Reply