diff --git a/README.md b/README.md new file mode 100755 index 0000000..7b2fc07 --- /dev/null +++ b/README.md @@ -0,0 +1,94 @@ +# Majora's Mask crap + +i like to muck around in this game's memory. + +## spreadsheets + +i put together some sheets to see if glitches could have desirable results. + +* [Get Item Manipulation][gim] + mzxrules did the original OoT one, i just jammed in MM's data for the item table and chest contents. + *spoilers:* no desirable results besides light arrows, if it were even possible. + +* [Entrance Data][ed] + this is a huge laggy mess that brings google docs to its knees. + enter an "exit value" in hex and it'll figure out exactly where it takes you. + the three known wrong warps are in bold. + +[gim]: https://docs.google.com/spreadsheets/d/17LsLbF6aRePVRxisui8azPtDBfPmjugWIf91wPuXTsY +[ed]: https://docs.google.com/spreadsheets/d/1e9kDyAW0gxXHFWS-GNEtVIo-rp39wQJJOtf3B0ehhqY + +## memory + +[~crap-ton of addresses in Lua form~][noice] + +[noice]: /notwa/mm/blob/master/MM%20addrs.lua + +i'm working on REing every byte in link's struct. i don't really care if it's one struct or not, it's just easier to refer to it as such. + +the struct begins at 801EF670 (US 1.0), and is some length long. i just pretend it's 0x4000 in size, since that's the most you can jam in a save file. + +there's two copies of scene flags, both 0x960 in size. the first (801EFAE0 US 1.0) is loaded from save files, the second (801F35D8 US 1.0) is used for in-game changes. basically, edit the first for save hacking, and the second for in-game hacking. + +[each area in the game][areas] uses 0x14 bytes of scene flags. this means there's 0x78 possible areas: 0x78*0x14 = 0x960. + +[areas]: https://docs.google.com/spreadsheets/d/1e9kDyAW0gxXHFWS-GNEtVIo-rp39wQJJOtf3B0ehhqY/edit#gid=2120585358 + +## save files + +save files are just memory dumps of link's struct. regular SoT saves are 0x2000 in size, owl saves are 0x4000. owls use the extra space primarily (exclusively?) to store the pictograph picture. + +note that some values don't get copied when reading/writing save files, even owl saves. + +the game checks a checksum, and for the text "ZELDA3". each slot has one backup copy of itself. if one copy is considered corrupt (bad checksum), the game will load the other. if that one's corrupt as well, the slot will show up as empty in the menu. + +the checksum is a 16-bit sum of all bytes up to that point, allowing overflows. i've written [a checksum-fixing program][chksum] in python for bizhawk savefiles. + +owl saves always have 0x24 added to their checksum for some reason. + +[chksum]: /notwa/mm/blob/master/chksum.py + +save files are ordered as such, offset from the first: + +* 0x00000 - slot 1 +* 0x02000 - slot 1 backup +* 0x04000 - slot 2 +* 0x06000 - slot 2 backup +* 0x08000 - slot 1 (owl) +* 0x0C000 - slot 1 backup (owl) +* 0x10000 - slot 2 (owl) +* 0x14000 - slot 2 backup (owl) + +bizhawk save files, at the time of writing, have the first file offset to 0x20800. also, their byte order is wrong. + +here's my usual process for hacking on save files: +``` +alias revend='objcopy -I binary -O binary --reverse-bytes=4' +s="Legend of Zelda, The - Majora's Mask (USA).SaveRAM" +x=mm-save.xxd +revend "$s" +xxd "$s" > $x +$EDITOR $x +xxd -r $x > "$s" +./chksum.py $s +revend "$s" +``` + +## save files (for download) + +because no one likes first cycle. + +sometime i'll bother checking what the bombers/lottery codes are for these. + +* [Bizhawk US 1.0 race file](https://dl.dropboxusercontent.com/u/9602837/temp/MM%20US%20Race%20File%20for%20Bizhawk.zip ) +* [mupen64plus US 1.0 race file](https://dl.dropboxusercontent.com/u/9602837/temp/Legend%20of%20Zelda%2C%20The%20-%20Majora%27s%20Mask%20%28U%29%20%5B%21%5D.zip) +* [Bizhawk US 1.0 tampered](https://dl.dropboxusercontent.com/u/9602837/temp/bizhawk%20saves.zip ) + one slot with a bunch of 00s, another with a bunch of FFs. + +## bitfields + +### link's flags + +i documented the ones i could figure out for JP 1.0 here: [fgsdfgdsg][linkfields] + +[linkfields]: /notwa/mm/blob/master/mm-bitflags.txt diff --git a/mm-bitflags.txt b/mm-bitflags.txt new file mode 100755 index 0000000..9aa8752 --- /dev/null +++ b/mm-bitflags.txt @@ -0,0 +1,129 @@ +address: 80400A0C JP 1.0 (note: bytes here in backwards order?) +00000001 - can't control link, time stops +00000002 - frozen world (time still passes, sword works, don't try jumping) +00000004 - camera pans above link, can't c-up, walk through actors, getting hurt causes you to get thrown +00000008 - ??? pulling out bombs resets it +00000010 - using zora magic +00000020 - take away control, hud goes into cutscene mode +00000040 - bombs stick in air? +00000080 - link is dead (can only walk, walk through actors, time stops) + +00000100 - putting mask on effect appears sometimes +00000200 - freeze everything (tatl still flies around, camera pans) +00000400 - tatl flies to where the camera is +00000800 - holding something (ground jump if nothing) +00001000 - can't untarget +00002000 - same as 00000004 +00004000 - similar to above +00008000 - am z-targeting (again) + +00010000 - am z-targeting? (locked on?) +00020000 - am z-targeting (persists angle) +00040000 - am in air/jumping +00080000 - janky camera (z-targeting?) +00100000 - am c-uping? (stops camera from changing when talking) +00200000 - spinny camera +00400000 - shield enemy attacks +00800000 - crash + +01000000 - ??? +02000000 - z-targeting (locked camera) +04000000 - can't take damage (mostly) +08000000 - strange immobile/sliding state (c-up related?) +10000000 - freeze actors +20000000 - freeze link +40000000 - disable z targetting? +80000000 - falling into grotto (loads mayor's) + +combinations: +00000003 - set when using ocarina +A0000000 - fall into floor (grotto + frozen link = doesn't load mayor's) +00018000 - set when z-targetting with target +00028000 - set when z-targetting +7F000000 - can't do anything +5F000000 - slidey link, locked camera +20010040 - talking state +FF7FFFFF - the most you can have on without crashing +01000008 - all unknown flags at once + +address: 80400A10 JP 1.0 (note: bytes here in backwards order?) +00000001 - ??? +00000002 - set when a target is available +00000004 - ??? +00000008 - sometimes set when you're walking +00000010 - link won't get pushed back by explosions +00000020 - set when you're walking +00000040 - set when deku spinning +00000080 - ??? + +00000100 - ??? sometimes causes a z target +00000200 - ??? +00000400 - play surfacing water animation +00000800 - displays dive timer on A button +00001000 - ??? +00002000 - can't un-Z-target? +00004000 - ??? +00008000 - freeze link in place (can still pause) + +00010000 - ??? +00020000 - screen pulsating? +00040000 - ??? doesn't reset +00080000 - ??? +00100000 - whether tatl is flying around link +00200000 - tatl has something to say +00400000 - ??? +00800000 - semi-fixed camera (can still rotate) + +01000000 - graphical error? +02000000 - disables items, sword +04000000 - causes weird model flipping on z axis? +08000000 - disables actors and some loading (set when link is using ocarina) +10000000 - link is doing an idle animation +20000000 - link goes invisible and leaves his body (seriously this is silly) +40000000 - ??? set when attacking sometimes +80000000 - instant void out (crushed?) + +combinations: +404D52C5 - all unknown flags at once +(one of those causes an ice effect to appear at link's feet) + +address: 80400A14 JP 1.0 (note: bytes here in backwards order?) +00000001 - fall through floor +00000002 - ??? +00000004 - freeze link in place +00000008 - camera doesn't rotate (and lags behind a little?) +00000010 - ??? +00000020 - ??? +00000040 - set when charging up a shot (arrows, bubbles, etc) +00000080 - link pull out an item. forever. + +00000100 - deku inside flower +00000200 - deku firing out of flower (reduces descent, gravity?) +00000400 - ??? +00000800 - ??? +00001000 - goron roll state +00002000 - deku flying camera/angle +00004000 - ??? +00008000 - distant camera (used for what?) + +00010000 - ??? +00020000 - set when changing masks +00040000 - major graphical errors? +00080000 - goron magic roll state (camera zooms out) +00100000 - set when deku spinning (again) (gives the damage effect?) +00200000 - puts a 6 on the A button? +00400000 - ??? +00800000 - usually set after using boomerangs? + +01000000 - deku nuts on B (deku flying state) +02000000 - set when link uses sword +04000000 - ??? +08000000 - set when rolling (does not give invulnerability) +10000000 - ??? +20000000 - disables items, sword (again) +40000000 - link won't stop attacking (fierce deity related?) +80000000 - allows third-person aiming items (arrows, bubbles, etc) + +combinations: +01002200 - firing from deku flower state (rocket deku farts) +14410C32 - all unknown flags at once